Hi all, I've been on a quest to use Guix for Bitcoin Core's reproducible builds as I believe that Guix's focus on bootstrappability, and Guile's simplicity and flexibility are very desirable qualities in building an auditable, secure, and reliable build process. My pull request (very short thanks to Guix's infrastructure) can be found here: https://github.com/bitcoin/bitcoin/pull/15277/files
I've submitted patches for the Guix bitcoin-core package to make it reproducible, which seems to work fine. However, for easier acceptance into the bitcoin core process, I need to produce tarballs like the ones we have on our servers today: https://bitcoincore.org/bin/bitcoin-core-0.17.1/ For some context, we have a "mini-guix" of sorts seen in our "depends tree" here: https://github.com/bitcoin/bitcoin/tree/master/depends. This builds all the dependencies for bitcoin just the way we want them, in preparation for getting linked into bitcoin itself. My current approach for the build process is to produce a Guix container in which I execute a build of our "depends tree" followed by a build of bitcoin itself. See the Guix manifest and scripts here: https://github.com/bitcoin/bitcoin/pull/15277/files However, there were three hiccups that I had to hack my way around: 1. libstdc++ would not link statically even with "-static-libstdc++". The hack was to remove the .la file under $LIBRARY_PATH. 2. Upon inspection of the binaries produced at the end of this process, they all had rpaths. The hack was to use patchelf --remove-rpath on them. 3. Upon inspection of the binaries produced at the end of this process, their interpreters all had a `/gnu/store/blahblah-glibc-2.28' prefix. The hack was to use patchelf --set-interpreter on them. My questions are: 1. Is there a way to avoid the hacks that I listed above? I understand that it might mean writing custom gcc packages and I'm 100% okay with that. 2. Is there an easier way of achieving the same thing? Thank you all in advance for helping with this, and I hope that we'll see boostrappable Guix release builds of bitcoin very soon! Cheers, Carl Dong [email protected] "I fight for the users"
