bitcoin/contrib
Ryan Ofsky dbd2000b34
Merge bitcoin/bitcoin#28340: security: restrict abis in bitcoind.service
0244416aac security: restrict abis in bitcoind.service (Charlie)

Pull request description:

  [As noted here](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#MemoryDenyWriteExecute=), it's a good idea to pair `MemoryDenyWriteExecute=true` with `SystemCallArchitectures=native` because `MemoryDenyWriteExecute` can be circumvented in some operating systems which support multiple ABIs like x86/x86-64.
  This helps restrict the possible application binary interfaces (ABIs) that can be used when running bitcoind through systemd, reducing the attack surface area.

ACKs for top commit:
  laanwj:
    ACK 0244416aac . This is a sensible security feature.
  0xB10C:
    ACK 0244416aac

Tree-SHA512: 77a35b0674d8d67d857cd20ae1b8cd011f82d6f5ed21bc106cbe45bfa937e786ddc1bf7261e3bdb8c289df1224e91658760905d2c8f37cc4c6506ef8037ad158
2024-04-17 13:00:42 -04:00
..
completions contrib/bash-completions: use package naming conventions 2023-09-19 13:45:22 +02:00
debian doc: upgrade Bitcoin Core license to 2024 2024-01-10 16:29:01 -06:00
devtools tidy: remove C compiler check 2024-03-22 13:48:00 +00:00
guix Merge bitcoin/bitcoin#29846: guix: replace GCC unaligned VMOV patch with binutils patch 2024-04-17 12:22:11 +01:00
init security: restrict abis in bitcoind.service 2023-08-24 16:54:47 -04:00
linearize script, test: fix python linter E275 errors with flake8 5.0.4 2023-01-03 10:59:56 -08:00
macdeploy Use hardened runtime on macOS release builds. 2023-12-20 16:24:37 -08:00
message-capture test: use built-in collection types for type hints (Python 3.9 / PEP 585) 2023-10-25 01:10:21 +02:00
qos scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
seeds seeds: Update testnet seeds 2024-03-04 19:53:30 -05:00
shell guix: Add source-able bash prelude and utils 2021-04-05 11:00:21 -04:00
signet contrib: use a raw string for a regular expression literal that contains backslashes in signet/miner 2023-11-15 15:55:20 +01:00
testgen contrib: make gen_key_io_test_vectors deterministic 2022-04-06 17:02:50 +02:00
tracing Use int32_t type for most transaction size/weight values 2023-06-12 19:47:19 +01:00
verify-binaries scripted-diff: use PEP 585 built-in collection types for verify-binary script 2023-10-25 01:19:36 +02:00
verify-commits add ryanofsky to trusted-keys 2023-05-08 23:30:56 -04:00
windeploy windeploy: Renewed windows code signing certificate 2022-05-24 12:55:03 -04:00
zmq scripted-diff: Bump copyright headers 2021-12-30 19:36:57 +02:00
filter-lcov.py scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
README.md doc: Fix verify-binaries link in contrib README 2023-06-30 12:12:24 +02:00
valgrind.supp ci: use clang-16 for Valgrind 2024-04-14 10:39:14 +01:00

Repository Tools

Developer tools

Specific tools for developers working on this repository. Additional tools, including the github-merge.py script, are available in the maintainer-tools repository.

Verify-Commits

Tool to verify that every merge commit was signed by a developer using the github-merge.py script.

Linearize

Construct a linear, no-fork, best version of the blockchain.

Qos

A Linux bash script that will set up traffic control (tc) to limit the outgoing bandwidth for connections to the Bitcoin network. This means one can have an always-on bitcoind instance running, and another local bitcoind/bitcoin-qt instance which connects to this node and receives blocks from it.

Seeds

Utility to generate the pnSeed[] array that is compiled into the client.

Build Tools and Keys

Packaging

The Debian subfolder contains the copyright file.

All other packaging related files can be found in the bitcoin-core/packaging repository.

MacDeploy

Scripts and notes for Mac builds.

Test and Verify Tools

TestGen

Utilities to generate test vectors for the data-driven Bitcoin tests.

Verify-Binaries

This script attempts to download and verify the signature file SHA256SUMS.asc from bitcoin.org.

Command Line Tools

Completions

Shell completions for bash and fish.