build: Remove CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD

151henry151 commented at 10:35 pm on August 23, 2025: contributor

Remove CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD_RPATH settings that are no longer needed after reordering the Guix build script to perform binary checks after installation.

This PR also removes the unused CMake maintenance targets (check-security and check-symbols) and updates the Guix security checks to include binaries in the libexec/ directory (added in PR #31679).

DrahtBot added the label Build system on Aug 23, 2025

DrahtBot commented at 10:35 pm on August 23, 2025: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33247.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	hebasto, purpleKarrot
Stale ACK	janb84

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

No conflicts as of last run.

DrahtBot added the label CI failed on Aug 23, 2025

DrahtBot removed the label CI failed on Aug 23, 2025

hebasto commented at 7:15 am on August 24, 2025: member

This is my first attempt at contributing to bitcoin core so please, provide me any feedback that you might have. Thanks!

Thank you for your interest in contributing to this project!

The changes you are referring to as completed, i.e. “reordering Guix script commands to perform binary checks after the installation step”, have not actually been done yet. See contrib/guix/libexec/build.sh, from line 251 onwards.

151henry151 commented at 2:14 pm on August 24, 2025: contributor

This is my first attempt at contributing to bitcoin core so please, provide me any feedback that you might have. Thanks!

Thank you for your interest in contributing to this project!

The changes you are referring to as completed, i.e. “reordering Guix script commands to perform binary checks after the installation step”, have not actually been done yet. See contrib/guix/libexec/build.sh, from line 251 onwards.

Thanks for your helpful reply @hebasto. I’ve pushed another commit attempting to perform the actual reordering of the Guix script commands to perform those checks after the installation step; I tested it locally and it seemed to build successfully, hope I got the right idea here.

hebasto commented at 2:17 pm on August 24, 2025: member

In a02723427f5f0b142a6ef97b92df093e00ad6004, all checks are still performed on the binaries in the build tree, whereas they are supposed to be performed on the binaries in the installation location.

hebasto commented at 2:22 pm on August 24, 2025: member

… I tested it locally and it seemed to build successfully…

When a developer tests changes in the Guix scripts locally, they usually posts the resulting binary hashes. For example, as in #33217#pullrequestreview-3142128074.

151henry151 commented at 2:26 pm on August 24, 2025: contributor

Thanks for the feedback hebasto, I’ll continue working on this

Conflicts

Reviewers, this pull request conflicts with the following ones:
* [#32380](https://github.com/bitcoin/bitcoin/pull/32380) (Modernize use of UTF-8 in Windows code by hebasto)

The conflict resolves easily by keeping both changes.

janb84 commented at 3:18 pm on August 24, 2025: contributor

This is my first attempt at contributing to bitcoin core so please, provide me any feedback that you might have. Thanks!

Welcome, please also change this message for a description of the changes made in this PR. Helpful tips are in creating-the-pull-request

151henry151 commented at 3:23 pm on August 24, 2025: contributor

In a027234, all checks are still performed on the binaries in the build tree, whereas they are supposed to be performed on the binaries in the installation location.

Thanks for the feedback.

The previous change moved checks after installation but was still using cmake –build targets which check build tree binaries. I’ve now fixed this to directly call the security and symbol check scripts on the installed binaries in ${INSTALLPATH}/bin/, ensuring checks are performed on the final installed binaries with proper RPATHs.

When a developer tests changes in the Guix scripts locally, they usually posts the resulting binary hashes. For example, as in #33217#pullrequestreview-3142128074.

I’m currently running a full Guix build locally to generate the binary hashes. The build is in progress and I’ll post the resulting hashes once it completes.

151henry151 commented at 1:10 am on August 25, 2025: contributor

My Guix build resulting binary hashes:

075d4eb10b95a64c595ee1ddf31d3c1e0086958a1ae3d64f9e2bbc4930cd88366  dist-archive/bitcoin-e922e27a2ecd.tar.gz
1
2f7d2d6cd820561229ab5fa476c06484ced81a1fa8b90d2fbbd7a82fa915aa956  x86_64-linux-gnu/bitcoin-e922e27a2ecd-x86_64-linux-gnu-debug.tar.gz
3
4df24c2269cf96dbf011692fbc0b21dab7786abd43dbb82e4351f0117e95169e5  x86_64-linux-gnu/bitcoin-e922e27a2ecd-x86_64-linux-gnu.tar.gz

in CMakeLists.txt:621 in e922e27a2e outdated

617@@ -618,17 +618,16 @@ if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.29)
618   set(CMAKE_SKIP_TEST_ALL_DEPENDENCY FALSE)
619 endif()
620 
621-# TODO: The `CMAKE_SKIP_BUILD_RPATH` variable setting can be deleted
622-#       in the future after reordering Guix script commands to
623-#       perform binary checks after the installation step.
624+# TODO: The `CMAKE_SKIP_BUILD_RPATH` variable setting has been removed

janb84 commented at 7:53 am on August 25, 2025:

If the TODO is solved than there is no more TO DO. Please remove the todo or reword it what is still left to do.

151henry151 commented at 12:45 pm on August 25, 2025:

I clicked commit suggestion too quickly – It looks a bit like a comment was cut in half there. Would we want to remove the additional lines of the TODO as well, or rephrase them as comments?

151henry151 commented at 2:13 pm on August 25, 2025:

Looking at this more closely, the answer was clear and so I removed the additional lines of the TODO as well.

purpleKarrot commented at 7:41 am on September 3, 2025:

You modify the TODO in one commit and then delete it in another. You way want to rewrite the git history so that the todo is removed directly.

maflcko commented at 10:59 am on August 25, 2025: member

Please squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

151henry151 commented at 10:59 am on August 25, 2025: contributor

Would it be better to leave the comments there and simply remove the TODO tag? It looks a bit like a comment was cut in half there, but perhaps adding back in the The `CMAKE_SKIP_BUILD_RPATH` variable setting has been removed Would be better than removing the rest of that information. What do you think?

151henry151 force-pushed on Aug 25, 2025

maflcko added the label DrahtBot Guix build requested on Aug 28, 2025

151henry151 force-pushed on Aug 29, 2025

151henry151 commented at 5:34 am on August 29, 2025: contributor

There was a TODO still in the src/CMakeLists.txt file; I cleaned it up and squashed the commits just now and think that it is now all correct.

DrahtBot commented at 6:56 am on August 29, 2025: contributor

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

File	commit 6ca6f3b37b992591726bd13b494369bee3bd6468(master)	commit 1ac12bc409e0570cefc640fcac1fe13edfa98a92(pull/33247/merge)
*-aarch64-linux-gnu-debug.tar.gz	`abcc0baac5e7b752...`	`8ce308bbc579ad49...`
*-aarch64-linux-gnu.tar.gz	`4a8653178ccbdddb...`	`ed54dfe44406b72a...`
*-arm-linux-gnueabihf-debug.tar.gz	`95d3d74d5682c24a...`	`86d72da5723c7b7d...`
*-arm-linux-gnueabihf.tar.gz	`e25759641901b072...`	`d53eee042815730f...`
*-arm64-apple-darwin-codesigning.tar.gz	`366f30df86e875e8...`	`9aee1e5a66c0b9d5...`
*-arm64-apple-darwin-unsigned.tar.gz	`1c83672238b93111...`	`e07f9aec2228734e...`
*-arm64-apple-darwin-unsigned.zip	`ad51645f12fb5dc7...`	`87aa37bf869b5b55...`
*-powerpc64-linux-gnu-debug.tar.gz	`df430f763352d69c...`	`39f3f3ebb73204d8...`
*-powerpc64-linux-gnu.tar.gz	`7dd5cbe718652deb...`	`0e6ef9dea9eeafd2...`
*-riscv64-linux-gnu-debug.tar.gz	`d258d893caa4d9b7...`	`48ad366e15a9c433...`
*-riscv64-linux-gnu.tar.gz	`3f182eee5fd9c395...`	`48cf7092c537d8cd...`
*-x86_64-apple-darwin-codesigning.tar.gz	`3998753c28bfa555...`	`7397d894c9cabe8c...`
*-x86_64-apple-darwin-unsigned.tar.gz	`b4474a38f90d8d72...`	`147d8db165c37ccd...`
*-x86_64-apple-darwin-unsigned.zip	`6028f331e23a3f0f...`	`60a73a9684ce8e1d...`
*-x86_64-linux-gnu-debug.tar.gz	`881ca6a16e6f2ac5...`	`b55f8fb6ec93d54b...`
*-x86_64-linux-gnu.tar.gz	`01fc4a45eb400557...`	`0aac741f62f5299c...`
*.tar.gz	`0711f5eb93cb4d47...`	`0191779babb2b28f...`
SHA256SUMS.part	`1801e58d5cf74ae8...`	`beb6ef46d809ac3d...`
guix_build.log	`cbdad833bb02e563...`	`b87aee0c1d625b91...`
guix_build.log.diff		`b3dfe2faa87aaa23...`

DrahtBot removed the label DrahtBot Guix build requested on Aug 29, 2025

151henry151 commented at 3:53 pm on September 1, 2025: contributor

Is there anything further required here? I understand that review for pull requests can take a long time (especially for non-critical things such as this one) but just wanted to check in and see if there’s further action needed from me, or anything about this pull request that I could improve.

in contrib/guix/libexec/build.sh:283 in 49c468860f outdated

276@@ -282,6 +277,14 @@ mkdir -p "$DISTSRC"
277             ;;
278     esac
279 
280+    # Perform basic security checks on INSTALLED executables.
281+    # These checks now happen after installation, so RPATHs point to final locations.
282+    echo "Checking binary security on installed executables..."
283+    python3 "${DISTSRC}/contrib/guix/security-check.py" "${INSTALLPATH}/bin/"*

fanquake commented at 4:01 pm on September 1, 2025:

If we’re going to call the scripts directly, then you should remove the targets from cmake, as there’s no point having them, if they aren’t used in the Guix build.

151henry151 commented at 5:31 pm on September 1, 2025:

If we’re going to call the scripts directly, then you should remove the targets from cmake, as there’s no point having them, if they aren’t used in the Guix build.

Thanks @fanquake – I believe I’ve correctly removed the targets from cmake now in commit ef5dd15309f9. The Guix build hashes:

0b7775f39fab10c11713ca7bf38a8cac48a143a9478999ee64b927ea9c5040245  bitcoin-ef5dd15309f9.tar.gz
1e79d2bd8072a459eb75db8ef06f41a5dd9128ad63ca308cdf7c57c39670eb99f  bitcoin-ef5dd15309f9-x86_64-linux-gnu.tar.gz
2c734a7ff8f5552c70a703872df416b24bf705c72a9f77d9f81276715409e0a4c  bitcoin-ef5dd15309f9-x86_64-linux-gnu-debug.tar.gz

janb84 commented at 6:35 pm on September 18, 2025:

NIT: This only covers 1 of the 2 binary locations, nowadays we also have libexec should this not also be checked ?

151henry151 commented at 9:52 pm on September 19, 2025:

Thanks for the suggestion! I think I’ve addressed this correctly in 07027af – built for linux successfully; here’s my GUIX build hashes:

04ed2d3dfe075bf5f98042bfe2165d858a4913b6933c8098e52cf607fbe76c84b  x86_64-linux-gnu/bitcoin-07027afa155f-x86_64-linux-gnu-debug.tar.gz
17b11bd93f10a37554fffd6128ede1a47585348ad8d12687b39f7e7d4f0b144f8  x86_64-linux-gnu/bitcoin-07027afa155f-x86_64-linux-gnu.tar.gz

in src/CMakeLists.txt:415 in 7f312e4d7e outdated

409@@ -410,14 +410,13 @@ if(BUILD_UTIL_CHAINSTATE)
410   add_executable(bitcoin-chainstate
411     bitcoin-chainstate.cpp
412   )
413-  # TODO: The `SKIP_BUILD_RPATH` property setting can be deleted
414-  #       in the future after reordering Guix script commands to
415-  #       perform binary checks after the installation step.
416+  # TODO: The `SKIP_BUILD_RPATH` property setting has been removed
417+  #       after reordering Guix script commands to perform binary checks
418+  #       after the installation step.

purpleKarrot commented at 7:42 am on September 3, 2025:

Same here. You modify the TODO in one commit and then delete it in the next one. Just delete it directly.

151henry151 commented at 0:02 am on September 4, 2025:

I believe this has already been addressed by squashing the relevant commits.

in src/CMakeLists.txt:420 in 7f312e4d7e outdated

419   # Relevant discussions:
420   # - https://github.com/hebasto/bitcoin/pull/236#issuecomment-2183120953
421   # - https://github.com/bitcoin/bitcoin/pull/30312#issuecomment-2191235833
422   set_target_properties(bitcoin-chainstate PROPERTIES
423-    SKIP_BUILD_RPATH OFF
424   )

purpleKarrot commented at 7:43 am on September 3, 2025:

Here, you leave an empty set_target_properties call and remove it in the next commit. Just remove it directly.

151henry151 commented at 0:01 am on September 4, 2025:

I think these have been squashed correctly to address these clumsy mistakes and that the final three commits in the pull request reflect this.

maflcko commented at 6:12 am on September 4, 2025: member

Please squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

151henry151 force-pushed on Sep 4, 2025

151henry151 commented at 9:58 pm on September 4, 2025: contributor

Please squash your commits according to https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

I’m still learning, but I think I did the squashing correctly now, hopefully! Thanks for your patience and hope I can be of some value to the project :)

151henry151 commented at 10:56 pm on September 11, 2025: contributor

I see that there were two failing checks – is there any further suggested action I could take to help with this? I’m beginning to investigate now to try to understand what failed and why. I see that it says

fatal: Remote branch llvmorg-21.1.1 not found in upstream origin

But I’m not fully understanding what’s causing this to happen.

davidgumberg commented at 0:33 am on September 12, 2025: contributor

This CI failure is spurious, see #33345, and has since stopped happening since llvm has pushed the llvmorg-21.1.1 tag to their git repo.

To force CI to rerun you can change your commit’s timestamp (and hash) by doing git commit --amend --no-edit and push it.

151henry151 force-pushed on Sep 12, 2025

151henry151 commented at 9:33 pm on September 13, 2025: contributor

Just following up to make sure this is ready for review. If anybody sees anything that should be addressed or that is not correct here please let me know.

151henry151 requested review from purpleKarrot on Sep 16, 2025

151henry151 requested review from hebasto on Sep 16, 2025

purpleKarrot commented at 1:51 pm on September 16, 2025: contributor

Code review ACK. I very much welcome the reduced complexity in the CMake configuration. Thanks for working on this!

I haven’t tested actually running the scripts yet.

janb84 commented at 6:36 pm on September 18, 2025: contributor

Concept ACK a9b211540b79832fb4e4f870d2f770cf03d35b11

This PR reorders the binary checks to after the installation step. And removes the code paths that are made superfluous by the reorg .

Open NIT/question on libexec inclusion.

Guix builds and the security tests runs now after install: ✅

This PR:

 0[101%] Built target test_bitcoin
 1-- Install configuration: "RelWithDebInfo"
 2-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoin-wallet
 3-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/share/man/man1/bitcoin-wallet.1
 4-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoin
 5-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoind
 6-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/share/man/man1/bitcoind.1
 7-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/libexec/bitcoin-node
 8-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoin-cli
 9-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/share/man/man1/bitcoin-cli.1
10-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoin-tx
11-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/share/man/man1/bitcoin-tx.1
12-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoin-util
13-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/share/man/man1/bitcoin-util.1
14-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoin-qt
15-- Set runtime path of "/distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/bin/bitcoin-qt" to ""
16-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/share/man/man1/bitcoin-qt.1
17-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/libexec/bitcoin-gui
18-- Set runtime path of "/distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/libexec/bitcoin-gui" to ""
19-- Installing: /distsrc-base/distsrc-a9b211540b79-riscv64-linux-gnu/installed/bitcoin-a9b211540b79/libexec/test_bitcoin
20Checking binary security on installed executables...
21Running symbol and dynamic library checks on installed executables...

V30.0rc1:

 0[100%] Built target bitcoin-gui
 1Checking binary security...
 2[100%] Built target check-security
 3[  2%] Built target test_util
 4[  2%] Built target crc32c
 5[  8%] Built target leveldb
 6[  9%] Built target minisketch
 7[...]
 8[100%] Built target bitcoin-gui_autogen
 9[100%] Built target bitcoin-gui
10Running symbol and dynamic library checks...
11[100%] Built target check-symbols
12-- Install configuration: "RelWithDebInfo"
13-- Installing: /distsrc-base/distsrc-30.0rc1-riscv64-linux-gnu/installed/bitcoin-30.0rc1/bin/bitcoin-wallet
14-- Installing: /distsrc-base/distsrc-30.0rc1-riscv64-linux-gnu/installed/bitcoin-30.0rc1/share/man/man1/bitcoin-wallet.1
15-- Installing: /distsrc-base/distsrc-30.0rc1-riscv64-linux-gnu/installed/bitcoin-30.0rc1/bin/bitcoin
16-- Installing: /distsrc-base/distsrc-30.0rc1-riscv64-linux-gnu/installed/bitcoin-30.0rc1/bin/bitcoind
17-- Installing: /distsrc-base/distsrc-30.0rc1-riscv64-linux-gnu/installed/bitcoin-30.0rc1/share/man/man1/bitcoind.1
18-- Installing: /distsrc-base/distsrc-30.0rc1-riscv64-linux-gnu/installed/bitcoin-30.0rc1/libexec/bitcoin-node

151henry151 referenced this in commit 07027afa15 on Sep 19, 2025

151henry151 requested review from janb84 on Sep 21, 2025

151henry151 requested review from fanquake on Sep 21, 2025

janb84 commented at 1:17 pm on September 22, 2025: contributor

Concept ACK 07027afa155f8ec9715c761d80630b31723c2c32

NIT: The separate commit has no additional value, please squash them.

Checked that

the bash script halts if python script exits with code 1 ✅
All the binaries are checked by the python script ✅

 0
 1Checking binary security on installed executables...
 2
 3Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/bin/bitcoin (ELF RISCU)
 4Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/bin/bitcoin-cli (ELF RISCV)
 5Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/bin/bitcoin-qt (ELF RISCV)
 6Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/bin/bitcoin-tx (ELF RISCV)
 7Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/bin/bitcoin-util (ELF RISCV)
 8Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/bin/bitcoin-wallet (ELF RISCV)
 9Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/bin/bitcoind (ELF RISCV)
10Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/libexec/bitcoin-gui (ELF RISCU)
11Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/libexec/bitcoin-node (ELF RISCU)
12Checking /distsrc-base/distsrc-26c40cec0448-riscu64-linux-gnu/installed/bitcoin-26c40cec0448/libexec/test_bitcoin (ELF RISCU)

in CMakeLists.txt:626 in 07027afa15 outdated

627 # NetBSD always requires runtime paths to be set for executables.
628 if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
629   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
630 else()
631-  set(CMAKE_SKIP_BUILD_RPATH TRUE)
632   set(CMAKE_SKIP_INSTALL_RPATH TRUE)

hebasto commented at 6:50 pm on September 22, 2025:

It’s outside the scope of this PR, but CMAKE_SKIP_INSTALL_RPATH should be set in the Guix script, keeping the build system free of hardcoded behaviour.

hebasto commented at 6:53 pm on September 22, 2025: member

Approach ACK 07027afa155f8ec9715c761d80630b31723c2c32.

The comment “TODO: The CMAKE_SKIP_BUILD_RPATH variable setting can be deleted...” does not imply that anything is deprecated. Could you please update the PR description and commit message accordingly?

151henry151 force-pushed on Sep 23, 2025

151henry151 referenced this in commit 579c87a12e on Sep 23, 2025

151henry151 referenced this in commit eb98b612f8 on Sep 23, 2025

janb84 commented at 2:47 pm on September 24, 2025: contributor

ACK 9c13be9c45cad19d9db78e318b1e8376d56d6ec5

Thanks for squashing your commits!

My Guix build checksums: Commit: 9c13be9c45ca

 0 22ad5809ed8d8399b0c7960e8c57cbaae5220b2667650262a7ec98a25eaf671f  guix-build-9c13be9c45ca/output/aarch64-linux-gnu/SHA256SUMS.part
 1 60b2048157462a5bd7ae00fa60ec8f1d59d84857d55125b0eafa98fad4aa780e  guix-build-9c13be9c45ca/output/aarch64-linux-gnu/bitcoin-9c13be9c45ca-aarch64-linux-gnu-debug.tar.gz
 2 7a7280f6b1221a62e9e8591365431f2cc3a0fe111abe76799df774e5b1e82207  guix-build-9c13be9c45ca/output/aarch64-linux-gnu/bitcoin-9c13be9c45ca-aarch64-linux-gnu.tar.gz
 3 24c34eb9d583c6dc1f9adddf7d3ebd6e717c278cd51b454c767c5f6bf2c78ec0  guix-build-9c13be9c45ca/output/arm-linux-gnueabihf/SHA256SUMS.part
 4 cdd558dab24381ac72ac805ad5f8715bebebe291e3ba7fc7c71070364a18d066  guix-build-9c13be9c45ca/output/arm-linux-gnueabihf/bitcoin-9c13be9c45ca-arm-linux-gnueabihf-debug.tar.gz
 5 fdba945dd73d5cf2ba6413ec499c459708eda217d6c64d89b1ecf8300721c88a  guix-build-9c13be9c45ca/output/arm-linux-gnueabihf/bitcoin-9c13be9c45ca-arm-linux-gnueabihf.tar.gz
 6 edf1f03a79da8eda440e45625e0617e486847868215cc51ed6222900df94a8e9  guix-build-9c13be9c45ca/output/arm64-apple-darwin/SHA256SUMS.part
 7 b6ecf45d5fff2668a6f6d127da7e37c22680e06855a19b89f7b719ad436a3cdf  guix-build-9c13be9c45ca/output/arm64-apple-darwin/bitcoin-9c13be9c45ca-arm64-apple-darwin-codesigning.tar.gz
 8 fbcdc8bb52facac2e0f686c874f9a89c3850564deb106bcc2b2030673e48464f  guix-build-9c13be9c45ca/output/arm64-apple-darwin/bitcoin-9c13be9c45ca-arm64-apple-darwin-unsigned.tar.gz
 9 692a571078b0ee482fb7559805087b030302d368439088c7d6d2c68e1b09bac2  guix-build-9c13be9c45ca/output/arm64-apple-darwin/bitcoin-9c13be9c45ca-arm64-apple-darwin-unsigned.zip
10 03bb2e49ce986ddb620d7672c7c30168880c45802008c81e9eb6f878f4081d1c  guix-build-9c13be9c45ca/output/dist-archive/bitcoin-9c13be9c45ca.tar.gz
11 4d1c2db2282d76393f0024ce8f39a82eeb5892df8f7196b333458e9e4cdca719  guix-build-9c13be9c45ca/output/powerpc64-linux-gnu/SHA256SUMS.part
12 5d1c08b16f990ae7f74c6503b08aeb378080110af5c3a92507e7285694da81fd  guix-build-9c13be9c45ca/output/powerpc64-linux-gnu/bitcoin-9c13be9c45ca-powerpc64-linux-gnu-debug.tar.gz
13 72609c0794620a5977c49949202d59222c0723eaa9eabd0e37f183e902ff1929  guix-build-9c13be9c45ca/output/powerpc64-linux-gnu/bitcoin-9c13be9c45ca-powerpc64-linux-gnu.tar.gz
14 b1354bb7e032157a3a68eb39f15a5a0aefb3fb071cfac6d2d13ce87ce22c0f52  guix-build-9c13be9c45ca/output/riscv64-linux-gnu/SHA256SUMS.part
15 918d66e4d0f000c082f7a9bb62aa4606df612d13adefc1270e16d6d4351f8da8  guix-build-9c13be9c45ca/output/riscv64-linux-gnu/bitcoin-9c13be9c45ca-riscv64-linux-gnu-debug.tar.gz
16 95fc99008bfcf913d411234fc63fb4abb433e57d9205617a5a8786c2ab936ad9  guix-build-9c13be9c45ca/output/riscv64-linux-gnu/bitcoin-9c13be9c45ca-riscv64-linux-gnu.tar.gz
17 c4f3ee6367485a4a0f37495d93bb19a1acc6fe6e485c47510cf7fb661d4dc002  guix-build-9c13be9c45ca/output/x86_64-apple-darwin/SHA256SUMS.part
18 eb147cdac24259b279b8999745cb89bd17762df8261bb678e06148cc30348e06  guix-build-9c13be9c45ca/output/x86_64-apple-darwin/bitcoin-9c13be9c45ca-x86_64-apple-darwin-codesigning.tar.gz
19 1856a8e2f4f5d06db427f3f66066b01d411eeb6b87980b878f374460e13502dc  guix-build-9c13be9c45ca/output/x86_64-apple-darwin/bitcoin-9c13be9c45ca-x86_64-apple-darwin-unsigned.tar.gz
20 3f87e1e08ff5c6755765ec85160f31c25cac3351dc49a4d52af08ce894315490  guix-build-9c13be9c45ca/output/x86_64-apple-darwin/bitcoin-9c13be9c45ca-x86_64-apple-darwin-unsigned.zip
21 98727d830043e223bc75d7e756412a9e56b995af1c3db3a963fee3f5ce92a6ed  guix-build-9c13be9c45ca/output/x86_64-linux-gnu/SHA256SUMS.part
22 d781e85479e6c0c62eedf4b59db5c32c5342ed9dfe49daa423b71cfcc0906bf2  guix-build-9c13be9c45ca/output/x86_64-linux-gnu/bitcoin-9c13be9c45ca-x86_64-linux-gnu-debug.tar.gz
23 799c230ba61826a9ebe39088d074d4c5608266e469da9356044ebbf50c60b28e  guix-build-9c13be9c45ca/output/x86_64-linux-gnu/bitcoin-9c13be9c45ca-x86_64-linux-gnu.tar.gz
24 916d6a93a5b0f174319afb351eaf3dfa5edcf6648fec3b0b23250bc6be6f9395  guix-build-9c13be9c45ca/output/x86_64-w64-mingw32/SHA256SUMS.part
25 0a7413e714a7bfd7dbc327ef9e6f62e9472f3214d40c678c62f818aadb93343d  guix-build-9c13be9c45ca/output/x86_64-w64-mingw32/bitcoin-9c13be9c45ca-win64-codesigning.tar.gz
26 d26b0ff872e8e5db1b5f87468e8d66be0114a3088ef0fca740dd7f629a966738  guix-build-9c13be9c45ca/output/x86_64-w64-mingw32/bitcoin-9c13be9c45ca-win64-debug.zip
27 a915942305a64eb76bb48afef01c4a8532e34ec2434239a3cc558e279dcf952b  guix-build-9c13be9c45ca/output/x86_64-w64-mingw32/bitcoin-9c13be9c45ca-win64-setup-unsigned.exe
28 461d043ae6a8b0208eaa492a23f9d9ec8f8eda9773360d9e4c5a200f873ed26b  guix-build-9c13be9c45ca/output/x86_64-w64-mingw32/bitcoin-9c13be9c45ca-win64-unsigned.zip

DrahtBot requested review from hebasto on Sep 24, 2025

fanquake renamed this:
~~build: Remove deprecated CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD_RPATH settings~~
build: Remove CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD_RPATH settings
on Sep 24, 2025

151henry151 referenced this in commit dd5c517757 on Sep 24, 2025

in contrib/guix/libexec/build.sh:280 in 9c13be9c45

276@@ -282,6 +277,14 @@ mkdir -p "$DISTSRC"
277             ;;
278     esac
279 
280+    # Perform basic security checks on INSTALLED executables.

hebasto commented at 12:25 pm on September 25, 2025:

Is there any particular reason to capitalize “installed” here?

in contrib/guix/libexec/build.sh:281 in 9c13be9c45

276@@ -282,6 +277,14 @@ mkdir -p "$DISTSRC"
277             ;;
278     esac
279 
280+    # Perform basic security checks on INSTALLED executables.
281+    # These checks now happen after installation, so RPATHs point to final locations.

hebasto commented at 12:27 pm on September 25, 2025:

This comment doesn’t seem correct to me, since we check that installed binaries have no RUNPATH or RPATH set. Maybe drop this line?

DrahtBot requested review from hebasto on Sep 25, 2025

hebasto commented at 12:46 pm on September 25, 2025: member

I’ve tested 9c13be9c45cad19d9db78e318b1e8376d56d6ec5, including running with V=1. It looks good.

Please amend the comments in contrib/guix/libexec/build.sh as noted above.

DrahtBot requested review from hebasto on Sep 25, 2025

151henry151 force-pushed on Sep 26, 2025

151henry151 commented at 0:20 am on September 26, 2025: contributor

Please amend the comments in contrib/guix/libexec/build.sh as noted above.

I’ve made the recommended amendments, thanks for the guidance.

hebasto commented at 7:24 am on September 26, 2025: member

My Guix build:

 0aarch64
 1ab375345e39248d2c61fe6fce1afeb7b95623cfc9db452a7cfbd5b6797bf9c16  guix-build-d55753626292/output/aarch64-linux-gnu/SHA256SUMS.part
 285bd20c1b7076387d8efcb5ade58d29774f8114a712492a77315627d0db41094  guix-build-d55753626292/output/aarch64-linux-gnu/bitcoin-d55753626292-aarch64-linux-gnu-debug.tar.gz
 3f52e90c92d99b17c916b2c3ff2b57608597ca39ec7324ff5840550636cfd3a50  guix-build-d55753626292/output/aarch64-linux-gnu/bitcoin-d55753626292-aarch64-linux-gnu.tar.gz
 49c8c935f51cc751bb7f92f918bcb7197518b906f103cc8c1ba5d8a92aa8d34ec  guix-build-d55753626292/output/arm-linux-gnueabihf/SHA256SUMS.part
 52296587e0370c300eb289ac6fd8216de97ec2eb2516b5af3cea6d390ac7de478  guix-build-d55753626292/output/arm-linux-gnueabihf/bitcoin-d55753626292-arm-linux-gnueabihf-debug.tar.gz
 64a352b62b9ab50f830c7df6450ff6510862dc867a265480855a28429fb080942  guix-build-d55753626292/output/arm-linux-gnueabihf/bitcoin-d55753626292-arm-linux-gnueabihf.tar.gz
 7be4ee4d187d92b9387e84e8e6208254a2c5bab175cac2a70e44bf2a078ba38e7  guix-build-d55753626292/output/arm64-apple-darwin/SHA256SUMS.part
 806d67aa4b7a313de6da9a3f30cb75ec5047c9384e54aef0eb0de262d2ada71e6  guix-build-d55753626292/output/arm64-apple-darwin/bitcoin-d55753626292-arm64-apple-darwin-codesigning.tar.gz
 9ae1857537795adf11526d03f97185bb560269b2c9f01aac1e529c5795c59d10d  guix-build-d55753626292/output/arm64-apple-darwin/bitcoin-d55753626292-arm64-apple-darwin-unsigned.tar.gz
10c7785d204823eededf39ae432c025ef4273305a28808b18f08fa8af04f9eed80  guix-build-d55753626292/output/arm64-apple-darwin/bitcoin-d55753626292-arm64-apple-darwin-unsigned.zip
117db1175dc6522b2bfdc555f4cf531b0d4b24a2cd8ebf122526fb812f5deee815  guix-build-d55753626292/output/dist-archive/bitcoin-d55753626292.tar.gz
12e944b955363d82291dd61f89d5c145ff0e15c89769dfe4e94d7b305686578b7d  guix-build-d55753626292/output/powerpc64-linux-gnu/SHA256SUMS.part
13f5783aaba0d7bd34d357bb125cc81570399873457276f402969d65ecaf67ef08  guix-build-d55753626292/output/powerpc64-linux-gnu/bitcoin-d55753626292-powerpc64-linux-gnu-debug.tar.gz
14e357b89396ad99721becfb6092918a67e2f7fdb2a60e3e8b56bbc6662d1686d0  guix-build-d55753626292/output/powerpc64-linux-gnu/bitcoin-d55753626292-powerpc64-linux-gnu.tar.gz
1558b0b34b6f1cfebdfac5b8e86dc70710644fbfc6c1f227b938a05a6267bdc108  guix-build-d55753626292/output/riscv64-linux-gnu/SHA256SUMS.part
16745e1c1cc8dfef7cd72b9d50562acab5281237e198e34ca6d69273fa10bab1fa  guix-build-d55753626292/output/riscv64-linux-gnu/bitcoin-d55753626292-riscv64-linux-gnu-debug.tar.gz
171356ff14875a5828573d0b9dea35f8c147f011fb6c766dfcd3d11b1452c91b4a  guix-build-d55753626292/output/riscv64-linux-gnu/bitcoin-d55753626292-riscv64-linux-gnu.tar.gz
180f341adc5565f4142ba60adbafc191a7db3c2a46d09691a1d2057d8f883f60b3  guix-build-d55753626292/output/x86_64-apple-darwin/SHA256SUMS.part
1901bf822e17e7c29dcf19915dc3ed86ec5a5e71b46ac08fa9d56c62070b5d8d8a  guix-build-d55753626292/output/x86_64-apple-darwin/bitcoin-d55753626292-x86_64-apple-darwin-codesigning.tar.gz
209178b67b056bbe462f080886409372eea8b7536be1cf6d86ea92ae2df6e89381  guix-build-d55753626292/output/x86_64-apple-darwin/bitcoin-d55753626292-x86_64-apple-darwin-unsigned.tar.gz
21f014d3dba23bbd1f765b3b9541ef8af47f2d807b2e1bc56c20ccd1aa2e11d1c0  guix-build-d55753626292/output/x86_64-apple-darwin/bitcoin-d55753626292-x86_64-apple-darwin-unsigned.zip
22b3e0d775e5aac539f33a1bfd39059dbb19368b38ada2c1dabf5ebd6fd782b820  guix-build-d55753626292/output/x86_64-linux-gnu/SHA256SUMS.part
23ea51bd23d6e40ae306c94a04d145a2973ed888603c034c5a702942aaaba9a551  guix-build-d55753626292/output/x86_64-linux-gnu/bitcoin-d55753626292-x86_64-linux-gnu-debug.tar.gz
249c1d72510c0d78ba602ceff3b4d62455bf8757dfa28f95388834f027990f72ae  guix-build-d55753626292/output/x86_64-linux-gnu/bitcoin-d55753626292-x86_64-linux-gnu.tar.gz
25c7e716768276db9227265512b73a85e5dbc3d70a9bfa05f55ce3b90047f12ca3  guix-build-d55753626292/output/x86_64-w64-mingw32/SHA256SUMS.part
26ad89a26a6f61bc65ae4904f8a8ff48f4a2e62c3b49bb4e6ebfdd4a8fae8fdd61  guix-build-d55753626292/output/x86_64-w64-mingw32/bitcoin-d55753626292-win64-codesigning.tar.gz
279447f5cde1617225b65caa70d0d76faf864320d050005160bf1a69c3d0f18175  guix-build-d55753626292/output/x86_64-w64-mingw32/bitcoin-d55753626292-win64-debug.zip
280dc73ff188474f8ea27194b28c09e7e4846c13264b2ddf740152a2e4481f5662  guix-build-d55753626292/output/x86_64-w64-mingw32/bitcoin-d55753626292-win64-setup-unsigned.exe
29a1dbb15ca1999363cc936e2bab3eed5c512a4b1acc5d5f97aa125e86687bfb8f  guix-build-d55753626292/output/x86_64-w64-mingw32/bitcoin-d55753626292-win64-unsigned.zip

hebasto approved

hebasto commented at 7:31 am on September 26, 2025: member

ACK d55753626292be17fbb300b54601942ff2730729.

DrahtBot requested review from janb84 on Sep 26, 2025

janb84 commented at 8:05 am on September 26, 2025: contributor

re ACK d55753626292be17fbb300b54601942ff2730729

change since last ack:

changes in comments in script.

fanquake commented at 8:47 am on October 21, 2025: member

Please rebase. Please also remove all the (what looks like AI generated) text from the commit messages & PR description. You should also post your Guix build result.

DrahtBot added the label Needs rebase on Oct 21, 2025

151henry151 force-pushed on Oct 28, 2025

151henry151 commented at 1:45 am on October 28, 2025: contributor

Rebased on latest master and cleaned up commit message/PR description. Guix build in progress - will post hashes once complete.

DrahtBot removed the label Needs rebase on Oct 28, 2025

in CMakeLists.txt:626 in c4ea4210ab

628 # NetBSD always requires runtime paths to be set for executables.
629 if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
630   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
631 else()
632-  set(CMAKE_SKIP_BUILD_RPATH TRUE)
633+  set(CMAKE_SKIP_INSTALL_RPATH TRUE)

fanquake commented at 3:32 pm on October 28, 2025:

This is turning CMAKE_SKIP_BUILD_RPATH into CMAKE_SKIP_INSTALL_RPATH?

151henry151 commented at 7:31 pm on October 29, 2025:

[EDIT] You’re right - I think I resolved the rebase conflict incorrectly. Since #33470 already removed CMAKE_SKIP_INSTALL_RPATH, this PR shouldn’t be bringing it back. I need to update this to only remove CMAKE_SKIP_BUILD_RPATH without re-adding CMAKE_SKIP_INSTALL_RPATH.

fanquake commented at 10:17 am on October 30, 2025:

Thanks, looks better now.

DrahtBot added the label Needs rebase on Oct 28, 2025

151henry151 force-pushed on Oct 29, 2025

maflcko removed the label Needs rebase on Oct 30, 2025

fanquake commented at 10:23 am on October 30, 2025: member

@151henry151 this still has conflicts.

DrahtBot added the label Needs rebase on Oct 30, 2025

151henry151 force-pushed on Oct 30, 2025

DrahtBot removed the label Needs rebase on Oct 30, 2025

151henry151 commented at 5:03 am on October 31, 2025: contributor

Guix build for 1e6aa74b4b628e8acafe6a3d2aaf2a6aa0d9d290:

4f2f3d9c61fddfb4a9858375665dd72e3e4aa6a465e39f579bfea46793eec2d0 dist-archive/bitcoin-1e6aa74b4b62.tar.gz 7852ac3c67360a28522051129758ca4a9303641e3511f6714d0f738cb9a816b8 x86_64-linux-gnu/bitcoin-1e6aa74b4b62-x86_64-linux-gnu-debug.tar.gz f1b1a102d01f486afd17a8c98437183f8a50bd72ea40800ad0ad4d5a4b9f0d47 x86_64-linux-gnu/bitcoin-1e6aa74b4b62-x86_64-linux-gnu.tar.gz

fanquake commented at 9:37 am on October 31, 2025: member

Guix build for 1e6aa74b4b628e8acafe6a3d2aaf2a6aa0d9d290:

Thanks. However you should do a build for all HOSTS. As this is changing code that effects all HOSTS.

151henry151 commented at 11:15 pm on November 1, 2025: contributor

Thanks. However you should do a build for all HOSTS. As this is changing code that effects all HOSTS.

Thanks for the guidance.

Guix build for 1e6aa74b4b628e8acafe6a3d2aaf2a6aa0d9d290:

 0046665733b06b855c98198d8fef9fe5d158f67f4dcbc15000cde0b1cc7a678d5  arm64-apple-darwin/bitcoin-1e6aa74b4b62-arm64-apple-darwin-unsigned.zip
 104a35a19a5351a70e3dd66159e2cea6d8ac4a6e20f3cd0423d7b812be9b93ff5  arm64-apple-darwin/bitcoin-1e6aa74b4b62-arm64-apple-darwin-unsigned.tar.gz
 209bd1e944d37759c1f52c3c0528849f6b88c3b6081f1f38592431b13237f8f63  aarch64-linux-gnu/bitcoin-1e6aa74b4b62-aarch64-linux-gnu.tar.gz
 32d0ec2116b784bbbb00b5cc1cfba8a5f3ef0f07ffcb58e3c8af4c2323804057a  powerpc64-linux-gnu/bitcoin-1e6aa74b4b62-powerpc64-linux-gnu.tar.gz
 43280c4015701a89883dbb40a4525608dfce00246e44f84a83de79baba45fde10  arm64-apple-darwin/bitcoin-1e6aa74b4b62-arm64-apple-darwin-codesigning.tar.gz
 54f2f3d9c61fddfb4a9858375665dd72e3e4aa6a465e39f579bfea46793eec2d0  dist-archive/bitcoin-1e6aa74b4b62.tar.gz
 64ffd2ac8ede8790789ee77dc2a4fe768bfb6aa4c22a19661d30e084426c7b4a9  x86_64-apple-darwin/bitcoin-1e6aa74b4b62-x86_64-apple-darwin-unsigned.tar.gz
 758cb5b66a6353719708bd87262e66491d5b67a70be9445c2fa6ba53f83a266dc  x86_64-w64-mingw32/bitcoin-1e6aa74b4b62-win64-setup-unsigned.exe
 860ed062fbfeb2496bb1726a1e53ad17a2a6078114c4e81f3f00499ca3ab810b4  x86_64-w64-mingw32/bitcoin-1e6aa74b4b62-win64-codesigning.tar.gz
 974a9e3d88e86cbbb6cc1c6d2c3e851820a23ebae07c22f6d65d2697367e902f7  x86_64-w64-mingw32/bitcoin-1e6aa74b4b62-win64-unsigned.zip
107852ac3c67360a28522051129758ca4a9303641e3511f6714d0f738cb9a816b8  x86_64-linux-gnu/bitcoin-1e6aa74b4b62-x86_64-linux-gnu-debug.tar.gz
117aea3b0323a8bb75f4b3d16d027a8b80cb34a39a9d5617da244452a56477c0b3  arm-linux-gnueabihf/bitcoin-1e6aa74b4b62-arm-linux-gnueabihf-debug.tar.gz
127f006eb727d5d93e696522b58af0af794a273d7c803818732718036af3c9688e  riscv64-linux-gnu/bitcoin-1e6aa74b4b62-riscv64-linux-gnu.tar.gz
137fb74c5d62159a98bcb53831812b3343f2fda8dbbcc29d817cd7c4553b86e22e  x86_64-apple-darwin/bitcoin-1e6aa74b4b62-x86_64-apple-darwin-unsigned.zip
1498f998c3e81d151835a51a610cf29820bf0af4096fc5e1580be10d9b750f1b3a  powerpc64-linux-gnu/bitcoin-1e6aa74b4b62-powerpc64-linux-gnu-debug.tar.gz
15a4474d21f88d5725a84ca25268167978aff12c92b0da94488ff07bdbb107e8ef  x86_64-w64-mingw32/bitcoin-1e6aa74b4b62-win64-debug.zip
16a98b6bee8f71f4f686b93f3358ef8ccd6492566e2eff6df391f43139fac4726c  arm-linux-gnueabihf/bitcoin-1e6aa74b4b62-arm-linux-gnueabihf.tar.gz
17c7dc5634631bc2c6f3a2110b521ee44b7bde97795eb51facb8d33c9a3f999937  riscv64-linux-gnu/bitcoin-1e6aa74b4b62-riscv64-linux-gnu-debug.tar.gz
18e9f2b666792a87d2f049f1c25d301d4ceba5daf75c8679b243f308b9da80959a  aarch64-linux-gnu/bitcoin-1e6aa74b4b62-aarch64-linux-gnu-debug.tar.gz
19f1b1a102d01f486afd17a8c98437183f8a50bd72ea40800ad0ad4d5a4b9f0d47  x86_64-linux-gnu/bitcoin-1e6aa74b4b62-x86_64-linux-gnu.tar.gz
20f761f9e63a40d13577275a98e56fa129de8049f765a0ca30959c7f880167b153  x86_64-apple-darwin/bitcoin-1e6aa74b4b62-x86_64-apple-darwin-codesigning.tar.gz

hebasto commented at 4:01 pm on November 4, 2025: member

@151henry151

Sorry, but one more rebase is needed.

DrahtBot added the label Needs rebase on Nov 4, 2025

151henry151 force-pushed on Nov 7, 2025

DrahtBot removed the label Needs rebase on Nov 7, 2025

maflcko added the label DrahtBot Guix build requested on Nov 7, 2025

fanquake commented at 12:36 pm on November 7, 2025: member

Guix Build (aarch64):

 0a3647a46e00124b207263b695d9598cf9fe6c845ea9072c933462dd0e31a0ed9  guix-build-a02282d20c87/output/aarch64-linux-gnu/SHA256SUMS.part
 16e3b9a2e39e207d98c347ccc0a81dfc6c79484befa5dbbeaaccdd0b44b759e99  guix-build-a02282d20c87/output/aarch64-linux-gnu/bitcoin-a02282d20c87-aarch64-linux-gnu-debug.tar.gz
 2827f5c070c2ee3c8e1eb96cfd6f05551e4a69a00e422f808c15840026c7a27fc  guix-build-a02282d20c87/output/aarch64-linux-gnu/bitcoin-a02282d20c87-aarch64-linux-gnu.tar.gz
 30614c466cb38f98fa4b87fed9555d82cec60e3e46754b6bee17f00a87ef5bc74  guix-build-a02282d20c87/output/arm-linux-gnueabihf/SHA256SUMS.part
 47283dfd3c64fb53ae999e19715612d027e6a5515e6d7400bd8a37f066211dd0b  guix-build-a02282d20c87/output/arm-linux-gnueabihf/bitcoin-a02282d20c87-arm-linux-gnueabihf-debug.tar.gz
 52566cc5ffb73fa2eac5f18b0628502d0dbd8a87b596bd32200769e186e59158e  guix-build-a02282d20c87/output/arm-linux-gnueabihf/bitcoin-a02282d20c87-arm-linux-gnueabihf.tar.gz
 68c641fbdefca6e70465685e502dae0a27f0d8ebb9d023671884fdd0982dccf62  guix-build-a02282d20c87/output/arm64-apple-darwin/SHA256SUMS.part
 70bbad46352e730bd874832d44697f5f8b2b167318848a81895fa6d27bb902788  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-codesigning.tar.gz
 81b1b0f08e0e4f5dfb11aaf9a934f064ea6bae671dde55c0a6f357e08a3886953  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-unsigned.tar.gz
 95718e63cfdacc2142e6b765400c5ec694456e9d7f28528041ddc41ba0258deef  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-unsigned.zip
1079d1ff42f480bd6894b1d44fd7a59bc7c3b17cf25cccae7fe10b7f540d37af10  guix-build-a02282d20c87/output/dist-archive/bitcoin-a02282d20c87.tar.gz
11a3ec88591539b7467572dfc84bdd46e5e545379b9af61b6c99e5c6c06303f032  guix-build-a02282d20c87/output/powerpc64-linux-gnu/SHA256SUMS.part
12d29af70d201af3d526d50db42808c5b7b597f221892efc6269932be7f88eb92d  guix-build-a02282d20c87/output/powerpc64-linux-gnu/bitcoin-a02282d20c87-powerpc64-linux-gnu-debug.tar.gz
1369f2c179d415f21e3212003085a32c25b9f584e80ff8512a108a6cfa800e0024  guix-build-a02282d20c87/output/powerpc64-linux-gnu/bitcoin-a02282d20c87-powerpc64-linux-gnu.tar.gz
14f74381366c006c40f95f2b1bf67d45f8015e16080333539b238eddb7d2e41d3b  guix-build-a02282d20c87/output/riscv64-linux-gnu/SHA256SUMS.part
1586606f74f26ceeff2529b4260abcbead10fda7fce3f3d0fc6226d06cff1230f9  guix-build-a02282d20c87/output/riscv64-linux-gnu/bitcoin-a02282d20c87-riscv64-linux-gnu-debug.tar.gz
16c2b00950765051fde50dc2f3d7704e9134e7d777f7b18fdd0f5ca7d43c08707b  guix-build-a02282d20c87/output/riscv64-linux-gnu/bitcoin-a02282d20c87-riscv64-linux-gnu.tar.gz
173cc8638a8f32583ed396381f74e0becff6acbd9065f51ad49381da528385572f  guix-build-a02282d20c87/output/x86_64-apple-darwin/SHA256SUMS.part
18e73bdd69b6dd1663bd3ead538c32d1d05c604ba00961fd5c6596785e97e1ddb8  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-codesigning.tar.gz
19cd0292ad0de54b9cd97680867db44748d8e4cedceb61ae1cb6669a05bf1c3cae  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-unsigned.tar.gz
20486ee2017e74a3b9c4128b9d313e03614b8bb64bac999fab9b600f26970f50f6  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-unsigned.zip
21181c8380d154d6aeab300418ffd8f6aedca852ac939a8991aa3968fb08ec5bfd  guix-build-a02282d20c87/output/x86_64-linux-gnu/SHA256SUMS.part
22760b99aa489bf1cdb87b479b810478afc0e1157a129ff7ede63c531a6a3eac42  guix-build-a02282d20c87/output/x86_64-linux-gnu/bitcoin-a02282d20c87-x86_64-linux-gnu-debug.tar.gz
231748aec2dd1e54ffa07571b9d1569403b3b992972cdeedc033b280aa339e2cf8  guix-build-a02282d20c87/output/x86_64-linux-gnu/bitcoin-a02282d20c87-x86_64-linux-gnu.tar.gz
24f8eaf2e58a22230b160309b478933a584bd929726cb3edc391804c916c5a4000  guix-build-a02282d20c87/output/x86_64-w64-mingw32/SHA256SUMS.part
25495b7643f78e8a226687e1d8bb1a182866a725bae9854510baa3c3b883a869bd  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-codesigning.tar.gz
2637325cbe0ba7088f324a35b37a808b7a40cbffba3add06ba74d07203f5b6aedd  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-debug.zip
2754d432ad92debbd16e7b6d360af463a85d042c3e2812fd23805735a9a146f993  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-setup-unsigned.exe
28cf2b18d4073f6c44aca5169febc1c88cf2cc44f56e280b2030c2b96632b1dea6  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-unsigned.zip

151henry151 commented at 4:54 pm on November 7, 2025: contributor

Sorry, but one more rebase is needed.

I think I’ve rebased correctly here – I removed an additional SKIP_BUILD_RPATH OFF override that seemed like it would no longer be needed, https://github.com/bitcoin/bitcoin/commit/a02282d20c87471a3399e4061c7edad7ecdb391f#diff-2a07660db8ebdbbf967cf42f6b4da3ffc8558a322f45a3a08ce292c9e91767b8L13

Guix build for a02282d20c87:

 0a3647a46e00124b207263b695d9598cf9fe6c845ea9072c933462dd0e31a0ed9  guix-build-a02282d20c87/output/aarch64-linux-gnu/SHA256SUMS.part
 16e3b9a2e39e207d98c347ccc0a81dfc6c79484befa5dbbeaaccdd0b44b759e99  guix-build-a02282d20c87/output/aarch64-linux-gnu/bitcoin-a02282d20c87-aarch64-linux-gnu-debug.tar.gz
 2827f5c070c2ee3c8e1eb96cfd6f05551e4a69a00e422f808c15840026c7a27fc  guix-build-a02282d20c87/output/aarch64-linux-gnu/bitcoin-a02282d20c87-aarch64-linux-gnu.tar.gz
 30614c466cb38f98fa4b87fed9555d82cec60e3e46754b6bee17f00a87ef5bc74  guix-build-a02282d20c87/output/arm-linux-gnueabihf/SHA256SUMS.part
 47283dfd3c64fb53ae999e19715612d027e6a5515e6d7400bd8a37f066211dd0b  guix-build-a02282d20c87/output/arm-linux-gnueabihf/bitcoin-a02282d20c87-arm-linux-gnueabihf-debug.tar.gz
 52566cc5ffb73fa2eac5f18b0628502d0dbd8a87b596bd32200769e186e59158e  guix-build-a02282d20c87/output/arm-linux-gnueabihf/bitcoin-a02282d20c87-arm-linux-gnueabihf.tar.gz
 68c641fbdefca6e70465685e502dae0a27f0d8ebb9d023671884fdd0982dccf62  guix-build-a02282d20c87/output/arm64-apple-darwin/SHA256SUMS.part
 70bbad46352e730bd874832d44697f5f8b2b167318848a81895fa6d27bb902788  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-codesigning.tar.gz
 81b1b0f08e0e4f5dfb11aaf9a934f064ea6bae671dde55c0a6f357e08a3886953  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-unsigned.tar.gz
 95718e63cfdacc2142e6b765400c5ec694456e9d7f28528041ddc41ba0258deef  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-unsigned.zip
1079d1ff42f480bd6894b1d44fd7a59bc7c3b17cf25cccae7fe10b7f540d37af10  guix-build-a02282d20c87/output/dist-archive/bitcoin-a02282d20c87.tar.gz
11a3ec88591539b7467572dfc84bdd46e5e545379b9af61b6c99e5c6c06303f032  guix-build-a02282d20c87/output/powerpc64-linux-gnu/SHA256SUMS.part
12d29af70d201af3d526d50db42808c5b7b597f221892efc6269932be7f88eb92d  guix-build-a02282d20c87/output/powerpc64-linux-gnu/bitcoin-a02282d20c87-powerpc64-linux-gnu-debug.tar.gz
1369f2c179d415f21e3212003085a32c25b9f584e80ff8512a108a6cfa800e0024  guix-build-a02282d20c87/output/powerpc64-linux-gnu/bitcoin-a02282d20c87-powerpc64-linux-gnu.tar.gz
14f74381366c006c40f95f2b1bf67d45f8015e16080333539b238eddb7d2e41d3b  guix-build-a02282d20c87/output/riscv64-linux-gnu/SHA256SUMS.part
1586606f74f26ceeff2529b4260abcbead10fda7fce3f3d0fc6226d06cff1230f9  guix-build-a02282d20c87/output/riscv64-linux-gnu/bitcoin-a02282d20c87-riscv64-linux-gnu-debug.tar.gz
16c2b00950765051fde50dc2f3d7704e9134e7d777f7b18fdd0f5ca7d43c08707b  guix-build-a02282d20c87/output/riscv64-linux-gnu/bitcoin-a02282d20c87-riscv64-linux-gnu.tar.gz
173cc8638a8f32583ed396381f74e0becff6acbd9065f51ad49381da528385572f  guix-build-a02282d20c87/output/x86_64-apple-darwin/SHA256SUMS.part
18e73bdd69b6dd1663bd3ead538c32d1d05c604ba00961fd5c6596785e97e1ddb8  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-codesigning.tar.gz
19cd0292ad0de54b9cd97680867db44748d8e4cedceb61ae1cb6669a05bf1c3cae  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-unsigned.tar.gz
20486ee2017e74a3b9c4128b9d313e03614b8bb64bac999fab9b600f26970f50f6  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-unsigned.zip
21181c8380d154d6aeab300418ffd8f6aedca852ac939a8991aa3968fb08ec5bfd  guix-build-a02282d20c87/output/x86_64-linux-gnu/SHA256SUMS.part
22760b99aa489bf1cdb87b479b810478afc0e1157a129ff7ede63c531a6a3eac42  guix-build-a02282d20c87/output/x86_64-linux-gnu/bitcoin-a02282d20c87-x86_64-linux-gnu-debug.tar.gz
231748aec2dd1e54ffa07571b9d1569403b3b992972cdeedc033b280aa339e2cf8  guix-build-a02282d20c87/output/x86_64-linux-gnu/bitcoin-a02282d20c87-x86_64-linux-gnu.tar.gz
24f8eaf2e58a22230b160309b478933a584bd929726cb3edc391804c916c5a4000  guix-build-a02282d20c87/output/x86_64-w64-mingw32/SHA256SUMS.part
25495b7643f78e8a226687e1d8bb1a182866a725bae9854510baa3c3b883a869bd  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-codesigning.tar.gz
2637325cbe0ba7088f324a35b37a808b7a40cbffba3add06ba74d07203f5b6aedd  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-debug.zip
2754d432ad92debbd16e7b6d360af463a85d042c3e2812fd23805735a9a146f993  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-setup-unsigned.exe
28cf2b18d4073f6c44aca5169febc1c88cf2cc44f56e280b2030c2b96632b1dea6  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-unsigned.zip

DrahtBot commented at 7:30 am on November 8, 2025: contributor

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

File	commit 5c5704e730796c6f31e2d7891bf6334674a04219(master)	commit f46ff27ec50bb15ae637f62edf61139af72b032f(pull/33247/merge)
*-aarch64-linux-gnu-debug.tar.gz	`d87a923bc18f48ca...`	`80c2fe177587580c...`
*-aarch64-linux-gnu.tar.gz	`0471d6ea5a44cdf3...`	`1f6ac7b257eed686...`
*-arm-linux-gnueabihf-debug.tar.gz	`a0111d5205b35cd3...`	`bc7aef9412fd507a...`
*-arm-linux-gnueabihf.tar.gz	`77c732fc4909506c...`	`ebfee52b7cf723ad...`
*-arm64-apple-darwin-codesigning.tar.gz	`330cc9c564efd16e...`	`11cf1e3cef2c3d68...`
*-arm64-apple-darwin-unsigned.tar.gz	`f34d43128b3c5754...`	`3a2b8d9eea2a8c03...`
*-arm64-apple-darwin-unsigned.zip	`f63f9964e694b9b2...`	`443a1ae0023e0f6c...`
*-powerpc64-linux-gnu-debug.tar.gz	`55061dd0f02e6483...`	`8900ae53fd93d559...`
*-powerpc64-linux-gnu.tar.gz	`6319477781667827...`	`d4dc80090efca1bd...`
*-riscv64-linux-gnu-debug.tar.gz	`bce5e6b624e9b188...`	`1b22d7ed17f44a72...`
*-riscv64-linux-gnu.tar.gz	`7e5379c2b397d1c9...`	`c432bfaa24f62f78...`
*-x86_64-apple-darwin-codesigning.tar.gz	`101f59229d1305f2...`	`e64064a05aeca90f...`
*-x86_64-apple-darwin-unsigned.tar.gz	`940a28f083c736e0...`	`7c1aaccb01fa0623...`
*-x86_64-apple-darwin-unsigned.zip	`1dac68ebf1b3f854...`	`62e10bbc8bd44c69...`
*-x86_64-linux-gnu-debug.tar.gz	`120f91c3ebfecf3f...`	`e64e48c41841cde2...`
*-x86_64-linux-gnu.tar.gz	`43aa9c9dca52e1fa...`	`cf231dc76cc0f851...`
*.tar.gz	`391d55d633bc104c...`	`d270dd7026dc119c...`
SHA256SUMS.part	`905e1ccfbac7dfe3...`	`3724916abdc44ee6...`
guix_build.log	`d82e17399cfdda74...`	`53e143f635e85ed3...`
guix_build.log.diff		`56254e30a34f248e...`

DrahtBot removed the label DrahtBot Guix build requested on Nov 8, 2025

hebasto commented at 1:22 pm on November 8, 2025: member

My Guix build:

 0x86_64
 1a3647a46e00124b207263b695d9598cf9fe6c845ea9072c933462dd0e31a0ed9  guix-build-a02282d20c87/output/aarch64-linux-gnu/SHA256SUMS.part
 26e3b9a2e39e207d98c347ccc0a81dfc6c79484befa5dbbeaaccdd0b44b759e99  guix-build-a02282d20c87/output/aarch64-linux-gnu/bitcoin-a02282d20c87-aarch64-linux-gnu-debug.tar.gz
 3827f5c070c2ee3c8e1eb96cfd6f05551e4a69a00e422f808c15840026c7a27fc  guix-build-a02282d20c87/output/aarch64-linux-gnu/bitcoin-a02282d20c87-aarch64-linux-gnu.tar.gz
 40614c466cb38f98fa4b87fed9555d82cec60e3e46754b6bee17f00a87ef5bc74  guix-build-a02282d20c87/output/arm-linux-gnueabihf/SHA256SUMS.part
 57283dfd3c64fb53ae999e19715612d027e6a5515e6d7400bd8a37f066211dd0b  guix-build-a02282d20c87/output/arm-linux-gnueabihf/bitcoin-a02282d20c87-arm-linux-gnueabihf-debug.tar.gz
 62566cc5ffb73fa2eac5f18b0628502d0dbd8a87b596bd32200769e186e59158e  guix-build-a02282d20c87/output/arm-linux-gnueabihf/bitcoin-a02282d20c87-arm-linux-gnueabihf.tar.gz
 78c641fbdefca6e70465685e502dae0a27f0d8ebb9d023671884fdd0982dccf62  guix-build-a02282d20c87/output/arm64-apple-darwin/SHA256SUMS.part
 80bbad46352e730bd874832d44697f5f8b2b167318848a81895fa6d27bb902788  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-codesigning.tar.gz
 91b1b0f08e0e4f5dfb11aaf9a934f064ea6bae671dde55c0a6f357e08a3886953  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-unsigned.tar.gz
105718e63cfdacc2142e6b765400c5ec694456e9d7f28528041ddc41ba0258deef  guix-build-a02282d20c87/output/arm64-apple-darwin/bitcoin-a02282d20c87-arm64-apple-darwin-unsigned.zip
1179d1ff42f480bd6894b1d44fd7a59bc7c3b17cf25cccae7fe10b7f540d37af10  guix-build-a02282d20c87/output/dist-archive/bitcoin-a02282d20c87.tar.gz
12a3ec88591539b7467572dfc84bdd46e5e545379b9af61b6c99e5c6c06303f032  guix-build-a02282d20c87/output/powerpc64-linux-gnu/SHA256SUMS.part
13d29af70d201af3d526d50db42808c5b7b597f221892efc6269932be7f88eb92d  guix-build-a02282d20c87/output/powerpc64-linux-gnu/bitcoin-a02282d20c87-powerpc64-linux-gnu-debug.tar.gz
1469f2c179d415f21e3212003085a32c25b9f584e80ff8512a108a6cfa800e0024  guix-build-a02282d20c87/output/powerpc64-linux-gnu/bitcoin-a02282d20c87-powerpc64-linux-gnu.tar.gz
15f74381366c006c40f95f2b1bf67d45f8015e16080333539b238eddb7d2e41d3b  guix-build-a02282d20c87/output/riscv64-linux-gnu/SHA256SUMS.part
1686606f74f26ceeff2529b4260abcbead10fda7fce3f3d0fc6226d06cff1230f9  guix-build-a02282d20c87/output/riscv64-linux-gnu/bitcoin-a02282d20c87-riscv64-linux-gnu-debug.tar.gz
17c2b00950765051fde50dc2f3d7704e9134e7d777f7b18fdd0f5ca7d43c08707b  guix-build-a02282d20c87/output/riscv64-linux-gnu/bitcoin-a02282d20c87-riscv64-linux-gnu.tar.gz
183cc8638a8f32583ed396381f74e0becff6acbd9065f51ad49381da528385572f  guix-build-a02282d20c87/output/x86_64-apple-darwin/SHA256SUMS.part
19e73bdd69b6dd1663bd3ead538c32d1d05c604ba00961fd5c6596785e97e1ddb8  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-codesigning.tar.gz
20cd0292ad0de54b9cd97680867db44748d8e4cedceb61ae1cb6669a05bf1c3cae  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-unsigned.tar.gz
21486ee2017e74a3b9c4128b9d313e03614b8bb64bac999fab9b600f26970f50f6  guix-build-a02282d20c87/output/x86_64-apple-darwin/bitcoin-a02282d20c87-x86_64-apple-darwin-unsigned.zip
22181c8380d154d6aeab300418ffd8f6aedca852ac939a8991aa3968fb08ec5bfd  guix-build-a02282d20c87/output/x86_64-linux-gnu/SHA256SUMS.part
23760b99aa489bf1cdb87b479b810478afc0e1157a129ff7ede63c531a6a3eac42  guix-build-a02282d20c87/output/x86_64-linux-gnu/bitcoin-a02282d20c87-x86_64-linux-gnu-debug.tar.gz
241748aec2dd1e54ffa07571b9d1569403b3b992972cdeedc033b280aa339e2cf8  guix-build-a02282d20c87/output/x86_64-linux-gnu/bitcoin-a02282d20c87-x86_64-linux-gnu.tar.gz
25f8eaf2e58a22230b160309b478933a584bd929726cb3edc391804c916c5a4000  guix-build-a02282d20c87/output/x86_64-w64-mingw32/SHA256SUMS.part
26495b7643f78e8a226687e1d8bb1a182866a725bae9854510baa3c3b883a869bd  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-codesigning.tar.gz
2737325cbe0ba7088f324a35b37a808b7a40cbffba3add06ba74d07203f5b6aedd  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-debug.zip
2854d432ad92debbd16e7b6d360af463a85d042c3e2812fd23805735a9a146f993  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-setup-unsigned.exe
29cf2b18d4073f6c44aca5169febc1c88cf2cc44f56e280b2030c2b96632b1dea6  guix-build-a02282d20c87/output/x86_64-w64-mingw32/bitcoin-a02282d20c87-win64-unsigned.zip

hebasto approved

hebasto commented at 3:24 pm on November 8, 2025: member

ACK a02282d20c87471a3399e4061c7edad7ecdb391f.

DrahtBot requested review from janb84 on Nov 8, 2025

hebasto commented at 4:10 pm on November 8, 2025: member

@151henry151

Could you please also remove the workaround for NetBSD by reverting commit 11115e9aa845d675a88e18e729913f0aaa11e322?

I’ve tested it on NeBSD 10.1, and can confirm I’m sure it’s no longer necessary.

151henry151 force-pushed on Nov 8, 2025

DrahtBot added the label CI failed on Nov 8, 2025

DrahtBot commented at 8:07 pm on November 8, 2025: contributor

🚧 At least one of the CI tasks failed. Task Linux->Windows cross, no tests: https://github.com/bitcoin/bitcoin/actions/runs/19197903263/job/54881558336 LLM reason (✨ experimental): Container tests failed: ci/test/02_run_container.sh exited with status 1.

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
An intermittent issue.

Leave a comment here, if you need help tracking down a confusing failure.

151henry151 force-pushed on Nov 8, 2025

151henry151 commented at 8:23 pm on November 8, 2025: contributor

Could you please also remove the workaround for NetBSD by reverting commit 11115e9?

I think I’ve made the correct changes to remove that workaround, please let me know if there’s anything incorrect.

I don’t have an environment set up to test building for NetBSD, and I did not run a guix build yet.

Let me know if any further action would be helpful, and thanks for the guidance.

DrahtBot removed the label CI failed on Nov 8, 2025

maflcko added the label DrahtBot Guix build requested on Nov 10, 2025

in CMakeLists.txt:624 in 78d0f9031f

631-if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
632-  set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
633-else()
634-  set(CMAKE_SKIP_BUILD_RPATH TRUE)
635-endif()
636+set(CMAKE_SKIP_INSTALL_RPATH TRUE)

hebasto commented at 6:56 am on November 12, 2025:

Is there any reason to keep this line?

151henry151 commented at 0:54 am on November 13, 2025:

I had thought it was still needed, but on closer analysis you’re correct, thanks for catching that. Guix still passes -DCMAKE_SKIP_RPATH=TRUE, so the post-install security and symbol checks remain on the installed binaries without hard-coding it in the top-level CMake file, and NetBSD keeps its RPATH behavior. I’ve amended the commit.

DrahtBot commented at 3:52 pm on November 12, 2025: contributor

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

File	commit a7e80676104b5c90c5b5e3bfab815d55a9061052(master)	commit c3fff382a28d575f05794b2b0e7354e21757949f(pull/33247/merge)
*-aarch64-linux-gnu-debug.tar.gz	`9ddef49319706707...`	`5e0bf83c39986046...`
*-aarch64-linux-gnu.tar.gz	`f21ea59e025d66e1...`	`669c18f04a5aba23...`
*-arm-linux-gnueabihf-debug.tar.gz	`992407bc963e2438...`	`67f306eacf1e5abe...`
*-arm-linux-gnueabihf.tar.gz	`361e676c11549bed...`	`373e0400d9c18b45...`
*-arm64-apple-darwin-codesigning.tar.gz	`11c416cbc898a038...`	`035fa8f7d4bbcfc2...`
*-arm64-apple-darwin-unsigned.tar.gz	`a0a9fa4ef7c76d6e...`	`3c5b98e02d6879df...`
*-arm64-apple-darwin-unsigned.zip	`5796437ef8c90a8d...`	`c7f6b937f9009da0...`
*-powerpc64-linux-gnu-debug.tar.gz	`afb1a21443a0e1c0...`	`84ab737316bb3357...`
*-powerpc64-linux-gnu.tar.gz	`95d214bad41ad030...`	`2961dc10d0387d82...`
*-riscv64-linux-gnu-debug.tar.gz	`c1676eaa97f624db...`	`e712301fc395bd3b...`
*-riscv64-linux-gnu.tar.gz	`370afcfc89c4aacd...`	`a5475c11e73540e9...`
*-x86_64-apple-darwin-codesigning.tar.gz	`137af6ca1cc10bc2...`	`e827f1f6656272e3...`
*-x86_64-apple-darwin-unsigned.tar.gz	`74be1e5ac94185d5...`	`9326d320a4aadf96...`
*-x86_64-apple-darwin-unsigned.zip	`ec29ce933b375213...`	`adccca36b07ebcab...`
*-x86_64-linux-gnu-debug.tar.gz	`f82735bcbbbca602...`	`342adc936861ef16...`
*-x86_64-linux-gnu.tar.gz	`eca95f2d33727231...`	`2d1b9bd752cf33ba...`
*.tar.gz	`01a6b36c70dab2cd...`	`a82b977ec5064964...`
SHA256SUMS.part	`9b8e98e67367ab84...`	`bf5b63df3ea48659...`
guix_build.log	`90d0e367ef22b809...`	`305b57833c1db368...`
guix_build.log.diff		`35da6f71c1525141...`

DrahtBot removed the label DrahtBot Guix build requested on Nov 12, 2025

build: Remove CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD_RPATH settings

Remove CMake settings that are no longer needed after reordering Guix build script to perform binary checks after installation.

Also removes unused CMake maintenance targets (check-security and check-symbols) and updates security checks to include libexec/ directory binaries (see PR #31679).

2594d5a189

151henry151 force-pushed on Nov 13, 2025

151henry151 commented at 9:33 pm on November 14, 2025: contributor

My guix build hashes:

 0x86_64
 1fddfcf1d14219e7df35dd4c25546b99df2edb1fc29856c7ae1f7a9f27bfb24b1  guix-build-2594d5a189e5/output/aarch64-linux-gnu/bitcoin-2594d5a189e5-aarch64-linux-gnu-debug.tar.gz
 2488d6c14892a1753495091c8a49a00d1f0e3d2702d9d7b3536fa98e714e217ea  guix-build-2594d5a189e5/output/aarch64-linux-gnu/bitcoin-2594d5a189e5-aarch64-linux-gnu.tar.gz
 3a02136d07e0aab9f6c0352fe280226db51bb34000f6db9163a64ca7ee05902b0  guix-build-2594d5a189e5/output/aarch64-linux-gnu/SHA256SUMS.part
 4c09e05f1d64c599ceb7ba11deeebfacb90e92224901daa2d7cb519ddf7a07dcc  guix-build-2594d5a189e5/output/arm-linux-gnueabihf/bitcoin-2594d5a189e5-arm-linux-gnueabihf-debug.tar.gz
 5d274a9f01981b5d8b7753ac7619ee4e42da91f7e82906c17ad111d6b8a71d33a  guix-build-2594d5a189e5/output/arm-linux-gnueabihf/bitcoin-2594d5a189e5-arm-linux-gnueabihf.tar.gz
 6f8ca153fafb90d5c4a120e89fb229f38e350326ea370e530fc470a6efccb31bf  guix-build-2594d5a189e5/output/arm-linux-gnueabihf/SHA256SUMS.part
 7780255ae01d64925590f5282b05f5e81bb440d01955afecd4d126aeee768f2ff  guix-build-2594d5a189e5/output/arm64-apple-darwin/bitcoin-2594d5a189e5-arm64-apple-darwin-codesigning.tar.gz
 8b6c2391b7266c73234be419d270c2d23324814b8af3b8f43bab504eb9bebb06c  guix-build-2594d5a189e5/output/arm64-apple-darwin/bitcoin-2594d5a189e5-arm64-apple-darwin-unsigned.tar.gz
 9c9793c8b2289df9beff9a308e56dbb15e14a99e1fc3d281e754d056056f65801  guix-build-2594d5a189e5/output/arm64-apple-darwin/bitcoin-2594d5a189e5-arm64-apple-darwin-unsigned.zip
10b07d53c1e2168ac09857f9b9f3403a4536a6255d7a6752cd066c965fd0891798  guix-build-2594d5a189e5/output/arm64-apple-darwin/SHA256SUMS.part
11491fd4702c402b882e7f8da84b42e48aca5f195c7163422323cbde4b9f432ab9  guix-build-2594d5a189e5/output/dist-archive/bitcoin-2594d5a189e5.tar.gz
121cb42ab34a36ebcf4e5c2a733329c27924dc6e005b394a2c9d305a7522c588d9  guix-build-2594d5a189e5/output/powerpc64-linux-gnu/SHA256SUMS.part
13f68f05109688fb974aa40287d370a437f20e1f26c529731b5509eac59777009c  guix-build-2594d5a189e5/output/powerpc64-linux-gnu/bitcoin-2594d5a189e5-powerpc64-linux-gnu-debug.tar.gz
140e7435455372d76b1a94ad7a3a046f9ffc4b8f6e6e44ebe5ccfe74c1d004d550  guix-build-2594d5a189e5/output/powerpc64-linux-gnu/bitcoin-2594d5a189e5-powerpc64-linux-gnu.tar.gz
1591d53dd08d5b5b1d891ed357446a573275bafcd75888bb9e0a6567d9da1a61d4  guix-build-2594d5a189e5/output/riscv64-linux-gnu/SHA256SUMS.part
168ae470b91a8f676bffbdbe23d0849a417a086e3152cf26d422b990f925f58dfc  guix-build-2594d5a189e5/output/riscv64-linux-gnu/bitcoin-2594d5a189e5-riscv64-linux-gnu-debug.tar.gz
17818917545a14983fc9221a1d6c0f0193a3bd4d0f2d6159284de955323984785c  guix-build-2594d5a189e5/output/riscv64-linux-gnu/bitcoin-2594d5a189e5-riscv64-linux-gnu.tar.gz
18a72b04cf8760bfe054461ed7bb04099883328fbef940324e1ddf9c6a09150265  guix-build-2594d5a189e5/output/x86_64-apple-darwin/SHA256SUMS.part
19b27fdc8e873aba8fb92de5d7f214a44abc3c6c2cf2f92774424f9e1e24e143f5  guix-build-2594d5a189e5/output/x86_64-apple-darwin/bitcoin-2594d5a189e5-x86_64-apple-darwin-codesigning.tar.gz
202f6657d3c9663ae1d424ecc9def1069ca430358eb667ee5c5c4b2962ac33e569  guix-build-2594d5a189e5/output/x86_64-apple-darwin/bitcoin-2594d5a189e5-x86_64-apple-darwin-unsigned.tar.gz
21090f4621f9aef54dae89ff1d1c05e918a169efd9c74da7b0f7ae1864c5dc3266  guix-build-2594d5a189e5/output/x86_64-apple-darwin/bitcoin-2594d5a189e5-x86_64-apple-darwin-unsigned.zip
22b1acda62e967e7cd487547d3e81b63e13efdcad4248202b98de363d313b24381  guix-build-2594d5a189e5/output/x86_64-linux-gnu/SHA256SUMS.part
23efddeb0fe68f73de792c63832379e59763fba8bc1d10ac7bf8d3a2a840a1d56e  guix-build-2594d5a189e5/output/x86_64-linux-gnu/bitcoin-2594d5a189e5-x86_64-linux-gnu-debug.tar.gz
24ceedded0f573ebffd4d66e880658ac3be0c955edced38467639e4e5dce2c5aeb  guix-build-2594d5a189e5/output/x86_64-linux-gnu/bitcoin-2594d5a189e5-x86_64-linux-gnu.tar.gz
25dfafeb32dcef307ceac8b08f0ed06439df8aa8c3710f50e42d974f2364116d12  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/SHA256SUMS.part
26c3089ac2e7c85cbd77f30aa3fc3b30ac7cfa2e72bcd4052306ba6c541ec5eb6a  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-codesigning.tar.gz
271d145af4b3acc8aef7a92c6f686710235bec0bc786d19ac071e7cec533cdf87b  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-debug.zip
2882115a95c29d083200f10815d220380403fdfcc17b611a37b1d2765a2fe79710  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-setup-unsigned.exe
294468f0ee9eef439d107240466310d94ec8b3dc472b2b424da73d1ef0a50e3148  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-unsigned.zip

hebasto approved

hebasto commented at 1:45 pm on November 15, 2025: member

ACK 2594d5a189e52052c2019faccaa47f2affdc48e1.

My Guix build:

 0aarch64
 1a02136d07e0aab9f6c0352fe280226db51bb34000f6db9163a64ca7ee05902b0  guix-build-2594d5a189e5/output/aarch64-linux-gnu/SHA256SUMS.part
 2fddfcf1d14219e7df35dd4c25546b99df2edb1fc29856c7ae1f7a9f27bfb24b1  guix-build-2594d5a189e5/output/aarch64-linux-gnu/bitcoin-2594d5a189e5-aarch64-linux-gnu-debug.tar.gz
 3488d6c14892a1753495091c8a49a00d1f0e3d2702d9d7b3536fa98e714e217ea  guix-build-2594d5a189e5/output/aarch64-linux-gnu/bitcoin-2594d5a189e5-aarch64-linux-gnu.tar.gz
 4f8ca153fafb90d5c4a120e89fb229f38e350326ea370e530fc470a6efccb31bf  guix-build-2594d5a189e5/output/arm-linux-gnueabihf/SHA256SUMS.part
 5c09e05f1d64c599ceb7ba11deeebfacb90e92224901daa2d7cb519ddf7a07dcc  guix-build-2594d5a189e5/output/arm-linux-gnueabihf/bitcoin-2594d5a189e5-arm-linux-gnueabihf-debug.tar.gz
 6d274a9f01981b5d8b7753ac7619ee4e42da91f7e82906c17ad111d6b8a71d33a  guix-build-2594d5a189e5/output/arm-linux-gnueabihf/bitcoin-2594d5a189e5-arm-linux-gnueabihf.tar.gz
 7b07d53c1e2168ac09857f9b9f3403a4536a6255d7a6752cd066c965fd0891798  guix-build-2594d5a189e5/output/arm64-apple-darwin/SHA256SUMS.part
 8780255ae01d64925590f5282b05f5e81bb440d01955afecd4d126aeee768f2ff  guix-build-2594d5a189e5/output/arm64-apple-darwin/bitcoin-2594d5a189e5-arm64-apple-darwin-codesigning.tar.gz
 9b6c2391b7266c73234be419d270c2d23324814b8af3b8f43bab504eb9bebb06c  guix-build-2594d5a189e5/output/arm64-apple-darwin/bitcoin-2594d5a189e5-arm64-apple-darwin-unsigned.tar.gz
10c9793c8b2289df9beff9a308e56dbb15e14a99e1fc3d281e754d056056f65801  guix-build-2594d5a189e5/output/arm64-apple-darwin/bitcoin-2594d5a189e5-arm64-apple-darwin-unsigned.zip
11491fd4702c402b882e7f8da84b42e48aca5f195c7163422323cbde4b9f432ab9  guix-build-2594d5a189e5/output/dist-archive/bitcoin-2594d5a189e5.tar.gz
121cb42ab34a36ebcf4e5c2a733329c27924dc6e005b394a2c9d305a7522c588d9  guix-build-2594d5a189e5/output/powerpc64-linux-gnu/SHA256SUMS.part
13f68f05109688fb974aa40287d370a437f20e1f26c529731b5509eac59777009c  guix-build-2594d5a189e5/output/powerpc64-linux-gnu/bitcoin-2594d5a189e5-powerpc64-linux-gnu-debug.tar.gz
140e7435455372d76b1a94ad7a3a046f9ffc4b8f6e6e44ebe5ccfe74c1d004d550  guix-build-2594d5a189e5/output/powerpc64-linux-gnu/bitcoin-2594d5a189e5-powerpc64-linux-gnu.tar.gz
1591d53dd08d5b5b1d891ed357446a573275bafcd75888bb9e0a6567d9da1a61d4  guix-build-2594d5a189e5/output/riscv64-linux-gnu/SHA256SUMS.part
168ae470b91a8f676bffbdbe23d0849a417a086e3152cf26d422b990f925f58dfc  guix-build-2594d5a189e5/output/riscv64-linux-gnu/bitcoin-2594d5a189e5-riscv64-linux-gnu-debug.tar.gz
17818917545a14983fc9221a1d6c0f0193a3bd4d0f2d6159284de955323984785c  guix-build-2594d5a189e5/output/riscv64-linux-gnu/bitcoin-2594d5a189e5-riscv64-linux-gnu.tar.gz
18a72b04cf8760bfe054461ed7bb04099883328fbef940324e1ddf9c6a09150265  guix-build-2594d5a189e5/output/x86_64-apple-darwin/SHA256SUMS.part
19b27fdc8e873aba8fb92de5d7f214a44abc3c6c2cf2f92774424f9e1e24e143f5  guix-build-2594d5a189e5/output/x86_64-apple-darwin/bitcoin-2594d5a189e5-x86_64-apple-darwin-codesigning.tar.gz
202f6657d3c9663ae1d424ecc9def1069ca430358eb667ee5c5c4b2962ac33e569  guix-build-2594d5a189e5/output/x86_64-apple-darwin/bitcoin-2594d5a189e5-x86_64-apple-darwin-unsigned.tar.gz
21090f4621f9aef54dae89ff1d1c05e918a169efd9c74da7b0f7ae1864c5dc3266  guix-build-2594d5a189e5/output/x86_64-apple-darwin/bitcoin-2594d5a189e5-x86_64-apple-darwin-unsigned.zip
22b1acda62e967e7cd487547d3e81b63e13efdcad4248202b98de363d313b24381  guix-build-2594d5a189e5/output/x86_64-linux-gnu/SHA256SUMS.part
23efddeb0fe68f73de792c63832379e59763fba8bc1d10ac7bf8d3a2a840a1d56e  guix-build-2594d5a189e5/output/x86_64-linux-gnu/bitcoin-2594d5a189e5-x86_64-linux-gnu-debug.tar.gz
24ceedded0f573ebffd4d66e880658ac3be0c955edced38467639e4e5dce2c5aeb  guix-build-2594d5a189e5/output/x86_64-linux-gnu/bitcoin-2594d5a189e5-x86_64-linux-gnu.tar.gz
25dfafeb32dcef307ceac8b08f0ed06439df8aa8c3710f50e42d974f2364116d12  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/SHA256SUMS.part
26c3089ac2e7c85cbd77f30aa3fc3b30ac7cfa2e72bcd4052306ba6c541ec5eb6a  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-codesigning.tar.gz
271d145af4b3acc8aef7a92c6f686710235bec0bc786d19ac071e7cec533cdf87b  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-debug.zip
2882115a95c29d083200f10815d220380403fdfcc17b611a37b1d2765a2fe79710  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-setup-unsigned.exe
294468f0ee9eef439d107240466310d94ec8b3dc472b2b424da73d1ef0a50e3148  guix-build-2594d5a189e5/output/x86_64-w64-mingw32/bitcoin-2594d5a189e5-win64-unsigned.zip

hebasto commented at 1:53 pm on November 15, 2025: member

#33247 (comment)

My guix build hashes: @151henry151

To make hashes easily comparable, they are sorted using env LC_ALL=C sort. The full command to retrieve the hashes is as follows:

0find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum

hebasto commented at 1:55 pm on November 15, 2025: member

cc @purpleKarrot

purpleKarrot commented at 4:00 pm on November 15, 2025: contributor

ACK 2594d5a189e52052c2019faccaa47f2affdc48e1

Thanks for working on this!

in contrib/guix/libexec/build.sh:285 in 2594d5a189

276@@ -282,6 +277,13 @@ mkdir -p "$DISTSRC"
277             ;;
278     esac
279 
280+    # Perform basic security checks on installed executables.
281+    echo "Checking binary security on installed executables..."
282+    python3 "${DISTSRC}/contrib/guix/security-check.py" "${INSTALLPATH}/bin/"* "${INSTALLPATH}/libexec/"*
283+    # Check that executables only contain allowed version symbols.
284+    echo "Running symbol and dynamic library checks on installed executables..."
285+    python3 "${DISTSRC}/contrib/guix/symbol-check.py" "${INSTALLPATH}/bin/"* "${INSTALLPATH}/libexec/"*

fanquake commented at 10:47 am on November 17, 2025:

0/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/bin/bitcoin
1/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/bin/bitcoin-cli
2/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/bin/bitcoin-qt
3/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/bin/bitcoin-tx
4/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/bin/bitcoin-util
5/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/bin/bitcoin-wallet
6/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/bin/bitcoind
7/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/libexec/bitcoin-gui
8/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/libexec/bitcoin-node
9/distsrc-base/distsrc-275349011d15-x86_64-linux-gnu/installed/bitcoin-275349011d15/libexec/test_bitcoin

fanquake merged this on Nov 17, 2025

fanquake closed this on Nov 17, 2025

build: Remove CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD_RPATH settings #33247

Code Coverage & Benchmarks

Reviews

Conflicts

Conflicts

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]