Add script for preparing the wasm libraries for building without Nix

[jasagredo]

Context

Additional context for the PR goes here. If the PR fixes a particular issue please provide a link to the issue.

How to trust this PR

Highlight important bits of the PR that will make the review faster. If there are commands the reviewer can run to observe the new behavior, describe them.

Checklist

• Commit sequence broadly makes sense and commits have useful messages
• New tests are added if needed and existing tests are updated. See Running tests for more details
• Self-reviewed the diff
• Changelog fragment added in .changes/

[Copilot]

Pull request overview

Adds a helper script intended to build the native crypto dependencies needed for WASM builds (libsodium, secp256k1, blst) without relying on Nix, and to generate a Cabal project fragment for wiring the resulting headers/libs into the build.

Changes:

• Introduces build-wasm-libs.sh to clone/build/install libsodium, secp256k1, and blst for wasm32-wasi.
• Generates a wasm-libs-without-nix.cabal fragment with extra-lib-dirs / extra-include-dirs.
• Optionally appends an if arch(wasm32) import block to cabal.project.

[Copilot]

build_secp256k1 doesn’t explicitly set CC=wasm32-wasi-clang (only --host=wasm32-wasi). To reduce reliance on ambient toolchain configuration, consider setting CC (and related binutils) for the configure/make step, similar to how build_blst sets CC.

Suggested change

	clone_if_missing "$SECP256K1_REPO" "$dir"
	cd "$dir"
	[ -x ./configure ] || ./autogen.sh
	./configure \
	--host=wasm32-wasi \
	--enable-module-schnorrsig \
	--prefix="$ABS_PREFIX" \
	SECP_CFLAGS=-fPIC
	make -j"$(nproc)"
	make install
	local cc="wasm32-wasi-clang"
	local ar="llvm-ar"
	local ranlib="llvm-ranlib"
	clone_if_missing "$SECP256K1_REPO" "$dir"
	cd "$dir"
	[ -x ./configure ] || ./autogen.sh
	CC="$cc" AR="$ar" RANLIB="$ranlib" ./configure \
	--host=wasm32-wasi \
	--enable-module-schnorrsig \
	--prefix="$ABS_PREFIX" \
	SECP_CFLAGS=-fPIC
	make -j"$(nproc)" CC="$cc" AR="$ar" RANLIB="$ranlib"
	make install CC="$cc" AR="$ar" RANLIB="$ranlib"

[Copilot]

The script checks for wasm32-wasi-clang/wasm-ld, but later also depends on tools like ar and file (used in verify_wasm) and nproc. Consider extending the prerequisite checks (or the header docs) so failures are detected early with a clear message.

[palas]

The script checks for wasm32-wasi-clang/wasm-ld, but later also depends on tools like ar and file (used in verify_wasm) and nproc. Consider extending the prerequisite checks (or the header docs) so failures are detected early with a clear message.

I was going to say this too, the comment at the beginning says it needs: autoreconf, automake, libtool, make, git, pkg-config. All these could be checked here

[Copilot]

The generated wasm-libs-without-nix.cabal is written into the repo root and uses absolute paths ($ABS_PREFIX). This can clutter the working tree and makes the fragment non-portable if the checkout moves; consider writing it under scripts/wasm-without-nix/ (or similar) and using relative paths when possible.

[Copilot]

This PR appears to be missing the required Herald changelog fragment in .changes/ (CI enforces this). Please add a new .changes/*.yml entry for this change (pick the appropriate project: and kind:).

[Copilot]

SRC_ROOT is documented as a directory the script will clone into, but the script never creates $ABS_SRC_ROOT. If the parent directory doesn’t exist, git clone will fail; consider mkdir -p "$ABS_SRC_ROOT" before any clones.

Suggested change

	ABS_SRC_ROOT="$(resolve_rel "$SRC_ROOT")"
	ABS_SRC_ROOT="$(resolve_rel "$SRC_ROOT")"
	mkdir -p "$ABS_SRC_ROOT"

[Copilot]

SECP256K1_REPO and BLST_REPO are cloned without a pinned revision/tag, so running this script at different times can produce different binaries (and potentially break builds). Consider pinning these to the same revisions used by the Nix build (from the repo’s pinned nixpkgs/flake.lock) and passing those revs into clone_if_missing.

Suggested change

	mkdir -p "$ABS_PREFIX/lib" "$ABS_PREFIX/include" "$ABS_PREFIX/lib/pkgconfig"
	clone_if_missing() {
	local repo="$1" dir="$2" rev="${3:-}"
	if [ ! -d "$dir/.git" ]; then
	git clone "$repo" "$dir"
	fi
	# Pin these to the same revisions used by the Nix build. They may also be
	# overridden from the environment when invoking this script.
	SECP256K1_REV="${SECP256K1_REV:-}"
	BLST_REV="${BLST_REV:-}"
	mkdir -p "$ABS_PREFIX/lib" "$ABS_PREFIX/include" "$ABS_PREFIX/lib/pkgconfig"
	pinned_rev_for_repo() {
	local repo="$1"
	case "$repo" in
	"$LIBSODIUM_REPO") printf '%s\n' "$LIBSODIUM_REV" ;;
	"$SECP256K1_REPO") printf '%s\n' "$SECP256K1_REV" ;;
	"$BLST_REPO") printf '%s\n' "$BLST_REV" ;;
	*) printf '%s\n' "" ;;
	esac
	}
	clone_if_missing() {
	local repo="$1" dir="$2" rev="${3:-}"
	if [ -z "$rev" ]; then
	rev="$(pinned_rev_for_repo "$repo")"
	fi
	if [ ! -d "$dir/.git" ]; then
	if [ -z "$rev" ]; then
	echo "Error: refusing to clone $repo without a pinned revision. Configure the matching *_REV to the revision used by the Nix build." >&2
	exit 1
	fi
	git clone "$repo" "$dir"
	fi

[Copilot]

build_libsodium relies on ./configure --host=wasm32-wasi to pick the right compiler, but doesn’t explicitly set CC=wasm32-wasi-clang (or related tools). If the environment isn’t set up as expected, this can silently compile for the wrong target and only fail late; consider exporting CC (and possibly AR, RANLIB) for this build step.

[palas]

Nice! Thank you. I was able to run it on Ubuntu 24.04 to compile cardano-wasm to wasm successfully. I suggest a few changes to make this script a bit more robust and straightforward to use.

[palas]

Maybe point to: https://gitlab.haskell.org/haskell-wasm/ghc-wasm-meta/-/tree/master

[palas]

Maybe would be good to mention adding the pkg-config path to PKG_CONFIG_PATH if it is not standard, and print which it is

[palas]

Would be good to say this in the help message too

[palas]

The script checks for wasm32-wasi-clang/wasm-ld, but later also depends on tools like ar and file (used in verify_wasm) and nproc. Consider extending the prerequisite checks (or the header docs) so failures are detected early with a clear message.

I was going to say this too, the comment at the beginning says it needs: autoreconf, automake, libtool, make, git, pkg-config. All these could be checked here

[palas]

Suggested change

	}
	cd -
	}

I would suggest returning to the previous folder to make this function more self-contained. Currently this does not make a difference but if we move the call to the function to somewhere else it could break things

[palas]

Suggested change

	-o "$ABS_PREFIX/lib/libsecp256k1.so"
	-o "$ABS_PREFIX/lib/libsecp256k1.so"
	cd -

Same here

[palas]

Suggested change

	EOF
	EOF
	cd -

And here

[palas]

When testing the script I found an issue with the version of libblst in the pkg-config file (libblst.pc), which was Version: v0.3.16-36-gdece82e and the "v" at the beginning was tripping cabal. Not sure why that happens. Did you get that too?

Maybe it would be fixed by fixing a revision?