Commit graph

1959 commits

Author SHA1 Message Date
Andrew Chow
f4e42a78c7
Merge bitcoin/bitcoin#27179: guix: use osslsigncode 2.5
285edfadca guix: use osslsigncode 2.5 (fanquake)

Pull request description:

  Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment.

  achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush).

ACKs for top commit:
  achow101:
    ACK 285edfadca

Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
2023-03-20 12:50:11 -04:00
Andrew Chow
60f142e395
Merge bitcoin/bitcoin#26531: mempool: Add mempool tracepoints
4b7aec2951 Add mempool tracepoints (virtu)

Pull request description:

  This PR adds multiple mempool tracepoints.

  | tracepoint  | description |
  | ------------- | ------------- |
  | `mempool:added`  | Is called when a transaction enters the mempool  |
  | `mempool:removed`  | ... when a transaction is removed from the mempool |
  | `mempool:replaced`  | ... when a transaction is replaced in the mempool |
  | `mempool:rejected`  | ... when a transaction is rejected from entering the mempool |

  The tracepoints are further documented in `docs/tracing.md`. Usage is demonstrated in the example script `contrib/tracing/mempool_monitor.py`. Interface tests are provided in `test/functional/interface_usdt_mempool.py`.

  The rationale for passing the removal reason as a string instead of numerically is that the benefits of not having to maintain a redundant enum-string mapping seem to outweigh the small cost of string generation. The reject reason is passed as string as well, although in this instance the string does not have to be generated but is readily available.

ACKs for top commit:
  0xB10C:
    ACK 4b7aec2951
  achow101:
    ACK 4b7aec2951

Tree-SHA512: 6deb3ba2d1a061292fb9b0f885f7a5c4d11b109b838102d8a8f4828cd68f5cd03fa3fc64adc6fdf54a08a1eaccce261b0aa90c2b8c33cd5fd3828c8f74978958
2023-03-20 12:42:24 -04:00
virtu
4b7aec2951 Add mempool tracepoints
Tracepoints for added, removed, replaced, and rejected transactions.

The removal reason is passed as string instead of a numeric value, since
the benefits of not having to maintain a redundant enum-string mapping
seem to outweigh the small cost of string generation.  The reject reason
is passed as string as well, although here the string does not have to
be generated but is readily available.

So far, tracepoint PRs typically included two demo scripts: a naive
bpftrace script to show raw tracepoint data and a bcc script for a more
refined view. However, as some of the ongoing changes to bpftrace
introduce a certain degree of unreliability (running some of the
existing bpftrace scripts was not possible with standard kernels and
bpftrace packages on latest stable Ubuntu, Debian, and NixOS), this PR
includes only a single bcc script that fuses the functionality of former
bpftrace and bcc scripts.
2023-03-20 15:57:31 +01:00
fanquake
285edfadca
guix: use osslsigncode 2.5
Co-authored-by: Andrew Chow <github@achow101.com>
2023-03-12 19:37:44 +01:00
fanquake
127c637cf0
guix: pass --enable-initfini-array to release GCC
This returns us to pre-Guix behaviour, where the compilers we were using
to build releases, were configured with this option.
2023-03-01 21:23:36 +01:00
Andrew Chow
74981aa02d
Merge bitcoin/bitcoin#27172: guix: switch to some minimal versions of packages in our manifest
2c9eb4afe1 guix: use cmake-minimal over cmake (fanquake)
1475515312 guix: use coreutils-minimal over coreutils (fanquake)
4445621415 guix: use bash-minimal over bash (fanquake)

Pull request description:

  Minimal versions of the same packages, that should still be sufficient for our use:

  > (define-public bash-minimal
    ;; A stripped-down Bash for non-interactive use.

  > (define-public coreutils-minimal
    ;; Coreutils without its optional dependencies.

  > ;;; This minimal variant of CMake does not include the documentation.  It is
  ;;; used by the cmake-build-system.
  (define-public cmake-minimal

ACKs for top commit:
  TheCharlatan:
    ACK 2c9eb4afe1
  Sjors:
    tACK 2c9eb4afe1
  achow101:
    ACK 2c9eb4afe1
  hebasto:
    ACK 2c9eb4afe1,

Tree-SHA512: f91ca9e088b8346b20c2affc80870c31640de3aedcfcc0fb98a5e82c77ef64537870b88552f26759d31d8d0956b1fd685e6c25d5acbc92f5feaececd1a7dd37e
2023-03-01 11:07:04 -05:00
fanquake
2c9eb4afe1
guix: use cmake-minimal over cmake 2023-02-28 12:15:18 +00:00
fanquake
1475515312
guix: use coreutils-minimal over coreutils 2023-02-28 12:14:52 +00:00
fanquake
4445621415
guix: use bash-minimal over bash 2023-02-28 12:14:51 +00:00
fanquake
29b62c01c8
valgrind: remove libsecp256k1 suppression 2023-02-28 10:45:57 +00:00
glozow
873dcc1910
Merge bitcoin/bitcoin#27058: contrib: Improve verify-commits.py to work with maintainers leaving
14fac808bd verify-commits: Mention git v2.38.0 requirement (Andrew Chow)
bb86887527 verify-commits: Skip checks for commits older than trusted roots (Andrew Chow)
5497c14830 verify-commits: Use merge-tree in clean merge check (Andrew Chow)
76923bfa09 verify-commits: Remove all allowed commit exceptions (Andrew Chow)
53b07b2b47 verify-commits: Move trusted-keys valid sig check into verify-commits itself (Andrew Chow)

Pull request description:

  Currently the `verify-commits.py` script does not work well with maintainers giving up their commit access. If a key is removed from `trusted-keys`, any commits it signed previously will fail to verify, however keys cannot be kept in the list as it would allow that person to continue to push new commits. Furthermore, the `trusted-keys` used depends on the working tree which `verify-commits.py` itself may be modifying. When the script is run, the `trusted-keys` may be the one that is intended to be used, but the script may change the tree to a different commit with a different `trusted-keys` and use that instead!

  To resolve these issues, I've updated `verify-commits.py` to load the `trusted-keys` file and check the keys itself rather than delegating that to `gpg.sh` (which previously read in `trusted-keys`). This avoids the issue with the tree changing.

  I've also updated the script so that it stops modifying the tree. It would do this for the clean merge check where it would checkout each individual commit and attempt to reapply the merges, and then checking out the commit given as a cli arg. `git merge-tree` lets us do basically that but without modifying the tree. It will give us the object id for the resulting tree which we can compare against the object id of the tree in the merge commit in question. This also appears to be quite a bit faster.

  Lastly I've removed all of the exception commits in `allow-revsig-commits`, `allow-incorrect-sha512-commits`, and `allow-unclean-merge-commits` since all of these predate the commits in `trusted-git-root` and `trusted-sha512-root`. I've also updated the script to skip verification of commits that predate `trusted-git-root`, and skip sha512 verification for those that predate `trusted-sha512-root`.

ACKs for top commit:
  Sjors:
    ACK 14fac808bd
  glozow:
    Concept ACK 14fac808bd

Tree-SHA512: f9b0c6e1f1aecb169cdd6c833b8871b15e31c2374dc589858df0523659b294220d327481cc36dd0f92e9040d868eee6a8a68502f3163e05fa751f9fc2fa8832a
2023-02-27 13:17:48 +00:00
glozow
6758bd7de7
Merge bitcoin/bitcoin#27135: Remove MarcoFalke fingerprint, update trusted-git-root
fab17f08e2 Revert "[contrib] verify-commits: Add MarcoFalke fingerprint" (MarcoFalke)

Pull request description:

  This reverts commit fa24329334.

  The commit may be signed by my key, but I haven't checked it. Also, I haven't checked the new `contrib/verify-commits/trusted-git-root`.

ACKs for top commit:
  achow101:
    ACK fab17f08e2
  glozow:
    ACK fab17f08e2

Tree-SHA512: 485fb302f7e42704412afffd6c09a031f63df18f259b27282b8373d5bf95b0ec72426cec476d88bf23e793a6e1dae4c1df2059645961806e34b50448ebf1862a
2023-02-24 10:27:25 +00:00
fanquake
0c579203d2
Merge bitcoin/bitcoin#25867: lint: enable E722 do not use bare except
61bb4e783b lint: enable E722 do not use bare except (Leonardo Lazzaro)

Pull request description:

  Improve test code and enable E722 lint check.

   If you want to catch all exceptions that signal program errors, use except Exception: (bare except is equivalent to except BaseException:).

  Reference: https://peps.python.org/pep-0008/#programming-recommendations

ACKs for top commit:
  MarcoFalke:
    lgtm ACK 61bb4e783b

Tree-SHA512: c7497769d5745fa02c78a20f4a0e555d8d3996d64af6faf1ce28e22ac1d8be415b98e967294679007b7bda2a9fd04031a9d140b24201e00257ceadeb5c5d7665
2023-02-22 09:28:09 +00:00
Andrew Chow
14fac808bd verify-commits: Mention git v2.38.0 requirement 2023-02-21 17:00:13 -05:00
MarcoFalke
fab17f08e2
Revert "[contrib] verify-commits: Add MarcoFalke fingerprint"
This reverts commit fa24329334.
2023-02-21 14:00:13 +01:00
Leonardo Lazzaro
61bb4e783b lint: enable E722 do not use bare except 2023-02-18 11:24:09 +00:00
fanquake
fe1b325688
Merge bitcoin/bitcoin#27029: guix: consolidate to glibc 2.27 for Linux builds
d5d4b75840 guix: combine glibc hardening options into hardened-glibc (fanquake)
c49f2b8eb5 guix: remove no-longer needed powerpc workaround (fanquake)
74c9893989 guix: use glibc 2.27 for all Linux builds (fanquake)

Pull request description:

  Build against glibc 2.27 for all Linux builds (previously only used for RISC-V), and at the same time, increase our minimum required glibc to 2.27 (2018). This would drop support for Ubuntu Xenial (16.04) & Debian Stretch (9), from the produced release binaries. Compiling from source on those systems may be possible, assuming you can install a recent enough compiler/toolchain etc.

ACKs for top commit:
  hebasto:
    ACK d5d4b75840, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: 910f0ef45b4558f2a45d35a5c1c39aaac97e8aff086dc4fc1eddbb80c0b6e4bd23667d64e21d0fd42e4db37b6f26f447ca5d1150bb861128af7e71fb42835cf8
2023-02-17 10:40:57 +00:00
Andrew Chow
bb86887527 verify-commits: Skip checks for commits older than trusted roots 2023-02-16 12:47:00 -05:00
Andrew Chow
5497c14830 verify-commits: Use merge-tree in clean merge check 2023-02-16 12:47:00 -05:00
Andrew Chow
76923bfa09 verify-commits: Remove all allowed commit exceptions
These commits predate the current trusted root.
2023-02-16 12:46:59 -05:00
Andrew Chow
53b07b2b47 verify-commits: Move trusted-keys valid sig check into verify-commits itself
Instead of having gpg.sh check against the trusted keys for a valid
signature, do it inside of verify-commits itself.

This also allows us to use the same trusted-keys throughout the
verify-commits.py check rather than it possibly being modified during
the clean merge check.
2023-02-16 12:46:40 -05:00
fanquake
304ae6dc8e
doc: remove mention of "proper signing key"
This key is no-longer in use:
https://lists.linuxfoundation.org/pipermail/bitcoin-core-dev/2023-February/000115.html
2023-02-16 10:27:19 +00:00
fanquake
cbf511b3f4
Merge bitcoin/bitcoin#27054: Remove laanwj from trusted-keys
aafa5e945c Remove laanwj from trusted-keys (laanwj)

Pull request description:

  allow-revsig-commits list generated using:

      git log --format="%H %ce" --merges 577bd51a4b8de066466a445192c1c653872657e2..master | grep laanwj | cut -c -40 >> allow-revsig-commits

ACKs for top commit:
  Sjors:
    tACK aafa5e945c 😢
  achow101:
    ACK aafa5e945c
  fanquake:
    ACK aafa5e945c

Tree-SHA512: 5e38ac8101f948030f9577480bfba14674351a7d697d7f6985966d98a0200fa110cee13fb331a1ff0c05874d92d9d03402c540f063155e7eea093accb5f4590e
2023-02-16 09:42:11 +00:00
fanquake
d5d4b75840
guix: combine glibc hardening options into hardened-glibc 2023-02-13 14:16:59 +00:00
fanquake
c49f2b8eb5
guix: remove no-longer needed powerpc workaround 2023-02-13 14:16:58 +00:00
fanquake
74c9893989
guix: use glibc 2.27 for all Linux builds
Also point to the latest commit on the glibc 2.27 releases branch.

https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.27/master
2023-02-13 14:16:24 +00:00
Andrew Chow
6ada37d44c verify-commits: Bump trusted git root to after most recent laanwj merge
To prepare for the removal of laanwj's key from trusted key, the trusted
git root needs to be newer than the most recent merge commit signed by
his key.
2023-02-10 11:36:06 -05:00
laanwj
aafa5e945c
Remove laanwj from trusted-keys
allow-revsig-commits list generated using:

    git log --format="%H %ce" --merges 577bd51a4b8de066466a445192c1c653872657e2..master | grep laanwj | cut -c -40 >> allow-revsig-commits

Tree-SHA512: e665d1f3f6ae45ad435cb2802d49988f5133d695b145aa2dc65af95c052e562e0afaf585c351a41529985b4229965cf555f7197a44c90ba7daaea7a28975648d
2023-02-07 10:12:49 +01:00
MarcoFalke
5a80086ec2
Merge bitcoin/bitcoin#26701: contrib: make DNS seeds file an argument in CLI (makeseeds)
1c07500dbb contrib: make DNS seeds file an argument in CLI (brunoerg)

Pull request description:

  Instead of using `makeseeds.py` this way:
  ```sh
  python3 makeseeds.py -a asmap-filled.dat < seeds_main.txt > nodes_main.txt
  ```

  We could use the DNS seeds file as an argument since it is a required one. It improves the way the script handles it when that file is missing as well as makes this script more friendly.
  E.g:
  ```sh
  python3 makeseeds.py -a asmap-filled.dat -s seeds_main.txt > nodes_main.txt
  ```

ACKs for top commit:
  vincenzopalazzo:
    ACK  1c07500dbb

Tree-SHA512: bddf728d5d376659155f5bbeb1fa0d42aa273ec4a0cf5687f4d3f3be85625f541d392f30008e3c9d2c65967cb882deb36af34330994727771be73c9adeb521e0
2023-02-07 10:03:36 +01:00
fanquake
44f3c7de21
contrib: remove install_db4.sh
Now that we can build a bdb-only depends prefix, there is no need to
maintain a bdb-building bash script, that does the same things as
depends, except worse, as it's missing patches and workarounds. i.e #26623.
2023-01-18 16:59:02 +00:00
MarcoFalke
aef8b4f43b
Merge bitcoin/bitcoin#26226: Bump minimum python version to 3.7
fa8fe5b696 scripted-diff: Use new python 3.7 keywords (MarcoFalke)
fa2a23548a Revert "contrib: Fix capture_output in getcoins.py" (MarcoFalke)
dddd462137 Bump minimum python version to 3.7 (MarcoFalke)

Pull request description:

  While there is nothing that requires a bump, it may require less maintenance to drop python3.6 support. Python3.7 is available through the package manager on all currently supported operating systems.

ACKs for top commit:
  jamesob:
    ACK fa8fe5b696
  hebasto:
    ACK fa8fe5b696

Tree-SHA512: f6e080d8751948bb0e01c87be601363158f345e8037b70ce7e1bc507c611eb61600e4f24f1d2f8a6e7e44877ab09319302869e33ce8118c4c4f71fc89c0a1198
2023-01-18 16:46:12 +01:00
MarcoFalke
fa8fe5b696
scripted-diff: Use new python 3.7 keywords
-BEGIN VERIFY SCRIPT-
 sed -i 's/universal_newlines/text/g' $(git grep -l universal_newlines)
-END VERIFY SCRIPT-
2023-01-18 13:00:34 +01:00
MarcoFalke
fa2a23548a
Revert "contrib: Fix capture_output in getcoins.py"
This reverts commit be59bd17ec
because the changes are no longer needed.
2023-01-18 13:00:29 +01:00
MarcoFalke
faa05cd8ce
doc: Clarify debian copyright comment 2023-01-18 10:29:24 +01:00
MarcoFalke
e6ff110820
Merge bitcoin/bitcoin#26810: doc: remove nonexistent files from copyright
4bb91be124 debian: remove nonexistent files from copyright (fanquake)

Pull request description:

  The removed files were dropped during a secp256k1 subtree update.

Top commit has no ACKs.

Tree-SHA512: 19ef1cf76908b5468265cc25b76abf8cf3a1dd0d5f7390f9cf4c5cd4c421c8cb04b5991ded7102add896d06555696a8059df37fd1d8f7374487a12dfa594c9cd
2023-01-18 09:12:00 +01:00
fanquake
6ba17d4955
scripts: add PE Canary check to security-check 2023-01-06 10:49:18 +00:00
MarcoFalke
296e882250
Merge bitcoin/bitcoin#26598: contrib: remove builder keys
e6864fa157 contrib: remove builder keys (fanquake)

Pull request description:

  This has been superseded by adding a builder-keys/ directory in
  guix.sigs, where the presence of keys, and validity of signatures
  is checked. Preventing issues like missing keys or invalid signatures.

  New (or exisiting) Guix builders can add their key in the next PR
  they open adding attestations.

  Related to issues like #26566, #26563.

  Also follows up with the comment here: https://github.com/bitcoin/bitcoin/pull/26565#issuecomment-1326053939.

ACKs for top commit:
  hebasto:
    ACK e6864fa157, modulo s/update/remove/ in the PR tittle.

Tree-SHA512: 095b4cf12ed0baeaf0ee7b8edcb3e2647e9c0f812e8fd63915ddb454f81dacc9c2d2b409de2773b7adb5ff643893d614d8aad1bc44c26da648e1bbbe19e11e05
2023-01-05 09:18:16 +01:00
fanquake
4bb91be124
debian: remove nonexistent files from copyright 2023-01-04 12:32:20 +00:00
fanquake
4717a5aa31
Merge bitcoin/bitcoin#26772: contrib: fix sha256 check in install_db4.sh for FreeBSD
22e9afe40d use sha256 command instead of sha256sum on FreeBSD (Murray Nesbitt)

Pull request description:

  The FreeBSD version of `sha256sum` takes different arguments than the GNU version.

  The `sha256_check` function in `contrib/install_db4.sh` has code specific to FreeBSD, however it doesn't get reached because while the `sha256sum` command does exist on FreeBSD, it is incompatible and results in an error:

  ```
  sha256sum: option requires an argument -- c
  usage: sha256sum [-pqrtx] [-c file] [-s string] [files ...]
  ```

  This change moves the FreeBSD-specific code before the check for the `sha256sum` command.

  Fixes: #26774

Top commit has no ACKs.

Tree-SHA512: 2485e2e7d8fdca3b072b29fb22bbdfd69e520740537b331b33c64cc645b63da712cfa63a23bdf039bbc92a6558fc7bf03323a51784bf601ff360ff0ef59506c8
2023-01-04 10:24:00 +00:00
Jon Atack
459cb637ac script, test: fix python linter E275 errors with flake8 5.0.4 2023-01-03 10:59:56 -08:00
Murray Nesbitt
22e9afe40d use sha256 command instead of sha256sum on FreeBSD 2022-12-29 22:23:44 -08:00
MarcoFalke
e9262ea32a
Merge bitcoin/bitcoin#26750: Insert and bump copyright headers
3ae76ea6dd scripted-diff: Insert missed copyright header (Hennadii Stepanov)
306ccd4927 scripted-diff: Bump copyright headers (Hennadii Stepanov)

Pull request description:

  This PR bumps the existing copyright headers, as we did every year, and adds a missed one.

Top commit has no ACKs.

Tree-SHA512: 5f6b02e2baad21750e3dd8f0612bb6e7e2cfa6a743c669f26baf5a39c168b2d3a92afae1ce2dad59b70492175186c38f172c4ee68fc7ac87a4d85330429ca054
2022-12-25 10:50:16 +01:00
Hennadii Stepanov
306ccd4927
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-

Commits of previous years:
- 2021: f47dda2c58
- 2020: fa0074e2d8
- 2019: aaaaad6ac9
2022-12-24 23:49:50 +00:00
Suriyaa Sundararuban
e9abb13ecb
doc: Update license year range to 2023 2022-12-24 11:40:16 +01:00
fanquake
e6864fa157
contrib: remove builder keys
This has been superseded by adding a builder-keys/ directory in
guix.sigs, where the presence of keys, and validity of signatures
is checked. Preventing issues like missing keys or invalid signatures.

New (or exisiting) Guix builders can add their key in the next PR
they open adding attestations.
2022-12-19 17:21:35 +00:00
brunoerg
1c07500dbb contrib: make DNS seeds file an argument in CLI 2022-12-19 07:20:14 -03:00
Andrew Chow
bbfcbcfa0c
Merge bitcoin/bitcoin#24611: Add fish completions
ccba4fe7e3 doc: Add completion subdir to contrib/README.md (willcl-ark)
7075848f96 script: Add fish completions (willcl-ark)
a27a445b71 refactor: Sub-folder bash completions (willcl-ark)

Pull request description:

  The completions are dynamically generated from the respective binary
  help pages.

  Completions should be sourced into the shell or added to
  `$XDG_CONFIG/fish/completions`. See [where to put completions](https://fishshell.com/docs/current/completions.html#where-to-put-completions) for more information.

  As the completions are auto-generated they should only require as much maintenance as the bash equivalents, which is to say very little!

ACKs for top commit:
  achow101:
    ACK ccba4fe7e3
  josibake:
    ACK ccba4fe7e3

Tree-SHA512: fe6ed899ea1fe90f82970bde7739db11dd0c845ccd70b65f28ad5212f75b57d9105a3a7f70ccdff552d5b21fa3fe9c697d128fb10740bae31fe1854e716b4b8b
2022-12-07 18:30:14 -05:00
fanquake
a035b6a0c4
Merge bitcoin/bitcoin#26565: contrib/builder-keys/keys.txt: remove unavailable key
dddfa028ff contrib/builder-keys/keys.txt: remove unavailable key (@RandyMcMillan)

Pull request description:

ACKs for top commit:
  fanquake:
    ACK dddfa028ff

Tree-SHA512: e7bd2d9d828b44c4343478c68d01530621677f5c66912a4181815e66ef1926dfc66e6a7652789677ae263684d30a39da038b8ca669ad24833c1f104244c2a2b1
2022-11-29 12:12:24 +00:00
willcl-ark
ccba4fe7e3
doc: Add completion subdir to contrib/README.md 2022-11-28 20:39:20 +00:00
willcl-ark
7075848f96
script: Add fish completions
Completions are dynamically generated from the respective binary help
pages.

Completions should be sourced into the shell or added to
$XDG_CONFIG/fish/completions.
2022-11-28 20:39:19 +00:00