guix/prelude: Override `VERSION` with `FORCE_VERSION` #22847

dongcarl · 2021-08-31T15:00:12Z

Previously, if the builder exported $VERSION in their environment (as
past Gitian-building docs told them to), but their HEAD does not
actually point to v$VERSION, their build outputs will differ from those
of other builders.

This is because the contrib/guix/guix-* scripts only ever act on the
current git worktree, and does not try to check out $VERSION if $VERSION
is set in the environment.

Setting $VERSION only makes the scripts pretend like the current
worktree is $VERSION.

This problem was seen in jonatack's attestation for all.SHA256SUMS,
where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone
else's.

Here is my deduced sequence of events:

1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to
   guix.sigs

2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest
   changes from master in the same worktree where he guix-built 22.0rc3
   and ends up at 7be143a960e2

3. Aug 30th, sometime before POSIX time 1630315907: With his worktree
   still on 7be143a960e2, he guix-codesigns. Normally, this would result
   in outputs going in guix-build-7be143a960e2, but he had
   VERSION=22.0rc3 in his environment, so the guix-* scripts pretended
   like he was building 22.0rc3, and used 22.0rc3's guix-build directory
   to locate un-codesigned outputs and dump codesigned ones.

   However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD
   (7be143a960e2), which made all timestamps in the resulting codesigned
   DMG 1630310848, 7be143a960e2's POSIX timestamp. This differs from the
   POSIX timestamp of 22.0rc3, which is 1630348517. Note that the
   windows codesigning procedure does not consider SOURCE_DATE_EPOCH.

We resolve this by only allowing VERSION overrides via the FORCE_VERSION
environment variable.

Please ignore the branch name, it's not relevant to the change.

Previously, if the builder exported $VERSION in their environment (as past Gitian-building docs told them to), but their HEAD does not actually point to v$VERSION, their build outputs will differ from those of other builders. This is because the contrib/guix/guix-* scripts only ever act on the current git worktree, and does not try to check out $VERSION if $VERSION is set in the environment. Setting $VERSION only makes the scripts pretend like the current worktree is $VERSION. This problem was seen in jonatack's attestation for all.SHA256SUMS, where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone else's. Here is my deduced sequence of events: 1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to guix.sigs 2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest changes from master in the same worktree where he guix-built 22.0rc3 and ends up at 7be143a 3. Aug 30th, sometime before POSIX time 1630315907: With his worktree still on 7be143a, he guix-codesigns. Normally, this would result in outputs going in guix-build-7be143a960e2, but he had VERSION=22.0rc3 in his environment, so the guix-* scripts pretended like he was building 22.0rc3, and used 22.0rc3's guix-build directory to locate un-codesigned outputs and dump codesigned ones. However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD (7be143a), which made all timestamps in the resulting codesigned DMG 1630310848, 7be143a's POSIX timestamp. This differs from the POSIX timestamp of 22.0rc3, which is 1630348517. Note that the windows codesigning procedure does not consider SOURCE_DATE_EPOCH. We resolve this by only allowing VERSION overrides via the FORCE_VERSION environment variable.

fanquake · 2021-09-01T02:16:05Z

Guix Builds:

76cd0201f9ffdb470335854ae18d313b20a31cc7622372a3c7eba8c339d531ed  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/SHA256SUMS.part
cbc5ef7f59fae80657431b73a054a6abc9783d69a7f3aa9d0fe901962405f223  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/bitcoin-96cc6bb04f7e-aarch64-linux-gnu-debug.tar.gz
bc18e3ecd134493990efd4cdb22c873297068268930a48a2a98e838c2a50b19a  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/bitcoin-96cc6bb04f7e-aarch64-linux-gnu.tar.gz
646f04a53a00daf1f8a5c66307d535a57b9bdf4d2be3829f0bffc9488c3a1413  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/SHA256SUMS.part
02f40a58cc218b25870ad9a021e6e2cea4bf9538d205d7a56df486779aa90b81  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/bitcoin-96cc6bb04f7e-arm-linux-gnueabihf-debug.tar.gz
d4482c11f87b5a836ac8650255aea5ba74b2a1e68c89adbef03ebae1cb0cbe30  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/bitcoin-96cc6bb04f7e-arm-linux-gnueabihf.tar.gz
90ed3f5e785813dfaa3f86b7386370d76f59c747b954494674139cc5bc03356c  guix-build-96cc6bb04f7e/output/dist-archive/bitcoin-96cc6bb04f7e.tar.gz
77ee9d102a65a4ce0d477ddd037677b8dca3a9f96cd78c5ae3fffb976efd23e6  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/SHA256SUMS.part
711844dfdbb34f19bca0fd2e7e29d8e35d8f796bc29d8035d4e9f00e6f6c491d  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64-linux-gnu-debug.tar.gz
c84c8e35c359cbd97af8345f4d338c8e98c07d44869db686ba25988b2c4490c7  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64-linux-gnu.tar.gz
598cb0d29622260d40d2cac5add21d0b4da42a29d42898a16b4863425083f4c6  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/SHA256SUMS.part
523787f7fd6d3ee03a73e22b83d7ce728dc7ef1c0bfc9a186673a3d5ab9a78e6  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64le-linux-gnu-debug.tar.gz
db6d4a607ab8ccaac7fa47439c4586053ac14535456ad38e9c2f9a8b5c09599a  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64le-linux-gnu.tar.gz
2ee9ad0ec253000a76cea7ce31b09a2090f6cf20b06ac65129435fda770bc62a  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/SHA256SUMS.part
c56f3701d27a2aa31d8d593827514778d20b0bdcdc3c84689fdf623b269efbe1  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/bitcoin-96cc6bb04f7e-riscv64-linux-gnu-debug.tar.gz
6eab943d55d77b2564cf87ab487d0965c3e10cbf709a1fd42053c2d4d8783524  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/bitcoin-96cc6bb04f7e-riscv64-linux-gnu.tar.gz
9de2eca01a1fceb27d3b996e953859476a91fc0ffd8dc80554d2b07ae403492e  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/SHA256SUMS.part
c04454a66e2f347d8fabffb6cebf87372a605184ca1c5441f5c6cb6ddcabf2db  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx-unsigned.dmg
4cddbf6ced5c3e0b221436b9a9e88ed1b3dcb11add7a5d915e4e07033a35d7b6  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx-unsigned.tar.gz
aa90a28d8ad5388c5da2abb466012ecf690010378ad6f3b3d675f382eaafcd21  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx64.tar.gz
6bb6184f19e1a351533789e3b08fa7f210bb502f512b7ba4317dec539395ff15  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/SHA256SUMS.part
b297a7020da7e5e1f62bd76da118aaf5d8538a10307055fa713f3c7073c6c40b  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/bitcoin-96cc6bb04f7e-x86_64-linux-gnu-debug.tar.gz
03d11427eb2811d1c7a08e30724c480852b9c1b73b37c9a00d3584df912ac94f  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/bitcoin-96cc6bb04f7e-x86_64-linux-gnu.tar.gz
7a885ebca9e77706c4b51cf3eec1ca9de3499e2ce192c6332dbd47f3b5c72fa6  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/SHA256SUMS.part
f8ea8df72c93acd4736a61ec6c61b7ded474fe81a50599994153256c03163538  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win-unsigned.tar.gz
a06fd4b9a2edbf089c67c29f481d59ed9c75ac3b44a0e80a344bb5390f4285f6  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64-debug.zip
338fb4541d434b5539058c1e1dea03247c7499a51a17362d94fdc3b5f7096461  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64-setup-unsigned.exe
2a4cf3f068d2a1f95b81a34eb9fd445e984e2309b8e1404477bc74c165a291dd  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64.zip

hebasto · 2021-09-01T18:22:22Z

Guix builds:

$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
76cd0201f9ffdb470335854ae18d313b20a31cc7622372a3c7eba8c339d531ed  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/SHA256SUMS.part
cbc5ef7f59fae80657431b73a054a6abc9783d69a7f3aa9d0fe901962405f223  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/bitcoin-96cc6bb04f7e-aarch64-linux-gnu-debug.tar.gz
bc18e3ecd134493990efd4cdb22c873297068268930a48a2a98e838c2a50b19a  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/bitcoin-96cc6bb04f7e-aarch64-linux-gnu.tar.gz
646f04a53a00daf1f8a5c66307d535a57b9bdf4d2be3829f0bffc9488c3a1413  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/SHA256SUMS.part
02f40a58cc218b25870ad9a021e6e2cea4bf9538d205d7a56df486779aa90b81  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/bitcoin-96cc6bb04f7e-arm-linux-gnueabihf-debug.tar.gz
d4482c11f87b5a836ac8650255aea5ba74b2a1e68c89adbef03ebae1cb0cbe30  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/bitcoin-96cc6bb04f7e-arm-linux-gnueabihf.tar.gz
90ed3f5e785813dfaa3f86b7386370d76f59c747b954494674139cc5bc03356c  guix-build-96cc6bb04f7e/output/dist-archive/bitcoin-96cc6bb04f7e.tar.gz
77ee9d102a65a4ce0d477ddd037677b8dca3a9f96cd78c5ae3fffb976efd23e6  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/SHA256SUMS.part
711844dfdbb34f19bca0fd2e7e29d8e35d8f796bc29d8035d4e9f00e6f6c491d  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64-linux-gnu-debug.tar.gz
c84c8e35c359cbd97af8345f4d338c8e98c07d44869db686ba25988b2c4490c7  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64-linux-gnu.tar.gz
598cb0d29622260d40d2cac5add21d0b4da42a29d42898a16b4863425083f4c6  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/SHA256SUMS.part
523787f7fd6d3ee03a73e22b83d7ce728dc7ef1c0bfc9a186673a3d5ab9a78e6  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64le-linux-gnu-debug.tar.gz
db6d4a607ab8ccaac7fa47439c4586053ac14535456ad38e9c2f9a8b5c09599a  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64le-linux-gnu.tar.gz
2ee9ad0ec253000a76cea7ce31b09a2090f6cf20b06ac65129435fda770bc62a  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/SHA256SUMS.part
c56f3701d27a2aa31d8d593827514778d20b0bdcdc3c84689fdf623b269efbe1  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/bitcoin-96cc6bb04f7e-riscv64-linux-gnu-debug.tar.gz
6eab943d55d77b2564cf87ab487d0965c3e10cbf709a1fd42053c2d4d8783524  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/bitcoin-96cc6bb04f7e-riscv64-linux-gnu.tar.gz
9de2eca01a1fceb27d3b996e953859476a91fc0ffd8dc80554d2b07ae403492e  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/SHA256SUMS.part
c04454a66e2f347d8fabffb6cebf87372a605184ca1c5441f5c6cb6ddcabf2db  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx-unsigned.dmg
4cddbf6ced5c3e0b221436b9a9e88ed1b3dcb11add7a5d915e4e07033a35d7b6  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx-unsigned.tar.gz
aa90a28d8ad5388c5da2abb466012ecf690010378ad6f3b3d675f382eaafcd21  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx64.tar.gz
6bb6184f19e1a351533789e3b08fa7f210bb502f512b7ba4317dec539395ff15  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/SHA256SUMS.part
b297a7020da7e5e1f62bd76da118aaf5d8538a10307055fa713f3c7073c6c40b  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/bitcoin-96cc6bb04f7e-x86_64-linux-gnu-debug.tar.gz
03d11427eb2811d1c7a08e30724c480852b9c1b73b37c9a00d3584df912ac94f  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/bitcoin-96cc6bb04f7e-x86_64-linux-gnu.tar.gz
7a885ebca9e77706c4b51cf3eec1ca9de3499e2ce192c6332dbd47f3b5c72fa6  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/SHA256SUMS.part
f8ea8df72c93acd4736a61ec6c61b7ded474fe81a50599994153256c03163538  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win-unsigned.tar.gz
a06fd4b9a2edbf089c67c29f481d59ed9c75ac3b44a0e80a344bb5390f4285f6  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64-debug.zip
338fb4541d434b5539058c1e1dea03247c7499a51a17362d94fdc3b5f7096461  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64-setup-unsigned.exe
2a4cf3f068d2a1f95b81a34eb9fd445e984e2309b8e1404477bc74c165a291dd  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64.zip

dongcarl · 2021-09-01T20:31:24Z

Matching:

76cd0201f9ffdb470335854ae18d313b20a31cc7622372a3c7eba8c339d531ed  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/SHA256SUMS.part
cbc5ef7f59fae80657431b73a054a6abc9783d69a7f3aa9d0fe901962405f223  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/bitcoin-96cc6bb04f7e-aarch64-linux-gnu-debug.tar.gz
bc18e3ecd134493990efd4cdb22c873297068268930a48a2a98e838c2a50b19a  guix-build-96cc6bb04f7e/output/aarch64-linux-gnu/bitcoin-96cc6bb04f7e-aarch64-linux-gnu.tar.gz
646f04a53a00daf1f8a5c66307d535a57b9bdf4d2be3829f0bffc9488c3a1413  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/SHA256SUMS.part
02f40a58cc218b25870ad9a021e6e2cea4bf9538d205d7a56df486779aa90b81  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/bitcoin-96cc6bb04f7e-arm-linux-gnueabihf-debug.tar.gz
d4482c11f87b5a836ac8650255aea5ba74b2a1e68c89adbef03ebae1cb0cbe30  guix-build-96cc6bb04f7e/output/arm-linux-gnueabihf/bitcoin-96cc6bb04f7e-arm-linux-gnueabihf.tar.gz
90ed3f5e785813dfaa3f86b7386370d76f59c747b954494674139cc5bc03356c  guix-build-96cc6bb04f7e/output/dist-archive/bitcoin-96cc6bb04f7e.tar.gz
77ee9d102a65a4ce0d477ddd037677b8dca3a9f96cd78c5ae3fffb976efd23e6  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/SHA256SUMS.part
711844dfdbb34f19bca0fd2e7e29d8e35d8f796bc29d8035d4e9f00e6f6c491d  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64-linux-gnu-debug.tar.gz
c84c8e35c359cbd97af8345f4d338c8e98c07d44869db686ba25988b2c4490c7  guix-build-96cc6bb04f7e/output/powerpc64-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64-linux-gnu.tar.gz
598cb0d29622260d40d2cac5add21d0b4da42a29d42898a16b4863425083f4c6  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/SHA256SUMS.part
523787f7fd6d3ee03a73e22b83d7ce728dc7ef1c0bfc9a186673a3d5ab9a78e6  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64le-linux-gnu-debug.tar.gz
db6d4a607ab8ccaac7fa47439c4586053ac14535456ad38e9c2f9a8b5c09599a  guix-build-96cc6bb04f7e/output/powerpc64le-linux-gnu/bitcoin-96cc6bb04f7e-powerpc64le-linux-gnu.tar.gz
2ee9ad0ec253000a76cea7ce31b09a2090f6cf20b06ac65129435fda770bc62a  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/SHA256SUMS.part
c56f3701d27a2aa31d8d593827514778d20b0bdcdc3c84689fdf623b269efbe1  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/bitcoin-96cc6bb04f7e-riscv64-linux-gnu-debug.tar.gz
6eab943d55d77b2564cf87ab487d0965c3e10cbf709a1fd42053c2d4d8783524  guix-build-96cc6bb04f7e/output/riscv64-linux-gnu/bitcoin-96cc6bb04f7e-riscv64-linux-gnu.tar.gz
9de2eca01a1fceb27d3b996e953859476a91fc0ffd8dc80554d2b07ae403492e  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/SHA256SUMS.part
c04454a66e2f347d8fabffb6cebf87372a605184ca1c5441f5c6cb6ddcabf2db  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx-unsigned.dmg
4cddbf6ced5c3e0b221436b9a9e88ed1b3dcb11add7a5d915e4e07033a35d7b6  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx-unsigned.tar.gz
aa90a28d8ad5388c5da2abb466012ecf690010378ad6f3b3d675f382eaafcd21  guix-build-96cc6bb04f7e/output/x86_64-apple-darwin18/bitcoin-96cc6bb04f7e-osx64.tar.gz
6bb6184f19e1a351533789e3b08fa7f210bb502f512b7ba4317dec539395ff15  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/SHA256SUMS.part
b297a7020da7e5e1f62bd76da118aaf5d8538a10307055fa713f3c7073c6c40b  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/bitcoin-96cc6bb04f7e-x86_64-linux-gnu-debug.tar.gz
03d11427eb2811d1c7a08e30724c480852b9c1b73b37c9a00d3584df912ac94f  guix-build-96cc6bb04f7e/output/x86_64-linux-gnu/bitcoin-96cc6bb04f7e-x86_64-linux-gnu.tar.gz
7a885ebca9e77706c4b51cf3eec1ca9de3499e2ce192c6332dbd47f3b5c72fa6  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/SHA256SUMS.part
f8ea8df72c93acd4736a61ec6c61b7ded474fe81a50599994153256c03163538  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win-unsigned.tar.gz
a06fd4b9a2edbf089c67c29f481d59ed9c75ac3b44a0e80a344bb5390f4285f6  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64-debug.zip
338fb4541d434b5539058c1e1dea03247c7499a51a17362d94fdc3b5f7096461  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64-setup-unsigned.exe
2a4cf3f068d2a1f95b81a34eb9fd445e984e2309b8e1404477bc74c165a291dd  guix-build-96cc6bb04f7e/output/x86_64-w64-mingw32/bitcoin-96cc6bb04f7e-win64.zip

fanquake

ACK 96cc6bb - Also makes sense given there are Guix build guides recommending to set VERSION as part of the process. i.e https://gist.github.com/hebasto/7293726cbfcd0b58e1cfd5418316cee3.

Previously, if the builder exported $VERSION in their environment (as past Gitian-building docs told them to), but their HEAD does not actually point to v$VERSION, their build outputs will differ from those of other builders. This is because the contrib/guix/guix-* scripts only ever act on the current git worktree, and does not try to check out $VERSION if $VERSION is set in the environment. Setting $VERSION only makes the scripts pretend like the current worktree is $VERSION. This problem was seen in jonatack's attestation for all.SHA256SUMS, where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone else's. Here is my deduced sequence of events: 1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to guix.sigs 2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest changes from master in the same worktree where he guix-built 22.0rc3 and ends up at 7be143a 3. Aug 30th, sometime before POSIX time 1630315907: With his worktree still on 7be143a, he guix-codesigns. Normally, this would result in outputs going in guix-build-7be143a960e2, but he had VERSION=22.0rc3 in his environment, so the guix-* scripts pretended like he was building 22.0rc3, and used 22.0rc3's guix-build directory to locate un-codesigned outputs and dump codesigned ones. However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD (7be143a), which made all timestamps in the resulting codesigned DMG 1630310848, 7be143a's POSIX timestamp. This differs from the POSIX timestamp of 22.0rc3, which is 1630348517. Note that the windows codesigning procedure does not consider SOURCE_DATE_EPOCH. We resolve this by only allowing VERSION overrides via the FORCE_VERSION environment variable. Github-Pull: bitcoin#22847 Rebased-From: 96cc6bb

fanquake · 2021-09-02T01:40:24Z

Backported to 22.x in #22857.

DrahtBot · 2021-09-03T03:39:17Z

Guix builds

File	commit `7e75400` (master)	commit 022e6f250ffbe2d03517e08452723c2c107e6af0 (master and this pull)
SHA256SUMS.part	`c5fadbd580f7651d...`	`947d68a128d64f3d...`
*-aarch64-linux-gnu-debug.tar.gz	`2b5556c9e72c31d6...`	`f3b9e0af6e5f8429...`
*-aarch64-linux-gnu.tar.gz	`e1846533d859cb94...`	`6b158592742437d8...`
*-arm-linux-gnueabihf-debug.tar.gz	`8c6731181da03fdc...`	`282657724e489912...`
*-arm-linux-gnueabihf.tar.gz	`da3e5a74d57cfca1...`	`0697593ccff41c0d...`
*-osx-unsigned.dmg	`bd9e2e28946a774a...`	`cc95fda58e5479ad...`
*-osx-unsigned.tar.gz	`0c854067b997309e...`	`854bab3831f2606d...`
*-osx64.tar.gz	`9f4320f09aa759d7...`	`b163543995e56b60...`
*-powerpc64-linux-gnu-debug.tar.gz	`92660f0078278a29...`	`7973d8566f8c617d...`
*-powerpc64-linux-gnu.tar.gz	`5ab063c42c0cc3e7...`	`8d295271f3f70c36...`
*-powerpc64le-linux-gnu-debug.tar.gz	`622c6591f5bfe425...`	`5fdb2bddc3a8f123...`
*-powerpc64le-linux-gnu.tar.gz	`d29c7a75daa0a42a...`	`cb211f76a6191c33...`
*-riscv64-linux-gnu-debug.tar.gz	`b487c87342616a61...`	`119940740769138c...`
*-riscv64-linux-gnu.tar.gz	`0e1b0f8e42b3b6d7...`	`28e431d463ec19e1...`
*-win-unsigned.tar.gz	`8aa1554a218d12bc...`	`127e66e111e7ace7...`
*-win64-debug.zip	`dd6023fd17fec48d...`	`5aa79e231f1bfe16...`
*-win64-setup-unsigned.exe	`7fe35f3ba255d72e...`	`00f9274bda11f59d...`
*-win64.zip	`b41e68450457928a...`	`568ac6c582799a7c...`
*-x86_64-linux-gnu-debug.tar.gz	`dae7ac7441f73837...`	`c1669fe6a1f2ab8f...`
*-x86_64-linux-gnu.tar.gz	`6506cb595e4a7cf2...`	`17dfbee234acb9d9...`
*.tar.gz	`f21650aed0778f06...`	`42f96de73bda254c...`
guix_build.log	`f056f5050a9d6804...`	`2c1726cb150898ef...`
guix_build.log.diff		`71ad46d35fd17c43...`

303bc8a guix/prelude: Override VERSION with FORCE_VERSION (Carl Dong) 0640bf5 doc: mention bech32m/BIP350 in doc/descriptors.md (Pieter Wuille) Pull request description: Backports: * #22847 - guix/prelude: Override VERSION with FORCE_VERSION * #22837 - doc: mention bech32m/BIP350 in doc/descriptors.md Theses are both minor enough that they would not require and rc4. ACKs for top commit: laanwj: ACK 303bc8a Tree-SHA512: faac095f71abb537f1d2a338e4f79f8389be2362eec0841e3fb47aaee731ce242856db461f89351c2ca4e1129a3afdd49c3e918a7bf22af3e4d2f7deaff48ad8

maflcko added the DrahtBot Guix build requested label Aug 31, 2021

fanquake added the Build system label Sep 1, 2021

fanquake approved these changes Sep 2, 2021

View reviewed changes

fanquake merged commit 9487b68 into bitcoin:master Sep 2, 2021

fanquake mentioned this pull request Sep 2, 2021

[22.x] Backports #22857

Merged

sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Sep 2, 2021

Merge bitcoin#22847: guix/prelude: Override VERSION with FORCE_VERSION

841dfb5

DrahtBot removed the DrahtBot Guix build requested label Sep 3, 2021

bitcoin locked as resolved and limited conversation to collaborators Sep 3, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

guix/prelude: Override `VERSION` with `FORCE_VERSION` #22847

guix/prelude: Override `VERSION` with `FORCE_VERSION` #22847

Uh oh!

dongcarl commented Aug 31, 2021

Uh oh!

fanquake commented Sep 1, 2021

Uh oh!

hebasto commented Sep 1, 2021

Uh oh!

dongcarl commented Sep 1, 2021

Uh oh!

fanquake left a comment

Uh oh!

fanquake commented Sep 2, 2021

Uh oh!

DrahtBot commented Sep 3, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

guix/prelude: Override VERSION with FORCE_VERSION #22847

guix/prelude: Override VERSION with FORCE_VERSION #22847

Uh oh!

Conversation

dongcarl commented Aug 31, 2021

Uh oh!

fanquake commented Sep 1, 2021

Uh oh!

hebasto commented Sep 1, 2021

Guix builds:

Uh oh!

dongcarl commented Sep 1, 2021

Uh oh!

fanquake left a comment

Choose a reason for hiding this comment

Uh oh!

fanquake commented Sep 2, 2021

Uh oh!

DrahtBot commented Sep 3, 2021

Guix builds

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

guix/prelude: Override `VERSION` with `FORCE_VERSION` #22847

guix/prelude: Override `VERSION` with `FORCE_VERSION` #22847