{ lib, stdenv, fetchurl, fetchFromGitHub, cmake, pkg-config, installShellFiles, autoSignDarwinBinariesHook, wrapQtAppsHook ? null, boost, libevent, zeromq, zlib, db48, sqlite, qrencode, libsystemtap, qtbase ? null, qttools ? null, python3, versionCheckHook, withGui, withWallet ? true, enableTracing ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isStatic, gnupg, imagemagick, librsvg, libicns, # Signatures from the following GPG public keys checked during verification of the source code. # The list can be found at https://github.com/bitcoinknots/guix.sigs/tree/knots/builder-keys builderKeys ? [ "1A3E761F19D2CC7785C5502EA291A2C45D0C504A" # luke-jr.gpg "55058E8947E136A64F9E8AD5C4512A878E4AC2BF" # nsvrn "DAED928C727D3E613EC46635F5073C4F4882FFFC" # leo-haf.gpg ], }: stdenv.mkDerivation (finalAttrs: { pname = if withGui then "bitcoin-knots" else "bitcoind-knots"; version = "29.1.knots20250903"; src = fetchurl { url = "https://bitcoinknots.org/files/29.x/${finalAttrs.version}/bitcoin-${finalAttrs.version}.tar.gz"; # hash retrieved from signed SHA256SUMS hash = "sha256-2DlJlGNrCOe8UouZ+TLdZ2OahU18AWL6K/KI1YA29QY="; }; nativeBuildInputs = [ cmake pkg-config installShellFiles gnupg ] ++ lib.optionals (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) [ autoSignDarwinBinariesHook ] ++ lib.optionals withGui [ imagemagick # for convert librsvg # for rsvg-convert wrapQtAppsHook ] ++ lib.optionals (stdenv.hostPlatform.isDarwin && withGui) [ libicns # for png2icns ]; buildInputs = [ boost libevent zeromq zlib ] ++ lib.optionals enableTracing [ libsystemtap ] ++ lib.optionals withWallet [ sqlite ] # building with db48 (for legacy descriptor wallet support) is broken on Darwin ++ lib.optionals (withWallet && !stdenv.hostPlatform.isDarwin) [ db48 ] ++ lib.optionals withGui [ qrencode qtbase qttools ]; preUnpack = let majorVersion = lib.versions.major finalAttrs.version; publicKeys = fetchFromGitHub { owner = "bitcoinknots"; repo = "guix.sigs"; rev = "d441685d5179b91070fadbc764be3a41616f36df"; sha256 = "sha256-XO/E51yOFrRYrGnxsyH/ZPF4Yf192x+lT2FPdilkacA="; }; checksums = fetchurl { url = "https://bitcoinknots.org/files/${majorVersion}.x/${finalAttrs.version}/SHA256SUMS"; hash = "sha256-CH5p+u2XvIpWC/yv+UrP3JSq/dcAxq/eCZ+fPzqaI+Q="; }; signatures = fetchurl { url = "https://bitcoinknots.org/files/${majorVersion}.x/${finalAttrs.version}/SHA256SUMS.asc"; hash = "sha256-abCiaE3etiXfqC1nrmHMP77HO94L+ZZv4B2s08p1d2k="; }; verifyBuilderKeys = let script = publicKey: '' echo "Checking if public key ${publicKey} signed the checksum file..." grep "^\[GNUPG:\] VALIDSIG .* ${publicKey}$" verify.log > /dev/null echo "OK" ''; in builtins.concatStringsSep "\n" (map script builderKeys); in '' pushd $(mktemp -d) export GNUPGHOME=$PWD/gnupg mkdir -m 700 -p $GNUPGHOME gpg --no-autostart --batch --import ${publicKeys}/builder-keys/* ln -s ${checksums} ./SHA256SUMS ln -s ${signatures} ./SHA256SUMS.asc ln -s $src ./bitcoin-${finalAttrs.version}.tar.gz gpg --no-autostart --batch --verify --status-fd 1 SHA256SUMS.asc SHA256SUMS > verify.log ${verifyBuilderKeys} echo "Checking ${checksums} for bitcoin-${finalAttrs.version}.tar.gz..." grep bitcoin-${finalAttrs.version}.tar.gz SHA256SUMS > SHA256SUMS.filtered echo "Verifying the checksum of bitcoin-${finalAttrs.version}.tar.gz..." sha256sum -c SHA256SUMS.filtered popd ''; postInstall = '' cd .. installShellCompletion --bash contrib/completions/bash/bitcoin-cli.bash installShellCompletion --bash contrib/completions/bash/bitcoind.bash installShellCompletion --bash contrib/completions/bash/bitcoin-tx.bash installShellCompletion --fish contrib/completions/fish/bitcoin-cli.fish installShellCompletion --fish contrib/completions/fish/bitcoind.fish installShellCompletion --fish contrib/completions/fish/bitcoin-tx.fish installShellCompletion --fish contrib/completions/fish/bitcoin-util.fish installShellCompletion --fish contrib/completions/fish/bitcoin-wallet.fish '' + lib.optionalString withGui '' installShellCompletion --fish contrib/completions/fish/bitcoin-qt.fish ''; cmakeFlags = [ (lib.cmakeBool "BUILD_BENCH" false) (lib.cmakeBool "WITH_ZMQ" true) # building with db48 (for legacy wallet support) is broken on Darwin (lib.cmakeBool "WITH_BDB" (withWallet && !stdenv.hostPlatform.isDarwin)) (lib.cmakeBool "WITH_USDT" enableTracing) ] ++ lib.optionals (!finalAttrs.doCheck) [ (lib.cmakeBool "BUILD_TESTS" false) (lib.cmakeBool "BUILD_FUZZ_BINARY" false) (lib.cmakeBool "BUILD_GUI_TESTS" false) ] ++ lib.optionals (!withWallet) [ (lib.cmakeBool "ENABLE_WALLET" false) ] ++ lib.optionals withGui [ (lib.cmakeBool "BUILD_GUI" true) ]; NIX_LDFLAGS = lib.optionals ( stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isStatic ) "-levent_core"; nativeCheckInputs = [ python3 ]; doCheck = true; checkFlags = [ "LC_ALL=en_US.UTF-8" ] # QT_PLUGIN_PATH needs to be set when executing QT, which is needed when testing Bitcoin's GUI. # See also https://github.com/NixOS/nixpkgs/issues/24256 ++ lib.optional withGui "QT_PLUGIN_PATH=${qtbase}/${qtbase.qtPluginPrefix}"; enableParallelBuilding = true; __darwinAllowLocalNetworking = true; nativeInstallCheckInputs = [ versionCheckHook ]; versionCheckProgram = "${placeholder "out"}/bin/bitcoin-cli"; versionCheckProgramArg = "--version"; doInstallCheck = true; meta = { description = "Derivative of Bitcoin Core"; homepage = "https://bitcoinknots.org/"; changelog = "https://github.com/bitcoinknots/bitcoin/blob/v${finalAttrs.version}/doc/release-notes.md"; maintainers = with lib.maintainers; [ prusnak mmahut ]; license = lib.licenses.mit; platforms = lib.platforms.unix; }; })