build: document BITCOIN_GENBUILD_NO_GIT environment variable? #31999

1. 
   fanquake commented at 3:24 pm on March 5, 2025: member

   This was ported from Autotools, however it’s entirely undocumented, so it’s unclear what we are trying to support, or why (and if we can just drop this entirely). It’d be good if it was documented, even just inline in the source: https://github.com/bitcoin/bitcoin/blob/36d4bd7fe326ba69e9372f8ddb3b12a3b5b36a3d/cmake/script/GenerateBuildInfo.cmake#L33 so it’s more clear what the use-case is.

   Note that as-of 29.x, the ways we distribute our source code will be via git clone, or using a tarball that was generated via git archive. So I guess that the usecase for BITCOIN_GENBUILD_NO_GIT is to build from a git clone, but ignore the available version info (why?), or to build from a tarball that has been extacted into a git repository where we might pick up some other git information? It’s unclear if this is an actual usecase.

2. fanquake added the label Build system on Mar 5, 2025
3. fanquake added this to the milestone 29.0 on Mar 5, 2025
4. 
   fanquake commented at 3:24 pm on March 5, 2025: member

   cc @hebasto
5. 
   luke-jr commented at 11:53 pm on March 5, 2025: member

   The intended use case is to avoid git trying to find a repo where there is none, which can trip security checks in some build systems as it looks in parent directories.
6. 
   fanquake commented at 8:26 am on March 6, 2025: member

   in some build systems

   Which build systems? This should be documented with a specific example, especially since it seems like an uncommon usecase/workflow.

7. 
   hebasto commented at 8:29 am on March 7, 2025: member

   FWIW, BITCOIN_GENBUILD_NO_GIT was introduced in #7522.
8. 
   hebasto commented at 8:33 am on March 7, 2025: member

   in some build systems

   Which build systems? This should be documented with a specific example, especially since it seems like an uncommon usecase/workflow.

   Gentoo, I assume: https://bugs.gentoo.org/476294.

9. 
   fanquake commented at 9:07 am on March 7, 2025: member

   Gentoo, I assume: https://bugs.gentoo.org/476294.

   Reading that thread, it’s not really clear. The last comment (7 years ago) suggests that there was no issue with 0.13.0, even though the fix from #7522 only went into 0.15.0? It’d be good if someone could demonstrate an issue today, with the current source code.

10. 
    luke-jr commented at 2:24 am on March 12, 2025: member

    The last comment (7 years ago) suggests that there was no issue with 0.13.0, even though the fix from #7522 only went into 0.15.0?

    Likely it was backported

    It’d be good if someone could demonstrate an issue today, with the current source code.

    0mkdir test
    1cd test
    2git init .
    3tar -xvpf /path/to/a/release/tarball.tar.gz
    4cd bitcoin-*
    5sandbox  # set up to complain about reads to /tmp/test/.git
    6# do whatever to build
    

    Note that /tmp is not a suitable place to run the test, as tools often assume it’s fine to access that in general, and sandbox doesn’t seem to have a way to allow /tmp but forbid subdirectories. By default, it also allows access to $HOME.

    Also note it’s not enough to deny read access to the adhoc .git, you need to have the access attempt trigger an alert or kill the process somehow.

11. 
    fanquake commented at 2:31 am on March 12, 2025: member

    set up to complain about reads to /tmp/test/.git you need to have the access attempt trigger an alert or kill the process somehow. do whatever to build

    Multiple of the steps here are “just do thing”, where it sounds like there isn’t actually a build issue in the default case. Please provide actual, full steps to reproduce (with a tarball, from current master).

Contributors
fanquake luke-jr hebasto

Labels
Build system

Milestone
29.0