Skip to content

Comments

build: target aarch64 over armv7, add rudimentary support for Rust components in build system, update to macOS SDK 15.0 (from Xcode 16.0)#7109

Open
kwvg wants to merge 24 commits intodashpay:developfrom
kwvg:rust_build
Open

build: target aarch64 over armv7, add rudimentary support for Rust components in build system, update to macOS SDK 15.0 (from Xcode 16.0)#7109
kwvg wants to merge 24 commits intodashpay:developfrom
kwvg:rust_build

Conversation

@kwvg
Copy link
Collaborator

@kwvg kwvg commented Jan 19, 2026
edited
Loading

Additional Information

  • Depends on backport: merge bitcoin#30423, #27038, #31048, #31099, #31172, #31450, #31608, #31818, #29881, #32458, #32400, #32760, #33178, #33312, #33780, #33181, #34102, partial bitcoin#29023, #30454, #30509, #30510, #31105, #32922, #33489, #33445 (build backports: part 5) #6927

  • To ensure our list of targets validated are matched with targets used for releases (see guix-start), we switch out arm-linux-gnueabihf with aarch64-linux-gnu, this is now reflected by changes to our GitHub CI configuration, build scripts, Guix CI action.

    • Additionally, since dash#7047, we can't assume our host is x86_64 and must update packages to explicitly mention the desired arch instead of relying on that assumption.

  • On top of ntdll.dll, Rust's standard library has a hard dependency on api-ms-win-core-synch-l1-2-0.dll (sync primitives) after rust-lang/rust#124019, which has been added to the allowlist even though this dependency isn't specified in RUST_LIBS.

  • The build system passes information about the host compiler, target macOS version and other parameters as Rust crates themselves may be FFI bindings to C/C++ codebases, this is specifically relevant for cross-compilation where host and target do not match. depends exposes whatever is needed but if attempting to build without depends, the following environment variables need to be defined.

    • OSX_MIN_VERSION (target version of macOS)
    • OSX_SDK (path to the macOS SDK)
    • NATIVE_AR (host archiver)
    • NATIVE_CC (host C compiler)
    • NATIVE_CXX (host C++ compiler)
    • RUST_NATIVE (host Rust target, if cannot be deduced by build system)

  • For integrating the crates into our C++ codebase, we use the cxx crate with the version defined in native_cxxbridge.mk

    • As mentioned in dash#6927, we need to update the macOS SDK to ensure we have standards-conformant definitions to deal with dtolnay/cxx#1574.

    • This does result in us using a higher SDK version than used upstream, requiring us to update the source URLs to our own fallback servers as upstream is not expected to host this version of the consolidated SDK. This has no effect on the target version of macOS, which will continue to be macOS 14.

  • The version of Rust defined in native_rust.mk and rust-toolchain.toml must match as the former is what we use in depends (and is the same version used in the Guix environment, we don't rely on Guix to supply us a Rust build environment) and the latter is used to ensure that builds outside depends use a matching Rust version.

    • The version should also be synced with rust_stdlib.mk, which defines the standard libraries used. All hosts (native_rust) will have a target (rust_stdlib) but not all targets will have a host. Version management is done using contrib/devtools/update-rust-hashes.py and contrib/devtools/update-native-cxxbridge.py.

      • To avoid glibc-related issues in Guix builds due to conflicting versions, incompatible symbols or the mixing of code generated with different glibc targets, we have opted to use the musl variant of the standard library for Linux builds. Non-depends builds will need to configure their Rust environment accordingly.

      • To allow PowerPC target builds, we had to move from Rust 1.82 (the minimum version demanded by cxx) to 1.85.1

    • This also means that the CI Docker image does not have a Rust compiler as it is supplied by depends. This is done due to the fact that we already need a depends-supplied compiler to have greater control over version and variant but also to avoid increasing the size of our already-large master image.

      Future work on the CI system could provide Rust compilers to aid in debugging and development (as development images are derived from CI images) but that is out of scope for this PR.

  • The depends system introduces the following verbs

    • download-rust-src (downloads packages necessary for vendoring)

    • download-rust-std (downloads the standard library for all targets listed in rust_stdlib.mk, needed as Guix environments do not have access to the internet)

    • vendor-dep-crates (vendors dependencies by Rust packages in the depends system)

    • vendor-all-crates (vendors dependencies by Rust packages used in the codebase)

      • During development and when building without the depends system, you will need to use --enable-online-rust, failing which, you will need to define RUST_VENDORED_SOURCES (a value that is otherwise defined by the depends system).

      • Vendoring support was added as Guix environments have no access to the internet and to allow for caching crates for CI.

  • As the Guix environment does not use normal paths, we have to do the inverse of the patch that is usually done to binaries generated in Guix environments (replacing the loader with standard paths instead of store-specific paths) to ensure our native binaries will run and additionally locate the GCC runtime (libgcc_s.so.1) and move it to a location reachable to the native binaries and patch that patch too.

    This is done using contrib/guix/libexec/fix-elf-interpreter.sh and is meant only for the Guix environment as it assumes that it will always run on a Linux host.

How Has This Been Tested?

Running dashd or dash-qt should have this entry in their debug log (see below) demonstrating a call to the stub crate during init.

[...]
2026-01-19T12:56:31Z Command-line arg: testnet=""
2026-01-19T12:56:31Z chirp 0.1.0 built with rustc 1.85.1 (4eb161250 2025-03-15) reports "cheep cheep"
2026-01-19T12:56:31Z Using at most 125 automatic connections (285 file descriptors available)
2026-01-19T12:56:31Z Using 16 MiB out of 32/2 requested for signature cache, able to store 524288 elements
2026-01-19T12:56:31Z Using 16 MiB out of 32/2 requested for script execution cache, able to store 524288 elements
[...]

Breaking Changes

None expected.

Checklist

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have made corresponding changes to the documentation
  • I have assigned this pull request to a milestone (for repository code-owners and collaborators only)

@kwvg kwvg added this to the 23.1 milestone Jan 19, 2026
@github-actions
Copy link

github-actions bot commented Jan 19, 2026
edited
Loading

✅ No Merge Conflicts Detected

This PR currently has no conflicts with other open PRs.

@kwvg kwvg mentioned this pull request Jan 19, 2026
Merged
5 tasks
@kwvg kwvg changed the title build: add build: add rudimentary support for Rust components in build system, update to macOS SDK 15.2 (from Xcode 16.0), target aarch64 over armv7 Jan 19, 2026
@kwvg kwvg changed the title build: add rudimentary support for Rust components in build system, update to macOS SDK 15.2 (from Xcode 16.0), target aarch64 over armv7 build: target aarch64 over armv7, add rudimentary support for Rust components in build system, update to macOS SDK 15.2 (from Xcode 16.0) Jan 19, 2026
@github-actions
Copy link

github-actions bot commented Jan 19, 2026

This pull request has conflicts, please rebase.

PastaPastaPasta added a commit that referenced this pull request Jan 24, 2026
@PastaPastaPasta
Merge #6927: backport: merge bitcoin#30423, bitcoin#27038, bitcoin#31048
1ea35a4 
, bitcoin#31099, bitcoin#31172, bitcoin#31450, bitcoin#31608, bitcoin#31818, bitcoin#29881, bitcoin#32458, bitcoin#32400, bitcoin#32760, bitcoin#33178, bitcoin#33312, bitcoin#33780, bitcoin#33181, bitcoin#34102, partial bitcoin#29023, bitcoin#30454, bitcoin#30509, bitcoin#30510, bitcoin#31105, bitcoin#32922, bitcoin#33489, bitcoin#33445 (build backports: part 5)

ad5c299 doc: add release notes (Kittywhiskers Van Gogh)
6350e93 merge bitcoin#34102: capnp 1.3.0 (Kittywhiskers Van Gogh)
e6e4ad0 merge bitcoin#33181: build for Linux HOSTS with `-static-libgcc` (Kittywhiskers Van Gogh)
e403bba merge bitcoin#33780: disable libsanitizer in Linux GCC build (Kittywhiskers Van Gogh)
88108ac partial bitcoin#33445: Update Clang in "tidy" job (Kittywhiskers Van Gogh)
f9686bb partial bitcoin#33489: Drop support for EOL macOS 13 (Kittywhiskers Van Gogh)
4a6de56 merge bitcoin#33312: Disable `UndefinedBinaryOperatorResult` check in `src/ipc` (Kittywhiskers Van Gogh)
00f46c2 merge bitcoin#33178: increase maximum allowed (runtime) GCC to 7 (Kittywhiskers Van Gogh)
49f815d partial bitcoin#32922: use notarized v28.2 binaries and fix macOS detection (Kittywhiskers Van Gogh)
7bf7523 merge bitcoin#32760: capnp 1.2.0 (Kittywhiskers Van Gogh)
369e875 merge bitcoin#32400: Use modern Windows randomness functions (Kittywhiskers Van Gogh)
62cb45b merge bitcoin#32458: move `*-check.py` scripts under `contrib/guix/` (Kittywhiskers Van Gogh)
362013a merge bitcoin#29881: use GCC 13 to build releases (Kittywhiskers Van Gogh)
bfcf58a merge bitcoin#31818: remove test-security/symbol-check scripts (Kittywhiskers Van Gogh)
973eca0 merge bitcoin#31608: Clarify min macOS and Xcode version (Kittywhiskers Van Gogh)
7f80572 merge bitcoin#31450: disable gcov in base-linux-gcc (Kittywhiskers Van Gogh)
e189624 merge bitcoin#31172: increase minimum supported Windows to 10.0 (Kittywhiskers Van Gogh)
8494bd6 partial bitcoin#31105: Update libmultiprocess library (Kittywhiskers Van Gogh)
29c8bd9 merge bitcoin#31099: drop macOS LLVM install instructions (Kittywhiskers Van Gogh)
84b1e17 fix: bump `darwin_cmake_system_version` to match `OSX_MIN_VERSION` (Kittywhiskers Van Gogh)
cdc411d merge bitcoin#31048: Bump minimum supported macOS to 13.0 (Kittywhiskers Van Gogh)
5515a69 partial bitcoin#30510: Add IPC wrapper for Mining interface (Kittywhiskers Van Gogh)
ce6504e merge bitcoin#27038: test for `_FORTIFY_SOURCE` usage in release binaries (Kittywhiskers Van Gogh)
140848d partial bitcoin#30509: Add -ipcbind option to bitcoin-node (Kittywhiskers Van Gogh)
9df31ce partial bitcoin#30454: Introduce CMake-based build system (Kittywhiskers Van Gogh)
310a652 merge bitcoin#30423: simplify `test-security-check` (Kittywhiskers Van Gogh)
3bb0e30 partial bitcoin#29023: add historical release notes for 26.0 (Kittywhiskers Van Gogh)
c725a30 docs: add omitted "Compatibility" heading to release notes template (Kittywhiskers Van Gogh)

Pull request description:

  ## Motivation

  While working on adding support for Rust to our build system (see [dash#7109](#7109)), there were sources of conflict between our current setup and the minimums demanded by Rust and our FFI crate, [`cxx`](https://github.com/dtolnay/cxx). Specifically, Dash Core currently targets building for Windows 7 ([source](https://github.com/dashpay/dash/blob/cc50446936f8436d9ac3a2442bb348d93d8ba314/configure.ac#L818), [`0x601`](https://learn.microsoft.com/en-gb/windows/win32/winprog/using-the-windows-headers)) in direct conflict with the decision by Rusts' maintainers to drop support for Windows 7 effective Rust 1.78 ([source](https://blog.rust-lang.org/2024/02/26/Windows-7/))

  More recent versions of Rust have issues that require additional workarounds (see [`rust-lang/rust#128218`](rust-lang/rust#128218)) to keep support for Windows 7 around and using older versions of Rust is infeasible since both [`cxx`](https://github.com/dtolnay/cxx) and Rust packages currently under evaluation for integration with Dash Core require Rust 1.82+.

  Additionally, non-conformant definitions in the macOS SDK cause issues when attempting to build crates with FFI definitions (see [`dtolnay/cxx#1574`](dtolnay/cxx#1574)) which is resolved by an additional SDK bump that is not in the scope of this PR as it is _above_ the SDK version used upstream but does give cause to also consider a macOS target version bump, which _is_ done by upstream.

  ## Additional Information

  * Dependent on #6919

  * Dependency for #7109

  * macOS 11 (Big Sur) had its support period elapse ~2 years ago ([source](https://endoflife.date/macos)). macOS 14 (Sonoma) is the lowest version of macOS still receiving support from Apple and the new minimum version elected by upstream.

  * Windows 7 had its _extended_ support period elapse ~5 years ago ([source](https://learn.microsoft.com/en-gb/lifecycle/products/windows-7)) with the second lowest version, Windows 8.1, had its _extended_ support period elapse ~2 years ago ([source](https://learn.microsoft.com/en-us/lifecycle/products/windows-81)).

  ## Breaking Changes

  Dash Core binaries will now target Windows 10 and macOS 14 (Sonoma), replacing the previous target Windows 7 and macOS 11 (Big Sur).

  ## Checklist

  - [x] I have performed a self-review of my own code
  - [x] I have commented my code, particularly in hard-to-understand areas **(note: N/A)**
  - [x] I have added or updated relevant unit/integration/functional/e2e tests
  - [x] I have made corresponding changes to the documentation
  - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_

ACKs for top commit:
  UdjinM6:
    utACK ad5c299

Tree-SHA512: 650cbc12f2f129770623fd4e62bd7eb77ba0677ae33b765cc8359878633562e2a5c302f86d399400bb798d6a0ac5e6c030f3b8c657b63178f468bbe0d1b246a5
@github-actions
Copy link

github-actions bot commented Jan 24, 2026

This pull request has conflicts, please rebase.

@kwvg kwvg force-pushed the rust_build branch 2 times, most recently from 68f1157 to 9da49be Compare January 29, 2026 11:24
@DashCoreAutoGuix
Copy link

DashCoreAutoGuix commented Jan 29, 2026

Guix Automation has began to build this PR tagged as v23.0.2-devpr7109.9da49bec. A new comment will be made when the image is pushed.

@kwvg
Copy link
Collaborator Author

kwvg commented Jan 29, 2026

Checksums for 9da49be

0f51f16f49d3a8efc62f2ba64525ba4396fd0b90b19ddedcdbbb1b3fc427c9e1  dashcore-23.0.2-1141-g9da49becf786-aarch64-linux-gnu-debug.tar.gz
773d174467573a17d13496d3226d69a13ca92f2240e5e621e728c577cb491de7  dashcore-23.0.2-1141-g9da49becf786-aarch64-linux-gnu.tar.gz
3cdf72193aab45a9cf6c785f970792367b46b71f1872e4594c4f1a09a64d925f  dashcore-23.0.2-1141-g9da49becf786-arm64-apple-darwin-unsigned.tar.gz
7b121a02935960bcbccadd4f4fd1658f17e8f12756cf84aa68950794a8218063  dashcore-23.0.2-1141-g9da49becf786-arm64-apple-darwin-unsigned.zip
198d8672dfdb6d59e87fe2a2a02fdc72852307fb61747a672ebc34852e44f6a6  dashcore-23.0.2-1141-g9da49becf786-arm64-apple-darwin.tar.gz
4d3452ce53537c479085f258a3b4b2ceccfdf73a8a77e873dfafe0bfdb99b691  dashcore-23.0.2-1141-g9da49becf786.tar.gz
a24013dce08ba8a2e57ed8f2c4bd034faf017902dc35faebb3dd3224990844f2  dashcore-23.0.2-1141-g9da49becf786-riscv64-linux-gnu-debug.tar.gz
f24329eeb491805d786dda053e88e17bf0e8dce29ace4942504705b86830d751  dashcore-23.0.2-1141-g9da49becf786-riscv64-linux-gnu.tar.gz
53db55c0f86fa5806be73353dff5db8b5bfdd6a2ea986fa3f28d1a7adef2ef39  dashcore-23.0.2-1141-g9da49becf786-x86_64-apple-darwin-unsigned.tar.gz
fd214166e0f9cc5a10aa0a61bb0b0b5d3d5346e96f461313e9f9ffa0bd69eb06  dashcore-23.0.2-1141-g9da49becf786-x86_64-apple-darwin-unsigned.zip
81e615e643a0929bafe4d828c0e95f9985bf113b700a5f19c1c93e505f2a3132  dashcore-23.0.2-1141-g9da49becf786-x86_64-apple-darwin.tar.gz
b0a9fe3de1469d42d127dc31233952cfebaf88359d07e1c067132226889f358d  dashcore-23.0.2-1141-g9da49becf786-x86_64-linux-gnu-debug.tar.gz
2a9b7d1f2d960f5779c5671106dcc20521198114f1d6e29bd7c46af4749cc14b  dashcore-23.0.2-1141-g9da49becf786-x86_64-linux-gnu.tar.gz
c123023f8a457d93085d8bbd0581acfb7af4e5003c81231b2e14eaac6b2cebff  dashcore-23.0.2-1141-g9da49becf786-win64-debug.zip
ddf80e8991fa8a375fecc1999edd963e02c5623a4efc31aa01c4d05672a46781  dashcore-23.0.2-1141-g9da49becf786-win64-setup-unsigned.exe
9370fc622a528d080b1337624363f4cf408d705d7c083e7520a5491b678e8748  dashcore-23.0.2-1141-g9da49becf786-win64-unsigned.tar.gz
bb0a8ee290f1ae2d908a14d67877f5573d18e4e5def2654f1816b76632973a93  dashcore-23.0.2-1141-g9da49becf786-win64.zip

@DashCoreAutoGuix
Copy link

DashCoreAutoGuix commented Jan 29, 2026

Guix Automation has completed; a release should be present here: https://github.com/dashpay/dash-dev-branches/releases/tag/v23.0.2-devpr7109.9da49bec. The image should be on dockerhub soon.

@kwvg kwvg closed this Jan 29, 2026
@kwvg kwvg reopened this Jan 29, 2026
@DashCoreAutoGuix
Copy link

DashCoreAutoGuix commented Jan 29, 2026

Guix Automation has began to build this PR tagged as v23.0.2-devpr7109.5443107c. A new comment will be made when the image is pushed.

@DashCoreAutoGuix
Copy link

DashCoreAutoGuix commented Jan 29, 2026

Guix Automation has completed; a release should be present here: https://github.com/dashpay/dash-dev-branches/releases/tag/v23.0.2-devpr7109.5443107c. The image should be on dockerhub soon.

@kwvg kwvg marked this pull request as ready for review January 29, 2026 12:44
@DashCoreAutoGuix
Copy link

DashCoreAutoGuix commented Feb 21, 2026

Guix Automation has began to build this PR tagged as v23.1.0-devpr7109.415bcf34. A new comment will be made when the image is pushed.

@DashCoreAutoGuix
Copy link

DashCoreAutoGuix commented Feb 21, 2026

Guix Automation has failed with an unknown error for tag v23.1.0-devpr7109.415bcf34

@kwvg
Copy link
Collaborator Author

kwvg commented Feb 21, 2026

Checksums for 415bcf3

88f9029df37b677b5b1b17f9ac8de51da2ee419c325e82e199608b027ee444b2  dashcore-23.1.0-97-g415bcf341e19-aarch64-linux-gnu-debug.tar.gz
92a4781538b1da5e6bb29fb0cb55dd88db523a9634dab693953c9763177acc8f  dashcore-23.1.0-97-g415bcf341e19-aarch64-linux-gnu.tar.gz
04830fddaf2c8178d722ed3a7be1da24362167612b08c1b18b3a9f02cae6958b  dashcore-23.1.0-97-g415bcf341e19-arm64-apple-darwin-unsigned.tar.gz
bab9b3b73d614b5020ec405457f251554e38af0c6a9ee85888624805e2ed3853  dashcore-23.1.0-97-g415bcf341e19-arm64-apple-darwin-unsigned.zip
3335fab57a36e38a811aa8bac5f645ba969d5f8578ecd3faa5ed8b626942b40e  dashcore-23.1.0-97-g415bcf341e19-arm64-apple-darwin.tar.gz
98b7221a1a81724bb3bdd8bc9bc20d15b589eb2fcead42530e2d426204301b4a  dashcore-23.1.0-97-g415bcf341e19.tar.gz
0b637c9e9b9156491220a6882d58c1145e43ef5ca2004819b3b6154b28c2bf6c  dashcore-23.1.0-97-g415bcf341e19-riscv64-linux-gnu-debug.tar.gz
fb3b1d989a68eee7e5d4a8b98e0b2683617cc896c4b93001103b43e17eda4e4a  dashcore-23.1.0-97-g415bcf341e19-riscv64-linux-gnu.tar.gz
964a94f5f0a0d54091be4f93cdbe9294a0a87045df2425674137312b4d984e3e  dashcore-23.1.0-97-g415bcf341e19-x86_64-apple-darwin-unsigned.tar.gz
66f574ae41308698e39259da91d3fc1652f438f554d007eb7dff6a9741b13cff  dashcore-23.1.0-97-g415bcf341e19-x86_64-apple-darwin-unsigned.zip
4d58f4213e81a6cc2ff9d1b0ed987d4784ee423154456aa663b67977648eb03a  dashcore-23.1.0-97-g415bcf341e19-x86_64-apple-darwin.tar.gz
b839a81ae5f4750a52fcfd4f12b69bd0f94a531722569cea0fb7b27b19586b6b  dashcore-23.1.0-97-g415bcf341e19-x86_64-linux-gnu-debug.tar.gz
bc67f093168d5fbcf8b17dc7ba19bf3db885002bed1aa816baf32b777fa03701  dashcore-23.1.0-97-g415bcf341e19-x86_64-linux-gnu.tar.gz
09541a2c7c2593466445d473df082e61b7aa2abbc7ee6c90985d3e13c45caa75  dashcore-23.1.0-97-g415bcf341e19-win64-debug.zip
a1cd0ad92cf75f031ceb6678eb092c3f6bd60629eea8f18a4de6b563264107e4  dashcore-23.1.0-97-g415bcf341e19-win64-setup-unsigned.exe
4fa0cf945f9208e94948206eed5d6fd93c19b12b163a4d6af3bdf90f38dc5a16  dashcore-23.1.0-97-g415bcf341e19-win64-unsigned.tar.gz
51ddac97dfde22ef1762c644165d67e5c366224beaf8fb1a9c7df4f83276c0bf  dashcore-23.1.0-97-g415bcf341e19-win64.zip

@kwvg kwvg changed the title build: target aarch64 over armv7, add rudimentary support for Rust components in build system, update to macOS SDK 15.2 (from Xcode 16.0) build: target aarch64 over armv7, add rudimentary support for Rust components in build system, update to macOS SDK 15.0 (from Xcode 16.0) Feb 22, 2026
@thepastaclaw thepastaclaw mentioned this pull request Feb 22, 2026
Closed
@dashpay dashpay deleted a comment from thepastaclaw Feb 22, 2026
@thepastaclaw
Copy link

thepastaclaw commented Feb 22, 2026

✅ Guix build complete! Release: https://github.com/dashpay/dash-dev-branches/releases/tag/v23.1.0-devpr7109.415bcf34

Binaries:

  • dashcore-23.1.0-devpr7109.415bcf34-x86_64-linux-gnu.tar.gz (59MB)
  • dashcore-23.1.0-devpr7109.415bcf34-aarch64-linux-gnu.tar.gz (35MB)

Built on native aarch64 Linux VM with Guix 1.5.0.

@thepastaclaw
Copy link

thepastaclaw commented Feb 22, 2026

🔨 Guix build started for v23.1.0-devpr7109.415bcf34.

Targets: x86_64-linux-gnu aarch64-linux-gnu riscv64-linux-gnu x86_64-w64-mingw32

A follow-up comment with checksums will be posted when the build completes.

@thepastaclaw
Copy link

thepastaclaw commented Feb 22, 2026

🔨 Guix build started for v23.1.0-devpr7109.415bcf34.

Targets: x86_64-linux-gnu aarch64-linux-gnu riscv64-linux-gnu x86_64-w64-mingw32 x86_64-apple-darwin arm64-apple-darwin

A follow-up comment with checksums will be posted when the build completes.

@thepastaclaw
Copy link

thepastaclaw commented Feb 22, 2026

✅ Guix build complete!

Release: https://github.com/dashpay/dash-dev-branches/releases/tag/v23.1.0-devpr7109.415bcf34

Checksums for 415bcf3

1f841632beea62d41ca065503b395c542a0b3cf1f65b5b23df338f3cc83da626  dashcore-23.1.0-devpr7109.415bcf34-arm64-apple-darwin-unsigned.tar.gz
28fafb20d4ac9241f3bd5936ec480029eff1f4d9d54a337c027f64bdd255c25c  dashcore-23.1.0-devpr7109.415bcf34-x86_64-apple-darwin-debug.tar.gz
334d65ade49ac6e4d96a05f596dfe07a7b11836e77266f497f17e8cf3cc096fe  dashcore-23.1.0-devpr7109.415bcf34-x86_64-linux-gnu-debug.tar.gz
39b7cb262255e42bfd3ad804e7568d99cfee4ae14c0f5ede6fcbda6666812389  dashcore-23.1.0-devpr7109.415bcf34-x86_64-apple-darwin-unsigned.zip
3f06c71bd6ec09c8e89f25fd01cfd7eb910aa270ac5b245abac5cbb7a192053a  dashcore-23.1.0-devpr7109.415bcf34.tar.gz
4fff9fa6cf4b27200cd1d520adb295e9fb7b9d0f80bea9f246b369e922443df3  dashcore-23.1.0-devpr7109.415bcf34-aarch64-linux-gnu-debug.tar.gz
533b909114fc70ec9c937b08de25132ceec15ffe3d0d75b0799e3d9a7faa9d32  dashcore-23.1.0-devpr7109.415bcf34-win64-debug.zip
57c81569e0366ce6cc1ba5af3257a047ebcb174ba727316500d94103983f0d90  dashcore-23.1.0-devpr7109.415bcf34-x86_64-apple-darwin-unsigned.tar.gz
5a9bc5e95d48598c2a1913fc9466cf730becb533adf983fd8985dce258263018  dashcore-23.1.0-devpr7109.415bcf34-win64-setup-unsigned.exe
60ac4285f4827fc3a4231bd7292a27ccbbea983ad12a15a8444b60cc6be4b5b8  dashcore-23.1.0-devpr7109.415bcf34-riscv64-linux-gnu-debug.tar.gz
683520ddc6b9c3a002cd2f761ee5d5539627d64f7bb3c0df53b81ceba429ea43  dashcore-23.1.0-devpr7109.415bcf34-win64.zip
6f6db17ada6223ff3a4df526883a56345ca4bacd23d5024c2889e48e56da921d  dashcore-23.1.0-devpr7109.415bcf34-win64-unsigned.tar.gz
723dde1b7e52b2c5205a86cf5c666b23456e489bc3a6951752b043b8a2a012c0  dashcore-23.1.0-devpr7109.415bcf34-aarch64-linux-gnu.tar.gz
78799ed83e37c1743b7e27a4aac6b1a2591ab05f4d70adc80fe1485545f6b478  dashcore-23.1.0-devpr7109.415bcf34-riscv64-linux-gnu.tar.gz
79602a55c8a8ae13b18057e0a097919f8f35b4e04923e87341d851555c9b9205  dashcore-23.1.0-devpr7109.415bcf34-arm64-apple-darwin.tar.gz
c9bd45c76af801c4b07ed3ffdf42808a12ec5eeff4a5e60b53d3f7b201a9346f  dashcore-23.1.0-devpr7109.415bcf34-arm64-apple-darwin-debug.tar.gz
ce0e90c1a3e2b046faf1d3351f4fd8d9d37f04ba2ebd0500add08ec2673b4670  dashcore-23.1.0-devpr7109.415bcf34-x86_64-apple-darwin.tar.gz
e1b95eec0f0b056d37065b42b2bcfdb9009cec6eeda265938eda0eacacfbe7d8  dashcore-23.1.0-devpr7109.415bcf34-x86_64-linux-gnu.tar.gz
fc8f4924fa35a300994d23a72ede0f8e79c8c020631bce111ba4afe499ee64e3  dashcore-23.1.0-devpr7109.415bcf34-arm64-apple-darwin-unsigned.zip

@dashpay dashpay deleted a comment from thepastaclaw Feb 22, 2026
@dashpay dashpay deleted a comment from thepastaclaw Feb 22, 2026
@dashpay dashpay deleted a comment from thepastaclaw Feb 22, 2026
@kwvg
Copy link
Collaborator Author

kwvg commented Feb 23, 2026
edited
Loading

@PastaPastaPasta the tags don't match devpr7109.415bcf34 (claw) vs 415bcf341e19 (my build using the Guix container), I remember this was an issue in the past where my container showed faulty depth information and that meant none of the hashes match but a reclone fixed that and the hashes did match, @thepastaclaw probably needs to mirror the same characteristics.

@thepastaclaw thepastaclaw mentioned this pull request Feb 23, 2026
Closed
@thepastaclaw
Copy link

thepastaclaw commented Feb 23, 2026

Good catch — I investigated this and the tag mismatch is expected with our current automation path.

What’s happening:

  1. The PR builder explicitly creates an annotated tag before building:
    • v{version}-devpr{pr}.{sha8}
    • For this PR: v23.1.0-devpr7109.415bcf34
  2. Guix derives VERSION from git describe --abbrev=12 (contrib/shell/git-utils.bash), and DISTNAME is built from that.
  3. So:
    • In the automated run (built from the devpr tag), artifacts are named dashcore-23.1.0-devpr7109.415bcf34-...
    • In your container run from the PR branch, git describe resolves to v23.1.0-97-g415bcf341e19, so artifacts are dashcore-23.1.0-97-g415bcf341e19-...

I reproduced this behavior locally by toggling an annotated tag on the same commit: git describe flips accordingly.

So this specific devpr7109.415bcf34 vs 415bcf341e19 naming difference is from build context/tag selection, not automatically a bad-depth signal.

Next step for apples-to-apples comparison: build from the same source identity on both sides (either both from the v23.1.0-devpr7109.415bcf34 tag, or both from the raw PR commit with the same describe context), then compare checksums.

@PastaPastaPasta
Copy link
Member

PastaPastaPasta commented Feb 23, 2026

Claw please use the commit instead for the build for reproducibility here

@thepastaclaw thepastaclaw mentioned this pull request Feb 23, 2026
Closed
@thepastaclaw
Copy link

thepastaclaw commented Feb 23, 2026

@PastaPastaPasta ack — I will use the PR head commit directly for reproducibility (not the devpr tag context). Re-running from commit 415bcf341e19d8c2446a329d986bfeec3645bf92 and I’ll post checksums from that commit-based build context only.

@thepastaclaw
Copy link

thepastaclaw commented Feb 23, 2026

@PastaPastaPasta commit-context rerun complete for the Linux targets from the PR head commit (no devpr tag context):

  • Commit: 415bcf341e19d8c2446a329d986bfeec3645bf92
  • Build identity resolves to: 23.1.0-97-g415bcf341e19

Checksums:

88f9029df37b677b5b1b17f9ac8de51da2ee419c325e82e199608b027ee444b2  dashcore-23.1.0-97-g415bcf341e19-aarch64-linux-gnu-debug.tar.gz
92a4781538b1da5e6bb29fb0cb55dd88db523a9634dab693953c9763177acc8f  dashcore-23.1.0-97-g415bcf341e19-aarch64-linux-gnu.tar.gz
b839a81ae5f4750a52fcfd4f12b69bd0f94a531722569cea0fb7b27b19586b6b  dashcore-23.1.0-97-g415bcf341e19-x86_64-linux-gnu-debug.tar.gz
bc67f093168d5fbcf8b17dc7ba19bf3db885002bed1aa816baf32b777fa03701  dashcore-23.1.0-97-g415bcf341e19-x86_64-linux-gnu.tar.gz

These match the commit-based checksums posted by @kwvg for those artifacts.

@thepastaclaw
Copy link

thepastaclaw commented Feb 23, 2026

@PastaPastaPasta commit-context rebuild is done.

Built directly from commit:

  • 415bcf341e19d8c2446a329d986bfeec3645bf92

Build context details:

  • Worktree checked out in detached-HEAD at that commit
  • git describe --abbrev=12 resolved to: v23.1.0-97-g415bcf341e19
  • Hosts built in this run: x86_64-linux-gnu, aarch64-linux-gnu

Checksums (commit-context artifacts)

98b7221a1a81724bb3bdd8bc9bc20d15b589eb2fcead42530e2d426204301b4a  dist-archive/dashcore-23.1.0-97-g415bcf341e19.tar.gz
b839a81ae5f4750a52fcfd4f12b69bd0f94a531722569cea0fb7b27b19586b6b  x86_64-linux-gnu/dashcore-23.1.0-97-g415bcf341e19-x86_64-linux-gnu-debug.tar.gz
bc67f093168d5fbcf8b17dc7ba19bf3db885002bed1aa816baf32b777fa03701  x86_64-linux-gnu/dashcore-23.1.0-97-g415bcf341e19-x86_64-linux-gnu.tar.gz
88f9029df37b677b5b1b17f9ac8de51da2ee419c325e82e199608b027ee444b2  aarch64-linux-gnu/dashcore-23.1.0-97-g415bcf341e19-aarch64-linux-gnu-debug.tar.gz
92a4781538b1da5e6bb29fb0cb55dd88db523a9634dab693953c9763177acc8f  aarch64-linux-gnu/dashcore-23.1.0-97-g415bcf341e19-aarch64-linux-gnu.tar.gz

If you want, I can run the remaining hosts in the same commit-pinned mode too, but this should satisfy the commit-based reproducibility check you asked for.

PastaPastaPasta
PastaPastaPasta approved these changes Feb 23, 2026
View reviewed changes
Copy link
Member

@PastaPastaPasta PastaPastaPasta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 415bcf3

@thepastaclaw thepastaclaw mentioned this pull request Feb 23, 2026
Closed
UdjinM6
UdjinM6 requested changes Feb 23, 2026
View reviewed changes
Copy link

@UdjinM6 UdjinM6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's too invasive to merge and not use afterwards. Would like to see a draft PR that implements some actual feature on top of this first.

@UdjinM6
Copy link

UdjinM6 commented Feb 23, 2026

Claude found some issues:

Medium Priority Issues

1. No --disable-rust option (configure.ac)

RS_REQUIRE_PROG calls AC_MSG_ERROR if cargo/rustc/cxxbridge are missing, making Rust mandatory. For a new infrastructure addition, providing --enable-rust / --disable-rust would allow incremental adoption and not break existing build workflows that lack Rust tooling.

2. Rust linkage in libdashconsensus (src/Makefile.am)

LIBRUSTDEPS is added to libdashconsensus_la_LIBADD. The consensus library is a minimal, stable-ABI shared library — adding Rust dependencies significantly expands its surface area. The chirp stub has no consensus functionality, so this seems unnecessary.

3. HTTP SDK URL — security concern (ci/test/00_setup_env.sh)

The SDK URL changed from https://bitcoincore.org/... to http://dash-depends-sources.s3-website-us-west-2.amazonaws.com. Plain HTTP for build dependencies is vulnerable to MITM. S3 supports HTTPS via https://dash-depends-sources.s3.us-west-2.amazonaws.com.

4. Archive merging will break with multiple crates (rust/Makefile.libs.include)

Object files from all Rust static libraries are extracted into a flat directory:
cd $(LIBRUSTDEPS_LIBDIR)/objs && $(AR) -x $$lib; If two crates produce .o files with the same name, they silently overwrite each other. Consider per-crate subdirectories.

5. .gitignore gen pattern too broad (.gitignore)

Adding bare gen ignores any directory named gen anywhere in the repo. A more specific rust/*/gen/ would be safer.

6. download_rust_std_target does not verify SHA256 (depends/funcs.mk)

The hash is written to a stamp file but the downloaded file is never verified against it with $(build_SHA256SUM) -c like the standard package flow does.

7. SDK bump and ARM migration bundled with Rust PR

The macOS Xcode 15→16 bump and ARM32→ARM64 migration are orthogonal changes that would benefit from separate PRs for easier review, testing, and bisection.

---
Low Priority Issues

8. RS_REQUIRE_PROG m4 quoting (configure.ac)

Uses AC_MSG_ERROR("Required program $2 was not found") with shell double-quotes instead of proper m4 quoting AC_MSG_ERROR([Required program $2 was not found]). Fragile though it works in practice.

9. RUST_VENDORED_SOURCES empty without depends (configure.ac)

Only set in depends/config.site.in. Running configure without the depends prefix leaves it empty, causing the offline cargo config to write directory = "" — a silent failure.

10. init.cpp chirp message (src/init.cpp)

LogPrintf("%s\n", std::string(chirp::chirp())); - Outputs "chirp 0.1.0 ... reports "cheep cheep"" to production logs — consider gating behind a debug log category or using a more neutral format.
- No error handling if the FFI call aborts (though panic = "abort" makes this a hard crash by design).

11. MACOSX_DEPLOYMENT_TARGET set unconditionally (rust/Makefile.am)

Set in CARGO_ENV even on non-macOS targets where it will be empty. Harmless but worth a conditional guard.

12. lint-shell.py regex bug (pre-existing, worsened)

reg = re.compile(r'rust|src/[dashbls,immer,leveldb,secp256k1,minisketch]')
[dashbls,...] is a character class, not alternation. rust| matches "rust" anywhere in any path. Pre-existing bug but broadened.

13. fix-elf-interpreter.sh missing set -e (depends/patches/native_rust/)

Individual patchelf commands could fail silently.

14. --enable-reduce-exports dropped in aarch64 config (ci/test/00_setup_env_aarch64.sh)

The old ARM32 config had --enable-reduce-exports in BITCOIN_CONFIG. This was removed in the aarch64 rename — was this intentional?

@UdjinM6 UdjinM6 mentioned this pull request Feb 23, 2026
Open
5 tasks
@thepastaclaw
Copy link

thepastaclaw commented Feb 23, 2026

@UdjinM6 thanks for the detailed pass — I went through your list against current 415bcf341e19 and agree with the core concerns.

Quick triage from my side:

  • (1) No --disable-rust path — valid; RS_REQUIRE_PROG currently makes Rust tooling mandatory.
  • (2) libdashconsensus links Rust deps — valid concern; for an ABI-stable minimal lib this is too much surface for the current stub use.
  • (3) HTTP SDK URL — valid security issue; should be HTTPS + checksum verification in fetch path.
  • (4) Flat .o extraction for merged Rust archives — collision risk is real.
  • (5) Broad .gitignore gen pattern — valid; should be narrowed.
  • (6) download_rust_std_target stamp without verification — valid; needs hash-check before stamping.
  • (7) Scope bundling — agreed this is hard to review/bisect as one PR.

And I agree with your high-level point: this infra-only change is too invasive to merge without a concrete consumer ready on top.

Given that, I suggest we keep this as draft/rework and proceed in two tracks:

  1. Refactor/safety split (reviewable chunks):
    • rust optionality gate (--enable-rust / --disable-rust behavior)
    • security/build-hardening fixes (HTTPS + hash verification)
    • archive/linkage correctness (libdashconsensus boundary + object merge approach)
  2. Feature consumer PR that actually uses the infrastructure so we can evaluate the tradeoff in-context.

If that plan works for you and @kwvg/@PastaPastaPasta, I can help with concrete patch chunks in that order.

@thepastaclaw thepastaclaw mentioned this pull request Feb 23, 2026
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@UdjinM6 UdjinM6 UdjinM6 requested changes

@PastaPastaPasta PastaPastaPasta PastaPastaPasta approved these changes

@knst knst Awaiting requested review from knst

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

guix-build

Projects

None yet

Milestone

24

Development

Successfully merging this pull request may close these issues.

5 participants

@kwvg @DashCoreAutoGuix @PastaPastaPasta @thepastaclaw @UdjinM6