Update Develop #2
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add "--no-insert-timestamp" LDFLAG for x86_64-w64-mingw32 builds "The option --no-insert-timestamp can be used to insert a zero value for the timestamp, this ensuring that binaries produced from identical sources will compare identically." - ld(1) - Set "SetDateSave off" in NSIS script From https://nsis.sourceforge.io/Docs/Chapter4.html#flags "This command sets the file date/time saving flag which is used by the File command to determine whether or not to save the last write date and time of the file, so that it can be restored on installation. Valid flags are 'on' and 'off'. 'on' is the default." - Add commented out NSIS options for reproducibility debugging in NSIS script - Make ZIPs deterministic by reseting file modification times to SOURCE_DATE_EPOCH using touch(1) (Reference: https://reproducible-builds.org/docs/archives/)
We're using mingw-w64 6.0.0, which is paired with gcc-8 in most distros.
This bump will includes a couple of commits which improve the reproducibility of the mingw-w64 toolchain. Most of which came from debian. They will be upstreamed as upstream Guix release timeline allows.
Unfortunately, gcc is still not smart enough to detect whether or not mingw-w64 provides ssp, so let's put it back just for mingw-w64.
Most of the mingw-w64 toolchain changes have now been upstreamed, we can point to a commit that exists upstream. NOTE: I'm not changing the URL yet until we see that Guix upstream will accept all my patches for macOS. ----- The Guix tree that's referred to by this commit contains the following changes relevant to our mingw-w64 build: b066c25026 Adds a PACKAGES-WITH-*PATCHES procedure which we can use in the future to apply patches to packages if those patches are not considered appropriate to upstream Guix 4719b71572 Adds mingw-w64 (the libc itself) reproducibility patches, taken from debian. 79825bee07 + 401d28e433 + c1c50cb5b0 Add mingw-w64 specific binutils patches, taken from debian. Specifically, the "Make DLL import libraries reproducible" patch made libbitcoinconsensus.dll.a build reproducibly. The followup commits were hotfixes for my mistakes. 0f864175dc Bumps mingw-w64 to v7.0.0. This is the first release that enables secure APIs by default (which we need), and gains _FORTIFY_SOURCE support. This will also be what Ubuntu Focal 20.04 LTS releases with. cdf00cf75d Bumps NSIS to v3.05. This is the first release that includes a fix for a reproducibility bug found by some of the electrum developers. See details here: https://sourceforge.net/p/nsis/bugs/1230/
This is no longer needed after 3bef7c22 in the mingw-w64 git repository, which is first included in mingw-w64 v7.0.0. As of the previous bump to our Guix time machine, we now use mingw-w64 v7.0.0.
The libtool unsorted 'find' determinism issue seemed to have been solved in gcc-9's git: d41cd173e23ebea7c758644d6ad6e0fde1c2e3a6 or SVN: r262451 Furthermore, it seems that Ubuntu Focal 20.04 LTS is going to ship with gcc 9 and mingw-w64 7, which will match what we have now. ----- A note on this: Careful observers will see that previously I stated that all released versions of gcc were bootstrapped with a libtool 2.2.7a, meaning that they all had the unsorted 'find' determinism issue first resolved in libtool 2.2.7b. However, I was mistaken, gcc's ltmain.sh CLAIMS it was generated by libtool 2.2.7a, but it was in fact edited manually. It seems that gcc maintains their own versions of ltmain.sh and libtool.m4, and only sometimes backports patches from upstream. Quite confusing.
…-6.0.0 [Upstream] guix: Enable building for `x86_64-w64-mingw32` target
httpserver.cpp:74:10: error: no template named 'deque' in namespace 'std'
std::deque<std::unique_ptr<WorkItem>> queue;
~~~~~^
depends: boost 1.72
This directory is automatically created by the build process (in the build target directory, see bitcoin#16588) and doesn't need to be in the repository nor in the tarballs. Move associated ignore directive to top-level `.gitignore` file.
The build date does only makes sense for custom/self-compiled versions because we are using static build-dates for our deterministic release builds. Coming from btc@4856f1d6712cdb2eac8712e379fd1e351583d78f
Putting the build date in the executable is a practice that has no place in these days, now that deterministic building is increasingly common. Continues bitcoin/bitcoin#7732 which did this for the GUI.
[Upstream] [Build] Get rid of CLIENT_DATE
The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This commit works around the issue by having explorer.exe launch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin. h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code. Fixes bitcoin/bitcoin#7990.
Now that we are using Focal for gitian builds, and have NSIS 3.0+ available (also in Guix), we can create installers that support unicode. Unicode is only becoming the default beginning with the 3.07 release, https://nsis.sourceforge.io/Docs/AppendixF.html#v3.07-cl, so we need to set this attribute to get support. Should close: bitcoin/bitcoin#13817
Otherwise a user can pass /NCRC on the command line and bypass the crc check, meaning they could install a potentially corrupted installer.
[Upstream] Avoid launching as admin when NSIS installer ends.
[Upstream] build: set Unicode true for NSIS installer
[Upstream] build: force CRCCheck in Windows installer
This allows the setting to be changed on the fly again, no longer requiring a restart. Value is checked on launch and set back to config anyway.
depends: libcurl 8.2.1
- add check for "Mandatory" and prepend it to MsgBox - rename isStartup to isClicked (allows more flexible usage) - split up functions - use try/catch - various other improvements
no longer needed for version checks as we use GitHub API
qt/build: `Check for Updates` improvements / delete `version.txt`
init: add option to manually set rescan height on startup
depends: zlib 1.3
depends: libcurl 8.3.0
depends: libcurl 8.4.0
Otherwise our config.guess and config.sub will be copied over. This problem has been masked by the fact that modern systems ship with versions that recognise all the triplets we use (namely arm64-apple-darwin). However building on ubuntu 20.04 surfaces the issue. Fixes bitcoin/bitcoin#26420.
[Upstream] build: copy config.{guess,sub} post autogen in zmq package
[Upstream] depends: zeromq 4.3.5
depends: libcurl 8.5.0
depends: zlib 1.3.1
[Trivial] Update copyright for 2024
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 1 to 4.1.7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v1...v4.1.7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…ithub/workflows/actions/download-artifact-4.1.7 Bump actions/download-artifact from 1 to 4.1.7 in /.github/workflows
Eliminates the conditional check for '[focal]' in commit messages, ensuring the 'Create Source Distribution' job always runs regardless of commit message content.
Replaces deprecated actions/upload-artifact@v1 with actions/upload-artifact@v4 across all jobs in prcy-build-factory.yml for improved reliability and support.
Changed all GitHub Actions jobs in prcy-build-factory.yml to run on ubuntu-22.04 instead of ubuntu-20.04 for improved compatibility and support.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.