build: add a depends dependency provider #32595

1. 
   willcl-ark commented at 9:25 pm on May 22, 2025: member

   Fixes: #32428

   This PR adds a dependency provider to depends builds.

   A dependency provider allows overriding of cmake’s find_package() therefore giving total control over where dependencies come from in a build.

   This achieves two things:

   1. Provides stronger guarantees about where dependencies come from during a (depends) build; i.e. only from depends.
   2. Fixes issues like a non-standard CMAKE_PREFIX_PATH breaking builds (i.e. 32428)
2. 
   DrahtBot commented at 9:25 pm on May 22, 2025: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Code Coverage & Benchmarks

   For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32595.

   Reviews

   See the guideline for information on the review process. A summary of reviews will appear here.

3. DrahtBot added the label Build system on May 22, 2025
4. 
   willcl-ark commented at 9:28 pm on May 22, 2025: member

   Opened in draft for feedback on approach.

   There is also a bypass for the boost package (in cmake/module/AddBoostIfNeeded.cmake) which I’d like to get working with the dependency provider ideally.

   Note that this also bumps the minimum cmake version to 3.24.

5. willcl-ark requested review from josibake on May 22, 2025
6. 
   hebasto commented at 9:29 pm on May 22, 2025: member

   cc @purpleKarrot
7. 
   fanquake commented at 9:42 pm on May 22, 2025: member

   Provides stronger guarantees about where dependencies come from during a (depends) build; i.e. only from depends.

   Can you elaborate on this? Currently, CMake configured with a depends toolchain, should never look outside depends (doing so would be a bug). What are the stronger guarantees?

8. 
   willcl-ark commented at 10:37 pm on May 22, 2025: member

   Provides stronger guarantees about where dependencies come from during a (depends) build; i.e. only from depends.

   Can you elaborate on this? Currently, CMake configured with a depends toolchain, should never look outside depends (doing so would be a bug). What are the stronger guarantees?

   Right, perhaps I didn’t use the best wording here.

   When using the toolchain I have not found us pulling in extraneous deps from outside of depends, but have encountered us missing dependencies from inside of depends, e.g. in my original issue.

   By using a dependency provider and intercepting calls to find_package(), as I understand it, we are getting even more control over which packages can be found than when using the toolchain.

   This is what I termed “stronger guarantees”, perhaps misleadingly!

9. DrahtBot added the label CI failed on May 22, 2025
10. 
    willcl-ark commented at 9:39 am on May 23, 2025: member

    The windows job fails as currently we activate the dependency provider automatically based on whether a(ny) toolchain is in use.

    This works fine for depends, but doesn’t make sense on windows where the vcpkg toolchain is used, without depends.

    The idea for doing it this way was to try and avoid users having to pass two flags in order to build from depends – a toolchain and a dependency-provider – but perhaps this is necessary after all…

    I do recall reading somewhere in cmake docs that choice of dependency provider should always be left to the user too, so I suppose doing it this way would fit with that.

11. build: add a depends dependency provider 04bdd0b034
12. build: use dependency provider when building depends 7bdf1af8f3
13. willcl-ark force-pushed on May 23, 2025
14. 
    willcl-ark commented at 12:24 pm on May 23, 2025: member

    Pushed an update which now only activates the dependency provider when using the depends toolchain.

    This will hopefully appease the windows CI job, as well as making more sense in general and being more expected behaviour.

Contributors
willcl-ark DrahtBot hebasto fanquake

Review Requested
josibake

Labels
Build system CI failed