Commit graph

1993 commits

Author SHA1 Message Date
Ava Chow
7a4eff2c98
windeploy: Renew certificate
Github-Pull: #30149
Rebased-From: 9f4ff1e965
2024-05-28 16:18:20 +01:00
Jon Atack
31b1798d2c p2p: update hardcoded mainnet seeds for 25.x 2023-04-20 06:08:22 -07:00
Jon Atack
04dd1d3926 contrib: make-seeds updates for 25.x
and make the steps in /contrib/seeds/README.md easier to copy-paste
2023-04-20 06:08:22 -07:00
Jon Atack
f5c8788628 p2p: update manual tor/i2p/cjdns mainnet seeds for 25.x
selected for reachability, uptime, and service bit 1
2023-04-20 06:08:22 -07:00
fanquake
3133d935ce
Merge bitcoin/bitcoin#27482: kernel: chainparams updates for 25.x
a2bef805c1 kernel: update m_assumed_* chain params for 25.x (fanquake)
4128e01dba kernel: update chainTxData for 25.x (fanquake)
00b2b114b4 kernel: update nMinimumChainWork & defaultAssumeValid for 25.x (fanquake)
07fcc0a82c doc: update references to kernel/chainparams.cpp (fanquake)

Pull request description:

  Update chainparams pre `25.x` branch off.
  Co-Author in the commits as a PR (#27223) had previously been opened too-early to do the same.

  Note: Remember that some variance is expected in the `m_assumed_*` sizes.

ACKs for top commit:
  achow101:
    ACK a2bef805c1
  josibake:
    ACK a2bef805c1
  gruve-p:
    ACK a2bef805c1
  dergoegge:
    ACK a2bef805c1 on the new mainnet params

Tree-SHA512: 0b19c2ef15c6b15863d6a560a1053ee223057c7bfb617ffd3400b1734cee8f75bc6fd7f04d8f8e3f5af6220659a1987951a1b36945d6fe17d06972004fd62610
2023-04-20 11:23:13 +01:00
fanquake
b627924300
Merge bitcoin/bitcoin#26681: contrib: Bugfix for checking bad dns seeds without casting in makeseeds.py
3cc989da5c Fix checking bad dns seeds without casting (Yusuf Sahin HAMZA)

Pull request description:

  - Since seed lines comes with `str` type, comparing `good` column directly with **0** (`int` type) in the if statement was not working at all. This is fixed by casting `int` type to the values in the `good` column of seeds text file.
  - Lines that starts with comment in the seeds text file are now ignored.
  - If statement for checking bad seeds are moved to the top of the `parseline` function as if a seed is bad; there is no point of going forward from there.

  Since this bug-fix eliminates bad seeds over **550k** in the first place, in my case; particular job for parsing all seeds speed is up by **600%** and whole script's speed is up by **%30**.

  Note that **stats** in the terminal are not going to include bad seeds after this fix, which would be the same if this bug were never there before.

ACKs for top commit:
  achow101:
    ACK 3cc989da5c
  jonatack:
    ACK 3cc989da5c

Tree-SHA512: 13c82681de4d72de07293f0b7f09721ad8514a2ad99b0584d1c94fa5f2818821df2000944f9514d6a222a5dccc82856d16c8c05aa36d905cfa7d4610c629fd38
2023-04-20 10:04:47 +01:00
fanquake
07fcc0a82c
doc: update references to kernel/chainparams.cpp 2023-04-18 11:02:05 +01:00
Cory Fields
1fefcf27ed verify-commits: error and exit cleanly when git is too old. 2023-04-13 21:07:06 +00:00
fanquake
e047ae84d2
valgrind: update supps for Debian Bookworm.
Remove no-longer-required libstdc++ suppression.
Remove unused (and versioned) GUI suppression.
2023-04-12 17:45:32 +01:00
fanquake
ad841608d4
contrib: minor doc improvements in verify-binaries 2023-04-09 13:08:46 +02:00
fanquake
e2e5683afe
contrib: fixup verifybinaries example docs
Followup to #27358, fixing up the example command docs.
2023-04-09 13:08:38 +02:00
fanquake
663a89cfed
contrib: move verify scripts to verify-binaries 2023-04-09 12:43:59 +02:00
fanquake
db720b5a70
Merge bitcoin/bitcoin#27358: contrib: allow multi-sig binary verification v2
754fb6bb81 verifybinaries: fix argument type error pointed out by mypy (Cory Fields)
8a65e5145c verifybinaries: catch the correct exception (Cory Fields)
4b23b488d2 verifybinaries: fix OS download filter (Cory Fields)
8cdadd1729 verifybinaries: use recommended keyserver by default (Cory Fields)
4e0396835d verifybinaries: remove unreachable code (Cory Fields)
5668c6473a verifybinaries: Don't delete shasums file (Cory Fields)
46c73b57c6 verifybinaries: README cleanups (Cory Fields)
6d11830265 verifybinaries: remove awkward bitcoin-core prefix handling (Cory Fields)
c44323a717 verifybinaries: move all current examples to the pub subcommand (Cory Fields)
7a6e7ffd06 contrib: Use machine parseable GPG output in verifybinaries (Andrew Chow)
6b2cebfa2f contrib: Add verifybinaries command for specifying files to verify (Andrew Chow)
e4d5778228 contrib: Specify to GPG the SHA256SUMS file that is detached signed (Andrew Chow)
17575c0efa contrib: Refactor verifbinaries to support subcommands (Andrew Chow)
37c9fb7a59 contrib: verifybinaries: allow multisig verification (James O'Beirne)

Pull request description:

  Following up on #23020 from jamesob with achow101's additional features on top.

  Both mentioned that they will be away for the next few weeks, so this is intended to keep review going.

  All credit to the jamesob and achow101. See #23020 for the original description and [here](https://github.com/bitcoin/bitcoin/pull/23020#issuecomment-1480603300) for the added features.

  I squashed the last commit from https://github.com/achow101/bitcoin/tree/pr23020-direct-bins-gpg-parse into the first commit here.

  Fetching and local verification seem to work as intended for me.

ACKs for top commit:
  josibake:
    ACK 754fb6bb81

Tree-SHA512: b310c57518daa690a00126308a3e7e94b978ded56d13da15d5189e9e90b71c93888d854f64179150586b0a915db8dadd43c92b716613913c198128db8867257b
2023-04-07 08:26:45 +01:00
Cory Fields
754fb6bb81 verifybinaries: fix argument type error pointed out by mypy 2023-04-06 19:57:25 +00:00
Cory Fields
8a65e5145c verifybinaries: catch the correct exception 2023-04-06 19:57:25 +00:00
Cory Fields
4b23b488d2 verifybinaries: fix OS download filter
Co-authored-by: Reproducibility Matters <seb.kung@gmail.com>
2023-04-06 19:32:18 +00:00
Cory Fields
8cdadd1729 verifybinaries: use recommended keyserver by default 2023-04-06 19:32:18 +00:00
Cory Fields
4e0396835d verifybinaries: remove unreachable code 2023-04-06 19:32:18 +00:00
Cory Fields
5668c6473a verifybinaries: Don't delete shasums file
It may be useful for local validation.
2023-04-06 19:32:18 +00:00
Cory Fields
46c73b57c6 verifybinaries: README cleanups
- Use correct name for verify.py
- Add usage examples for verifybinaries bin
- Document proper use of new cleanup option
- Fixup broken example
2023-04-06 19:32:18 +00:00
Cory Fields
6d11830265 verifybinaries: remove awkward bitcoin-core prefix handling 2023-04-06 19:13:35 +00:00
Cory Fields
c44323a717 verifybinaries: move all current examples to the pub subcommand 2023-04-06 19:13:35 +00:00
fanquake
d0e571ebb1
guix: use python-minimal (3.9)
This further minifies the Guix release build environment.
2023-03-29 15:47:04 +01:00
Andrew Chow
7a6e7ffd06 contrib: Use machine parseable GPG output in verifybinaries
GPG has an option to provide machine parseable output. Use that instead
of trying to parse the human readable output.
2023-03-28 22:16:05 +00:00
Andrew Chow
6b2cebfa2f contrib: Add verifybinaries command for specifying files to verify
In addition to verifying the published releases with the `pub` command,
the verifybinaries script is updated to take a `bin` command where the
user specifies the local files, sums, and sigs to verify.
2023-03-28 22:16:05 +00:00
Andrew Chow
e4d5778228 contrib: Specify to GPG the SHA256SUMS file that is detached signed 2023-03-28 22:16:05 +00:00
Andrew Chow
17575c0efa contrib: Refactor verifbinaries to support subcommands
Prepares for the option to provide local binaries, sha256sums, and
signatures directly.
2023-03-28 22:16:05 +00:00
James O'Beirne
37c9fb7a59 contrib: verifybinaries: allow multisig verification
This commit adds the functionality necessary to transition from
doing binary verification on the basis of a single signature to
requiring a minimum threshold of trusted signatures.

A signature can appear as "good" from GPG output, but it may not come
from an identity the user trusts. We call these "good, untrusted"
signatures.

We report bad signatures but do not necessarily fail in their presence,
since a bad signature might coexist with enough good, trusted signatures
to fulfill our criteria.

If "--import-keys" is enabled, we will prompt the user to
optionally try to retrieve unknown keys. Marking them as trusted locally
is a WIP, but keys which are retrieved successfully and appear on the
builder-keys list will immediately count as being useful towards
fulfilling the threshold.

Logging is improved and an option to output JSON that summarizes the
whole sum signature and binary verification processes has been added.

Co-authored-by: Russ Yanofsky <russ@yanofsky.org>
Co-authored-by: willcl-ark <will8clark@gmail.com>
2023-03-28 22:16:05 +00:00
fanquake
4133c8104f
guix: use gcc tool wrappers
This way, correct `--plugin` argument are passed through.

This is a prerequisite for LTO (see #25391).
2023-03-27 15:25:32 +01:00
fanquake
b968424c25
Merge bitcoin/bitcoin#27326: guix: combine and document enable_werror
4becee396f guix: combine and document enable_werror (fanquake)

Pull request description:

  Combine into `hardened-glibc`.
  Document why we don't use `--disable-werror` directly.

  https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
  > By default, the GNU C Library is built with -Werror. If you wish
  > to build without this option (for example, if building with a
  > newer version of GCC than this version of the GNU C Library was
  > tested with, so new warnings cause the build with -Werror to fail),
  > you can configure with --disable-werror.

ACKs for top commit:
  hebasto:
    ACK 4becee396f, the diff is correct.
  TheCharlatan:
    ACK 4becee396f

Tree-SHA512: 8724415f51b4d72d40c4e797faf52c93a81147fb629332b9388ffd7f113f2b16db3b7496bf3063dd978ac629fd5bde3ec7df4f1ff1ed714cb56f316a9334d119
2023-03-27 14:55:27 +01:00
fanquake
4becee396f
guix: combine and document enable_werror
Combine into hardened-glibc.
Document why we don't use --disable-werror directly.

https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
> By default, the GNU C Library is built with -Werror. If you wish
> to build without this option (for example, if building with a
> newer version of GCC than this version of the GNU C Library was
> tested with, so new warnings cause the build with -Werror to fail),
> you can configure with --disable-werror.
2023-03-24 15:35:09 +00:00
fanquake
24f26e08cc
guix: use cmake-minimal for python-lief
This also fixes atleast one --no-substitues build failure I've seen,
where cmake dependencies wouldn't build:
```bash
The following derivations will be built:
  /gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv
  /gnu/store/f9zwh1ldy63ga0i5w6cbbqlj6sfq226j-cmake-3.21.4.drv
  /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv

building /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv...
/ 'check' phasenote: keeping build directory `/tmp/guix-build-python-sphinx-4.2.0.drv-5'
builder for `/gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv' failed with exit code 1
build of /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv failed
View build log at '/var/log/guix/drvs/3w/g6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv.gz'.
cannot build derivation `/gnu/store/f9zwh1ldy63ga0i5w6cbbqlj6sfq226j-cmake-3.21.4.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv': 1 dependencies couldn't be built
guix environment: error: build of `/gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv' failed
```
2023-03-22 09:53:13 +00:00
fanquake
43d8173f99
guix: import LIEF from upstream (0.12.3)
Updates to version 0.12.3.
Retain our PPC64 patch.
Mention when we can drop our local definition.
2023-03-22 09:52:03 +00:00
Andrew Chow
f4e42a78c7
Merge bitcoin/bitcoin#27179: guix: use osslsigncode 2.5
285edfadca guix: use osslsigncode 2.5 (fanquake)

Pull request description:

  Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment.

  achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush).

ACKs for top commit:
  achow101:
    ACK 285edfadca

Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
2023-03-20 12:50:11 -04:00
Andrew Chow
60f142e395
Merge bitcoin/bitcoin#26531: mempool: Add mempool tracepoints
4b7aec2951 Add mempool tracepoints (virtu)

Pull request description:

  This PR adds multiple mempool tracepoints.

  | tracepoint  | description |
  | ------------- | ------------- |
  | `mempool:added`  | Is called when a transaction enters the mempool  |
  | `mempool:removed`  | ... when a transaction is removed from the mempool |
  | `mempool:replaced`  | ... when a transaction is replaced in the mempool |
  | `mempool:rejected`  | ... when a transaction is rejected from entering the mempool |

  The tracepoints are further documented in `docs/tracing.md`. Usage is demonstrated in the example script `contrib/tracing/mempool_monitor.py`. Interface tests are provided in `test/functional/interface_usdt_mempool.py`.

  The rationale for passing the removal reason as a string instead of numerically is that the benefits of not having to maintain a redundant enum-string mapping seem to outweigh the small cost of string generation. The reject reason is passed as string as well, although in this instance the string does not have to be generated but is readily available.

ACKs for top commit:
  0xB10C:
    ACK 4b7aec2951
  achow101:
    ACK 4b7aec2951

Tree-SHA512: 6deb3ba2d1a061292fb9b0f885f7a5c4d11b109b838102d8a8f4828cd68f5cd03fa3fc64adc6fdf54a08a1eaccce261b0aa90c2b8c33cd5fd3828c8f74978958
2023-03-20 12:42:24 -04:00
virtu
4b7aec2951 Add mempool tracepoints
Tracepoints for added, removed, replaced, and rejected transactions.

The removal reason is passed as string instead of a numeric value, since
the benefits of not having to maintain a redundant enum-string mapping
seem to outweigh the small cost of string generation.  The reject reason
is passed as string as well, although here the string does not have to
be generated but is readily available.

So far, tracepoint PRs typically included two demo scripts: a naive
bpftrace script to show raw tracepoint data and a bcc script for a more
refined view. However, as some of the ongoing changes to bpftrace
introduce a certain degree of unreliability (running some of the
existing bpftrace scripts was not possible with standard kernels and
bpftrace packages on latest stable Ubuntu, Debian, and NixOS), this PR
includes only a single bcc script that fuses the functionality of former
bpftrace and bcc scripts.
2023-03-20 15:57:31 +01:00
fanquake
285edfadca
guix: use osslsigncode 2.5
Co-authored-by: Andrew Chow <github@achow101.com>
2023-03-12 19:37:44 +01:00
fanquake
127c637cf0
guix: pass --enable-initfini-array to release GCC
This returns us to pre-Guix behaviour, where the compilers we were using
to build releases, were configured with this option.
2023-03-01 21:23:36 +01:00
Andrew Chow
74981aa02d
Merge bitcoin/bitcoin#27172: guix: switch to some minimal versions of packages in our manifest
2c9eb4afe1 guix: use cmake-minimal over cmake (fanquake)
1475515312 guix: use coreutils-minimal over coreutils (fanquake)
4445621415 guix: use bash-minimal over bash (fanquake)

Pull request description:

  Minimal versions of the same packages, that should still be sufficient for our use:

  > (define-public bash-minimal
    ;; A stripped-down Bash for non-interactive use.

  > (define-public coreutils-minimal
    ;; Coreutils without its optional dependencies.

  > ;;; This minimal variant of CMake does not include the documentation.  It is
  ;;; used by the cmake-build-system.
  (define-public cmake-minimal

ACKs for top commit:
  TheCharlatan:
    ACK 2c9eb4afe1
  Sjors:
    tACK 2c9eb4afe1
  achow101:
    ACK 2c9eb4afe1
  hebasto:
    ACK 2c9eb4afe1,

Tree-SHA512: f91ca9e088b8346b20c2affc80870c31640de3aedcfcc0fb98a5e82c77ef64537870b88552f26759d31d8d0956b1fd685e6c25d5acbc92f5feaececd1a7dd37e
2023-03-01 11:07:04 -05:00
fanquake
2c9eb4afe1
guix: use cmake-minimal over cmake 2023-02-28 12:15:18 +00:00
fanquake
1475515312
guix: use coreutils-minimal over coreutils 2023-02-28 12:14:52 +00:00
fanquake
4445621415
guix: use bash-minimal over bash 2023-02-28 12:14:51 +00:00
fanquake
29b62c01c8
valgrind: remove libsecp256k1 suppression 2023-02-28 10:45:57 +00:00
glozow
873dcc1910
Merge bitcoin/bitcoin#27058: contrib: Improve verify-commits.py to work with maintainers leaving
14fac808bd verify-commits: Mention git v2.38.0 requirement (Andrew Chow)
bb86887527 verify-commits: Skip checks for commits older than trusted roots (Andrew Chow)
5497c14830 verify-commits: Use merge-tree in clean merge check (Andrew Chow)
76923bfa09 verify-commits: Remove all allowed commit exceptions (Andrew Chow)
53b07b2b47 verify-commits: Move trusted-keys valid sig check into verify-commits itself (Andrew Chow)

Pull request description:

  Currently the `verify-commits.py` script does not work well with maintainers giving up their commit access. If a key is removed from `trusted-keys`, any commits it signed previously will fail to verify, however keys cannot be kept in the list as it would allow that person to continue to push new commits. Furthermore, the `trusted-keys` used depends on the working tree which `verify-commits.py` itself may be modifying. When the script is run, the `trusted-keys` may be the one that is intended to be used, but the script may change the tree to a different commit with a different `trusted-keys` and use that instead!

  To resolve these issues, I've updated `verify-commits.py` to load the `trusted-keys` file and check the keys itself rather than delegating that to `gpg.sh` (which previously read in `trusted-keys`). This avoids the issue with the tree changing.

  I've also updated the script so that it stops modifying the tree. It would do this for the clean merge check where it would checkout each individual commit and attempt to reapply the merges, and then checking out the commit given as a cli arg. `git merge-tree` lets us do basically that but without modifying the tree. It will give us the object id for the resulting tree which we can compare against the object id of the tree in the merge commit in question. This also appears to be quite a bit faster.

  Lastly I've removed all of the exception commits in `allow-revsig-commits`, `allow-incorrect-sha512-commits`, and `allow-unclean-merge-commits` since all of these predate the commits in `trusted-git-root` and `trusted-sha512-root`. I've also updated the script to skip verification of commits that predate `trusted-git-root`, and skip sha512 verification for those that predate `trusted-sha512-root`.

ACKs for top commit:
  Sjors:
    ACK 14fac808bd
  glozow:
    Concept ACK 14fac808bd

Tree-SHA512: f9b0c6e1f1aecb169cdd6c833b8871b15e31c2374dc589858df0523659b294220d327481cc36dd0f92e9040d868eee6a8a68502f3163e05fa751f9fc2fa8832a
2023-02-27 13:17:48 +00:00
glozow
6758bd7de7
Merge bitcoin/bitcoin#27135: Remove MarcoFalke fingerprint, update trusted-git-root
fab17f08e2 Revert "[contrib] verify-commits: Add MarcoFalke fingerprint" (MarcoFalke)

Pull request description:

  This reverts commit fa24329334.

  The commit may be signed by my key, but I haven't checked it. Also, I haven't checked the new `contrib/verify-commits/trusted-git-root`.

ACKs for top commit:
  achow101:
    ACK fab17f08e2
  glozow:
    ACK fab17f08e2

Tree-SHA512: 485fb302f7e42704412afffd6c09a031f63df18f259b27282b8373d5bf95b0ec72426cec476d88bf23e793a6e1dae4c1df2059645961806e34b50448ebf1862a
2023-02-24 10:27:25 +00:00
fanquake
0c579203d2
Merge bitcoin/bitcoin#25867: lint: enable E722 do not use bare except
61bb4e783b lint: enable E722 do not use bare except (Leonardo Lazzaro)

Pull request description:

  Improve test code and enable E722 lint check.

   If you want to catch all exceptions that signal program errors, use except Exception: (bare except is equivalent to except BaseException:).

  Reference: https://peps.python.org/pep-0008/#programming-recommendations

ACKs for top commit:
  MarcoFalke:
    lgtm ACK 61bb4e783b

Tree-SHA512: c7497769d5745fa02c78a20f4a0e555d8d3996d64af6faf1ce28e22ac1d8be415b98e967294679007b7bda2a9fd04031a9d140b24201e00257ceadeb5c5d7665
2023-02-22 09:28:09 +00:00
Andrew Chow
14fac808bd verify-commits: Mention git v2.38.0 requirement 2023-02-21 17:00:13 -05:00
MarcoFalke
fab17f08e2
Revert "[contrib] verify-commits: Add MarcoFalke fingerprint"
This reverts commit fa24329334.
2023-02-21 14:00:13 +01:00
Leonardo Lazzaro
61bb4e783b lint: enable E722 do not use bare except 2023-02-18 11:24:09 +00:00
fanquake
fe1b325688
Merge bitcoin/bitcoin#27029: guix: consolidate to glibc 2.27 for Linux builds
d5d4b75840 guix: combine glibc hardening options into hardened-glibc (fanquake)
c49f2b8eb5 guix: remove no-longer needed powerpc workaround (fanquake)
74c9893989 guix: use glibc 2.27 for all Linux builds (fanquake)

Pull request description:

  Build against glibc 2.27 for all Linux builds (previously only used for RISC-V), and at the same time, increase our minimum required glibc to 2.27 (2018). This would drop support for Ubuntu Xenial (16.04) & Debian Stretch (9), from the produced release binaries. Compiling from source on those systems may be possible, assuming you can install a recent enough compiler/toolchain etc.

ACKs for top commit:
  hebasto:
    ACK d5d4b75840, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: 910f0ef45b4558f2a45d35a5c1c39aaac97e8aff086dc4fc1eddbb80c0b6e4bd23667d64e21d0fd42e4db37b6f26f447ca5d1150bb861128af7e71fb42835cf8
2023-02-17 10:40:57 +00:00