aboutsummaryrefslogtreecommitdiff
path: root/contrib
AgeCommit message (Collapse)Author
2023-05-29Merge bitcoin/bitcoin#25975: contrib/init: Better systemd integrationfanquake
689a65d878638ae67b07f111dd77ea3c624e4f58 contrib/init: Better systemd integration (Carl Dong) Pull request description: ``` 1. Make logs available to journalctl (systemd's logging system) by not specifying -daemonwait, which rightfully has its own set of stdout and stderr descriptors (a user invoking with -daemonwait on the command line should not see any logs). It makes more sense not to daemonize in the systemd context anyway. 2. Make systemd aware of when bitcoind is started and in steady state by specifying -startupnotify='systemd-notify --ready' and Type=notify. NotifyAccess=all is necessary so that the spawned thread for startupnotify is allowed to inform systemd of bitcoind's readiness. Note that NotifyAccess=exec won't work because it only allows sd_notify readiness signalling from Exec*= declarations in the .service file. Note that we currently don't allow multiple startupnotify commands, but users can override it in systemd via: # systemctl edit bitcoind By specifying something like: [Service] ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \ -conf=/etc/bitcoin/bitcoin.conf \ -datadir=/var/lib/bitcoind \ -startupnotify='systemd-notify --ready; mycommandhere' ``` ACKs for top commit: real-or-random: ACK 689a65d878638ae67b07f111dd77ea3c624e4f58 tested this service file with 25.0 Tree-SHA512: 9a52ad5cf25886c0d8dabc986d8920602a056db25875b5edd910b387043b78bb78c76d6df82e6e322e3be3bfd5c35c80721cbc8308cec946060bd7586820e9c6
2023-05-28contrib/init: Better systemd integrationCarl Dong
1. Make logs available to journalctl (systemd's logging system) by not specifying -daemonwait, which rightfully has its own set of stdout and stderr descriptors (a user invoking with -daemonwait on the command line should not see any logs). It makes more sense not to daemonize in the systemd context anyway. 2. Make systemd aware of when bitcoind is started and in steady state by specifying -startupnotify='systemd-notify --ready' and Type=notify. NotifyAccess=all is necessary so that the spawned thread for startupnotify is allowed to inform systemd of bitcoind's readiness. Note that NotifyAccess=exec won't work because it only allows sd_notify readiness signalling from Exec*= declarations in the .service file. 3. Also make systemd aware of when bitcoind is stopping by specifying -shutdownnotify='systemd-notify --stopping' Note that we currently don't allow multiple *notify commands, but users can override it in systemd via: # systemctl edit bitcoind By specifying something like: [Service] ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \ -conf=/etc/bitcoin/bitcoin.conf \ -datadir=/var/lib/bitcoind \ -startupnotify='systemd-notify --ready; mystartupcommandhere' \ -shutdownnotify='systemd-notify --stopping; myshutdowncommandhere'
2023-05-22Merge bitcoin/bitcoin#27670: guix: remove redundant glibc patchesfanquake
3cfe366ec35eebfc0dad89ac7a09c32c45c30ea5 guix: remove redundant glibc patches (fanquake) Pull request description: These should only be relevant for a glibc that is built as part of a Guix system, and should not be required for a glibc that is just being built to compile our binaries against. A x86_64 linux bitcoind produced with Guix using master vs this change has no difference. i.e: #### Comparing `bitcoind` & `../../../../../guix-build-d7700d3a2647/output/x86_64-linux-gnu/bitcoin-d7700d3a2647/bin/bitcoind`: ## strings --all --bytes=8 {} ```diff @@ -20311,15 +20311,15 @@ This is experimental software. The source code is available from %s. Please contribute if you find %s useful. Visit %s for further information about the software. The %s developers The Bitcoin Core developers <https://bitcoincore.org/> Copyright (C) %i-%i -v25.99.0-gda0bf1d07639b0490791bbd6aec71bbea8aa2aThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging() +v25.99.0-gd7700d3a26478d9b1648463c188648c7047b1cThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging() std::string BCLog::Logger::LogLevelToStr(BCLog::Level) const std::string LogCategoryToStr(BCLog::LogFlags) void BCLog::Logger::LogPrintStr(const string&, const string&, const string&, int, BCLog::LogFlags, BCLog::Level) void BCLog::Logger::ShrinkDebugFile() Failed to shrink debug log file: fseek(...) failed logging.cpp m_buffering ``` #### objdump --line-numbers --disassemble --demangle --reloc --no-show-raw-insn --section=.text {} ```diff @@ -1505889,15 +1505889,15 @@ call aa3380 <malloc@plt+0xa4edb0> mov (%rsp),%rdx movdqa 0x465540(%rip),%xmm0 mov %rax,0x7a0559(%rip) lea 0x7a0552(%rip),%rsi lea 0x3957bb(%rip),%rdi mov %rdx,0x7a0554(%rip) -mov $0x3038,%edx +mov $0x3036,%edx movups %xmm0,(%rax) movdqa 0x465524(%rip),%xmm0 mov %dx,0x30(%rax) mov 0x7a0529(%rip),%rdx movups %xmm0,0x10(%rax) movdqa 0x46551d(%rip),%xmm0 movups %xmm0,0x20(%rax) ``` #### readelf --wide --decompress --hex-dump=.rodata {} ```diff @@ -37238,17 +37238,17 @@ 0x00b73730 65202573 20646576 656c6f70 65727300 e %s developers. 0x00b73740 54686520 42697463 6f696e20 436f7265 The Bitcoin Core 0x00b73750 20646576 656c6f70 65727300 434f5059 developers.COPY 0x00b73760 494e4700 3c687474 70733a2f 2f626974 ING.<https://bit 0x00b73770 636f696e 636f7265 2e6f7267 2f3e0043 coincore.org/>.C 0x00b73780 6f707972 69676874 20284329 2025692d opyright (C) %i- 0x00b73790 25690053 61746f73 68690000 00000000 %i.Satoshi...... - 0x00b737a0 7632352e 39392e30 2d676461 30626631 v25.99.0-gda0bf1 - 0x00b737b0 64303736 33396230 34393037 39316262 d07639b0490791bb - 0x00b737c0 64366165 63373162 62656138 61613261 d6aec71bbea8aa2a + 0x00b737a0 7632352e 39392e30 2d676437 37303064 v25.99.0-gd7700d + 0x00b737b0 33613236 34373864 39623136 34383436 3a26478d9b164846 + 0x00b737c0 33633138 38363438 63373034 37623163 3c188648c7047b1c 0x00b737d0 54686520 25732064 6576656c 6f706572 The %s developer 0x00b737e0 3c687474 70733a2f 2f676974 6875622e <https://github. 0x00b737f0 636f6d2f 62697463 6f696e2f 62697463 com/bitcoin/bitc 0x00b73800 44697374 72696275 74656420 756e6465 Distributed unde 0x00b73810 72207468 65204d49 5420736f 66747761 r the MIT softwa 0x00b73820 7265206c 6963656e 73652c20 73656520 re license, see 0x00b73830 74686520 6163636f 6d70616e 79696e67 the accompanying ``` #### readelf --wide --decompress --hex-dump=.gnu_debuglink {} ```diff @@ -1,5 +1,5 @@ Hex dump of section '.gnu_debuglink': 0x00000000 62697463 6f696e64 2e646267 00000000 bitcoind.dbg.... - 0x00000010 6b6e8eda kn.. + 0x00000010 345cb865 4\.e ``` Guix Build: ```bash 3d180219536b4ae2b4ea012a2e2afc8dcc76a79a7f55a36418a6e5a83f5adf90 guix-build-3cfe366ec35e/output/aarch64-linux-gnu/SHA256SUMS.part c25fbd84b7791d5bd3cab36d26828bf2b1063fadc4e944096e65597b66aba867 guix-build-3cfe366ec35e/output/aarch64-linux-gnu/bitcoin-3cfe366ec35e-aarch64-linux-gnu-debug.tar.gz bee8bf6f100912a0548cee798abb1ee9ac1ee17c065259a2410950e71eb3ff13 guix-build-3cfe366ec35e/output/aarch64-linux-gnu/bitcoin-3cfe366ec35e-aarch64-linux-gnu.tar.gz caa17fa9ba8b731c903a96211b2c17e8a1e2600bd9df8abd79eac4a89bfff72d guix-build-3cfe366ec35e/output/arm-linux-gnueabihf/SHA256SUMS.part 27829fab271cca459e2d037c42ccbefbbbbb1eb4463d5895d5a40220d737ecd9 guix-build-3cfe366ec35e/output/arm-linux-gnueabihf/bitcoin-3cfe366ec35e-arm-linux-gnueabihf-debug.tar.gz 6b3eba0d9518dce3a6b7d88a32ae2a5b5ab943126e2a105d4ee6a861d44bea6f guix-build-3cfe366ec35e/output/arm-linux-gnueabihf/bitcoin-3cfe366ec35e-arm-linux-gnueabihf.tar.gz 855ab932aa0cc6d583a0f0422b1373afd44bff244e0022f29ce45305e5c8e8e2 guix-build-3cfe366ec35e/output/arm64-apple-darwin/SHA256SUMS.part 02aabfdfe730400550bfc01e45055f6bc5b643511f08e314634c06b462a00c9e guix-build-3cfe366ec35e/output/arm64-apple-darwin/bitcoin-3cfe366ec35e-arm64-apple-darwin-unsigned.dmg 310722826ba985c58d800135f7ba9c73489e138cbf1b84a50be4f13453918ce1 guix-build-3cfe366ec35e/output/arm64-apple-darwin/bitcoin-3cfe366ec35e-arm64-apple-darwin-unsigned.tar.gz 52d4f1af1e2608da4fa28ed446301d5c516e492c760db03c05c2a421c0a64ab9 guix-build-3cfe366ec35e/output/arm64-apple-darwin/bitcoin-3cfe366ec35e-arm64-apple-darwin.tar.gz 2055c29fcde9aba8274d3649ea0c34ef0dac207d9d6f6a76fd9df9b010cdd7a8 guix-build-3cfe366ec35e/output/dist-archive/bitcoin-3cfe366ec35e.tar.gz 99feae7ee4bfaf818efe49fbc9de81575a1e087593059bd630da70f5c6b8a7c8 guix-build-3cfe366ec35e/output/powerpc64-linux-gnu/SHA256SUMS.part 7a55a6287eec3cfe598378684293b077791da234f1d5fcfe6f368e42f8a52428 guix-build-3cfe366ec35e/output/powerpc64-linux-gnu/bitcoin-3cfe366ec35e-powerpc64-linux-gnu-debug.tar.gz c2ba080a26b4bbfa443113d0044d07b97cc08f55df6bec90f162232f3f934c58 guix-build-3cfe366ec35e/output/powerpc64-linux-gnu/bitcoin-3cfe366ec35e-powerpc64-linux-gnu.tar.gz a670349367e671e73317476795eb7317559bf171d3facdfc2086031eb9dca264 guix-build-3cfe366ec35e/output/powerpc64le-linux-gnu/SHA256SUMS.part f9c0683f515bfd072ad18a780ad35ace7e4f5529d5bd9fffc06490d55bac402e guix-build-3cfe366ec35e/output/powerpc64le-linux-gnu/bitcoin-3cfe366ec35e-powerpc64le-linux-gnu-debug.tar.gz 608cce8d989b6cbfa723d57744a7e0ceac6a8668b12b4e223fe3de7833fe73ac guix-build-3cfe366ec35e/output/powerpc64le-linux-gnu/bitcoin-3cfe366ec35e-powerpc64le-linux-gnu.tar.gz bbdebd22afc49c66c70738f68e3beea363c4a03701ccbb729d6f0eb0a0eaf150 guix-build-3cfe366ec35e/output/riscv64-linux-gnu/SHA256SUMS.part a84871c91a9b9d3423e9b86ffd46eb926672a1a88a3a3df1a5e8288a1fe6d98b guix-build-3cfe366ec35e/output/riscv64-linux-gnu/bitcoin-3cfe366ec35e-riscv64-linux-gnu-debug.tar.gz 21a89eb023113398bc1968284cbea86c6630284cb09325b9cee9669348206683 guix-build-3cfe366ec35e/output/riscv64-linux-gnu/bitcoin-3cfe366ec35e-riscv64-linux-gnu.tar.gz 10f4ef77a97420490bc4494797d0acf8278f5bd4998b6c32881e611cc2faf237 guix-build-3cfe366ec35e/output/x86_64-apple-darwin/SHA256SUMS.part 6e47a3676e76cd7175a08b6da81dcf7186849aba7c2ee95f12e998fdf1d4596d guix-build-3cfe366ec35e/output/x86_64-apple-darwin/bitcoin-3cfe366ec35e-x86_64-apple-darwin-unsigned.dmg 9ca8cd648a464e4e0bef107e23876d4588866eb12b844484a16fe93e4cd2f3b3 guix-build-3cfe366ec35e/output/x86_64-apple-darwin/bitcoin-3cfe366ec35e-x86_64-apple-darwin-unsigned.tar.gz 89c7a5040683b63f58667f4eea6827af2874fc0962ddba3a158ad3aa78b8a407 guix-build-3cfe366ec35e/output/x86_64-apple-darwin/bitcoin-3cfe366ec35e-x86_64-apple-darwin.tar.gz 1577c7f6c5eb7cb073c0ba32cfe7347df5aeaf62508d0ba1936506b1cb8a739e guix-build-3cfe366ec35e/output/x86_64-linux-gnu/SHA256SUMS.part 8703d39ce218216ee43502e030d3b3fbe6a00bdab82e8cd0706fa597fc6e11b7 guix-build-3cfe366ec35e/output/x86_64-linux-gnu/bitcoin-3cfe366ec35e-x86_64-linux-gnu-debug.tar.gz 3e4d44d3cddfe2e34c12f55a704f791834385e1a867856e8a1c05f4f4fb3482a guix-build-3cfe366ec35e/output/x86_64-linux-gnu/bitcoin-3cfe366ec35e-x86_64-linux-gnu.tar.gz 87186fbcc7f0580ef3a347603c868f96bba31a987cad86991fa79b740d41f654 guix-build-3cfe366ec35e/output/x86_64-w64-mingw32/SHA256SUMS.part ceefefe1eb1d518f1534e0e3d51347332874016ce6adeba691fbbfc0b561437a guix-build-3cfe366ec35e/output/x86_64-w64-mingw32/bitcoin-3cfe366ec35e-win64-debug.zip 7bf2736457431bbba5c64b5320dd1c72d0d13fae59127fcc92805946de83908a guix-build-3cfe366ec35e/output/x86_64-w64-mingw32/bitcoin-3cfe366ec35e-win64-setup-unsigned.exe 721838ac437db5764c22c90d9c0a0b51283d6a50da8c60a6bccb394090380195 guix-build-3cfe366ec35e/output/x86_64-w64-mingw32/bitcoin-3cfe366ec35e-win64-unsigned.tar.gz dd58422fc4fd89353002bdb6a546b997fe31546c348a9b4a87bc697913abd382 guix-build-3cfe366ec35e/output/x86_64-w64-mingw32/bitcoin-3cfe366ec35e-win64.zip ``` ACKs for top commit: TheCharlatan: ACK 3cfe366ec35eebfc0dad89ac7a09c32c45c30ea5 Tree-SHA512: b1f30f8775acd69e897784c2168887eedc008db80f6d2d0d68390716965fbd3ddfd70fd1560ef30a8cc70941e9010c395c7feed9386ca92b2c9148d063d64724
2023-05-16guix: remove redundant glibc patchesfanquake
These should only be relevant for a glibc that is built as part of a Guix system, and should not be required for a glibc that is just being built to compile our binaries against. A x86_64 linux bitcoind produced with Guix using master vs this change has no difference. i.e: ```diff @@ -20311,15 +20311,15 @@ This is experimental software. The source code is available from %s. Please contribute if you find %s useful. Visit %s for further information about the software. The %s developers The Bitcoin Core developers <https://bitcoincore.org/> Copyright (C) %i-%i -v25.99.0-gda0bf1d07639b0490791bbd6aec71bbea8aa2aThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging() +v25.99.0-gd7700d3a26478d9b1648463c188648c7047b1cThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging() std::string BCLog::Logger::LogLevelToStr(BCLog::Level) const std::string LogCategoryToStr(BCLog::LogFlags) void BCLog::Logger::LogPrintStr(const string&, const string&, const string&, int, BCLog::LogFlags, BCLog::Level) void BCLog::Logger::ShrinkDebugFile() Failed to shrink debug log file: fseek(...) failed logging.cpp m_buffering ``` ```diff @@ -1505889,15 +1505889,15 @@ call aa3380 <malloc@plt+0xa4edb0> mov (%rsp),%rdx movdqa 0x465540(%rip),%xmm0 mov %rax,0x7a0559(%rip) lea 0x7a0552(%rip),%rsi lea 0x3957bb(%rip),%rdi mov %rdx,0x7a0554(%rip) - mov $0x3038,%edx + mov $0x3036,%edx movups %xmm0,(%rax) movdqa 0x465524(%rip),%xmm0 mov %dx,0x30(%rax) mov 0x7a0529(%rip),%rdx movups %xmm0,0x10(%rax) movdqa 0x46551d(%rip),%xmm0 movups %xmm0,0x20(%rax) ``` ```diff @@ -37238,17 +37238,17 @@ 0x00b73730 65202573 20646576 656c6f70 65727300 e %s developers. 0x00b73740 54686520 42697463 6f696e20 436f7265 The Bitcoin Core 0x00b73750 20646576 656c6f70 65727300 434f5059 developers.COPY 0x00b73760 494e4700 3c687474 70733a2f 2f626974 ING.<https://bit 0x00b73770 636f696e 636f7265 2e6f7267 2f3e0043 coincore.org/>.C 0x00b73780 6f707972 69676874 20284329 2025692d opyright (C) %i- 0x00b73790 25690053 61746f73 68690000 00000000 %i.Satoshi...... - 0x00b737a0 7632352e 39392e30 2d676461 30626631 v25.99.0-gda0bf1 - 0x00b737b0 64303736 33396230 34393037 39316262 d07639b0490791bb - 0x00b737c0 64366165 63373162 62656138 61613261 d6aec71bbea8aa2a + 0x00b737a0 7632352e 39392e30 2d676437 37303064 v25.99.0-gd7700d + 0x00b737b0 33613236 34373864 39623136 34383436 3a26478d9b164846 + 0x00b737c0 33633138 38363438 63373034 37623163 3c188648c7047b1c 0x00b737d0 54686520 25732064 6576656c 6f706572 The %s developer 0x00b737e0 3c687474 70733a2f 2f676974 6875622e <https://github. 0x00b737f0 636f6d2f 62697463 6f696e2f 62697463 com/bitcoin/bitc 0x00b73800 44697374 72696275 74656420 756e6465 Distributed unde 0x00b73810 72207468 65204d49 5420736f 66747761 r the MIT softwa 0x00b73820 7265206c 6963656e 73652c20 73656520 re license, see 0x00b73830 74686520 6163636f 6d70616e 79696e67 the accompanying ``` ```diff @@ -1,5 +1,5 @@ Hex dump of section '.gnu_debuglink': 0x00000000 62697463 6f696e64 2e646267 00000000 bitcoind.dbg.... - 0x00000010 6b6e8eda kn.. + 0x00000010 345cb865 4\.e ```
2023-05-16guix: document when certain guix patches can be droppedfanquake
2023-05-08add ryanofsky to trusted-keysRyan Ofsky
2023-05-02contrib: add ELF ABI check to symbol-check.pyfanquake
2023-04-20p2p: update hardcoded mainnet seeds for 25.xJon Atack
2023-04-20contrib: make-seeds updates for 25.xJon Atack
and make the steps in /contrib/seeds/README.md easier to copy-paste
2023-04-20p2p: update manual tor/i2p/cjdns mainnet seeds for 25.xJon Atack
selected for reachability, uptime, and service bit 1
2023-04-20Merge bitcoin/bitcoin#27482: kernel: chainparams updates for 25.xfanquake
a2bef805c11a4ab391f4ea635bfde7dd2ec9ce81 kernel: update m_assumed_* chain params for 25.x (fanquake) 4128e01dbaa630396b0e7576ee8a1987267f77b9 kernel: update chainTxData for 25.x (fanquake) 00b2b114b442835c863e7772348cb1d1881ba0f2 kernel: update nMinimumChainWork & defaultAssumeValid for 25.x (fanquake) 07fcc0a82cfd08c991f61c2340630f0c4659a3a0 doc: update references to kernel/chainparams.cpp (fanquake) Pull request description: Update chainparams pre `25.x` branch off. Co-Author in the commits as a PR (#27223) had previously been opened too-early to do the same. Note: Remember that some variance is expected in the `m_assumed_*` sizes. ACKs for top commit: achow101: ACK a2bef805c11a4ab391f4ea635bfde7dd2ec9ce81 josibake: ACK https://github.com/bitcoin/bitcoin/pull/27482/commits/a2bef805c11a4ab391f4ea635bfde7dd2ec9ce81 gruve-p: ACK https://github.com/bitcoin/bitcoin/pull/27482/commits/a2bef805c11a4ab391f4ea635bfde7dd2ec9ce81 dergoegge: ACK a2bef805c11a4ab391f4ea635bfde7dd2ec9ce81 on the new mainnet params Tree-SHA512: 0b19c2ef15c6b15863d6a560a1053ee223057c7bfb617ffd3400b1734cee8f75bc6fd7f04d8f8e3f5af6220659a1987951a1b36945d6fe17d06972004fd62610
2023-04-20Merge bitcoin/bitcoin#26681: contrib: Bugfix for checking bad dns seeds ↵fanquake
without casting in `makeseeds.py` 3cc989da5c750e740705131bed05bbf93bfdf169 Fix checking bad dns seeds without casting (Yusuf Sahin HAMZA) Pull request description: - Since seed lines comes with `str` type, comparing `good` column directly with **0** (`int` type) in the if statement was not working at all. This is fixed by casting `int` type to the values in the `good` column of seeds text file. - Lines that starts with comment in the seeds text file are now ignored. - If statement for checking bad seeds are moved to the top of the `parseline` function as if a seed is bad; there is no point of going forward from there. Since this bug-fix eliminates bad seeds over **550k** in the first place, in my case; particular job for parsing all seeds speed is up by **600%** and whole script's speed is up by **%30**. Note that **stats** in the terminal are not going to include bad seeds after this fix, which would be the same if this bug were never there before. ACKs for top commit: achow101: ACK 3cc989da5c750e740705131bed05bbf93bfdf169 jonatack: ACK 3cc989da5c750e740705131bed05bbf93bfdf169 Tree-SHA512: 13c82681de4d72de07293f0b7f09721ad8514a2ad99b0584d1c94fa5f2818821df2000944f9514d6a222a5dccc82856d16c8c05aa36d905cfa7d4610c629fd38
2023-04-18doc: update references to kernel/chainparams.cppfanquake
2023-04-13verify-commits: error and exit cleanly when git is too old.Cory Fields
2023-04-12valgrind: update supps for Debian Bookworm.fanquake
Remove no-longer-required libstdc++ suppression. Remove unused (and versioned) GUI suppression.
2023-04-09contrib: minor doc improvements in verify-binariesfanquake
2023-04-09contrib: fixup verifybinaries example docsfanquake
Followup to #27358, fixing up the example command docs.
2023-04-09contrib: move verify scripts to verify-binariesfanquake
2023-04-07Merge bitcoin/bitcoin#27358: contrib: allow multi-sig binary verification v2fanquake
754fb6bb8125317575edec7c20b5617ad27a9bdd verifybinaries: fix argument type error pointed out by mypy (Cory Fields) 8a65e5145c4d128bb6c30c94e68434dd482db489 verifybinaries: catch the correct exception (Cory Fields) 4b23b488d2c5662215d78e4963ef5a2b86b4e25b verifybinaries: fix OS download filter (Cory Fields) 8cdadd17297e5f4487692eae88b1e60a42c8c4b2 verifybinaries: use recommended keyserver by default (Cory Fields) 4e0396835dd933a28446844da294040345f2e6ad verifybinaries: remove unreachable code (Cory Fields) 5668c6473a01528ac7d66b325b18b1cd2bd93063 verifybinaries: Don't delete shasums file (Cory Fields) 46c73b57c69933d7eb52e28595609e793e8eef6e verifybinaries: README cleanups (Cory Fields) 6d118302654481927e864a428950960e26eb7f4a verifybinaries: remove awkward bitcoin-core prefix handling (Cory Fields) c44323a71705b6df9aafe90df24072e735a5c2ff verifybinaries: move all current examples to the pub subcommand (Cory Fields) 7a6e7ffd066a42c5fbb7d69effbe074fb982936b contrib: Use machine parseable GPG output in verifybinaries (Andrew Chow) 6b2cebfa2f1526f7eae31eb645c71712f0a69e97 contrib: Add verifybinaries command for specifying files to verify (Andrew Chow) e4d577822835d4866e2ad046f23ab411b2910d59 contrib: Specify to GPG the SHA256SUMS file that is detached signed (Andrew Chow) 17575c0efa960ffb765392e3565b3861846f398e contrib: Refactor verifbinaries to support subcommands (Andrew Chow) 37c9fb7a59a3179b90ed1deaebaabb539976504b contrib: verifybinaries: allow multisig verification (James O'Beirne) Pull request description: Following up on #23020 from jamesob with achow101's additional features on top. Both mentioned that they will be away for the next few weeks, so this is intended to keep review going. All credit to the jamesob and achow101. See #23020 for the original description and [here](https://github.com/bitcoin/bitcoin/pull/23020#issuecomment-1480603300) for the added features. I squashed the last commit from https://github.com/achow101/bitcoin/tree/pr23020-direct-bins-gpg-parse into the first commit here. Fetching and local verification seem to work as intended for me. ACKs for top commit: josibake: ACK https://github.com/bitcoin/bitcoin/pull/27358/commits/754fb6bb8125317575edec7c20b5617ad27a9bdd Tree-SHA512: b310c57518daa690a00126308a3e7e94b978ded56d13da15d5189e9e90b71c93888d854f64179150586b0a915db8dadd43c92b716613913c198128db8867257b
2023-04-06verifybinaries: fix argument type error pointed out by mypyCory Fields
2023-04-06verifybinaries: catch the correct exceptionCory Fields
2023-04-06verifybinaries: fix OS download filterCory Fields
Co-authored-by: Reproducibility Matters <seb.kung@gmail.com>
2023-04-06verifybinaries: use recommended keyserver by defaultCory Fields
2023-04-06verifybinaries: remove unreachable codeCory Fields
2023-04-06verifybinaries: Don't delete shasums fileCory Fields
It may be useful for local validation.
2023-04-06verifybinaries: README cleanupsCory Fields
- Use correct name for verify.py - Add usage examples for verifybinaries bin - Document proper use of new cleanup option - Fixup broken example
2023-04-06verifybinaries: remove awkward bitcoin-core prefix handlingCory Fields
2023-04-06verifybinaries: move all current examples to the pub subcommandCory Fields
2023-03-29guix: use python-minimal (3.9)fanquake
This further minifies the Guix release build environment.
2023-03-28contrib: Use machine parseable GPG output in verifybinariesAndrew Chow
GPG has an option to provide machine parseable output. Use that instead of trying to parse the human readable output.
2023-03-28contrib: Add verifybinaries command for specifying files to verifyAndrew Chow
In addition to verifying the published releases with the `pub` command, the verifybinaries script is updated to take a `bin` command where the user specifies the local files, sums, and sigs to verify.
2023-03-28contrib: Specify to GPG the SHA256SUMS file that is detached signedAndrew Chow
2023-03-28contrib: Refactor verifbinaries to support subcommandsAndrew Chow
Prepares for the option to provide local binaries, sha256sums, and signatures directly.
2023-03-28contrib: verifybinaries: allow multisig verificationJames O'Beirne
This commit adds the functionality necessary to transition from doing binary verification on the basis of a single signature to requiring a minimum threshold of trusted signatures. A signature can appear as "good" from GPG output, but it may not come from an identity the user trusts. We call these "good, untrusted" signatures. We report bad signatures but do not necessarily fail in their presence, since a bad signature might coexist with enough good, trusted signatures to fulfill our criteria. If "--import-keys" is enabled, we will prompt the user to optionally try to retrieve unknown keys. Marking them as trusted locally is a WIP, but keys which are retrieved successfully and appear on the builder-keys list will immediately count as being useful towards fulfilling the threshold. Logging is improved and an option to output JSON that summarizes the whole sum signature and binary verification processes has been added. Co-authored-by: Russ Yanofsky <russ@yanofsky.org> Co-authored-by: willcl-ark <will8clark@gmail.com>
2023-03-27guix: use gcc tool wrappersfanquake
This way, correct `--plugin` argument are passed through. This is a prerequisite for LTO (see #25391).
2023-03-27Merge bitcoin/bitcoin#27326: guix: combine and document `enable_werror`fanquake
4becee396f3bda40832138dd1aaa90368ed31857 guix: combine and document enable_werror (fanquake) Pull request description: Combine into `hardened-glibc`. Document why we don't use `--disable-werror` directly. https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html > By default, the GNU C Library is built with -Werror. If you wish > to build without this option (for example, if building with a > newer version of GCC than this version of the GNU C Library was > tested with, so new warnings cause the build with -Werror to fail), > you can configure with --disable-werror. ACKs for top commit: hebasto: ACK 4becee396f3bda40832138dd1aaa90368ed31857, the diff is correct. TheCharlatan: ACK 4becee396f3bda40832138dd1aaa90368ed31857 Tree-SHA512: 8724415f51b4d72d40c4e797faf52c93a81147fb629332b9388ffd7f113f2b16db3b7496bf3063dd978ac629fd5bde3ec7df4f1ff1ed714cb56f316a9334d119
2023-03-24guix: combine and document enable_werrorfanquake
Combine into hardened-glibc. Document why we don't use --disable-werror directly. https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html > By default, the GNU C Library is built with -Werror. If you wish > to build without this option (for example, if building with a > newer version of GCC than this version of the GNU C Library was > tested with, so new warnings cause the build with -Werror to fail), > you can configure with --disable-werror.
2023-03-22guix: use cmake-minimal for python-lieffanquake
This also fixes atleast one --no-substitues build failure I've seen, where cmake dependencies wouldn't build: ```bash The following derivations will be built: /gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv /gnu/store/f9zwh1ldy63ga0i5w6cbbqlj6sfq226j-cmake-3.21.4.drv /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv building /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv... / 'check' phasenote: keeping build directory `/tmp/guix-build-python-sphinx-4.2.0.drv-5' builder for `/gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv' failed with exit code 1 build of /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv failed View build log at '/var/log/guix/drvs/3w/g6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv.gz'. cannot build derivation `/gnu/store/f9zwh1ldy63ga0i5w6cbbqlj6sfq226j-cmake-3.21.4.drv': 1 dependencies couldn't be built cannot build derivation `/gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv': 1 dependencies couldn't be built guix environment: error: build of `/gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv' failed ```
2023-03-22guix: import LIEF from upstream (0.12.3)fanquake
Updates to version 0.12.3. Retain our PPC64 patch. Mention when we can drop our local definition.
2023-03-20Merge bitcoin/bitcoin#27179: guix: use osslsigncode 2.5Andrew Chow
285edfadcacde4921c0afa2092c613daf21a55aa guix: use osslsigncode 2.5 (fanquake) Pull request description: Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment. achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush). ACKs for top commit: achow101: ACK 285edfadcacde4921c0afa2092c613daf21a55aa Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
2023-03-20Merge bitcoin/bitcoin#26531: mempool: Add mempool tracepointsAndrew Chow
4b7aec2951fe4595946cdc804b0dec1921d79d05 Add mempool tracepoints (virtu) Pull request description: This PR adds multiple mempool tracepoints. | tracepoint | description | | ------------- | ------------- | | `mempool:added` | Is called when a transaction enters the mempool | | `mempool:removed` | ... when a transaction is removed from the mempool | | `mempool:replaced` | ... when a transaction is replaced in the mempool | | `mempool:rejected` | ... when a transaction is rejected from entering the mempool | The tracepoints are further documented in `docs/tracing.md`. Usage is demonstrated in the example script `contrib/tracing/mempool_monitor.py`. Interface tests are provided in `test/functional/interface_usdt_mempool.py`. The rationale for passing the removal reason as a string instead of numerically is that the benefits of not having to maintain a redundant enum-string mapping seem to outweigh the small cost of string generation. The reject reason is passed as string as well, although in this instance the string does not have to be generated but is readily available. ACKs for top commit: 0xB10C: ACK 4b7aec2951fe4595946cdc804b0dec1921d79d05 achow101: ACK 4b7aec2951fe4595946cdc804b0dec1921d79d05 Tree-SHA512: 6deb3ba2d1a061292fb9b0f885f7a5c4d11b109b838102d8a8f4828cd68f5cd03fa3fc64adc6fdf54a08a1eaccce261b0aa90c2b8c33cd5fd3828c8f74978958
2023-03-20Add mempool tracepointsvirtu
Tracepoints for added, removed, replaced, and rejected transactions. The removal reason is passed as string instead of a numeric value, since the benefits of not having to maintain a redundant enum-string mapping seem to outweigh the small cost of string generation. The reject reason is passed as string as well, although here the string does not have to be generated but is readily available. So far, tracepoint PRs typically included two demo scripts: a naive bpftrace script to show raw tracepoint data and a bcc script for a more refined view. However, as some of the ongoing changes to bpftrace introduce a certain degree of unreliability (running some of the existing bpftrace scripts was not possible with standard kernels and bpftrace packages on latest stable Ubuntu, Debian, and NixOS), this PR includes only a single bcc script that fuses the functionality of former bpftrace and bcc scripts.
2023-03-12guix: use osslsigncode 2.5fanquake
Co-authored-by: Andrew Chow <github@achow101.com>
2023-03-01guix: pass --enable-initfini-array to release GCCfanquake
This returns us to pre-Guix behaviour, where the compilers we were using to build releases, were configured with this option.
2023-03-01Merge bitcoin/bitcoin#27172: guix: switch to some `minimal` versions of ↵Andrew Chow
packages in our manifest 2c9eb4afe1f583aafa552b2711b149f17ef8320f guix: use cmake-minimal over cmake (fanquake) 1475515312856afe3f19a95f2c32bc80c7c54484 guix: use coreutils-minimal over coreutils (fanquake) 444562141504ff7f0bb071d6e7bf7f511517e372 guix: use bash-minimal over bash (fanquake) Pull request description: Minimal versions of the same packages, that should still be sufficient for our use: > (define-public bash-minimal ;; A stripped-down Bash for non-interactive use. > (define-public coreutils-minimal ;; Coreutils without its optional dependencies. > ;;; This minimal variant of CMake does not include the documentation. It is ;;; used by the cmake-build-system. (define-public cmake-minimal ACKs for top commit: TheCharlatan: ACK 2c9eb4afe1f5 Sjors: tACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f achow101: ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f hebasto: ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f, Tree-SHA512: f91ca9e088b8346b20c2affc80870c31640de3aedcfcc0fb98a5e82c77ef64537870b88552f26759d31d8d0956b1fd685e6c25d5acbc92f5feaececd1a7dd37e
2023-02-28guix: use cmake-minimal over cmakefanquake
2023-02-28guix: use coreutils-minimal over coreutilsfanquake
2023-02-28guix: use bash-minimal over bashfanquake
2023-02-28valgrind: remove libsecp256k1 suppressionfanquake
2023-02-27Merge bitcoin/bitcoin#27058: contrib: Improve verify-commits.py to work with ↵glozow
maintainers leaving 14fac808bd6c12bce121011bbf50501960c7326f verify-commits: Mention git v2.38.0 requirement (Andrew Chow) bb86887527d817ee2a015863ddf3541dac42080f verify-commits: Skip checks for commits older than trusted roots (Andrew Chow) 5497c1483097a9b582ef78089a2ce1101b7d722e verify-commits: Use merge-tree in clean merge check (Andrew Chow) 76923bfa09397568fb8eb72142468a986fc6f790 verify-commits: Remove all allowed commit exceptions (Andrew Chow) 53b07b2b47aa3d4ca80fac74e432783a1e724df3 verify-commits: Move trusted-keys valid sig check into verify-commits itself (Andrew Chow) Pull request description: Currently the `verify-commits.py` script does not work well with maintainers giving up their commit access. If a key is removed from `trusted-keys`, any commits it signed previously will fail to verify, however keys cannot be kept in the list as it would allow that person to continue to push new commits. Furthermore, the `trusted-keys` used depends on the working tree which `verify-commits.py` itself may be modifying. When the script is run, the `trusted-keys` may be the one that is intended to be used, but the script may change the tree to a different commit with a different `trusted-keys` and use that instead! To resolve these issues, I've updated `verify-commits.py` to load the `trusted-keys` file and check the keys itself rather than delegating that to `gpg.sh` (which previously read in `trusted-keys`). This avoids the issue with the tree changing. I've also updated the script so that it stops modifying the tree. It would do this for the clean merge check where it would checkout each individual commit and attempt to reapply the merges, and then checking out the commit given as a cli arg. `git merge-tree` lets us do basically that but without modifying the tree. It will give us the object id for the resulting tree which we can compare against the object id of the tree in the merge commit in question. This also appears to be quite a bit faster. Lastly I've removed all of the exception commits in `allow-revsig-commits`, `allow-incorrect-sha512-commits`, and `allow-unclean-merge-commits` since all of these predate the commits in `trusted-git-root` and `trusted-sha512-root`. I've also updated the script to skip verification of commits that predate `trusted-git-root`, and skip sha512 verification for those that predate `trusted-sha512-root`. ACKs for top commit: Sjors: ACK 14fac808bd6c12bce121011bbf50501960c7326f glozow: Concept ACK 14fac808bd6c12bce121011bbf50501960c7326f Tree-SHA512: f9b0c6e1f1aecb169cdd6c833b8871b15e31c2374dc589858df0523659b294220d327481cc36dd0f92e9040d868eee6a8a68502f3163e05fa751f9fc2fa8832a