aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/Doxyfile.in2
-rw-r--r--doc/build-osx.md2
-rw-r--r--doc/build-unix.md55
-rw-r--r--doc/build-windows.md2
-rw-r--r--doc/dependencies.md2
-rw-r--r--doc/developer-notes.md5
-rw-r--r--doc/external-signer.md171
-rw-r--r--doc/files.md1
-rw-r--r--doc/release-notes-18466.md10
9 files changed, 232 insertions, 18 deletions
diff --git a/doc/Doxyfile.in b/doc/Doxyfile.in
index 2f79168212..21bf587eaf 100644
--- a/doc/Doxyfile.in
+++ b/doc/Doxyfile.in
@@ -2073,7 +2073,7 @@ INCLUDE_FILE_PATTERNS =
# recursively expanded use the := operator instead of the = operator.
# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
-PREDEFINED = HAVE_BOOST_PROCESS
+PREDEFINED = ENABLE_EXTERNAL_SIGNER
# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then this
# tag can be used to specify a list of macro names that should be expanded. The
diff --git a/doc/build-osx.md b/doc/build-osx.md
index 04ee43f81d..52a734c80a 100644
--- a/doc/build-osx.md
+++ b/doc/build-osx.md
@@ -19,7 +19,7 @@ Then install [Homebrew](https://brew.sh).
## Dependencies
```shell
-brew install automake libtool boost miniupnpc libnatpmp pkg-config python qt libevent qrencode
+brew install automake libtool boost miniupnpc libnatpmp pkg-config python qt@5 libevent qrencode
```
If you run into issues, check [Homebrew's troubleshooting page](https://docs.brew.sh/Troubleshooting).
diff --git a/doc/build-unix.md b/doc/build-unix.md
index 150b447e68..d7e0ff705d 100644
--- a/doc/build-unix.md
+++ b/doc/build-unix.md
@@ -82,25 +82,24 @@ Build requirements:
Now, you can either build from self-compiled [depends](/depends/README.md) or install the required dependencies:
- sudo apt-get install libevent-dev libboost-system-dev libboost-filesystem-dev libboost-test-dev
+ sudo apt-get install libevent-dev libboost-dev libboost-system-dev libboost-filesystem-dev libboost-test-dev
-BerkeleyDB is required for the wallet.
+Berkeley DB is required for the wallet.
Ubuntu and Debian have their own `libdb-dev` and `libdb++-dev` packages, but these will install
-BerkeleyDB 5.1 or later. This will break binary wallet compatibility with the distributed executables, which
+Berkeley DB 5.1 or later. This will break binary wallet compatibility with the distributed executables, which
are based on BerkeleyDB 4.8. If you do not care about wallet compatibility,
pass `--with-incompatible-bdb` to configure.
-Otherwise, you can build from self-compiled `depends` (see above).
+Otherwise, you can build Berkeley DB [yourself](#berkeley-db).
-SQLite is required for the wallet:
+SQLite is required for the descriptor wallet:
sudo apt install libsqlite3-dev
-To build Bitcoin Core without wallet, see [*Disable-wallet mode*](/doc/build-unix.md#disable-wallet-mode)
+To build Bitcoin Core without wallet, see [*Disable-wallet mode*](#disable-wallet-mode)
-
-Optional port mapping libraries (see: `--with-miniupnpc`, and `--enable-upnp-default`, `--with-natpmp`, `--enable-natpmp-default`):
+Optional port mapping libraries (see: `--with-miniupnpc`, `--enable-upnp-default`, and `--with-natpmp`, `--enable-natpmp-default`):
sudo apt install libminiupnpc-dev libnatpmp-dev
@@ -132,9 +131,30 @@ built by default.
Build requirements:
- sudo dnf install gcc-c++ libtool make autoconf automake libevent-devel boost-devel libdb4-devel libdb4-cxx-devel python3
+ sudo dnf install gcc-c++ libtool make autoconf automake python3
+
+Now, you can either build from self-compiled [depends](/depends/README.md) or install the required dependencies:
+
+ sudo dnf install libevent-devel boost-devel
+
+Berkeley DB is required for the wallet:
+
+ sudo dnf install libdb4-devel libdb4-cxx-devel
+
+Newer Fedora releases, since Fedora 33, have only `libdb-devel` and `libdb-cxx-devel` packages, but these will install
+Berkeley DB 5.3 or later. This will break binary wallet compatibility with the distributed executables, which
+are based on Berkeley DB 4.8. If you do not care about wallet compatibility,
+pass `--with-incompatible-bdb` to configure.
+
+Otherwise, you can build Berkeley DB [yourself](#berkeley-db).
+
+SQLite is required for the descriptor wallet:
+
+ sudo dnf install sqlite-devel
+
+To build Bitcoin Core without wallet, see [*Disable-wallet mode*](#disable-wallet-mode)
-Optional port mapping libraries (see: `--with-miniupnpc`, and `--enable-upnp-default`, `--with-natpmp`, `--enable-natpmp-default`):
+Optional port mapping libraries (see: `--with-miniupnpc`, `--enable-upnp-default`, and `--with-natpmp`, `--enable-natpmp-default`):
sudo dnf install miniupnpc-devel libnatpmp-devel
@@ -142,6 +162,12 @@ ZMQ dependencies (provides ZMQ API):
sudo dnf install zeromq-devel
+GUI dependencies:
+
+If you want to build bitcoin-qt, make sure that the required packages for Qt development
+are installed. Qt 5 is necessary to build the GUI.
+To build without GUI pass `--without-gui`.
+
To build with Qt 5 you need the following:
sudo dnf install qt5-qttools-devel qt5-qtbase-devel
@@ -150,9 +176,8 @@ libqrencode (optional) can be installed with:
sudo dnf install qrencode-devel
-SQLite can be installed with:
-
- sudo dnf install sqlite-devel
+Once these are installed, they will be found by configure and a bitcoin-qt executable will be
+built by default.
Notes
-----
@@ -193,7 +218,9 @@ like so:
from the root of the repository.
-**Note**: You only need Berkeley DB if the wallet is enabled (see [*Disable-wallet mode*](/doc/build-unix.md#disable-wallet-mode)).
+Otherwise, you can build Bitcoin Core from self-compiled [depends](/depends/README.md).
+
+**Note**: You only need Berkeley DB if the wallet is enabled (see [*Disable-wallet mode*](#disable-wallet-mode)).
Boost
-----
diff --git a/doc/build-windows.md b/doc/build-windows.md
index 28b6aceb3c..d1b84eef42 100644
--- a/doc/build-windows.md
+++ b/doc/build-windows.md
@@ -103,7 +103,7 @@ Build using:
cd depends
make HOST=x86_64-w64-mingw32
cd ..
- ./autogen.sh # not required when building from tarball
+ ./autogen.sh
CONFIG_SITE=$PWD/depends/x86_64-w64-mingw32/share/config.site ./configure --prefix=/
make
sudo bash -c "echo 1 > /proc/sys/fs/binfmt_misc/status" # Enable WSL support for Win32 applications.
diff --git a/doc/dependencies.md b/doc/dependencies.md
index 6b2b904632..159c6bcc28 100644
--- a/doc/dependencies.md
+++ b/doc/dependencies.md
@@ -21,7 +21,7 @@ These are the dependencies currently used by Bitcoin Core. You can find instruct
| PCRE | | | | | [Yes](https://github.com/bitcoin/bitcoin/blob/master/depends/packages/qt.mk) |
| Python (tests) | | [3.6](https://www.python.org/downloads) | | | |
| qrencode | [3.4.4](https://fukuchi.org/works/qrencode) | | No | | |
-| Qt | [5.9.8](https://download.qt.io/official_releases/qt/) | [5.5.1](https://github.com/bitcoin/bitcoin/issues/13478) | No | | |
+| Qt | [5.9.8](https://download.qt.io/official_releases/qt/) | [5.9.5](https://github.com/bitcoin/bitcoin/issues/20104) | No | | |
| SQLite | [3.32.1](https://sqlite.org/download.html) | [3.7.17](https://github.com/bitcoin/bitcoin/pull/19077) | | | |
| XCB | | | | | [Yes](https://github.com/bitcoin/bitcoin/blob/master/depends/packages/qt.mk) (Linux only) |
| xkbcommon | | | | | [Yes](https://github.com/bitcoin/bitcoin/blob/master/depends/packages/qt.mk) (Linux only) |
diff --git a/doc/developer-notes.md b/doc/developer-notes.md
index 011c38321c..8f2d7af089 100644
--- a/doc/developer-notes.md
+++ b/doc/developer-notes.md
@@ -785,6 +785,11 @@ Threads and synchronization
get compile-time warnings about potential race conditions in code. Combine annotations in function declarations with
run-time asserts in function definitions:
+ - In functions that are declared separately from where they are defined, the
+ thread safety annotations should be added exclusively to the function
+ declaration. Annotations on the definition could lead to false positives
+ (lack of compile failure) at call sites between the two.
+
```C++
// txmempool.h
class CTxMemPool
diff --git a/doc/external-signer.md b/doc/external-signer.md
new file mode 100644
index 0000000000..c91ea9bab7
--- /dev/null
+++ b/doc/external-signer.md
@@ -0,0 +1,171 @@
+# Support for signing transactions outside of Bitcoin Core
+
+Bitcoin Core can be launched with `-signer=<cmd>` where `<cmd>` is an external tool which can sign transactions and perform other functions. For example, it can be used to communicate with a hardware wallet.
+
+## Example usage
+
+The following example is based on the [HWI](https://github.com/bitcoin-core/HWI) tool. Although this tool is hosted under the Bitcoin Core GitHub organization and maintained by Bitcoin Core developers, it should be used with caution. It is considered experimental and has far less review than Bitcoin Core itself. Be particularly careful when running tools such as these on a computer with private keys on it.
+
+When using a hardware wallet, consult the manufacturer website for (alternative) software they recommend. As long as their software conforms to the standard below, it should be able to work with Bitcoin Core.
+
+Start Bitcoin Core:
+
+```sh
+$ bitcoind -signer=../HWI/hwi.py
+```
+
+### Device setup
+
+Follow the hardware manufacturers instructions for the initial device setup, as well as their instructions for creating a backup. Alternatively, for some devices, you can use the `setup`, `restore` and `backup` commands provided by [HWI](https://github.com/bitcoin-core/HWI).
+
+### Create wallet and import keys
+
+Get a list of signing devices / services:
+
+```
+$ bitcoin-cli enumeratesigners
+{
+ "signers": [
+ {
+ "fingerprint": "c8df832a"
+ }
+]
+```
+
+The master key fingerprint is used to identify a device.
+
+Create a wallet, this automatically imports the public keys:
+
+```sh
+$ bitcoin-cli createwallet "hww" true true "" true true true
+```
+
+### Verify an address
+
+Display an address on the device:
+
+```sh
+$ bitcoin-cli -rpcwallet=<wallet> getnewaddress
+$ bitcoin-cli -rpcwallet=<wallet> signerdisplayaddress <address>
+```
+
+Replace `<address>` with the result of `getnewaddress`.
+
+### Spending
+
+Under the hood this uses a [Partially Signed Bitcoin Transaction](psbt.md).
+
+```sh
+$ bitcoin-cli -rpcwallet=<wallet> sendtoaddress <address> <amount>
+```
+
+This prompts your hardware wallet to sign, and fail if it's not connected. If successful
+it automatically broadcasts the transaction.
+
+```sh
+{"complete": true, "txid": <txid>}
+```
+
+## Signer API
+
+In order to be compatible with Bitcoin Core any signer command should conform to the specification below. This specification is subject to change. Ideally a BIP should propose a standard so that other wallets can also make use of it.
+
+Prerequisite knowledge:
+* [Output Descriptors](descriptors.md)
+* Partially Signed Bitcoin Transaction ([PSBT](psbt.md))
+
+### `enumerate` (required)
+
+Usage:
+```
+$ <cmd> enumerate
+[
+ {
+ "fingerprint": "00000000"
+ }
+]
+```
+
+The command MUST return an (empty) array with at least a `fingerprint` field.
+
+A future extension could add an optional return field with device capabilities. Perhaps a descriptor with wildcards. For example: `["pkh("44'/0'/$'/{0,1}/*"), sh(wpkh("49'/0'/$'/{0,1}/*")), wpkh("84'/0'/$'/{0,1}/*")]`. This would indicate the device supports legacy, wrapped SegWit and native SegWit. In addition it restricts the derivation paths that can used for those, to maintain compatibility with other wallet software. It also indicates the device, or the driver, doesn't support multisig.
+
+A future extension could add an optional return field `reachable`, in case `<cmd>` knows a signer exists but can't currently reach it.
+
+### `signtransaction` (required)
+
+Usage:
+```
+$ <cmd> --fingerprint=<fingerprint> (--testnet) signtransaction <psbt>
+base64_encode_signed_psbt
+```
+
+The command returns a psbt with any signatures.
+
+The `psbt` SHOULD include bip32 derivations. The command SHOULD fail if none of the bip32 derivations match a key owned by the device.
+
+The command SHOULD fail if the user cancels.
+
+The command MAY complain if `--testnet` is set, but any of the BIP32 derivation paths contain a coin type other than `1h` (and vice versa).
+
+### `getdescriptors` (optional)
+
+Usage:
+
+```
+$ <cmd> --fingerprint=<fingerprint> (--testnet) getdescriptors <account>
+<xpub>
+```
+
+Returns descriptors supported by the device. Example:
+
+```
+$ <cmd> --fingerprint=00000000 --testnet getdescriptors
+{
+ "receive": [
+ "pkh([00000000/44h/0h/0h]xpub6C.../0/*)#fn95jwmg",
+ "sh(wpkh([00000000/49h/0h/0h]xpub6B..../0/*))#j4r9hntt",
+ "wpkh([00000000/84h/0h/0h]xpub6C.../0/*)#qw72dxa9"
+ ],
+ "internal": [
+ "pkh([00000000/44h/0h/0h]xpub6C.../1/*)#c8q40mts",
+ "sh(wpkh([00000000/49h/0h/0h]xpub6B..../1/*))#85dn0v75",
+ "wpkh([00000000/84h/0h/0h]xpub6C..../1/*)#36mtsnda"
+ ]
+}
+```
+
+### `displayaddress` (optional)
+
+Usage:
+```
+<cmd> --fingerprint=<fingerprint> (--testnet) displayaddress --desc descriptor
+```
+
+Example, display the first native SegWit receive address on Testnet:
+
+```
+<cmd> --fingerprint=00000000 --testnet displayaddress --desc "wpkh([00000000/84h/1h/0h]tpubDDUZ..../0/0)"
+```
+
+The command MUST be able to figure out the address type from the descriptor.
+
+If <descriptor> contains a master key fingerprint, the command MUST fail if it does not match the fingerprint known by the device.
+
+If <descriptor> contains an xpub, the command MUST fail if it does not match the xpub known by the device.
+
+The command MAY complain if `--testnet` is set, but the BIP32 coin type is not `1h` (and vice versa).
+
+## How Bitcoin Core uses the Signer API
+
+The `enumeratesigners` RPC simply calls `<cmd> enumerate`.
+
+The `createwallet` RPC calls:
+
+* `<cmd> --fingerprint=00000000 getdescriptors 0`
+
+It then imports descriptors for all support address types, in a BIP44/49/84 compatible manner.
+
+The `displayaddress` RPC reuses some code from `getaddressinfo` on the provided address and obtains the inferred descriptor. It then calls `<cmd> --fingerprint=00000000 displayaddress --desc=<descriptor>`.
+
+`sendtoaddress` and `sendmany` check `inputs->bip32_derivs` to see if any inputs have the same `master_fingerprint` as the signer. If so, it calls `<cmd> --fingerprint=00000000 signtransaction <psbt>`. It waits for the device to return a (partially) signed psbt, tries to finalize it and broadcasts the transaction.
diff --git a/doc/files.md b/doc/files.md
index 545e8fc92c..a80adf30ea 100644
--- a/doc/files.md
+++ b/doc/files.md
@@ -64,6 +64,7 @@ Subdirectory | File(s) | Description
`./` | `ip_asn.map` | IP addresses to Autonomous System Numbers (ASNs) mapping used for bucketing of the peers; path can be specified with the `-asmap` option
`./` | `mempool.dat` | Dump of the mempool's transactions
`./` | `onion_v3_private_key` | Cached Tor onion service private key for `-listenonion` option
+`./` | `i2p_private_key` | Private key that corresponds to our I2P address. When `-i2psam=` is specified the contents of this file is used to identify ourselves for making outgoing connections to I2P peers and possibly accepting incoming ones. Automatically generated if it does not exist.
`./` | `peers.dat` | Peer IP address database (custom format)
`./` | `settings.json` | Read-write settings set through GUI or RPC interfaces, augmenting manual settings from [bitcoin.conf](bitcoin-conf.md). File is created automatically if read-write settings storage is not disabled with `-nosettings` option. Path can be specified with `-settings` option
`./` | `.cookie` | Session RPC authentication cookie; if used, created at start and deleted on shutdown; can be specified by `-rpccookiefile` option
diff --git a/doc/release-notes-18466.md b/doc/release-notes-18466.md
new file mode 100644
index 0000000000..e46d5064a3
--- /dev/null
+++ b/doc/release-notes-18466.md
@@ -0,0 +1,10 @@
+Low-level RPC changes
+---------------------
+
+- Error codes have been updated to be more accurate for the following error cases (#18466):
+ - `signmessage` now returns RPC_INVALID_ADDRESS_OR_KEY (-5) if the
+ passed address is invalid. Previously returned RPC_TYPE_ERROR (-3).
+ - `verifymessage` now returns RPC_INVALID_ADDRESS_OR_KEY (-5) if the
+ passed address is invalid. Previously returned RPC_TYPE_ERROR (-3).
+ - `verifymessage` now returns RPC_TYPE_ERROR (-3) if the passed signature
+ is malformed. Previously returned RPC_INVALID_ADDRESS_OR_KEY (-5).
generated by cgit v1.2.3 (git 2.26.2) at 2024-09-15 12:29:09 +0000