244501fc85a1319857efb227093c0e71c1d5a01e depends: disable unused qt networking features (fanquake)
29d56c62b7f206d42f0908819ff2e1926737f988 depends: -optimized-qmake is now -optimized-tools (fanquake)
ccdda96804088ec3ad01aec5ab0ff8e9b05b161b depends: skip building qt proxies (fanquake)
Pull request description:
Somewhat of a followup to removing BIP70 support in #17165. This removes networking features from our Qt build. This also removes the need to link against the `CFNetwork` and `SystemConfiguration` libraries on macOS.
```diff
src/qt/bitcoin-qt:
/usr/lib/libSystem.B.dylib
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
-/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
/System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
/usr/lib/libc++.1.dylib
-/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
/System/Library/Frameworks/CoreText.framework/Versions/A/CoreText
/System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO
/usr/lib/libobjc.A.dylib
```
> Introduced the -optimized-tools option; supersedes -optimized-qmake.
`optimized-qmake` became `optimized-tools` in Qt 5.6.0. While the former still works, we can use the newer flag.
A diff of the removed symbols is available [here](https://gist.github.com/fanquake/9c8d5961c91f90a2966191367adfb391).
We still need to actually build the network module, because we are using `QLocalServer` & `QLocalSocket` in the payment server.
ACKs for top commit:
Sjors:
Code review ACK 244501fc85a1319857efb227093c0e71c1d5a01e: just a rebase (_updated since I accidentally repeated the previous hash_)
practicalswift:
ACK 244501fc85a1319857efb227093c0e71c1d5a01e -- diff looks correct
promag:
Code review ACK 244501fc85a1319857efb227093c0e71c1d5a01e.
Tree-SHA512: 79734e3c96c40e7e484c86ac4cd4f738c05fcebe4771aeac443883f618a6c766e667909d5f8f14f9bd82f43206387c952458c5fa765cd0830f8beda6e6ac80ae
GetWarnings() changes the format of the output warning string based on a
passed-in string argument that can be set to "gui" or "statusbar".
Change the argument to a bool:
- there are only two types of behaviour, so a bool is a more natural
argument type
- changing the name to 'verbose' does not set any expectations for the
how the calling code will use the returned string (currently,
'statusbar' is used for RPC warnings, not a status bar)
- removes some error-handling code for when the passed-in string is not
one of the two strings expected.
7d263571bee8c36fbe3c854b69c6f31cf1ee3b9b rpc: require second argument only for scantxoutset start action (Andrew Chow)
Pull request description:
It was reported on [IRC](http://www.erisian.com.au/bitcoin-core-dev/log-2019-12-11.html#l-377) that `scantxoutset`'s API was broken in 0.19.0:
```
<belcher> i think scantxoutset may have been broken in bitcoin core 0.19 ? regardless of what parameters i run it with (e.g. "scantxoutset abort", "scantxoutset status") it just returns the help doc, according to the release notes the only change was https://github.com/bitcoin/bitcoin/pull/16285/files but i dont see anything that wouldve broken it, it works fine in 0.18
<belcher> im on regtest, in case its important
<harding> I can confirm `scantxoutset abort` returns the help doc on latest master. Waiting for 0.18.1 to start now to attempt to reproduce there.
<harding> It looks like it's expecting a second parameter (even though that doesn't make sense with "abort").
<jonatack> Same for me as well
<harding> Can also confirm that `scantxoutset abort` returns the expected result on 0.18.1.
```
As noted in the conversation, previously, the second argument of `scanobjects` is only required for the `start` action. `Stop` and `abort` actions did not and could work without them.
It appears that this was broken by #16240 which enforced the size of the arguments to match the listed required arguments.
To fix this issue, this PR makes the `scanobjects` argument an optional argument. Then only in the `start` action do we check whether the `scanobjects` argument is there and throw an informative error about that. Also a test is added for this case.
ACKs for top commit:
laanwj:
ACK 7d263571bee8c36fbe3c854b69c6f31cf1ee3b9b
promag:
ACK 7d263571bee8c36fbe3c854b69c6f31cf1ee3b9b.
Tree-SHA512: 828bdfe47f4fffa5d00a2cf88db6cea4a2714d9c49276841ca5cbdd1603b87bb6862147b86edcf36d7b40314ddb80b1a07fd399faf288572c55cc788c5cf9526
This performs the same function as -Wl,-z,now, except for ld on macOS.
You can check the binaries using otool -l, looking for the
LC_DYLD_INFO_ONLY section. lazy_bind_off and lazy_bind_size should both
be 0.
man ld:
-bind_at_load
Sets a bit in the mach header of the resulting binary which tells dyld
to bind all symbols when the binary is loaded, rather than lazily.
2081442c421cc4376e5d7839f68fbe7630e89103 test: Add test for rpc_whitelist (Emil Engler)
7414d3820c833566b4f48c6c120a18bf53978c55 Add RPC Whitelist Feature from #12248 (Jeremy Rubin)
Pull request description:
Summary
====
This patch adds the RPC whitelisting feature requested in #12248. RPC Whitelists help enforce application policies for services being built on top of Bitcoin Core (e.g., your Lightning Node maybe shouldn't be adding new peers). The aim of this PR is not to make it advisable to connect your Bitcoin node to arbitrary services, but to reduce risk and prevent unintended access.
Using RPC Whitelists
====
The way it works is you specify (in your bitcoin.conf) configurations such as
```
rpcauth=user1:4cc74397d6e9972e5ee7671fd241$11849357f26a5be7809c68a032bc2b16ab5dcf6348ef3ed1cf30dae47b8bcc71
rpcauth=user2:181b4a25317bff60f3749adee7d6bca0$d9c331474f1322975fa170a2ffbcb176ba11644211746b27c1d317f265dd4ada
rpcauth=user3:a6c8a511b53b1edcf69c36984985e$13cfba0e626db19061c9d61fa58e712d0319c11db97ad845fa84517f454f6675
rpcwhitelist=user1:getnetworkinfo
rpcwhitelist=user2:getnetworkinfo,getwalletinfo, getbestblockhash
rpcwhitelistdefault=0
```
Now user1 can only call getnetworkinfo, user2 can only call getnetworkinfo or getwalletinfo, while user3 can still call all RPCs.
If any rpcwhitelist is set, act as if all users are subject to whitelists unless rpcwhitelistdefault is set to 0. If rpcwhitelistdefault is set to 1 and no rpcwhitelist is set, act as if all users are subject to whitelists.
Review Request
=====
In addition to normal review, would love specific review from someone working on LN (e.g., @ roasbeef) and someone working on an infrastructure team at an exchange (e.g., @ jimpo) to check that this works well with their system.
Notes
=====
The rpc list is spelling sensitive -- whitespace is stripped though. Spelling errors fail towards the RPC call being blocked, which is safer.
It was unclear to me if HTTPReq_JSONRPC is the best function to patch this functionality into, or if it would be better to place it in exec or somewhere else.
It was also unclear to me if it would be preferred to cache the whitelists on startup or parse them on every RPC as is done with multiUserAuthorized. I opted for the cached approach as I thought it was a bit cleaner.
Future Work
=====
In a future PR, I would like to add an inheritance scheme. This seemed more controversial so I didn't want to include that here. Inheritance semantics are tricky, but it would also make these whitelists easier to read.
It also might be good to add a `getrpcwhitelist` command to facilitate permission discovery.
Tests
=====
Thanks to @ emilengler for adding tests for this feature. The tests cover all cases except for where `rpcwhitelistdefault=1` is used, given difficulties around testing with the current test framework.
ACKs for top commit:
laanwj:
ACK 2081442c421cc4376e5d7839f68fbe7630e89103
Tree-SHA512: 0dc1ac6a6f2f4b0be9c9054d495dd17752fe7b3589aeab2c6ac4e1f91cf4e7e355deedcb5d76d707cbb5a949c2f989c871b74d6bf129351f429569a701adbcbf
75d9317bc1aecaab95bf875f8dca97ac3daddff4 Update msvc build for Visual Studio 2019 v16.4 (Aaron Clauson)
Pull request description:
msvc warning C4834 for the Bitcoin Core build was introduced by Visual Studio 16.4.0. This PR adds an ignore rule for the warning (it's related to the nodiscard attribute and is not considered relevant).
An additional side effect of the msvc compiler update is the prebuilt Qt5.9.8 libraries cannot be linked due to being built with an earlier version of the compiler. To fix this a new Qt5.9.8 version has been compiled and the appveyor job updated to use them.
The GitHub Actions job needs to continue to use the original Qt5.9.8 libraries until the latest GitHub Windows image also updates to >= Visual Studio 2019 v16.4.
Top commit has no ACKs.
Tree-SHA512: c28d64d78a968eb0bd614932b2d42d762d68853120c345970072b473e2c43fb34e99865062ae1517b10e76f269de6b8f4eed119cf05d59aa883a3553d6a76812
msvc warning C4834 for the Bitcoin Core build was introduced by Visual Studio 16.4.0. This PR adds an ignore rule for the warning (it's related to the nodiscard attribute and is not considered relevant).
An additional side effect of the msvc compiler update is the prebuilt Qt5.9.8 libraries cannot be linked due to being built with an earlier version of the compiler. To fix this a new Qt5.9.8 version has been compiled and the appveyor job updated to use them. The GitHub Actions job needs to continue to use the original Qt5.9.8 libraries until the latest GitHub Windows image also updates to >= Visual Studio 2019 v16.4.
034561f9cd4180ea1c165cb02df6c84444a8d692 cli: fix Fatal LevelDB error when specifying -blockfilterindex=basic twice (Harris)
Pull request description:
This PR fixes#17679 by replacing BlockFilterType-vector with a set of the same type to make sure that only unique filter types get inserted.
ACKs for top commit:
MarcoFalke:
ACK 034561f9cd4180ea1c165cb02df6c84444a8d692 📖
laanwj:
ACK 034561f9cd4180ea1c165cb02df6c84444a8d692
fanquake:
ACK 034561f9cd4180ea1c165cb02df6c84444a8d692 - Tested with `src/bitcoind --blockfilterindex=basic --blockfilterindex=basic`
Tree-SHA512: 64ccec4d23528abfbb564f2b41fb846137875260ce06ea461da12175819985964a1a7442788d5ff7282b5de0c5fd46524d9a793788ee3b876626cbdf05b28c16
fab2f351f2311295c9ed893fe883a08a9104144e doc: Update release process with latest changes (MarcoFalke)
Pull request description:
Mainly adding the reminder to bump the flatpak
ACKs for top commit:
laanwj:
ACK fab2f351f2311295c9ed893fe883a08a9104144e
fanquake:
ACK fab2f351f2311295c9ed893fe883a08a9104144e
Tree-SHA512: fe279a6cdee881e8dd608cb7d09d992c4b668b01b9d0d2dbfaf92f12f3032b8fcb2c256b20fcee861397451add1338f162b6e5fa7b3c21e76c247cc419315284
fabd5b444ef83b5cd0d63b33bbf6ea4e7557d0eb ci: Use python 3.7 on Windows Github Actions (MarcoFalke)
Pull request description:
This mirrors the appveyor config 7da9e3a817/.appveyor.yml (L10) and is needed for PEP 540
ACKs for top commit:
sipsorcery:
tACK fabd5b444ef83b5cd0d63b33bbf6ea4e7557d0eb.
laanwj:
ACK fabd5b444ef83b5cd0d63b33bbf6ea4e7557d0eb
Tree-SHA512: 2d0118bf4eb5ec510d1ad6e287d35bf28cc800101fa18704c119c7bc84f545aaa236ffe45dc425559e6bd896610302a133b2c50ccdcd3ced6e4d6f8302de7cdb
7cecf10ac32af0fca206ac5f24f482bdec88cb7d Replace LegacyScriptPubKeyMan::IsCrypted with LegacyScriptPubKeyMan::HasEncryptionKeys (Andrew Chow)
bf6417142f36a2f75b3a11368bd73fe788ae1ccb Remove SetCrypted() and fUseCrypto; Change IsCrypted()'s implementation (Andrew Chow)
77a777118eaf78f10a439810d1c08d510a539aa0 Rename EncryptKeys to Encrypt and pass in the encrypted batch to use (Andrew Chow)
35f962fcf0d5107ae6a3a9348e249a9b18ff7106 Clear mapKeys before encrypting (Andrew Chow)
14b5efd66ff0afbf3bf9158a724534a9090fc7fc Move fDecryptionThoroughlyChecked from CWallet to LegacyScriptPubKeyMan (Andrew Chow)
97c0374a46943b2ed38ea24eeeff1f1568dd55b3 Move Unlock implementation to LegacyScriptPubKeyMan (Andrew Chow)
e576b135d6451101d6a8219f55d80aefa216dc38 Replace LegacyScriptPubKeyMan::vMasterKey with GetDecryptionKey() (Andrew Chow)
fd9d6eebc1eabb4675a118d19d38283da2dead39 Add GetEncryptionKey() and HasEncryptionKeys() to WalletStorage (Andrew Chow)
Pull request description:
Let wallet class handle locked/unlocked status and master key, and let keyman
handle encrypting its data and determining whether there is encrypted data.
There should be no change in behavior, but state is tracked differently. The
fUseCrypto atomic bool is eliminated and replaced with equivalent
HasEncryptionKeys checks.
Split from #17261
ACKs for top commit:
laanwj:
ACK 7cecf10ac32af0fca206ac5f24f482bdec88cb7d
Tree-SHA512: 95a997c366ca539abba0c0a7a0015f39d27b55220683d8d86344ff2d926db4724da67700d2c8ec2d82ed75d07404318c6cb81544af8aadeefab312167257e673
b6f9e3576a1ea18572e4803aeb3f39330f0cb759 test: re-enable CLI test support by using EncodeDecimal in json.dumps() (fanquake)
Pull request description:
As mentioned in https://github.com/bitcoin/bitcoin/pull/17675#issuecomment-563188648.
ACKs for top commit:
practicalswift:
ACK b6f9e3576a1ea18572e4803aeb3f39330f0cb759 assuming Travis is happy too -- diff looks correct :)
MarcoFalke:
> ACK b6f9e35 assuming Travis is happy too -- diff looks correct :)
Tree-SHA512: 79fa535cc1756c8ee610a3d6a316a1c4f036797d6990a5620e44985393a2e52f78450f8e0021d0a148c08705fd1ba765508464a365f9030ae0d2cacbd7a93e19
4341bffb6ef10909f3721329db27c5dc9bc720dd GUI: Refactor formatServicesStr to warn when a ServicesFlag is missing (Luke Dashjr)
df77de8c2157fbb4c0898586dacb2215286745c8 Bugfix: GUI: Recognise NETWORK_LIMITED in formatServicesStr (Luke Dashjr)
Pull request description:
Currently, only the bottom 8 service bits are shown in the GUI peer details view.
`NODE_NETWORK_LIMITED` is the 11th bit (2^10).
The first commit expands the range to cover the full 64 bits, and properly label `"NETWORK_LIMITED"`.
The second commit refactors the code so that any future omitted service bits will trigger a compile warning.
ACKs for top commit:
jonasschnelli:
utACK 4341bffb6ef10909f3721329db27c5dc9bc720dd
jonasschnelli:
Tested ACK 4341bffb6ef10909f3721329db27c5dc9bc720dd
hebasto:
Concept ACK 4341bffb6ef10909f3721329db27c5dc9bc720dd
Tree-SHA512: 8338737d03fbcd92024159aabd7e632d46e13c72436d935b504d2bf7ee92b7d124e89a5917bf64d51c87f12a64de703270c2d7b4c6711fa8ed08ea7887d817c7
wallet/walletutil.cpp:77:23: error: no member named 'level' in 'boost::filesystem::recursive_directory_iterator'
} else if (it.level() == 0 && it->symlink_status().type() == fs::regular_file && IsBerkeleyBtree(it...
~~ ^
7e8b4de0591437e5a964e458c024eacfd013887d rpc: add missing newline in analyzepsbt rpcresult (Jon Atack)
Pull request description:
follow-up to 638e40c in #17524
before
```
"error" : "error" (string) Error message if there is one}
```
after
```
"error" : "error" (string) Error message if there is one
}
```
ACKs for top commit:
practicalswift:
ACK 7e8b4de0591437e5a964e458c024eacfd013887d
promag:
ACK 7e8b4de0591437e5a964e458c024eacfd013887d.
emilengler:
ACK 7e8b4de
Tree-SHA512: 4cdd365e39d15b7925ea277b7ff3e9bfdc22f5845aa41ca547343b4dabdf319579843a1c7f11fb0edd6abbc31bae2ec96236b83e84f8872bd662848723725e4c
b0b15317370335b21a29193e9872cfdb3b88f46c Adds GitHub Action workflow which duplicates AppVeyor job. (Aaron Clauson)
Pull request description:
As discussed in #17594 this PR contains a GitHub Action workflow file that performs the same job as the current Appveyor CI task except for the Python functional tests. For the latter I've been unable to get them to execute successfully due to a Unicode error. I've tried on and off for a week to get it to work but with no joy.
It may be that someone more proficient in Python will recognise the error and be able to provide a pointer on how to proceed. I've tried some obvious things like changing the Windows console code page.
To run this job it should just be a matter of clicking on the GitHub `Actions` tab and enabling workflows. It's also not required that the file is on the `master` branch for the job to run. If anyone else wants to run the job they can pull this PR into their own fork and enable `Actions` (it's free).
Top commit has no ACKs.
Tree-SHA512: 8dce7509922ece3438b15ea371ec509a08b507e981a8fb705f1cf5a2b4a147a22ded599942aa95f3bd8d5e98cfc65b50cf3df6171f02dd863659160f1d77ef76
