guix: produce a -static-pie bitcoind #25573

pull fanquake wants to merge 11 commits into bitcoin:master from fanquake:fully_static_bitcoind changing 11 files +128 −23
  1. fanquake commented at 4:49 pm on July 8, 2022: member

    Use Guix to produce a -static-pie bitcoind using GCC 14.3.0 and glibc 2.42. Using glibc for static builds, would be less of a leap compared to switching to musl libc (POC in #23203).

    -static-pie

    Produce a static position independent executable on targets that support it. A static position independent executable is similar to a static executable, but can be loaded at any address without a dynamic linker.

    0# file bitcoind
1	ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, stripped
2
3# ldd bitcoind
4	statically linked

    x86_64-linux-gnu size comparison: master (a7e80676104b5c90c5b5e3bfab815d55a9061052) bitcoind is 15.35 megabytes. This PR (597b5296d3adc693001ce39626fe32b9545eb604) bitcoind is 17.45 megabytes.

  2. fanquake added the label Build system on Jul 8, 2022
  3. fanquake marked this as a draft on Jul 8, 2022
  4. DrahtBot commented at 10:29 pm on July 8, 2022: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/25573.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK dergoegge

    If your review is incorrectly listed, please copy-paste <!–meta-tag:bot-skip–> into the comment that the bot should ignore.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #33764 (ci: Add Windows + UCRT jobs for cross-compiling and native testing by hebasto)
    • #32764 (guix: Build for macOS using Clang only by hebasto)
    • #32162 (depends: Switch from multilib to platform-specific toolchains by hebasto)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  5. fanquake force-pushed on Jul 13, 2022
  6. fanquake commented at 5:46 pm on July 13, 2022: member
    Rebased, and made small changes to fixup the linter and improve the security/symbol checks.
  7. theuni commented at 9:00 pm on July 13, 2022: member

    This is amazing!

    Using glibc for static builds, would be less of a leap compared to switching to musl libc (POC in #23203).

    Hard agree. Static musl builds would be very cool but tricky to audit for parity and thus pretty unlikely to ever become official/supported imo. This is a MUCH more palatable change.

  8. fanquake force-pushed on Jul 14, 2022
  9. fanquake commented at 10:41 am on July 14, 2022: member

    Added an additional patch to disable building various features/libs in GCC that we don’t need. i.e libquadmath, libsanitizer, gcov, libada and native language support. This should speed up compiling GCC, and slightly reduces the size of the pthread patch. I’m not currently disabling these features via the available configure flags, because they get passed through to GMP, which cannot handle them.

    I’ve also updated -flto usage to be -flto=auto, as that seems to now be the preferred invocation, and it mitigates GCC warning output. i.e:

    0lto-wrapper: warning: using serial compilation of 84 LTRANS jobs
1lto-wrapper: note: see the '-flto' option documentation for more information

    I’ve also split the ELF PIE check into it’s own func, so we can special-case x86_64, and re-added the list of allowed ELF libs, but special-cased x86_64 to only pass if the list is empty.

  10. luke-jr commented at 5:00 pm on July 16, 2022: member
    How does this handle resolvers? eg, static glibc 2.33 applications break on systems with glibc 2.34…
  11. DrahtBot added the label Needs rebase on Jul 19, 2022
  12. fanquake force-pushed on Jul 19, 2022
  13. DrahtBot removed the label Needs rebase on Jul 19, 2022
  14. DrahtBot added the label Needs rebase on Jul 30, 2022
  15. Frank-GER commented at 4:47 pm on August 4, 2022: none

    Which OS did you build on?

    On Ubuntu 20.04 after build: file bitcoind bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, stripped

    Trying to run it, it crashes after seconds: addcon thread start Loading addresses from DNS seed dnsseed.emzy.de. bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL’ failed. Aborted (core dumped)

    Any ideas?

  16. fanquake commented at 8:05 am on August 5, 2022: member

    Which OS did you build on?

    The base OS shouldn’t matter, because the build is performed with Guix. However I’ve been performing these builds on Ubuntu 22.04.

    Any ideas?

    How did you actually build bitcoind? Something like HOSTS="x86_64-linux-gnu" ./contrib/guix/guix-build?

  17. fanquake force-pushed on Aug 5, 2022
  18. fanquake commented at 8:39 am on August 5, 2022: member
    Rebased on master. Added a commit to use LIEF master, which reduces the number of changes in our scripts, as support for -static-pie ELF binaries has been added: https://github.com/lief-project/LIEF/issues/747. Will switch to a new release when one is available.
  19. DrahtBot removed the label Needs rebase on Aug 5, 2022
  20. Frank-GER commented at 5:12 pm on August 5, 2022: none

    How did you actually build bitcoind? Something like HOSTS=“x86_64-linux-gnu” ./contrib/guix/guix-build?

    Yes, that’s what I used to build it. https://github.com/fanquake/bitcoin/commits/fully_static_bitcoind produces the exact same problem when building on Ubuntu 20.04

  21. fanquake commented at 5:32 pm on August 5, 2022: member

    https://github.com/fanquake/bitcoin/commits/fully_static_bitcoind produces the exact same problem when building on Ubuntu 20.04

    I have just re-tested building the changes here (ef0edd55f3bc1e3f229134ec7ecac632de52eea7), and this produces a -static-pie binary as expected:

    0guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    It’s not clear to me that you are actually running a Guix build.

  22. Frank-GER commented at 6:22 pm on August 5, 2022: none

    the build I was testing: ~/bitcoin/guix-build-caa066465973/distsrc-caa066465973-x86_64-linux-gnu/src$ file bitcoind bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    just building again, fresh cloned with commit ef0edd5 export HOSTS=‘x86_64-linux-gnu’ ./contrib/guix/guix-build

    $ file guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    $ ldd ./guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind statically linked

    $ ./bitcoind … 2022-08-05T19:10:46Z init message: Starting network threads… 2022-08-05T19:10:46Z net thread start 2022-08-05T19:10:46Z dnsseed thread start 2022-08-05T19:10:46Z Loading addresses from DNS seed seed.bitcoinstats.com. 2022-08-05T19:10:46Z opencon thread start 2022-08-05T19:10:46Z msghand thread start 2022-08-05T19:10:46Z addcon thread start 2022-08-05T19:10:46Z init message: Done loading bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL’ failed. Aborted (core dumped)

    build and run on Ubuntu 20.04 there is no other bitcoind on that OS

  23. Frank-GER commented at 2:27 pm on August 8, 2022: none

    building the same on Ubuntu 22.04: file guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    ldd guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind statically linked

    Running it on Ubuntu22 it works.

    Taking this bitcoind to Ubuntu 20 it shows: file ./bitcoind ./bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    and crashes with the above mentioned message: bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL’ failed. Aborted (core dumped)

    Checksums are the same for both builds (on Ubuntu 20 and 22) Ubuntu 20 sees it as dynamic linked, Ubuntu 22 as static-pie linked. On Ubuntu 20 it crashes, on Ubuntu 22 it works.

    Same bitcoind on Debian 10: file ./bitcoind ./bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped ldd ./bitcoind statically linked Gets past that point where it crashes on Ubuntu 20 and starts syncing

  24. fanquake force-pushed on Aug 24, 2022
  25. fanquake commented at 3:34 pm on August 24, 2022: member
    Pushed a number of changes, and rebased on master. Switched from glibc 2.35 to 2.36. Added infra for aarch64 -static-pie builds. More fine-grained / logical commits. Updated to the latest version of LIEF (master).
  26. fanquake force-pushed on Sep 5, 2022
  27. fanquake force-pushed on Sep 7, 2022
  28. DrahtBot added the label Needs rebase on Sep 13, 2022
  29. fanquake force-pushed on Sep 13, 2022
  30. fanquake removed the label Needs rebase on Sep 13, 2022
  31. fanquake force-pushed on Jan 13, 2023
  32. fanquake force-pushed on Jan 25, 2023
  33. DrahtBot added the label Needs rebase on Feb 17, 2023
  34. fanquake force-pushed on Feb 17, 2023
  35. fanquake force-pushed on Feb 17, 2023
  36. fanquake commented at 11:22 am on February 17, 2023: member
    Rebased past #27029.
  37. DrahtBot removed the label Needs rebase on Feb 17, 2023
  38. DrahtBot added the label Needs rebase on Mar 27, 2023
  39. fanquake force-pushed on Mar 27, 2023
  40. DrahtBot removed the label Needs rebase on Mar 27, 2023
  41. fanquake force-pushed on May 22, 2023
  42. DrahtBot added the label CI failed on May 30, 2023
  43. DrahtBot removed the label CI failed on May 31, 2023
  44. DrahtBot added the label Needs rebase on Jun 28, 2023
  45. fanquake force-pushed on Jun 30, 2023
  46. DrahtBot removed the label Needs rebase on Jun 30, 2023
  47. fanquake renamed this:
    [POC] guix: produce a fully -static-pie x86_64 bitcoind using GCC and glibc
    [POC] guix: produce a fully `-static-pie` bitcoind
    on Jul 27, 2023
  48. DrahtBot added the label Needs rebase on Aug 22, 2023
  49. fanquake force-pushed on Aug 23, 2023
  50. DrahtBot removed the label Needs rebase on Aug 23, 2023
  51. DrahtBot added the label CI failed on Aug 23, 2023
  52. DrahtBot added the label Needs rebase on Aug 24, 2023
  53. fanquake force-pushed on Aug 24, 2023
  54. DrahtBot removed the label Needs rebase on Aug 24, 2023
  55. DrahtBot removed the label CI failed on Aug 24, 2023
  56. fanquake force-pushed on Aug 26, 2023
  57. fanquake force-pushed on Aug 27, 2023
  58. fanquake force-pushed on Sep 8, 2023
  59. DrahtBot added the label Needs rebase on Nov 13, 2023
  60. fanquake force-pushed on Nov 13, 2023
  61. DrahtBot removed the label Needs rebase on Nov 13, 2023
  62. fanquake commented at 3:37 pm on November 27, 2023: member
    GCC now has -static-pie for RISC-V: https://gcc.gnu.org/pipermail/gcc-patches/2023-October/632219.html. Looks like support in glibc will also be available soon: https://sourceware.org/pipermail/libc-alpha/2023-October/152132.html.
  63. DrahtBot added the label CI failed on Jan 14, 2024
  64. fanquake commented at 9:57 am on January 15, 2024: member

    Looks like support in glibc will also be available soon: https://sourceware.org/pipermail/libc-alpha/2023-October/152132.html.

    This has now landed: https://sourceware.org/git/?p=glibc.git;a=commit;h=e0590f41fe1e7a54169e8f8828efe62b5064139e.

  65. DrahtBot added the label Needs rebase on Jan 16, 2024
  66. fanquake force-pushed on Jan 16, 2024
  67. DrahtBot removed the label Needs rebase on Jan 16, 2024
  68. DrahtBot removed the label CI failed on Jan 16, 2024
  69. fanquake force-pushed on Feb 16, 2024
  70. DrahtBot added the label CI failed on Feb 28, 2024
  71. DrahtBot removed the label CI failed on Mar 4, 2024
  72. DrahtBot added the label Needs rebase on Mar 14, 2024
  73. fanquake force-pushed on Mar 15, 2024
  74. fanquake commented at 5:17 pm on March 15, 2024: member
    Rebased. Simplified somewhat. Switched to GCC 13.2.0 and glibc 2.39.
  75. DrahtBot removed the label Needs rebase on Mar 15, 2024
  76. DrahtBot added the label Needs rebase on Mar 26, 2024
  77. fanquake force-pushed on Mar 26, 2024
  78. DrahtBot removed the label Needs rebase on Mar 26, 2024
  79. fanquake force-pushed on Apr 15, 2024
  80. DrahtBot added the label Needs rebase on Apr 17, 2024
  81. fanquake force-pushed on May 2, 2024
  82. DrahtBot removed the label Needs rebase on May 2, 2024
  83. DrahtBot commented at 5:22 am on May 2, 2024: contributor

    🚧 At least one of the CI tasks failed. Make sure to run all tests locally, according to the documentation.

    Possibly this is due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

    Leave a comment here, if you need help tracking down a confusing failure.

    Debug: https://github.com/bitcoin/bitcoin/runs/24492691529

  84. DrahtBot added the label CI failed on May 2, 2024
  85. DrahtBot added the label Needs rebase on Jun 8, 2024
  86. fanquake force-pushed on Jul 1, 2024
  87. fanquake force-pushed on Jul 1, 2024
  88. DrahtBot removed the label Needs rebase on Jul 1, 2024
  89. DrahtBot removed the label CI failed on Jul 1, 2024
  90. DrahtBot added the label CI failed on Jul 15, 2024
  91. DrahtBot removed the label CI failed on Jul 20, 2024
  92. fanquake force-pushed on Jul 25, 2024
  93. DrahtBot added the label Needs rebase on Aug 28, 2024
  94. fanquake force-pushed on Aug 28, 2024
  95. DrahtBot removed the label Needs rebase on Aug 28, 2024
  96. fanquake force-pushed on Sep 19, 2024
  97. DrahtBot added the label Needs rebase on Dec 20, 2024
  98. fanquake force-pushed on Jan 20, 2025
  99. DrahtBot removed the label Needs rebase on Jan 20, 2025
  100. fanquake force-pushed on Feb 5, 2025
  101. DrahtBot added the label CI failed on Feb 5, 2025
  102. DrahtBot removed the label CI failed on Feb 5, 2025
  103. fanquake force-pushed on Feb 12, 2025
  104. DrahtBot added the label CI failed on Feb 12, 2025
  105. DrahtBot added the label Needs rebase on Feb 19, 2025
  106. fanquake force-pushed on Feb 19, 2025
  107. DrahtBot removed the label Needs rebase on Feb 19, 2025
  108. DrahtBot removed the label CI failed on Feb 19, 2025
  109. fanquake force-pushed on Feb 27, 2025
  110. fanquake force-pushed on Mar 12, 2025
  111. fanquake force-pushed on Mar 20, 2025
  112. fanquake force-pushed on Apr 11, 2025
  113. DrahtBot added the label Needs rebase on May 12, 2025
  114. fanquake force-pushed on May 12, 2025
  115. DrahtBot removed the label Needs rebase on May 12, 2025
  116. fanquake force-pushed on May 14, 2025
  117. fanquake force-pushed on May 14, 2025
  118. DrahtBot added the label Needs rebase on May 27, 2025
  119. fanquake force-pushed on May 28, 2025
  120. DrahtBot removed the label Needs rebase on May 28, 2025
  121. DrahtBot added the label Needs rebase on Jun 11, 2025
  122. fanquake force-pushed on Jun 11, 2025
  123. DrahtBot removed the label Needs rebase on Jun 11, 2025
  124. achow101 requested review from theuni on Oct 22, 2025
  125. achow101 requested review from willcl-ark on Oct 22, 2025
  126. dergoegge commented at 3:08 pm on October 22, 2025: member
    Concept ACK
  127. achow101 requested review from m3dwards on Oct 22, 2025
  128. fanquake force-pushed on Oct 28, 2025
  129. fanquake force-pushed on Oct 28, 2025
  130. willcl-ark referenced this in commit 0074e4aa14 on Oct 28, 2025
  131. willcl-ark referenced this in commit 3f8848d5d2 on Oct 28, 2025
  132. willcl-ark referenced this in commit 1944d38c16 on Oct 29, 2025
  133. willcl-ark referenced this in commit 11ca259f4d on Oct 29, 2025
  134. willcl-ark referenced this in commit 0430ebf3a8 on Oct 29, 2025
  135. willcl-ark referenced this in commit cbe8ae4b33 on Oct 29, 2025
  136. willcl-ark referenced this in commit 1146ab21ac on Oct 29, 2025
  137. fanquake force-pushed on Oct 29, 2025
  138. fanquake force-pushed on Oct 29, 2025
  139. fanquake referenced this in commit be853e9f7a on Nov 3, 2025
  140. fanquake referenced this in commit 9bcdd81636 on Nov 4, 2025
  141. fanquake referenced this in commit 701fb7c8e2 on Nov 4, 2025
  142. fanquake force-pushed on Nov 4, 2025
  143. fanquake referenced this in commit 5c41fa2918 on Nov 4, 2025
  144. fanquake referenced this in commit ffd7ca3c46 on Nov 5, 2025
  145. fanquake referenced this in commit 8649f7dcf7 on Nov 5, 2025
  146. fanquake force-pushed on Nov 5, 2025
  147. DrahtBot added the label CI failed on Nov 5, 2025
  148. fanquake force-pushed on Nov 5, 2025
  149. DrahtBot removed the label CI failed on Nov 5, 2025
  150. fanquake referenced this in commit 5b51244f21 on Nov 6, 2025
  151. fanquake force-pushed on Nov 6, 2025
  152. fanquake renamed this:
    [POC] guix: produce a fully `-static-pie` bitcoind
    guix: produce a fully `-static-pie` bitcoind
    on Nov 6, 2025
  153. fanquake renamed this:
    guix: produce a fully `-static-pie` bitcoind
    guix: produce a `-static-pie` bitcoind
    on Nov 6, 2025
  154. fanquake referenced this in commit a6417a24f6 on Nov 7, 2025
  155. m3dwards commented at 4:38 pm on November 7, 2025: contributor

    This is very cool.

    Have I got the potential trade-offs correct here?

    Positives:

    • More portable - especially running a modern binary on an older linux
    • Enable very small docker images

    Downsides:

    • Static glibc can struggle with resolvers and locale (although I don’t think locale is an issue here) potentially undermining the portability benefit. I don’t know if --enable-static-nss solves this? But as referenced in this line it’s been broken for a long time.
    • Binary would be bigger
  156. fanquake referenced this in commit 6efb234510 on Nov 10, 2025
  157. fanquake referenced this in commit ce204ecace on Nov 10, 2025
  158. fanquake referenced this in commit 746c540845 on Nov 11, 2025
  159. fanquake referenced this in commit 4568773763 on Nov 11, 2025
  160. fanquake force-pushed on Nov 11, 2025
  161. fanquake commented at 12:20 pm on November 11, 2025: member

    Binary would be bigger

    Yes ~2mb. I’ve added a comparison of bitcoind size for master vs this change, to the PR description.

  162. fanquake referenced this in commit 0716bb53f0 on Nov 11, 2025
  163. fanquake referenced this in commit 94b5b3816c on Nov 11, 2025
  164. fanquake referenced this in commit 86fffd9380 on Nov 12, 2025
  165. fanquake referenced this in commit 2b6e451075 on Nov 12, 2025
  166. fanquake force-pushed on Nov 12, 2025
  167. fanquake referenced this in commit e40362b4ff on Nov 13, 2025
  168. fanquake referenced this in commit 81be7e5bef on Nov 14, 2025
  169. fanquake referenced this in commit ce6769c0e3 on Nov 14, 2025
  170. fanquake referenced this in commit 26c6dd1ca5 on Nov 14, 2025
  171. fanquake force-pushed on Nov 14, 2025
  172. DrahtBot added the label Needs rebase on Nov 17, 2025
  173. fanquake referenced this in commit 680f587b10 on Nov 17, 2025
  174. fanquake force-pushed on Nov 17, 2025
  175. willcl-ark commented at 12:35 pm on November 17, 2025: member

    ;; –enable-static-nss isn’t used yet, because it has been broken ;; since 2.33: https://sourceware.org/bugzilla/show_bug.cgi?id=27959.

    What are the exact implications of this? I guix-built this branch and loaded it into a scratch docker container and the dns seeds were connected to and loaded fine. Is this coming from my host system perhaps, even inside a scratch container?

    I also tested the binary on alpine and it appeared to “fallback” to using libnss without issue…

  176. fanquake referenced this in commit f21d5bd923 on Nov 17, 2025
  177. DrahtBot removed the label Needs rebase on Nov 17, 2025
  178. fanquake referenced this in commit 59304910cb on Nov 17, 2025
  179. willcl-ark commented at 11:48 am on November 18, 2025: member

    ;; –enable-static-nss isn’t used yet, because it has been broken ;; since 2.33: sourceware.org/bugzilla/show_bug.cgi?id=27959.

    What are the exact implications of this? I guix-built this branch and loaded it into a scratch docker container and the dns seeds were connected to and loaded fine. Is this coming from my host system perhaps, even inside a scratch container?

    I also tested the binary on alpine and it appeared to “fallback” to using libnss without issue…

    Some additional context. When run in an alpine container with strace I see:

     0x86_64-linux-gnu/bitcoin-84d3c4d14e70/bin on  pr-25573 [$] via ❄️  impure (nix-shell-env) took 2s
 1❯ docker run --rm -it \
 2        -v "$PWD/bitcoind:/bitcoind:ro" \
 3        --entrypoint=sh \
 4        alpine \
 5        -lc 'apk add --no-cache strace >/dev/null && strace -f -e trace=%file /bitcoind'
 6        
 7<snip>
 8
 92025-11-18T11:40:10Z dnsseed thread start
10strace: Process 52 attached
112025-11-18T11:40:10Z Loading addresses from DNS seed dnsseed.bluematt.me.
12strace: Process 53 attached
132025-11-18T11:40:10Z init message: Done loading
142025-11-18T11:40:10Z opencon thread start
152025-11-18T11:40:10Z addcon thread start
16[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
17[pid    50] openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC2025-11-18T11:40:10Z msghand thread start
18) = -1 ENOENT (No such file or directory)
19[pid    50] openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 27
20[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
21[pid    50] newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
22[pid    50] openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 27
23[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
24[pid    50] openat(AT_FDCWD, "/etc/gai.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
252025-11-18T11:40:10Z Loading addresses from DNS seed dnsseed.emzy.de.
26[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
27[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
28[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
292025-11-18T11:40:10Z Loading addresses from DNS seed seed.bitcoin.sipa.be.
30[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
31[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
32[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
332025-11-18T11:40:10Z Loading addresses from DNS seed seed.bitcoin.jonasschnelli.ch.
34[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
35[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
36[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
372025-11-18T11:40:10Z Loading addresses from DNS seed seed.mainnet.achownodes.xyz.
38[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
39[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
40[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
412025-11-18T11:40:10Z Loading addresses from DNS seed seed.bitcoin.sprovoost.nl.
42[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
43[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
44[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
452025-11-18T11:40:10Z Loading addresses from DNS seed dnsseed.bitcoin.dashjr-list-of-p2p-nodes.us.
46[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
47[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
48[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
492025-11-18T11:40:10Z Loading addresses from DNS seed seed.bitcoin.wiz.biz.
50[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
51[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
52[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
532025-11-18T11:40:10Z Loading addresses from DNS seed seed.btc.petertodd.net.
54[pid    50] newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=252, ...}, 0) = 0
55[pid    50] newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=205, ...}, 0) = 0
56[pid    50] openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 27
572025-11-18T11:40:10Z 203 addresses found from DNS seeds
582025-11-18T11:40:10Z dnsseed thread exit

    When run on my NixOS host I see:

     0x86_64-linux-gnu/bitcoin-84d3c4d14e70/bin on  pr-25573 [$] via ❄️  impure (nix-shell-env) took 11s
 1❯ strace -f \
 2        -e trace=open,openat,stat,statx,access,readlink \
 3        ./bitcoind -datadir=/tmp/b1 -daemon=0 2>&1 | grep -i 'libnss'
 4[pid 930543] openat(AT_FDCWD, "/nix/store/khwsqzc1s0b92y3l695g95f4773lb2h1-capnproto-1.2.0/lib/libnss_mymachines.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
 5[pid 930543] openat(AT_FDCWD, "/gnu/store/hhrsk659w4k3zs0bin6i4q1lnbr4zxx0-glibc-cross-x86_64-linux-gnu-2.42/lib/libnss_mymachines.so.2", O_RDONLY|O_CLOEXECstrace: Process 930545 attached
 6[pid 930543] openat(AT_FDCWD, "/nix/store/khwsqzc1s0b92y3l695g95f4773lb2h1-capnproto-1.2.0/lib/libnss_mdns4_minimal.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
 7[pid 930543] openat(AT_FDCWD, "/gnu/store/hhrsk659w4k3zs0bin6i4q1lnbr4zxx0-glibc-cross-x86_64-linux-gnu-2.42/lib/libnss_mdns4_minimal.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
 8[pid 930543] openat(AT_FDCWD, "/nix/store/khwsqzc1s0b92y3l695g95f4773lb2h1-capnproto-1.2.0/lib/libnss_myhostname.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
 9[pid 930543] openat(AT_FDCWD, "/gnu/store/hhrsk659w4k3zs0bin6i4q1lnbr4zxx0-glibc-cross-x86_64-linux-gnu-2.42/lib/libnss_myhostname.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
10^C⏎

    Both succeed in retrieving DNS seed addresses.

  180. willcl-ark commented at 2:48 pm on November 18, 2025: member

    Ah OK I think I might understand better now. Both systems I tested on include files and dns backends as part of nsswitch.conf (line starting with hosts: ):

     0# alpine Container
 1
 2x86_64-linux-gnu/bitcoin-84d3c4d14e70/bin on  pr-25573 [$] via ❄️  impure (nix-shell-env)
 3❯ cat /etc/nsswitch.conf
 4passwd:    files systemd
 5group:     files [success=merge] systemd
 6shadow:    files systemd
 7sudoers:   files
 8
 9hosts:     mymachines mdns4_minimal [NOTFOUND=return] files myhostname dns mdns4
10networks:  files
11
12ethers:    files
13services:  files
14protocols: files
15rpc:       files
16
17# NixOS host
18
19x86_64-linux-gnu/bitcoin-84d3c4d14e70/bin on  pr-25573 [$] via ❄️  impure (nix-shell-env)
20❯ docker run --rm -it --entrypoint=sh alpine -lc 'cat /etc/nsswitch.conf'
21# musl itself does not support NSS, however some third-party DNS
22# implementations use the nsswitch.conf file to determine what
23# policy to follow.
24# Editing this file is not recommended.
25hosts: files dns

    …and these backends are actually baked into a static glibc, which allows it to succeed in lookups.

    The (failed) dlopen calls on my Nix host are because my system nsswitch.conf includes extra backends which we try to open the lib for, but fail.

    So it seems to be that --enable-static-nss must be for “statically linking extra lookup backends in” in addition to the baked in defaults.

    If my understanding here is correct, then it seems totally fine to proceed without static nss enabled (while it is broken), as it doesn’t break our basic DNS lookup functionality at all, and at worst results in some failing dlopen trys.

  181. fanquake referenced this in commit 5b4c9a1b3b on Nov 19, 2025
  182. fanquake referenced this in commit 9351c2be9b on Nov 20, 2025
  183. fanquake referenced this in commit 61a8f3840a on Nov 20, 2025
  184. fanquake referenced this in commit 23c1c4636d on Nov 25, 2025
  185. fanquake referenced this in commit c767125efa on Nov 25, 2025
  186. fanquake referenced this in commit 19cb502045 on Nov 25, 2025
  187. fanquake referenced this in commit 0ee5642048 on Nov 25, 2025
  188. guix: disable building libgomp in GCC 
    Prunes:
libgomp.a
libgomp.la
libgomp.so
libgomp.so.1
libgomp.so.1.0.0
libgomp.spec
    2eded23c15
  189. guix: disable libquadmath in GCC 
    Prunes:
libquadmath.a
libquadmath.la
libquadmath.so
libquadmath.so.0
libquadmath.so.0.0.0
    73682f8cf6
  190. guix: build GCC with --enable-host-bind-now 1a8302c470
  191. guix: use GCC 14.3.0 over 13.3.0 
    This will eventually be needed for #25573, and could be useful
for #30210.
    7a9020d4cc
  192. ci: migrate some jobs to Debian Trixie, use GCC 14 b6a9fb8f05
  193. guix: add glibc 2.42 
    https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.42/master
    3f1a2cbb6f
  194. guix: check for fortified functions in all symbols 
    -static-pie bins will not have any imported functions.
    3cf8ec27e8
  195. guix: build x86_64-linux bitcoind fully statically 
    -static-pie
Produce a static position independent executable on targets that support it.
A static position independent executable is similar to a static executable,
but can be loaded at any address without a dynamic linker.

See https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html
    4399a884e6
  196. guix: build aarch64-linux bitcoind fully statically 1530bb112c
  197. guix: build riscv64-linux bitcoin fully statically 25706eeae8
  198. [nomerge] guix: NO_QT=1 fb73b54670
  199. fanquake force-pushed on Nov 26, 2025


fanquake DrahtBot theuni luke-jr Frank-GER dergoegge m3dwards willcl-ark


theuni m3dwards willcl-ark

Labels
Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-27 00:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me