a58cb3b1c12c8cb75a87375c50f94c4605bb805d qa: sanity check mined block have their coinbase timelocked to height (Antoine Poinsot)
8f2078af6a55448c003b3f7f3021955fbb351caa miner: timelock coinbase transactions (Antoine Poinsot)
788aeebf343526760fa8f3ed969ac3713212a5b6 qa: use prev height as nLockTime for coinbase txs created in unit tests (Antoine Poinsot)
c76dbe9b8b6f03b761a0ef97e1b8cd133b934714 qa: timelock coinbase transactions created in fuzz targets (Antoine Poinsot)
9c94069d8b6cf67a24eb03c51230a4f2b2bf2d64 contrib: timelock coinbase transactions in signet miner (Antoine Poinsot)
a5f52cfcc400ad0adb41a78c65b8abb971e0d622 qa: timelock coinbase transactions created in functional tests (Antoine Poinsot)
Pull request description:
The Consensus Cleanup soft fork proposal includes enforcing that coinbase transactions set their
nLockTime field to the block height minus 1, as well as their nSequence such as to not disable the
timelock. If such a fork were to be activated by Bitcoin users, miners need to be ready to produce
compliant blocks at the risk of losing substantial amounts mining would-be invalid blocks. As miners
are unfamously slow to upgrade, it's good to make this change as early as possible.
Although Bitcoin Core's GBT implementation does not provide the `coinbasetxn` field, and mining
pool software crafts the coinbase on its own, updating the Bitcoin Core mining code is a first step
toward convincing pools to update their (often closed source) code. A possible followup is also to
introduce new fields to GBT. In addition, this first step also makes it possible to test future
Consensus Cleanup changes.
The commit making the change also updates a bunch of seemingly-unrelated tests. This is because those tests were asserting error messages based on the txid of transactions involved, and changing the coinbase transaction structure necessarily changes the txid of all tests' transactions.
ACKs for top commit:
Sjors:
Code review ACK a58cb3b1c12c8cb75a87375c50f94c4605bb805d
achow101:
ACK a58cb3b1c12c8cb75a87375c50f94c4605bb805d
TheCharlatan:
Re-ACK a58cb3b1c12c8cb75a87375c50f94c4605bb805d
Tree-SHA512: a2aae009a187eb760d34435f518a895ee76c6b02a667eb030ddf6bd584da6e8eae2737d974dbf81a928d60c07bcb4820f055adc067e18d8819640db0240bb513
1ee698fde2e8652d8eb083749edb8029c003b8db test: refactor: negate signature-s using libsecp256k1 (Sebastian Falbesoner)
Pull request description:
This small PR gets rid of manual mod-n inversion of the ECDSA signature-s part in unit tests (introduced a long time ago in #5256, triggered by https://github.com/bitcoin-core/secp256k1/pull/69) by using secp256k1 instead. The function wasn't available at that time, but was introduced about three years later, see https://github.com/bitcoin-core/secp256k1/pull/408. Note that as the name suggests, `secp256k1_ec_seckey_negate` is meant to be used for secret keys, but it obviously works in general for scalars modulo the group order.
ACKs for top commit:
achow101:
ACK 1ee698fde2e8652d8eb083749edb8029c003b8db
laanwj:
Code review ACK 1ee698fde2e8652d8eb083749edb8029c003b8db
w0xlt:
ACK 1ee698fde2
rkrux:
tACK 1ee698fde2e8652d8eb083749edb8029c003b8db
Tree-SHA512: dc36ea1572b538d11ae34e1871f310a1cda8083ffb753e93e7ee9d56e91ebd8ec78d35758dfb700254720914b734ef7a071eeef71b6239f19e1e2fb289fb5435
importprivkey was a legacy wallet only RPC which had a helper for
descriptor wallets in tests. Add wallet_importprivkey helper and use it
wherever importprivkey is used (other than backward compatibility tests)
This test was testing importprivkey behavior in a legacy wallet without
private keys. As legacy wallets no longer exist, this test case is no
longer relevant.
This gets rid of the special-casing of `strRPCUserColonPass` by hashing
cookies as well as manually provided `-rpcuser`/`-rpcpassword` with a
random salt before storing them.
Also take the opportunity to modernize the surrounding code a bit. There
should be no end-user visible differences in behavior.
Back in 2015, in #7044, we added configuration option `rpcauth` for
multiple RPC users. At the same time the old settings for single-user
configuration `rpcuser` and `rpcpassword` were "soon" to be deprecated.
The main reason for this deprecation is that while `-rpcpassword` stores
the password in plain text, `-rpcauth` stores a hash, so it doesn't
appear in the configuration in plain text.
As the options are still in active use, actually removing them is
expected to be a hassle to many, and it's not clear that is worth it. As
for the security risk, in many kinds of setups (no wallet,
containerized, single-user-single-application, local-only, etc) it is an
unlikely point of escalation.
In the end, it is good to encourage secure practices, but it is the
responsibility of the user. Log a clear warning but remove the
deprecation notice.
Closes#29240.
7343a1846cebf74ffef3c54e05b633df629510a1 depends: Avoid using helper variables in toolchain file (Hennadii Stepanov)
Pull request description:
Using helper variables has two issues:
1. They contaminate the global namespace of the main build script.
2. They can be used as `set(var)`, effectively [exposing](https://cmake.org/cmake/help/latest/command/set.html) a cache variable `var`, which makes the toolchain file susceptible to the build environment.
The [`depends/Makefile`](https://github.com/bitcoin/bitcoin/blob/master/depends/Makefile) can generate values with "not-set" semantics as empty strings or strings containing only spaces. For example:2638fdb4f9/depends/Makefile (L157)
Therefore, [`MATCHES`](https://cmake.org/cmake/help/latest/command/if.html#matches) must be used rather than [`STREQUAL`](https://cmake.org/cmake/help/latest/command/if.html#strequal).
ACKs for top commit:
purpleKarrot:
ACK 7343a1846cebf74ffef3c54e05b633df629510a1
Tree-SHA512: f2235321ac13daee8e82fa1ae9d02b95097a696265ad3a31fbda9cbc3c387c1dc7d01951154f99828468e50b73ed2889a6fa2720007f519dd11fe25ee5303d23
It is confusing that the chain client flush happens between
StopHTTPServer and StopMapPort. Also, it is unused code. Seems best to
just add it back properly when it is needed again.
These scripts are not meant for general developer usage. They are for
use on the release binaries, which have been compiled in an environment
that makes various assumptions in regards to c library, compiler
options, hardening options, patching etc.
31c5ebc4007884b655f2f90ca09e36e0b9ada4da tracing: fix invalid argument in mempool_monitor (William Casarin)
Pull request description:
The mempool_monitor tracing tool is incorrectly reading the reason as the first argument. Fix this!
Noticed this during the bitcoin++ mempool hackathon 😅
cc 0xB10C
ACKs for top commit:
0xB10C:
Code Review ACK 31c5ebc4007884b655f2f90ca09e36e0b9ada4da
Tree-SHA512: 6f3d64f0f75a44e1fdcad71af8e737ce948833498cd3879ef74cbabf53e3649145b83febceca19b1662de55346c199bf4259e17f5b28cf0352aefa730e07ea63
10845cd7cc89fc83b4ee844dc577b391720bba9c qa: Add feature_framework_startup_failures.py (Hodlinator)
28e282ef9ae94ede4aace6b97ff18c66cb72a001 qa: assert_raises_message() - Stop assuming certain structure for exceptions (Hodlinator)
1f639efca5e71a0ff208415d94e408a74778d4db qa: Work around Python socket timeout issue (Hodlinator)
9b24a403fae4b896ff7705519bd48c877b4e621b qa: Only allow calling TestNode.stop() after connecting (Hodlinator)
6ad21b4c0114029d16d334bf8d437834708a295e qa: Include ignored errors in RPC connection timeout (Hodlinator)
879243e81fd55f54739fbdae4d5b8666f5acb9a9 qa refactor: wait_for_rpc_connection - Treat OSErrors the same (Hodlinator)
Pull request description:
Improves handling of startup errors in functional tests and puts tests in place to ensure knock-on errors don't creep in.
- `wait_for_rpc_connection()` now appends specific failures leading up to the `Unable to connect to bitcoind` error to that error message:
`[node 0] Unable to connect to bitcoind after 60s (ignored errors: {'missing_credentials': 1, 'OSError.ECONNREFUSED': 239}, latest error: ConnectionRefusedError(111, 'Connection refused'))`
- Fixes Windows Python issue where `socket.timeout` exceptions end up with unset `errno`-fields.
- Also adds comments, refactors code, improves logging.
The underlying purpose is to ensure developer efficiency in finding root causes of test failures.
Prior iterations of the PR partially focused on fixing the same issue as #31620.
Originally inspired by #30390.
### Testing
Can be tested by reverting either faf2f2c654d9aa18b2f49a157956f9ab0fce302a or fae3bf6b870eb0f9cddd1adac82ba72890806ae3 from #31620, or the "qa: Avoid calling stop-RPC if not connected" from this PR, and running *feature_framework_startup_failures.py*.
ACKs for top commit:
l0rinc:
ACK 10845cd7cc89fc83b4ee844dc577b391720bba9c
ryanofsky:
Code review ACK 10845cd7cc89fc83b4ee844dc577b391720bba9c. Only changes since last review were adding a new commit tweaking assert_raises_message(), extending the new test to have a self-check, and to pass through all options to child tests instead of a hardcoded list of options. I left some cleanup suggestions below but they are not important.
Tree-SHA512: f0235c5cbb6d1bb85d8dc5de492a08a34f6edc83499cbf0a5f9a3824809ff84635888c62c9c01101e3cc9ef9f1cdee2c9ab6537fea6feeb005b29f428caf8b22
f9dfe8d5e0d3f628659702ab781b7919505c829f contrib: remove bdb exception from FORTIFY check (fanquake)
Pull request description:
BDB has been removed (#28710), so we no-longer need to ignore functions from BDB in this check.
Guix building this branch, and looking for `*_chk` functions across all binaries produces:
```
# nm -C * | grep -i _chk | sort | uniq
U __fdelt_chk@GLIBC_2.15
U __fprintf_chk@GLIBC_2.3.4
U __fread_chk@GLIBC_2.7
U __longjmp_chk@GLIBC_2.11
U __memcpy_chk@GLIBC_2.3.4
U __printf_chk@GLIBC_2.3.4
U __snprintf_chk@GLIBC_2.3.4
U __sprintf_chk@GLIBC_2.3.4
U __stack_chk_fail@GLIBC_2.4
U __vsnprintf_chk@GLIBC_2.3.4
```
ACKs for top commit:
achow101:
ACK f9dfe8d5e0d3f628659702ab781b7919505c829f
theuni:
utACK f9dfe8d5e0d3f628659702ab781b7919505c829f
laanwj:
Code review ACK f9dfe8d5e0d3f628659702ab781b7919505c829f
Tree-SHA512: e9491c8b348a0d777c3f7186cab48b478548654712f8b85e7bde2f8b94f3a8b52bc7be8fb1b4a486954359d3109cfb74e3485ccfff67c6546f0efcabf2eda0e0
Counting sigops in the witness and for p2sh requires
context that CheckBlock() does not have, so it only
counts a subset of sigops.
The check here was introduced by Satoshi as a "cleanup" in
f1e1fb4bdef878c8fc1564fa418d44e7541a7e83. With the attempted
introduction of OP_EVAL, it was replaced by the check in
ConnectBlock(). Commit e679ec969c8b22c676ebb10bea1038f6c8f13b33
marked this code as a placeholder for backward compatibility.
Then when P2SH replaced OP_EVAL in 922e8e2929a2e78270868385aa46f96002fbcff3
the phrase "compatibility-breaking" was replaced by a simple
observation that before v0.6 this is how sigops were counted.
It's unclear why the check was kept and there were no review comments
about it.
We really just want to skip this when building for Windows. So do that,
and remove the two header checks (we also already use both of these
headers, unguarded, in the !windows part of the codebase).
Squash the two *iffaddrs defines into one, as I haven't seen an
iffaddrs.h that implements one, but not the other.
edde96376a2961dec3730331b3d171ddf972589f cmake: Respect user-provided configuration-specific flags (Hennadii Stepanov)
Pull request description:
This PR addresses [this](https://github.com/bitcoin/bitcoin/issues/31491#issuecomment-2542140874) comment:
> I suppose that should only happen if the `-O3` isn't coming from an explicitly set `CMAKE_CXX_FLAGS_RELEASE`.
With this PR:
```
$ cmake -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_FLAGS_RELEASE="-O3"
<snip>
C++ compiler flags .................... -O3 -std=c++20 -fPIC -fno-extended-identifiers -fdebug-prefix-map=/home/hebasto/dev/bitcoin/src=. -fmacro-prefix-map=/home/hebasto/dev/bitcoin/src=. -fstack-reuse=none -Wall -Wextra -Wformat -Wformat-security -Wvla -Wredundant-decls -Wdate-time -Wduplicated-branches -Wduplicated-cond -Wlogical-op -Woverloaded-virtual -Wsuggest-override -Wimplicit-fallthrough -Wunreachable-code -Wbidi-chars=any -Wundef -Wno-unused-parameter -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -Wstack-protector -fstack-protector-all -fcf-protection=full -fstack-clash-protection
Linker flags .......................... -O3 -fstack-reuse=none -fstack-protector-all -fcf-protection=full -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,separate-code -fPIE -pie
```
and
```
$ cmake -B build -DCMAKE_BUILD_TYPE=Release
<snip>
C++ compiler flags .................... -O2 -std=c++20 -fPIC -fno-extended-identifiers -fdebug-prefix-map=/home/hebasto/dev/bitcoin/src=. -fmacro-prefix-map=/home/hebasto/dev/bitcoin/src=. -fstack-reuse=none -Wall -Wextra -Wformat -Wformat-security -Wvla -Wredundant-decls -Wdate-time -Wduplicated-branches -Wduplicated-cond -Wlogical-op -Woverloaded-virtual -Wsuggest-override -Wimplicit-fallthrough -Wunreachable-code -Wbidi-chars=any -Wundef -Wno-unused-parameter -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -Wstack-protector -fstack-protector-all -fcf-protection=full -fstack-clash-protection
Linker flags .......................... -O2 -fstack-reuse=none -fstack-protector-all -fcf-protection=full -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,separate-code -fPIE -pie
```
When calling `cmake` repeatedly using the same build directory, each newly provided `CMAKE_CXX_FLAGS_RELEASE` value will be accommodated. In such a scenario, if the user wishes to revert to the build system defaults, they should unset the `CMAKE_CXX_FLAGS_RELEASE` variable by passing `-UCMAKE_CXX_FLAGS_RELEASE` to `cmake`.
---
This PR does not aim to resolve _all_ issues mentioned in https://github.com/bitcoin/bitcoin/issues/31491.
ACKs for top commit:
purpleKarrot:
ACK edde96376a2961dec3730331b3d171ddf972589f
janb84:
ACK [edde963](edde96376a)
ryanofsky:
Code review ACK edde96376a2961dec3730331b3d171ddf972589f
Tree-SHA512: 1fbc879bd02cf0be726ced490f65985e728f0686ccb3a32cd38787b56377aa666e1965448e5069515abc814df49a0083c8000bc3f6f322f5f395695638168fb6
1372eb09c5d031315bc6cde34f7a15297e96f4cc doc: swap "Docker image" for "container image" (fanquake)
Pull request description:
I haven't used Docker for some time (now Podman), and the images are generic, so just use "container image". I'll be pushing some changes to https://github.com/fanquake/core-review/tree/master/guix, to reflect this.
ACKs for top commit:
janb84:
ACK 1372eb09c5
laanwj:
ACK 1372eb09c5d031315bc6cde34f7a15297e96f4cc
hebasto:
ACK 1372eb09c5d031315bc6cde34f7a15297e96f4cc.
Tree-SHA512: 45bb74d25a0faf7e5c3666d6897fb6b999144308c43cdf8a290d3a4210285b1e95286d27bb3d90bc50be4784c2242ad3f93794086f4634439a46a48ff68c7343
fa24fdcb7f474e6959ae4d8fe9759d365c6c021b lint: Remove string exclusion from locale check (MarcoFalke)
Pull request description:
The exclusion isn't needed. In fact, it prevents detection of `"bla" + wrong()`.
For example, the following is not detected:
```diff
diff --git a/src/wallet/rpc/addresses.cpp b/src/wallet/rpc/addresses.cpp
index 1c2951deee..c1209013e5 100644
--- a/src/wallet/rpc/addresses.cpp
+++ b/src/wallet/rpc/addresses.cpp
@@ -336,7 +336,8 @@ RPCHelpMan addmultisigaddress()
RPCHelpMan keypoolrefill()
{
return RPCHelpMan{"keypoolrefill",
- "\nFills the keypool."+
+ "\nRefills each descriptor keypool in the wallet up to the specified number of new keys.\n"
+ "By default, descriptor wallets have 4 active ranged descriptors (\"legacy\", \"p2sh-segwit\", \"bech32\", and \"bech32m\"), each with " + std::to_string(DEFAULT_KEYPOOL_SIZE) + " entries.\n" +
HELP_REQUIRING_PASSPHRASE,
{
{"newsize", RPCArg::Type::NUM, RPCArg::DefaultHint{strprintf("%u, or as set by -keypool", DEFAULT_KEYPOOL_SIZE)}, "The new keypool size"},
```
Fix the script by detecting it.
ACKs for top commit:
laanwj:
Code review ACK fa24fdcb7f474e6959ae4d8fe9759d365c6c021b.
rkrux:
ACK fa24fdcb7f474e6959ae4d8fe9759d365c6c021b
w0xlt:
ACK fa24fdcb7f
Tree-SHA512: cb7e6ed9fec5d2089e94031329ebf26b83a1814ffbbbca94f7527c127bc759d13c0f4ea79b71ff7f5f009d071dcf01958c8921163d6dc5e1ae6256cc40b57eea
4e8ab5e00fa72016a7ec0e0505ca025d4e59e4d8 crypto: disable ASan for sha256_sse4 with Clang (fanquake)
Pull request description:
This also fails to compile when optimisations are being used, see: https://github.com/bitcoin/bitcoin/issues/31913.
So just disable ASan under any optimisation level.
Closes#31913.
ACKs for top commit:
maflcko:
lgtm ACK 4e8ab5e00fa72016a7ec0e0505ca025d4e59e4d8
davidgumberg:
Tested ACK 4e8ab5e00f
laanwj:
Code review ACK 4e8ab5e00fa72016a7ec0e0505ca025d4e59e4d8
Tree-SHA512: 680fb424f43b35730e03e0c7443c80445a2cf423d4f9161414ea22fea0b955f49197f8a96d1241896d981c6c13814d3eb7b5e4d8c9138813fb69e437ac4768ea
ff35a4b021e12ae33e28c01ffeeb2c1916f7a487 docs: Improve `keypoolrefill` RPC docs (w0xlt)
Pull request description:
Update `keypoolrefill` RPC docs to make it clear that descriptor wallets have 4 ScriptPubKeyManagers by default and each of them is updated in this command, as suggested https://github.com/bitcoin/bitcoin/issues/29924#issuecomment-2849321859
Closes https://github.com/bitcoin/bitcoin/issues/29924
ACKs for top commit:
achow101:
ACK ff35a4b021e12ae33e28c01ffeeb2c1916f7a487
brunoerg:
code review ACK ff35a4b021e12ae33e28c01ffeeb2c1916f7a487
Tree-SHA512: b6b9abe3fecebf9551b4ce9280794292c6ac44ccaeb2b9d60eeb4b2c177fe8372d0fe103f99c9cc0baeb2559ec019d1c495c233f24a600531153a38eeacb9670
e08e6567f2e7e3e3acaa038e3302f069b9a3c54c test: remove assert_dump since it is not used anymore (kevkevinpal)
4b6dd9790b667455ad7de58c67b3f7c9bc50657c test: remove bdb assert in tool_wallet.py (kevkevinpal)
Pull request description:
As suggested in https://github.com/bitcoin/bitcoin/pull/32438#issuecomment-2859123413
legacy wallet and the BDB dependency was removed (https://github.com/bitcoin/bitcoin/pull/28710) so this assert is safe to delete
ACKs for top commit:
davidgumberg:
reACK e08e6567f2
achow101:
ACK e08e6567f2e7e3e3acaa038e3302f069b9a3c54c
brunoerg:
reACK e08e6567f2e7e3e3acaa038e3302f069b9a3c54c
theStack:
re-ACK e08e6567f2e7e3e3acaa038e3302f069b9a3c54c
Tree-SHA512: 6417537d7b9b5da6039dfcc94a86107211d57dcca43becea6f95d4a95f342e12918b0ff6a562261ba538b7b206de7d327e52bdb7d49e353f1917df8668558a99
Also, support serialization of lists of byte-strings as PSBTMap values,
which will be simply concatenated without any compact-size prefixes
(neither for the individual items nor for the size of the list).
Using helper variables has two issues:
1. They contaminate the global namespace of the main build script.
2. They can be used as `set(var)`, effectively exposing a cache variable
`var`, which makes the toolchain file susceptible to the build
environment.
In most cases throughout the wallet, the implicit conversion from `Txid` to
`const uint256&` works. However, `commitBumpTransaction` requires a `uint256&`
out parameter, so `bumped_txid` in `feebumper::CommitTransaction` is also
updated here to use `Txid`.
de054df6dc32cbd8b127c6761d9c65d95025e08f contrib: Remove legacy wallet RPCs from bash completions (Ava Chow)
5dff04a1bba887043616a24590a8df752620f1c3 legacy spkm: Make IsMine() and CanProvide() private and migration only (Ava Chow)
c0f3f3264ff7f17c39c00c4409a48580f98d4f57 wallet: Remove unused db functions (Ava Chow)
83af1a3cca7e8dabe724f1a3258860c40bc8216d wallet: Delete LegacySPKM (Ava Chow)
8ede6dea0c55bb4afefa790b83dd4da48a2f84da wallet, rpc: Remove legacy wallet only RPCs (Ava Chow)
4de3cec28dfb3186a2263f28ab2f6481820fd550 test: rpcs disabled for descriptor wallets will be removed (Ava Chow)
84f671b01df4e6ce81e2d6284371a4326a04d47e test: Run multisig script limit test (Ava Chow)
810476f31e42aa7ed36a684c45accf4d337b3b24 test: Remove unused options and variables, correct comments (Ava Chow)
04a7a7a28cdca46d977e474436f7447157a52208 build, wallet, doc: Remove BDB (Ava Chow)
Pull request description:
The final step of #20160.
A bare minimum of legacy wallet code is kept in order to perform wallet migration. Migration of legacy wallets uses the independent BDB parser and a minimal `LegacyDataSPKM` that allows the legacy data to be loaded so that the migration can be completed.
BDB has been removed as a dependency and documentation have been updated to reflect that.
ACKs for top commit:
Sjors:
re-ACK de054df6dc32cbd8b127c6761d9c65d95025e08f
maflcko:
re-ACK de054df6dc32cbd8b127c6761d9c65d95025e08 🔗
w0xlt:
reACK de054df6dc
rkrux:
Concept ACK de054df6dc32cbd8b127c6761d9c65d95025e08f
Tree-SHA512: 16a6c265bc1ada5e7a5ef9b95f0ff65015672ca46d9a43b7e10d60e9e085052e9bbfe01ac3e494cc606afb652a1b476b10e434d13e9877b67d2cb0196a9bd190
