Page MenuHomePhabricator

[guix] build dmg as a static binary and skip cmake RPATH patching
ClosedPublic

Authored by PiRK on May 26 2023, 09:13.

Details

Summary

depends: libdmg-hfsplus: Skip CMake RPATH patching

CMake's RPATH patching apparently causes non-reproducibility in the
executables which are produced, manifesting in a difference in padding
in the .dynstr section (we found this while investigating
non-reproducibility in the "dmg" tool). This RPATH patching can be
safely skipped for executables which don't depend on internal shared
libraries.

Documentation sources:

  1. https://gitlab.kitware.com/cmake/community/-/wikis/doc/cmake/RPATH-handling
  2. https://reproducible-builds.org/docs/deterministic-build-systems/#cmake-notes

Prior debugging art:

  1. https://stackoverflow.com/questions/63438206/cmake-g-reproducible-build-issue-with-changing-build-path
  2. https://github.com/NXPmicro/mfgtools/pull/229/filesi

https://github.com/bitcoin/bitcoin/pull/21375/commits/06d6cf6784421290e6235fe8684d5e08ed6f1b62

guix: Build dmg as a static binary

This relatively easy change eliminates all runtime dependencies (except
for the kernel) for dmg, which is the only native build tool that gets
put in our output tarballs.

This allows much more flexibility when constructing the codesigning
environment, and is much more robust.

https://github.com/bitcoin/bitcoin/pull/21375/commits/7476b46f1893a4858616d2a8456a7c43238851ed

This concludes backport of core#21375

Most of this PR was included when we copied the latest guix scripts.
Another commit with a Qt patch was included in D13927, and another one related to id_string in D13940

Depends on D13940

Test Plan

contrib/guix/guix-build

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 23808
Build 47226: Build Diff
Build 47225: arc lint + arc unit