From 4cbaeb2277125fd944e04b6b8356caa113046dfd Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Sat, 22 Nov 2025 03:17:40 +0530 Subject: [PATCH 1/5] ci: use Nix to obtain GCC 14 (from unstable) and GCC 11 (from 23.11) GCC 14 is available in 25.05 but we will be bumping to GCC 15 soon which isn't, so we will be using unstable instead. --- .github/workflows/build-container.yml | 5 ++ .github/workflows/build.yml | 2 + contrib/containers/ci/ci.Dockerfile | 42 ++++++++- contrib/containers/ci/default.nix | 86 +++++++++++++++++++ contrib/containers/ci/nix.custom.conf | 15 ++++ contrib/containers/develop/Dockerfile | 1 - contrib/containers/develop/docker-compose.yml | 2 + 7 files changed, 150 insertions(+), 3 deletions(-) create mode 100644 contrib/containers/ci/default.nix create mode 100644 contrib/containers/ci/nix.custom.conf diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml index 67df008c220df..24fa92165a1d0 100644 --- a/.github/workflows/build-container.yml +++ b/.github/workflows/build-container.yml @@ -3,6 +3,10 @@ name: Build container on: workflow_call: inputs: + build-contexts: + description: "Paths to additional build contexts" + required: false + type: string context: description: "Path to use for build context" required: true @@ -56,6 +60,7 @@ jobs: with: context: ${{ inputs.context }} file: ${{ inputs.file }} + build-contexts: ${{ inputs.build-contexts }} push: true tags: | ghcr.io/${{ steps.prepare.outputs.repo }}/${{ inputs.name }}:${{ hashFiles(inputs.file) }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4e9b6c9efa8b1..72143344bc588 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -46,6 +46,8 @@ jobs: context: ./contrib/containers/ci file: ./contrib/containers/ci/ci.Dockerfile name: dashcore-ci-runner + build-contexts: | + docker_root=./contrib/containers/ci container-slim: name: Build slim container diff --git a/contrib/containers/ci/ci.Dockerfile b/contrib/containers/ci/ci.Dockerfile index c454bc7cd6834..539055e6969b0 100644 --- a/contrib/containers/ci/ci.Dockerfile +++ b/contrib/containers/ci/ci.Dockerfile @@ -18,8 +18,6 @@ RUN set -ex; \ bsdmainutils \ ccache \ cmake \ - g++-11 \ - g++-14 \ g++-arm-linux-gnueabihf \ g++-mingw-w64-x86-64 \ gawk \ @@ -67,6 +65,46 @@ RUN set -ex; \ make install -j "$(( $(nproc) - 1 ))"; \ cd /opt && rm -rf /opt/iwyu; +# Install Nix to fetch versioned GCC releases +RUN set -ex; \ + curl -fsSL https://install.determinate.systems/nix | sh -s -- install linux \ + --determinate \ + --extra-conf "sandbox = false" \ + --no-confirm \ + --init none +ENV PATH="/nix/var/nix/profiles/default/bin:${PATH}" \ + NIX_CONF_DIR="/etc/nix" +COPY --from=docker_root ./nix.custom.conf /etc/nix/nix.custom.conf +COPY --from=docker_root ./default.nix /etc/nix/ +RUN set -ex; \ + nix-env -f /etc/nix/default.nix -i; \ + nix-collect-garbage -d; \ + nix-store --optimise; +RUN set -ex; \ + chmod -R o+rX /nix/store /nix/var/nix/profiles/default; \ + mkdir -p /usr/local/bin /usr/local/lib /usr/local/lib64; \ + for bin in /nix/var/nix/profiles/default/bin/*; do \ + if [ -f "$bin" ]; then \ + ln -sf "$bin" "/usr/local/bin/$(basename "$bin")"; \ + fi; \ + done; \ + for dir in /nix/var/nix/profiles/default/lib/*; do \ + if [ -d "$dir" ]; then \ + ln -sf "$dir" "/usr/local/lib/$(basename "$dir")"; \ + fi; \ + done; \ + for dir in /nix/var/nix/profiles/default/lib64/*; do \ + if [ -d "$dir" ]; then \ + ln -sf "$dir" "/usr/local/lib64/$(basename "$dir")"; \ + fi; \ + done; \ + ln -sf "/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)" "/usr/lib/multiarch" +# Nix-supplied compilers won't search for distro-installed libraries without explicit +# specification and we can't run binaries built with those compilers without specifying +# where their runtime dependencies are +ENV LD_LIBRARY_PATH="/usr/local/lib64/gcc-14:/usr/local/lib/gcc-14:/usr/local/lib64/gcc-11:/usr/local/lib/gcc-11:${LD_LIBRARY_PATH}" +ENV LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/lib/multiarch:/usr/lib" + RUN \ mkdir -p /cache/ccache && \ mkdir /cache/depends && \ diff --git a/contrib/containers/ci/default.nix b/contrib/containers/ci/default.nix new file mode 100644 index 0000000000000..17c5b9510662a --- /dev/null +++ b/contrib/containers/ci/default.nix @@ -0,0 +1,86 @@ +let + pkgsLegacy = import (builtins.fetchTarball { + name = "nixos-23.11"; + url = "https://github.com/NixOS/nixpkgs/archive/23.11.tar.gz"; + sha256 = "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk="; + }) {}; + + pkgsUnstable = import (builtins.fetchTarball { + name = "nixos-unstable"; + url = "https://github.com/NixOS/nixpkgs/archive/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1.tar.gz"; + sha256 = "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk="; + }) {}; +in +pkgsUnstable.buildEnv { + name = "nixEnv"; + ignoreCollisions = true; + paths = [ + pkgsLegacy.gcc11 + pkgsUnstable.gcc14 + ]; + + postBuild = '' + binaries=( + addr2line + ar + as + c++ + c++filt + cc + cpp + dwp + elfedit + g++ + gcc + gcc-ar + gcc-nm + gcc-ranlib + gccgo + gcov + gcov-dump + gcov-tool + gdc + gfortran + gprof + ld + ld.bfd + ld.gold + lto-dump + nm + objcopy + objdump + ranlib + readelf + size + strings + strip + ) + + target_triple="${pkgsUnstable.stdenv.targetPlatform.config}" + for binary in "''${binaries[@]}"; do + if [ -f "${pkgsLegacy.gcc11}/bin/$binary" ]; then + ln -sf "${pkgsLegacy.gcc11}/bin/$binary" "$out/bin/$binary-11" + ln -sf "${pkgsLegacy.gcc11}/bin/$binary" "$out/bin/$target_triple-$binary-11" + fi + if [ -f "${pkgsUnstable.gcc14}/bin/$binary" ]; then + ln -sf "${pkgsUnstable.gcc14}/bin/$binary" "$out/bin/$binary-14" + ln -sf "${pkgsUnstable.gcc14}/bin/$binary" "$out/bin/$target_triple-$binary-14" + fi + rm -f "$out/bin/$binary" + done + + mkdir -p $out/lib $out/lib64 + if [ -d "${pkgsLegacy.gcc11.cc.lib}/lib" ]; then + ln -sf "${pkgsLegacy.gcc11.cc.lib}/lib" "$out/lib/gcc-11" + fi + if [ -d "${pkgsLegacy.gcc11.cc.lib}/lib64" ]; then + ln -sf "${pkgsLegacy.gcc11.cc.lib}/lib64" "$out/lib64/gcc-11" + fi + if [ -d "${pkgsUnstable.gcc14.cc.lib}/lib" ]; then + ln -sf "${pkgsUnstable.gcc14.cc.lib}/lib" "$out/lib/gcc-14" + fi + if [ -d "${pkgsUnstable.gcc14.cc.lib}/lib64" ]; then + ln -sf "${pkgsUnstable.gcc14.cc.lib}/lib64" "$out/lib64/gcc-14" + fi + ''; +} diff --git a/contrib/containers/ci/nix.custom.conf b/contrib/containers/ci/nix.custom.conf new file mode 100644 index 0000000000000..75bca563af946 --- /dev/null +++ b/contrib/containers/ci/nix.custom.conf @@ -0,0 +1,15 @@ +experimental-features = auto-allocate-uids flakes nix-command + +# Space optimization +auto-optimise-store = true + +# Builder settings for CI +auto-allocate-uids = true +cores = 0 +max-jobs = auto + +# Binary caches for faster downloads +accept-flake-config = true +substituters = https://cache.nixos.org https://nix-community.cachix.org +trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= +max-substitution-jobs = 0 diff --git a/contrib/containers/develop/Dockerfile b/contrib/containers/develop/Dockerfile index 90694d7e443eb..334a706b2f6b6 100644 --- a/contrib/containers/develop/Dockerfile +++ b/contrib/containers/develop/Dockerfile @@ -28,7 +28,6 @@ RUN set -ex; \ openssh-client \ screen \ sudo \ - zsh \ && \ rm -rf /var/lib/apt/lists/* diff --git a/contrib/containers/develop/docker-compose.yml b/contrib/containers/develop/docker-compose.yml index c6f2cea704243..39238d6d4d0c8 100644 --- a/contrib/containers/develop/docker-compose.yml +++ b/contrib/containers/develop/docker-compose.yml @@ -4,6 +4,8 @@ services: build: context: '..' dockerfile: './develop/Dockerfile' + additional_contexts: + - docker_root=../ci args: USER_ID: 1000 # set this to $(id -u) of the host GROUP_ID: 1000 # set this to $(id -g) of the host From a979b4d13727ebb6ca9ad50433860c3ed698be1b Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Sat, 22 Nov 2025 02:53:02 +0530 Subject: [PATCH 2/5] fix: prevent contamination of macOS cross compilation library paths --- .github/workflows/build-depends.yml | 1 + .github/workflows/build-src.yml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/build-depends.yml b/.github/workflows/build-depends.yml index b2fefcba010cd..b580926e0724c 100644 --- a/.github/workflows/build-depends.yml +++ b/.github/workflows/build-depends.yml @@ -80,6 +80,7 @@ jobs: export HOST="${{ steps.setup.outputs.HOST }}" if [ "${HOST}" = "x86_64-apple-darwin" ]; then ./contrib/containers/guix/scripts/setup-sdk + unset LIBRARY_PATH LD_LIBRARY_PATH fi env ${{ steps.setup.outputs.DEP_OPTS }} make -j$(nproc) -C depends diff --git a/.github/workflows/build-src.yml b/.github/workflows/build-src.yml index 6f9d3279b845b..e03ee57ae842e 100644 --- a/.github/workflows/build-src.yml +++ b/.github/workflows/build-src.yml @@ -82,6 +82,9 @@ jobs: BASE_OUTDIR="/output" BUILD_TARGET="${{ inputs.build-target }}" source ./ci/dash/matrix.sh + if [ "${HOST}" = "x86_64-apple-darwin" ]; then + unset LIBRARY_PATH LD_LIBRARY_PATH + fi ./ci/dash/build_src.sh ccache -X 9 ccache -c From 137abb17dea8538698f1ebf69a7d1dfb871c8f85 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Wed, 19 Nov 2025 14:22:19 +0530 Subject: [PATCH 3/5] ci: build `linux64` depends with lowest tested GCC version Since we're using Nix supplied GCC, they don't share the same standard libraries, they are forwards compatible, not back, so compile against oldest tested version to avoid breakage. --- ci/test/00_setup_env_native_qt5.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/test/00_setup_env_native_qt5.sh b/ci/test/00_setup_env_native_qt5.sh index a2ff43d07e02f..405363f942d58 100755 --- a/ci/test/00_setup_env_native_qt5.sh +++ b/ci/test/00_setup_env_native_qt5.sh @@ -9,10 +9,10 @@ export LC_ALL=C.UTF-8 export CONTAINER_NAME=ci_native_qt5 export HOST=x86_64-pc-linux-gnu export PACKAGES="python3-zmq qtbase5-dev qttools5-dev-tools libdbus-1-dev libharfbuzz-dev" -export DEP_OPTS="" +export DEP_OPTS="CC=gcc-11 CXX=g++-11" export TEST_RUNNER_EXTRA="--previous-releases --coverage --extended --exclude feature_pruning,feature_dbcrash" # Run extended tests so that coverage does not fail, but exclude the very slow dbcrash export RUN_UNIT_TESTS_SEQUENTIAL="true" export RUN_UNIT_TESTS="false" export GOAL="install" export DOWNLOAD_PREVIOUS_RELEASES="true" -export BITCOIN_CONFIG="--enable-zmq --with-libs=no --enable-reduce-exports LDFLAGS=-static-libstdc++ --with-boost-process" +export BITCOIN_CONFIG="--enable-zmq --with-libs=no --enable-reduce-exports LDFLAGS=-static-libstdc++ --with-boost-process CC=gcc CXX=g++" From b489ec3db09e17443b757e754d331a6ef26e4585 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Tue, 18 Nov 2025 18:53:49 +0530 Subject: [PATCH 4/5] ci: patch interpreter of Nix-built binaries Nix expects everything to work in Nix-land, we don't. Maybe some day we will, until then, we need to manually intervene. --- .github/workflows/build-src.yml | 2 + ci/dash/build_patch.sh | 68 ++++++++++++++++++++++++ contrib/containers/ci/ci-slim.Dockerfile | 1 + 3 files changed, 71 insertions(+) create mode 100755 ci/dash/build_patch.sh diff --git a/.github/workflows/build-src.yml b/.github/workflows/build-src.yml index e03ee57ae842e..3c811ed297f4b 100644 --- a/.github/workflows/build-src.yml +++ b/.github/workflows/build-src.yml @@ -111,6 +111,8 @@ jobs: run: | export BUILD_TARGET="${{ inputs.build-target }}" export BUNDLE_KEY="build-${BUILD_TARGET}-$(git rev-parse --short=8 HEAD)" + export BASE_DIR="$(pwd)" + ./ci/dash/build_patch.sh ./ci/dash/bundle-artifacts.sh create echo "key=${BUNDLE_KEY}" >> "${GITHUB_OUTPUT}" diff --git a/ci/dash/build_patch.sh b/ci/dash/build_patch.sh new file mode 100755 index 0000000000000..9d41d004dd1cc --- /dev/null +++ b/ci/dash/build_patch.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash +# Copyright (c) 2025 The Dash Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. + +export LC_ALL=C.UTF-8 + +set -eo pipefail + +SH_NAME="$(basename "${0}")" + +if [ -z "${BASE_DIR}" ]; then + echo "${SH_NAME}: BASE_DIR not defined, cannot continue!"; + exit 1; +elif [ -z "${BUILD_TARGET}" ]; then + echo "${SH_NAME}: BUILD_TARGET not defined, cannot continue!"; + exit 1; +elif [ ! "$(command -v uname)" ]; then + echo "${SH_NAME}: uname not found, cannot continue!"; + exit 1; +elif [ ! "$(command -v patchelf)" ]; then + echo "${SH_NAME}: patchelf not found, cannot continue!"; + exit 1; +elif [ ! -d "${BASE_DIR}/build-ci/dashcore-${BUILD_TARGET}/src" ]; then + echo "${SH_NAME}: cannot find directory for binaries to patch, cannot continue!"; + exit 1; +fi + +# uname -m | interpreter +# -------- | ----------------------------- +# aarch64 | /lib/ld-linux-aarch64.so.1 +# armhf | /lib/ld-linux-armhf.so.3 +# i686 | /lib/ld-linux.so.2 +# riscv64 | /lib/ld-linux-riscv64-lp64d.so.1 +# x86_64 | /lib64/ld-linux-x86-64.so.2 + +INTERPRETER="" +case "${BUILD_TARGET}" in + "linux64_nowallet" | "linux64_sqlite") + INTERPRETER="/lib64/ld-linux-x86-64.so.2"; + ;; + *) + echo "${SH_NAME}: Nothing to do, exiting!"; + exit 0; + ;; +esac + +BINARIES=( + "dashd" + "dash-cli" + "dash-gui" + "dash-node" + "dash-tx" + "dash-wallet" + "bench/bench_dash" + "qt/dash-qt" + "qt/test/test_dash-qt" + "test/test_dash" + "test/fuzz/fuzz" +) + +for target in "${BINARIES[@]}" +do + target_path="${BASE_DIR}/build-ci/dashcore-${BUILD_TARGET}/src/${target}" + if [[ -f "${target_path}" ]]; then + patchelf --set-interpreter "${INTERPRETER}" "${target_path}"; + fi +done diff --git a/contrib/containers/ci/ci-slim.Dockerfile b/contrib/containers/ci/ci-slim.Dockerfile index 4abab253573fa..bb459297ba669 100644 --- a/contrib/containers/ci/ci-slim.Dockerfile +++ b/contrib/containers/ci/ci-slim.Dockerfile @@ -45,6 +45,7 @@ RUN set -ex; \ libsqlite3-dev \ libssl-dev \ make \ + patchelf \ xz-utils \ zlib1g-dev \ zstd \ From 8aa088178cf0c40f1e1289e159f604dbc01f554f Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kwvg@users.noreply.github.com> Date: Mon, 17 Nov 2025 22:36:55 +0530 Subject: [PATCH 5/5] ci: bump to GCC 15 --- ci/test/00_setup_env_native_nowallet.sh | 4 ++-- contrib/containers/ci/ci.Dockerfile | 2 +- contrib/containers/ci/default.nix | 16 ++++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ci/test/00_setup_env_native_nowallet.sh b/ci/test/00_setup_env_native_nowallet.sh index 3637d3b8d0dab..094697d0ef108 100755 --- a/ci/test/00_setup_env_native_nowallet.sh +++ b/ci/test/00_setup_env_native_nowallet.sh @@ -9,6 +9,6 @@ export LC_ALL=C.UTF-8 export CONTAINER_NAME=ci_native_nowallet export HOST=x86_64-pc-linux-gnu export PACKAGES="python3-zmq" -export DEP_OPTS="NO_WALLET=1 CC=gcc-14 CXX=g++-14" +export DEP_OPTS="NO_WALLET=1 CC=gcc-15 CXX=g++-15" export GOAL="install" -export BITCOIN_CONFIG="--enable-reduce-exports --with-boost-process CC=gcc-14 CXX=g++-14" +export BITCOIN_CONFIG="--enable-reduce-exports --with-boost-process CC=gcc-15 CXX=g++-15" diff --git a/contrib/containers/ci/ci.Dockerfile b/contrib/containers/ci/ci.Dockerfile index 539055e6969b0..1963b5d8d5a98 100644 --- a/contrib/containers/ci/ci.Dockerfile +++ b/contrib/containers/ci/ci.Dockerfile @@ -102,7 +102,7 @@ RUN set -ex; \ # Nix-supplied compilers won't search for distro-installed libraries without explicit # specification and we can't run binaries built with those compilers without specifying # where their runtime dependencies are -ENV LD_LIBRARY_PATH="/usr/local/lib64/gcc-14:/usr/local/lib/gcc-14:/usr/local/lib64/gcc-11:/usr/local/lib/gcc-11:${LD_LIBRARY_PATH}" +ENV LD_LIBRARY_PATH="/usr/local/lib64/gcc-15:/usr/local/lib/gcc-15:/usr/local/lib64/gcc-11:/usr/local/lib/gcc-11:${LD_LIBRARY_PATH}" ENV LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/lib/multiarch:/usr/lib" RUN \ diff --git a/contrib/containers/ci/default.nix b/contrib/containers/ci/default.nix index 17c5b9510662a..4b66e89a4a82e 100644 --- a/contrib/containers/ci/default.nix +++ b/contrib/containers/ci/default.nix @@ -16,7 +16,7 @@ pkgsUnstable.buildEnv { ignoreCollisions = true; paths = [ pkgsLegacy.gcc11 - pkgsUnstable.gcc14 + pkgsUnstable.gcc15 ]; postBuild = '' @@ -62,9 +62,9 @@ pkgsUnstable.buildEnv { ln -sf "${pkgsLegacy.gcc11}/bin/$binary" "$out/bin/$binary-11" ln -sf "${pkgsLegacy.gcc11}/bin/$binary" "$out/bin/$target_triple-$binary-11" fi - if [ -f "${pkgsUnstable.gcc14}/bin/$binary" ]; then - ln -sf "${pkgsUnstable.gcc14}/bin/$binary" "$out/bin/$binary-14" - ln -sf "${pkgsUnstable.gcc14}/bin/$binary" "$out/bin/$target_triple-$binary-14" + if [ -f "${pkgsUnstable.gcc15}/bin/$binary" ]; then + ln -sf "${pkgsUnstable.gcc15}/bin/$binary" "$out/bin/$binary-15" + ln -sf "${pkgsUnstable.gcc15}/bin/$binary" "$out/bin/$target_triple-$binary-15" fi rm -f "$out/bin/$binary" done @@ -76,11 +76,11 @@ pkgsUnstable.buildEnv { if [ -d "${pkgsLegacy.gcc11.cc.lib}/lib64" ]; then ln -sf "${pkgsLegacy.gcc11.cc.lib}/lib64" "$out/lib64/gcc-11" fi - if [ -d "${pkgsUnstable.gcc14.cc.lib}/lib" ]; then - ln -sf "${pkgsUnstable.gcc14.cc.lib}/lib" "$out/lib/gcc-14" + if [ -d "${pkgsUnstable.gcc15.cc.lib}/lib" ]; then + ln -sf "${pkgsUnstable.gcc15.cc.lib}/lib" "$out/lib/gcc-15" fi - if [ -d "${pkgsUnstable.gcc14.cc.lib}/lib64" ]; then - ln -sf "${pkgsUnstable.gcc14.cc.lib}/lib64" "$out/lib64/gcc-14" + if [ -d "${pkgsUnstable.gcc15.cc.lib}/lib64" ]; then + ln -sf "${pkgsUnstable.gcc15.cc.lib}/lib64" "$out/lib64/gcc-15" fi ''; }