From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carl Dong Subject: Bootstrappable bitcoin release builds with Guix Date: Tue, 09 Apr 2019 15:03:38 +0000 Message-ID: Reply-To: Carl Dong Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:55636) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hDsHx-0006Xq-HP for help-guix@gnu.org; Tue, 09 Apr 2019 11:03:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hDsHw-0001os-8l for help-guix@gnu.org; Tue, 09 Apr 2019 11:03:53 -0400 Received: from mail-40132.protonmail.ch ([185.70.40.132]:56720) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hDsHv-0001hC-PL for help-guix@gnu.org; Tue, 09 Apr 2019 11:03:52 -0400 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: "help-guix@gnu.org" Hi all, I've been on a quest to use Guix for Bitcoin Core's reproducible builds as = I believe that Guix's focus on bootstrappability, and Guile's simplicity and flexibility are very desirable qualities in building an auditable, secure, = and reliable build process. My pull request (very short thanks to Guix's infrastructure) can be found here: https://github.com/bitcoin/bitcoin/pull/15277/files I've submitted patches for the Guix bitcoin-core package to make it reproducible, which seems to work fine. However, for easier acceptance into= the bitcoin core process, I need to produce tarballs like the ones we have on o= ur servers today: https://bitcoincore.org/bin/bitcoin-core-0.17.1/ For some context, we have a "mini-guix" of sorts seen in our "depends tree" here: https://github.com/bitcoin/bitcoin/tree/master/depends. This builds a= ll the dependencies for bitcoin just the way we want them, in preparation for getting linked into bitcoin itself. My current approach for the build process is to produce a Guix container in which I execute a build of our "depends tree" followed by a build of bitcoi= n itself. See the Guix manifest and scripts here: https://github.com/bitcoin/bitcoin/pull/15277/files However, there were three hiccups that I had to hack my way around: 1. libstdc++ would not link statically even with "-static-libstdc++". The h= ack was to remove the .la file under $LIBRARY_PATH. 2. Upon inspection of the binaries produced at the end of this process, the= y all had rpaths. The hack was to use patchelf --remove-rpath on them. 3. Upon inspection of the binaries produced at the end of this process, the= ir interpreters all had a `/gnu/store/blahblah-glibc-2.28' prefix. The hack= was to use patchelf --set-interpreter on them. My questions are: 1. Is there a way to avoid the hacks that I listed above? I understand that= it might mean writing custom gcc packages and I'm 100% okay with that. 2. Is there an easier way of achieving the same thing? Thank you all in advance for helping with this, and I hope that we'll see boostrappable Guix release builds of bitcoin very soon! Cheers, Carl Dong contact@carldong.me "I fight for the users"