15 files changed, 228 insertions, 215 deletions
diff --git a/share/certs/BitcoinFoundation_Apple_Cert.pem b/share/certs/BitcoinFoundation_Apple_Cert.pem
deleted file mode 100644
index beb0d7073c..0000000000
--- a/share/certs/BitcoinFoundation_Apple_Cert.pem
+++ /dev/null
@@ -1,37 +0,0 @@
-Bag Attributes
-    friendlyName: Developer ID Application: BITCOIN FOUNDATION, INC., THE
-    localKeyID: 6B 9C 6C A8 A5 73 70 70 E2 57 A3 49 D8 62 FB 97 C7 A5 5D 5E 
-subject=/UID=PBV4GLS9J4/CN=Developer ID Application: BITCOIN FOUNDATION, INC., THE/OU=PBV4GLS9J4/O=BITCOIN FOUNDATION, INC., THE/C=US
-issuer=/CN=Developer ID Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US
------BEGIN CERTIFICATE-----
-MIIFhzCCBG+gAwIBAgIIJ0r1rumyfZAwDQYJKoZIhvcNAQELBQAweTEtMCsGA1UE
-AwwkRGV2ZWxvcGVyIElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQL
-DB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUg
-SW5jLjELMAkGA1UEBhMCVVMwHhcNMTMwMTEwMjIzOTAxWhcNMTgwMTExMjIzOTAx
-WjCBqDEaMBgGCgmSJomT8ixkAQEMClBCVjRHTFM5SjQxQDA+BgNVBAMMN0RldmVs
-b3BlciBJRCBBcHBsaWNhdGlvbjogQklUQ09JTiBGT1VOREFUSU9OLCBJTkMuLCBU
-SEUxEzARBgNVBAsMClBCVjRHTFM5SjQxJjAkBgNVBAoMHUJJVENPSU4gRk9VTkRB
-VElPTiwgSU5DLiwgVEhFMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBALTd5zURuZVoJviusr119aktXksenb9IN9vq6kBbq38vxEk7
-9wkKMES2XfBRh0HxcEizGzhMNy5OCXuTLMaNMihYdfwYSoBoR2foEU+6kjPUnyJ4
-dQBFLJZJr5/QeQmALmYHEgZ6lwXFD2lU8t92340zeJ4y5LZw5pcEHtH9IummYDut
-OGCkCGXDcjL+5nHhNScJiXHhswM+62o6XXsQiP6EWbM1CsgrGTNLtaa0U/UvVDwE
-79YKklSC5Bog2LD0jBcTuveI66mFzqu++L9X9u+ZArtebwCl7BPNQ+uboYy5uV2d
-zf8lpNNZLfXCFjoLe9bLICKfZ7ub9V5aC8+GhckCAwEAAaOCAeEwggHdMD4GCCsG
-AQUFBwEBBDIwMDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuYXBwbGUuY29tL29j
-c3AtZGV2aWQwMTAdBgNVHQ4EFgQUa5xsqKVzcHDiV6NJ2GL7l8elXV4wDAYDVR0T
-AQH/BAIwADAfBgNVHSMEGDAWgBRXF+2iz9x8mKEQ4Py+hy0s8uMXVDCCAQ4GA1Ud
-IASCAQUwggEBMIH+BgkqhkiG92NkBQEwgfAwKAYIKwYBBQUHAgEWHGh0dHA6Ly93
-d3cuYXBwbGUuY29tL2FwcGxlY2EwgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ug
-b24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRh
-bmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNv
-bmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmlj
-YXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wDgYDVR0PAQH/BAQDAgeAMBYGA1Ud
-JQEB/wQMMAoGCCsGAQUFBwMDMBMGCiqGSIb3Y2QGAQ0BAf8EAgUAMA0GCSqGSIb3
-DQEBCwUAA4IBAQAfJ0BjID/1dS2aEeVyhAzPzCBjG8vm0gDf+/qfwRn3+yWeL9vS
-nMdbilwM48IyQWTagjGGcojbsAd/vE4N7NhQyHInoCllNoeor1I5xx+blTaGRBK+
-dDhJbbdlGCjsLnH/BczGZi5fyEJds9lUIrp1hJidRcUKO76qb/9gc6qNZpl1vH5k
-lDUuJYt7YhAs+L6rTXDyqcK9maeQr0gaOPsRRAQLLwiQCorPeMTUNsbVMdMwZYJs
-R+PxiAnk+nyi7rfiFvPoASAYUuI6OzYL/Fa6QU4/gYyPgic944QYVkaQBnc0vEP1
-nXq6LGKwgVGcqJnkr/E2kui5gJoV5C3qll3e
------END CERTIFICATE-----
diff --git a/share/certs/BitcoinFoundation_Comodo_Cert.pem b/share/certs/BitcoinFoundation_Comodo_Cert.pem
deleted file mode 100644
index dc752d455c..0000000000
--- a/share/certs/BitcoinFoundation_Comodo_Cert.pem
+++ /dev/null
@@ -1,37 +0,0 @@
-Bag Attributes
-    friendlyName: The Bitcoin Foundation, Inc.'s COMODO CA Limited ID
-    localKeyID: 8C 94 64 E3 B5 B0 41 89 5B 89 B0 57 CC 74 B9 44 E5 B2 92 66 
-subject=/C=US/postalCode=98104-1444/ST=WA/L=Seattle/street=Suite 300/street=71 Columbia St/O=The Bitcoin Foundation, Inc./CN=The Bitcoin Foundation, Inc.
-issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2
------BEGIN CERTIFICATE-----
-MIIFeDCCBGCgAwIBAgIRAJVYMd+waOER7lUqtiz3M2IwDQYJKoZIhvcNAQEFBQAw
-ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
-A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxITAfBgNV
-BAMTGENPTU9ETyBDb2RlIFNpZ25pbmcgQ0EgMjAeFw0xMzAxMTYwMDAwMDBaFw0x
-NDAxMTYyMzU5NTlaMIG8MQswCQYDVQQGEwJVUzETMBEGA1UEEQwKOTgxMDQtMTQ0
-NDELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUxEjAQBgNVBAkMCVN1aXRl
-IDMwMDEXMBUGA1UECQwONzEgQ29sdW1iaWEgU3QxJTAjBgNVBAoMHFRoZSBCaXRj
-b2luIEZvdW5kYXRpb24sIEluYy4xJTAjBgNVBAMMHFRoZSBCaXRjb2luIEZvdW5k
-YXRpb24sIEluYy4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChUwLD
-u/hu5aFZ/n11B27awONaaDrmHm0pamiWHb01yL4JmTBtaLCrSftF8RhCscQ8jpI0
-UG1Cchmay0e3zH5o5XRs0H9C3x+SM5ozms0TWDmAYiB8aQEghsGovDk0D2nyTQeK
-Q0xqyCh0m8ZPOnMnYrakHEmF6WvhLdJvI6Od4KIwbKxgN17cPFIfLVsZ7GrzmmbU
-Gdi4wSQCHy5rxzvBxho8Qq/SfBl93uOMUrqOHjOUAPhNuTJG3t/MdhU8Zp24s29M
-abHtYkT9W86hMjIiI8RTAR+WHKVglx9SB0cjDabXN8SZ3gME0+H++LyzlySHT8sI
-ykepojZ7UBRgp9w3AgMBAAGjggGzMIIBrzAfBgNVHSMEGDAWgBQexbEsfYfaAmh8
-JbwMB4Q/ts/e8TAdBgNVHQ4EFgQUfPf+ZyDWl/4LH0Y5BuJTelkRd/EwDgYDVR0P
-AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEQYJ
-YIZIAYb4QgEBBAQDAgQQMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMCMCswKQYI
-KwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMEEGA1UdHwQ6
-MDgwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET0NvZGVTaWdu
-aW5nQ0EyLmNybDByBggrBgEFBQcBAQRmMGQwPAYIKwYBBQUHMAKGMGh0dHA6Ly9j
-cnQuY29tb2RvY2EuY29tL0NPTU9ET0NvZGVTaWduaW5nQ0EyLmNydDAkBggrBgEF
-BQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCgGA1UdEQQhMB+BHWxpbmRz
-YXlAYml0Y29pbmZvdW5kYXRpb24ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAqibjo
-D4HG5XSIIMCmYE5RgQBSEAJfI+EZERk1G9F83ZUWr0yNRZCw4O+RaM7xQhvJhEoD
-G2kpk/q2bNOc71/VyZ6SrE1JRVUON41/Flhz4M6cP0BclTicXvh+efVwqZhIz+ws
-UxF2hvC/1Xx6rqI7NYAlOYXk2MSUq3HREo+gWUPKM8em4MZZV/7XCH4QbsfxOl1J
-xS6EOQmV8hfUN4KRXI5WfGUmedBxq7dM0RSJOSQl8fq2f+JjRLfjQwQucy7LDY+y
-pRTsL2TdQV/DuDuI3s0NHRGznQNddoX5jqpXhSQFAAdgrhN1gGkWaaTPzr9IF2TG
-qgr6PEp9tIYC+MbM
------END CERTIFICATE-----
diff --git a/share/certs/PrivateKeyNotes.md b/share/certs/PrivateKeyNotes.md
deleted file mode 100644
index da299d168f..0000000000
--- a/share/certs/PrivateKeyNotes.md
+++ /dev/null
@@ -1,46 +0,0 @@
-Code-signing private key notes
-==
-
-The private keys for these certificates were generated on Gavin's main work machine,
-following the certificate authoritys' recommendations for generating certificate
-signing requests.
-
-For OSX, the private key was generated by Keychain.app on Gavin's main work machine.
-The key and certificate is in a separate, passphrase-protected keychain file that is
-unlocked to sign the Bitcoin-Qt.app bundle.
-
-For Windows, the private key was generated by Firefox running on Gavin's main work machine.
-The key and certificate were exported into a separate, passphrase-protected PKCS#12 file, and
-then deleted from Firefox's keystore. The exported file is used to sign the Windows setup.exe.
-
-Threat analysis
---
-
-Gavin is a single point of failure. He could be coerced to divulge the secret signing keys,
-allowing somebody to distribute a Bitcoin-Qt.app or bitcoin-qt-setup.exe with a valid
-signature but containing a malicious binary.
-
-Or the machine Gavin uses to sign the binaries could be compromised, either remotely or
-by breaking in to his office, allowing the attacker to get the private key files and then
-install a keylogger to get the passphrase that protects them.
-
-Threat Mitigation
---
-
-"Air gapping" the machine used to do the signing will not work, because the signing
-process needs to access a timestamp server over the network. And it would not
-prevent the "rubber hose cryptography" threat (coercing Gavin to sign a bad binary
-or divulge the private keys).
-
-Windows binaries are reproducibly 'gitian-built', and the setup.exe file created
-by the NSIS installer system is a 7zip archive, so you could check to make sure
-that the bitcoin-qt.exe file inside the installer had not been tampered with.
-However, an attacker could modify the installer's code, so when the setup.exe
-was run it compromised users' systems. A volunteer to write an auditing tool
-that checks the setup.exe for tampering, and checks the files in it against
-the list of gitian signatures, is needed.
-
-The long-term solution is something like the 'gitian downloader' system, which
-uses signatures from multiple developers to determine whether or not a binary
-should be trusted. However, that just pushes the problem to "how will
-non-technical users securely get the gitian downloader code to start?"
diff --git a/share/examples/bitcoin.conf b/share/examples/bitcoin.conf
new file mode 100644
index 0000000000..4dd73162a2
--- /dev/null
+++ b/share/examples/bitcoin.conf
@@ -0,0 +1,147 @@
+##
+## bitcoin.conf configuration file. Lines beginning with # are comments.
+##
+ 
+# Network-related settings:
+
+# Run on the test network instead of the real bitcoin network.
+#testnet=0
+
+# Run a regression test network
+#regtest=0
+
+# Connect via a SOCKS5 proxy
+#proxy=127.0.0.1:9050
+
+# Bind to given address and always listen on it. Use [host]:port notation for IPv6
+#bind=<addr>
+
+# Bind to given address and whitelist peers connecting to it. Use [host]:port notation for IPv6
+#whitebind=<addr>
+
+##############################################################
+##            Quick Primer on addnode vs connect            ##
+##  Let's say for instance you use addnode=4.2.2.4          ##
+##  addnode will connect you to and tell you about the      ##
+##    nodes connected to 4.2.2.4.  In addition it will tell ##
+##    the other nodes connected to it that you exist so     ##
+##    they can connect to you.                              ##
+##  connect will not do the above when you 'connect' to it. ##
+##    It will *only* connect you to 4.2.2.4 and no one else.##
+##                                                          ##
+##  So if you're behind a firewall, or have other problems  ##
+##  finding nodes, add some using 'addnode'.                ##
+##                                                          ##
+##  If you want to stay private, use 'connect' to only      ##
+##  connect to "trusted" nodes.                             ##
+##                                                          ##
+##  If you run multiple nodes on a LAN, there's no need for ##
+##  all of them to open lots of connections.  Instead       ##
+##  'connect' them all to one node that is port forwarded   ##
+##  and has lots of connections.                            ##
+##       Thanks goes to [Noodle] on Freenode.               ##
+##############################################################
+
+# Use as many addnode= settings as you like to connect to specific peers
+#addnode=69.164.218.197
+#addnode=10.0.0.2:8333
+
+# Alternatively use as many connect= settings as you like to connect ONLY to specific peers
+#connect=69.164.218.197
+#connect=10.0.0.1:8333
+
+# Listening mode, enabled by default except when 'connect' is being used
+#listen=1
+
+# Maximum number of inbound+outbound connections.
+#maxconnections=
+
+#
+# JSON-RPC options (for controlling a running Bitcoin/bitcoind process)
+#
+
+# server=1 tells Bitcoin-Qt and bitcoind to accept JSON-RPC commands
+#server=0
+
+# Bind to given address to listen for JSON-RPC connections. Use [host]:port notation for IPv6.
+# This option can be specified multiple times (default: bind to all interfaces)
+#rpcbind=<addr>
+
+# If no rpcpassword is set, rpc cookie auth is sought. The default `-rpccookiefile` name
+# is .cookie and found in the `-datadir` being used for bitcoind. This option is typically used
+# when the server and client are run as the same user.
+#
+# If not, you must set rpcuser and rpcpassword to secure the JSON-RPC api. The first
+# method(DEPRECATED) is to set this pair for the server and client:
+#rpcuser=Ulysseys
+#rpcpassword=YourSuperGreatPasswordNumber_DO_NOT_USE_THIS_OR_YOU_WILL_GET_ROBBED_385593
+#
+# The second method `rpcauth` can be added to server startup argument. It is set at initialization time
+# using the output from the script in share/rpcauth/rpcauth.py after providing a username:
+#
+# ./share/rpcauth/rpcauth.py alice
+# String to be appended to bitcoin.conf:
+# rpcauth=alice:f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae
+# Your password:
+# DONT_USE_THIS_YOU_WILL_GET_ROBBED_8ak1gI25KFTvjovL3gAM967mies3E=
+#
+# On client-side, you add the normal user/password pair to send commands:
+#rpcuser=alice
+#rpcpassword=DONT_USE_THIS_YOU_WILL_GET_ROBBED_8ak1gI25KFTvjovL3gAM967mies3E=
+#
+# You can even add multiple entries of these to the server conf file, and client can use any of them:
+# rpcauth=bob:b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99
+
+# How many seconds bitcoin will wait for a complete RPC HTTP request.
+# after the HTTP connection is established. 
+#rpcclienttimeout=30
+
+# By default, only RPC connections from localhost are allowed.
+# Specify as many rpcallowip= settings as you like to allow connections from other hosts,
+# either as a single IPv4/IPv6 or with a subnet specification.
+
+# NOTE: opening up the RPC port to hosts outside your local trusted network is NOT RECOMMENDED,
+# because the rpcpassword is transmitted over the network unencrypted.
+
+# server=1 tells Bitcoin-Qt to accept JSON-RPC commands.
+# it is also read by bitcoind to determine if RPC should be enabled 
+#rpcallowip=10.1.1.34/255.255.255.0
+#rpcallowip=1.2.3.4/24
+#rpcallowip=2001:db8:85a3:0:0:8a2e:370:7334/96
+
+# Listen for RPC connections on this TCP port:
+#rpcport=8332
+
+# You can use Bitcoin or bitcoind to send commands to Bitcoin/bitcoind
+# running on another host using this option:
+#rpcconnect=127.0.0.1
+
+# Create transactions that have enough fees so they are likely to begin confirmation within n blocks (default: 6).
+# This setting is over-ridden by the -paytxfee option.
+#txconfirmtarget=n
+
+# Miscellaneous options
+
+# Pre-generate this many public/private key pairs, so wallet backups will be valid for
+# both prior transactions and several dozen future transactions.
+#keypool=100
+
+# Pay an optional transaction fee every time you send bitcoins.  Transactions with fees
+# are more likely than free transactions to be included in generated blocks, so may
+# be validated sooner.
+#paytxfee=0.00
+
+# Enable pruning to reduce storage requirements by deleting old blocks. 
+# This mode is incompatible with -txindex and -rescan.
+# 0 = default (no pruning).
+# 1 = allows manual pruning via RPC.
+# >=550 = target to stay under in MiB. 
+#prune=550
+
+# User interface options
+
+# Start Bitcoin minimized
+#min=1
+
+# Minimize to the system tray
+#minimizetotray=1
diff --git a/share/genbuild.sh b/share/genbuild.sh
index 1ef77d706f..38c9ba176c 100755
--- a/share/genbuild.sh
+++ b/share/genbuild.sh
@@ -1,6 +1,11 @@
 #!/bin/sh
+# Copyright (c) 2012-2016 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+export LC_ALL=C
 if [ $# -gt 1 ]; then
-    cd "$2"
+    cd "$2" || exit 1
 fi
 if [ $# -gt 0 ]; then
     FILE="$1"
@@ -13,9 +18,13 @@ else
     exit 1
 fi
 
+git_check_in_repo() {
+    ! { git status --porcelain -uall --ignored "$@" 2>/dev/null || echo '??'; } | grep -q '?'
+}
+
 DESC=""
 SUFFIX=""
-if [ -e "$(which git 2>/dev/null)" -a "$(git rev-parse --is-inside-work-tree 2>/dev/null)" = "true" ]; then
+if [ "${BITCOIN_GENBUILD_NO_GIT}" != "1" -a -e "$(which git 2>/dev/null)" -a "$(git rev-parse --is-inside-work-tree 2>/dev/null)" = "true" ] && git_check_in_repo share/genbuild.sh; then
     # clean 'dirty' status of touched files that haven't been modified
     git diff >/dev/null 2>/dev/null 
 
diff --git a/share/pixmaps/nsis-header.bmp b/share/pixmaps/nsis-header.bmp
index 9ab0ce2591..f54e249a0c 100644
--- a/share/pixmaps/nsis-header.bmp
+++ b/share/pixmaps/nsis-header.bmp
diff --git a/share/pixmaps/nsis-wizard.bmp b/share/pixmaps/nsis-wizard.bmp
index 71255c6850..1434952885 100644
--- a/share/pixmaps/nsis-wizard.bmp
+++ b/share/pixmaps/nsis-wizard.bmp
diff --git a/share/qt/Info.plist.in b/share/qt/Info.plist.in
index 6a34d64cd5..17b4ee47de 100644
--- a/share/qt/Info.plist.in
+++ b/share/qt/Info.plist.in
@@ -3,7 +3,7 @@
 <plist version="0.9">
 <dict>
   <key>LSMinimumSystemVersion</key>
-  <string>10.7.0</string>
+  <string>10.10.0</string>
 
   <key>LSArchitecturePriority</key>
   <array>
diff --git a/share/qt/extract_strings_qt.py b/share/qt/extract_strings_qt.py
index 9624abf1fc..76ef12eeec 100755
--- a/share/qt/extract_strings_qt.py
+++ b/share/qt/extract_strings_qt.py
@@ -1,11 +1,12 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
+# Copyright (c) 2012-2018 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
 '''
 Extract _("...") strings for translation and convert to Qt stringdefs so that
 they can be picked up by Qt linguist.
 '''
-from __future__ import division,print_function,unicode_literals
 from subprocess import Popen, PIPE
-import glob
 import operator
 import os
 import sys
@@ -56,13 +57,13 @@ XGETTEXT=os.getenv('XGETTEXT', 'xgettext')
 if not XGETTEXT:
     print('Cannot extract strings: xgettext utility is not installed or not configured.',file=sys.stderr)
     print('Please install package "gettext" and re-run \'./configure\'.',file=sys.stderr)
-    exit(1)
+    sys.exit(1)
 child = Popen([XGETTEXT,'--output=-','-n','--keyword=_'] + files, stdout=PIPE)
 (out, err) = child.communicate()
 
 messages = parse_po(out.decode('utf-8'))
 
-f = open(OUT_CPP, 'w')
+f = open(OUT_CPP, 'w', encoding="utf8")
 f.write("""
 
 #include <QtGlobal>
diff --git a/share/qt/protobuf.pri b/share/qt/protobuf.pri
deleted file mode 100644
index 865fe86555..0000000000
--- a/share/qt/protobuf.pri
+++ /dev/null
@@ -1,35 +0,0 @@
-# Based on: http://code.google.com/p/ostinato/source/browse/protobuf.pri
-#
-# Qt qmake integration with Google Protocol Buffers compiler protoc
-#
-# To compile protocol buffers with qt qmake, specify PROTOS variable and
-# include this file
-#
-# Example:
-# PROTOS = a.proto b.proto
-# include(protobuf.pri)
-#
-# Set PROTO_PATH if you need to set the protoc --proto_path search path
-# Set PROTOC to the path to the protoc compiler if it is not in your $PATH
-#
-
-isEmpty(PROTO_DIR):PROTO_DIR = .
-isEmpty(PROTOC):PROTOC = protoc
-
-PROTOPATHS =
-for(p, PROTO_PATH):PROTOPATHS += --proto_path=$${p}
-
-protobuf_decl.name  = protobuf header
-protobuf_decl.input = PROTOS
-protobuf_decl.output  = $${PROTO_DIR}/${QMAKE_FILE_BASE}.pb.h
-protobuf_decl.commands = $${PROTOC} --cpp_out="$${PROTO_DIR}" $${PROTOPATHS} --proto_path=${QMAKE_FILE_IN_PATH} ${QMAKE_FILE_NAME}
-protobuf_decl.variable_out = GENERATED_FILES
-QMAKE_EXTRA_COMPILERS += protobuf_decl
-
-protobuf_impl.name  = protobuf implementation
-protobuf_impl.input = PROTOS
-protobuf_impl.output  = $${PROTO_DIR}/${QMAKE_FILE_BASE}.pb.cc
-protobuf_impl.depends  = $${PROTO_DIR}/${QMAKE_FILE_BASE}.pb.h
-protobuf_impl.commands = $$escape_expand(\\n)
-protobuf_impl.variable_out = GENERATED_SOURCES
-QMAKE_EXTRA_COMPILERS += protobuf_impl
diff --git a/share/rpcauth/README.md b/share/rpcauth/README.md
new file mode 100644
index 0000000000..20d16f0a97
--- /dev/null
+++ b/share/rpcauth/README.md
@@ -0,0 +1,14 @@
+RPC Tools
+---------------------
+
+### [RPCAuth](/share/rpcauth) ###
+
+Create login credentials for a JSON-RPC user.
+
+Usage:
+
+    ./rpcauth.py <username>
+
+in which case the script will generate a password. To specify a custom password do:
+
+    ./rpcauth.py <username> <password>
diff --git a/share/rpcauth/rpcauth.py b/share/rpcauth/rpcauth.py
new file mode 100755
index 0000000000..13bef3d37a
--- /dev/null
+++ b/share/rpcauth/rpcauth.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+# Copyright (c) 2015-2018 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+import sys
+import os
+from random import SystemRandom
+import base64
+import hmac
+
+def generate_salt():
+    # This uses os.urandom() underneath
+    cryptogen = SystemRandom()
+
+    # Create 16 byte hex salt
+    salt_sequence = [cryptogen.randrange(256) for _ in range(16)]
+    return ''.join([format(r, 'x') for r in salt_sequence])
+
+def generate_password():
+    """Create 32 byte b64 password"""
+    return base64.urlsafe_b64encode(os.urandom(32)).decode('utf-8')
+
+def password_to_hmac(salt, password):
+    m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
+    return m.hexdigest()
+
+def main():
+    if len(sys.argv) < 2:
+        sys.stderr.write('Please include username (and an optional password, will generate one if not provided) as an argument.\n')
+        sys.exit(0)
+
+    username = sys.argv[1]
+
+    salt = generate_salt()
+    if len(sys.argv) > 2:
+        password = sys.argv[2]
+    else:
+        password = generate_password()
+    password_hmac = password_to_hmac(salt, password)
+
+    print('String to be appended to bitcoin.conf:')
+    print('rpcauth={0}:{1}${2}'.format(username, salt, password_hmac))
+    print('Your password:\n{0}'.format(password))
+
+if __name__ == '__main__':
+    main()
diff --git a/share/rpcuser/README.md b/share/rpcuser/README.md
deleted file mode 100644
index 12a8e6fb0c..0000000000
--- a/share/rpcuser/README.md
+++ /dev/null
@@ -1,10 +0,0 @@
-RPC Tools
----------------------
-
-### [RPCUser](/share/rpcuser) ###
-
-Create an RPC user login credential.
-
-Usage:
-
-    ./rpcuser.py <username>
diff --git a/share/rpcuser/rpcuser.py b/share/rpcuser/rpcuser.py
deleted file mode 100755
index 9fd176908b..0000000000
--- a/share/rpcuser/rpcuser.py
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/usr/bin/env python2 
-# Copyright (c) 2015 The Bitcoin Core developers 
-# Distributed under the MIT software license, see the accompanying 
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-import hashlib
-import sys
-import os
-from random import SystemRandom
-import base64
-import hmac
-
-if len(sys.argv) < 2:
-    sys.stderr.write('Please include username as an argument.\n')
-    sys.exit(0)
-
-username = sys.argv[1]
-
-#This uses os.urandom() underneath
-cryptogen = SystemRandom()
-
-#Create 16 byte hex salt
-salt_sequence = [cryptogen.randrange(256) for i in range(16)]
-hexseq = list(map(hex, salt_sequence))
-salt = "".join([x[2:] for x in hexseq])
-
-#Create 32 byte b64 password
-password = base64.urlsafe_b64encode(os.urandom(32))
-
-digestmod = hashlib.sha256
-
-if sys.version_info.major >= 3:
-    password = password.decode('utf-8')
-    digestmod = 'SHA256'
- 
-m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), digestmod)
-result = m.hexdigest()
-
-print("String to be appended to bitcoin.conf:")
-print("rpcauth="+username+":"+salt+"$"+result)
-print("Your password:\n"+password)
diff --git a/share/setup.nsi.in b/share/setup.nsi.in
index 8cfb6d76bb..b58a84e02d 100644
--- a/share/setup.nsi.in
+++ b/share/setup.nsi.in
@@ -20,7 +20,8 @@ SetCompressor /SOLID lzma
 !define MUI_STARTMENUPAGE_REGISTRY_KEY ${REGKEY}
 !define MUI_STARTMENUPAGE_REGISTRY_VALUENAME StartMenuGroup
 !define MUI_STARTMENUPAGE_DEFAULTFOLDER "@PACKAGE_NAME@"
-!define MUI_FINISHPAGE_RUN $INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@
+!define MUI_FINISHPAGE_RUN "$WINDIR\explorer.exe"
+!define MUI_FINISHPAGE_RUN_PARAMETERS $INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@
 !define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\modern-uninstall.ico"
 !define MUI_UNWELCOMEFINISHPAGE_BITMAP "@abs_top_srcdir@/share/pixmaps/nsis-wizard.bmp"
 !define MUI_UNFINISHPAGE_NOAUTOCLOSE