fad61896e8 ci: Move --usecli --extended from i386 task to alpine task (MarcoFalke)
Pull request description:
The i386 task is getting increasingly tedious to maintain:
* It is using deprecated (disabled by default) syscalls, see commit 999e9dbfb4
* Running it on (e.g.) aarch64 is slow, due to the additional qemu overhead
It is mostly kept to have some more 32-bit coverage for https://github.com/bitcoin/bitcoin/issues/32375. But maybe in 5 or 10 years, it can be removed .... ?
So for now, try to reduce the config it runs by moving it out to longer-term tasks.
Specifically, move `TEST_RUNNER_EXTRA="--v2transport --usecli --extended"` to the native Alpine task, which should exist long-term, runs natively, and also has a debug build enabled.
ACKs for top commit:
polespinasa:
ACK fad61896e8
sedited:
ACK fad61896e8
Tree-SHA512: a406347aa06de7edbfe8c7d3d082983fa54f5c266c1b2344102cd6cd59dc5b9f46da5e15edfaa7655edf1a2ff8d70da18bae4c8297dfb0cf2c783098d8a46c30
a49bc1e24e ci: add --extended when using --usecli (Pol Espinasa)
5603ae0ffa test: fix send_batch_request to pass callables when using --usecli (Pol Espinasa)
Pull request description:
**First commit**
This commit fixes an error that made feature_index_prune.py fail if --usecli was used.
The test was failing because `node.batch(data)` was called with `data` being a dict. This worked in the normal scenario because `AuthServiceProxy.batch()` expects a list of petitions in the form of a dict. But `TestNodeCLI.batch()` expects callables and not a dict. When `--usecli` is used the test fails with an error `TypeError: 'dict' object is not callable`.
This is fixed by using `get_request()` which returns a lambda function if `--usecli` is used and returns a dict if not.
The `assert` is also changed because before this PR, the requests, constructed by hand were not specifiying the json-rpc version. By default if no version is specified we use version 1.0 which always returns `error: none` if there is no error. However, in version 2.0, it does not include an error key if there is no error. By using `get_request()` the requests are done in version 2.0 so there's no key error.
**Second commit**
The current CI doesn't cover the case of running all tests with --extended if using --usecli.
This led to a test failing (feature_index_prune.py) if run with --usecli and the CI not catching it.
See https://github.com/bitcoin/bitcoin/pull/34991 for context.
This commit improves the CI test coverage by also running now all functional tests (--extended) with the flag --usecli.
<details>
<summary>First "wrong" approach</summary>
Fixes two bugs that make `feature_index_prune.py` fail if `--usecli` is used.
1. Makes `TestNodeCLI.batch()` response equivalent to what a JSON-RPC response would look like by adding `error=None` in the response. The lack of `error` in the response was giving a `KeyError` message.
2. Makes `send_batch_request()` compatible with --usecli. Before the PR it was passing dicts to `node.batch()`, but `TestNodeCLI.batch()` expects callables, not dicts.
</details>
ACKs for top commit:
Bicaru20:
Re-ACK a49bc1e24e.
sedited:
Re-ACK a49bc1e24e
Tree-SHA512: 75fca26cf120638ced1fe38e86d8e3efa7addb6d97fc801e34783efd2cf6417f4ded2ec6247b6dcbcdb3cf4f48c4858f0932cbaa3e836a973d53581e75470a3f
ac58e6c53c test: fix P2SH output in coins cache fuzz (Lőrinc)
Pull request description:
### Problem
`coinscache_sim` manually constructs a 23-byte P2SH `scriptPubKey`, but placed `OP_EQUAL` at byte index 12.
That index is inside the 20-byte script hash payload, so the constructed script did not match the standard P2SH layout:
fa2670bd4b/src/script/script.cpp (L223-L230)
### Fix
Place `OP_EQUAL` after `OP_HASH160`, the 20-byte push opcode, and the 20-byte script hash.
Also remove a stray trailing comment terminator in the same fuzz target.
ACKs for top commit:
Crypt-iQ:
crACK ac58e6c53c
brunoerg:
ACK ac58e6c53c
sedited:
ACK ac58e6c53c
Tree-SHA512: 1f909dd25d9df87a923e6496145da0ada2b1fa6511b61fb2d203db4c7724f2341c898862a15e7051b952bca834e6654c70fba64a7bf223bfd6d399b3b5d9e59b
fa864b937e refactor: [rpc] Remove confusing and brittle integral casts (take 3) (MarcoFalke)
Pull request description:
This one cast is harmless, but confusing. Also, in the past they have been brittle to the extend of triggering bugs. See commit 44afed4cd9. So remove this one recently introduced one.
ACKs for top commit:
fjahr:
ACK fa864b937e
stickies-v:
ACK fa864b937e
sedited:
ACK fa864b937e
Tree-SHA512: 78407b97964c144f4d94cd445af4f57e29e460912ae9178898224d71f3d5237e5db88a981f7636193a6b7a22be8ad4fd833eb0efa9507284c10f87d9da0ec81b
The `coinscache_sim` fuzz target builds a 23-byte P2SH scriptPubKey manually.
Place `OP_EQUAL` at index 22, after `OP_HASH160`, the 20-byte push opcode, and the 20-byte script hash.
This matches `CScript::IsPayToScriptHash()`, which checks byte 22 for `OP_EQUAL`, see src/script/script.cpp#L229
1ed799fb21 validation: correct lifetime of precomputed tx data (Antoine Poinsot)
Pull request description:
This is a cleanup that fixes the root cause of CVE-2024-52911, which was covertly fixed in #31112 (first released in 29.0).
Security advisory for CVE-2024-52911 is available [here](https://bitcoincore.org/en/2026/05/05/disclose-cve-2024-52911).
ACKs for top commit:
theuni:
ACK 1ed799fb21. Thanks for the proper fix.
maflcko:
lgtm ACK 1ed799fb21
achow101:
ACK 1ed799fb21
optout21:
ACK 1ed799fb21
Tree-SHA512: 904fb71d95b8486b7ceb5a014bc39b1e09c42e254357d663b6da247e49c69041945119f8339724ddbef22f4e8aa4b53f72bdac8fdf7daab62aa31edc52b612e6
9fa4076b20 test: Test merging implicit PSBTv0 with explicit PSBTv0 (w0xlt)
1660c18232 doc: Release notes for psbtv2 (Ava Chow)
470e52a5f8 fuzz: Enforce additional version invariants in PSBT fuzzer (Antoine Poinsot)
5bd0579c09 test: Tests for PSBT AddInput and AddOutput (Ava Chow)
b8b6e7f0c2 tests: Add PSBT unit test for ComputeTimeLock (Ava Chow)
0bc1c2e508 tests: Add test vectors from BIP 370 (Ava Chow)
e0e4dbdeb5 psbt: Change default psbt version to 2 (Ava Chow)
bcc1dca77b Add psbt_version to PSBT RPCs and default to v2 (Ava Chow)
ab38c30195 Implement PSBTv2 field merging (Ava Chow)
93e339e29f Implement PSBTv2 AddInput and AddOutput (Ava Chow)
b39c86ae60 Allow specifying PSBT version in constructor (Ava Chow)
dcc9a3c8df Implement PSBTv2 in decodepsbt (Ava Chow)
5770dbd39f Add PSBT::ComputeLockTime() (Ava Chow)
863cf47b33 Update test_framework/psbt.py for PSBTv2 (Ava Chow)
925161eaf0 Implement PSBTv2 fields de/ser (Ava Chow)
d9cf658ee0 Restrict joinpsbts to PSBTv0 only (Ava Chow)
3da0e16012 Replace PSBT.tx with PSBT::GetUnsignedTx and PSBT::GetUniqueID (Ava Chow)
c568624ff2 psbt: Return std::optional from PrecomputePSBTData (Ava Chow)
092de4f1f6 Replace PSBT::GetInputUTXO with PSBTInput::GetUTXO (Ava Chow)
82c9fe3179 psbt: Use PSBTInput and PSBTOutput fields instead of accessing global tx (Ava Chow)
95897507e9 psbt: AddInput and AddOutput should take only PSBTInput and PSBTOutput (Ava Chow)
1b7d323a72 Add PSBTInput::GetOutPoint (Ava Chow)
543d3e1cdc psbt: add PSBTv2 global tx fields (Ava Chow)
c01c7f068c psbt: Remove default constructor (Ava Chow)
9671aa08c2 psbt: add tx input and output fields in PSBTInput and PSBTOutput (Ava Chow)
990b084f11 Have PSBTInput and PSBTOutput know the PSBT's version (Ava Chow)
7eacc21ff6 psbt: make PSBT structs into classes (Ava Chow)
f926c326bb gui: Store PSBT in std::optional in PSBTOperationsDialog (Ava Chow)
1e2d146b47 psbt: Refactor duplicate key lookup and size checks (Ava Chow)
88384180d3 test: PSBTs should roundtrip through RPCs that do nothing (Ava Chow)
001877500d test: construct psbt with unknown field programmatically (David Gumberg)
0cb884e6df psbt: Fill hash preimages and taproot builder from SignatureData (Ava Chow)
Pull request description:
BIP 370 PSBTv2 introduces several new fields and different invariants for PSBT. This PR implements those new fields and restructures the PSBT implementation to match PSBTv2 but still remain compatible with PSBTv0.
ACKs for top commit:
nervana21:
re-ACK 9fa4076b20
theStack:
re-ACK 9fa4076b20
w0xlt:
ACK 9fa4076b20
Tree-SHA512: ab0a5ada4fa5fca27ba9ec9c291a44b30e69d6db11971957572d86c58c71c4caa4557dc25f403e1170ba4fac751306d074cc582defefc6e2fdd37be51c3d9dd0
This makes sure `txsdata` always outlives the Script check queue (since local
objects are destructed in reverse order of construction).
This is the root cause for a security vulnerability reported by Cory Fields in
2024 that could be exploited by crafting an invalid block to cause nodes to
read freed memory. The vulnerability was covertly fixed in commit
`492e1f09943fcb6145c21d470299305a19e17d8b`.
See security advisory for CVE-2024-52911 for more details.
c8d688f41c fuzz: send blocktxn messages in cmpctblock harness (Eugene Siegel)
d0333bfe99 fuzz: send compact blocks in cmpctblock harness (Eugene Siegel)
3c58efe2ac fuzz: mine blocks and send headers for them in cmpctblock harness (Eugene Siegel)
651622432d fuzz: create and send transactions in cmpctblock harness (Eugene Siegel)
8c9a3fd0e8 net, fuzz: move CMPCTBLOCK_VERSION to header, use in cmpctblock harness (Eugene Siegel)
6cd480f62f fuzz: initial compact block fuzz harness (Eugene Siegel)
Pull request description:
Adds a fuzz harness for testing compact blocks, similar to `process_message(s)`. It can make (in)valid blocks, reconstruct blocks with in-mempool txns, mark peers as HB, and has high stability in AFL++ (~98-99%).
Coverage is [here](https://crypt-iq.github.io/fuzz_coverage_reports/cmpctblock-aflpp-inputs-09182025/) (look in `src/blockencodings.cpp`, relevant compact block bits in `src/net_processing.cpp`).
ACKs for top commit:
instagibbs:
ACK c8d688f41c
marcofleon:
ACK c8d688f41c
Tree-SHA512: d904066921211b32eb75c9602908929f46ecd25482c518db36ed9f30e012b350b38a2df382f0faa21decd43bc2cabcc859193207da34be76010a32df1d9ac5c8
bfbf1a7ef3 kernel: Expose btck_transaction_check consensus function (w0xlt)
Pull request description:
This PR exposes the consensus-level `CheckTransaction` function through the libbitcoinkernel C API and adds a corresponding C++ wrapper.
Currently, libkernel only provided script-level validation via `btck_script_pubkey_verify` and `ScriptPubkeyApi<>::Verify`.
AFAIK there was no way to perform context-free consensus checks on a transaction’s structure (e.g., coinbase rules, money-range, duplicate inputs).
This change introduces a new API:
```c
int btck_check_transaction(const btck_Transaction* tx, btck_TxValidationState** out_state);
```
and a C++ convenience wrapper:
```cpp
std::pair<bool, TxValidationState> btck::CheckTransaction(const Transaction& tx);
```
Both follow the ownership and error-handling conventions established in `bitcoinkernel.h`.
The test suite is extended with cases covering:
* coinbase scriptSig length bounds
* empty vin / vout detection
* negative or out-of-range output values
* duplicate inputs
* null prevouts in non-coinbase transactions
ACKs for top commit:
alexanderwiederin:
Re-ACK bfbf1a7ef3
sedited:
Re-ACK bfbf1a7ef3
janb84:
ACK bfbf1a7ef3
Tree-SHA512: fe9ba555564af3258d9ccaea1b208df0aa2a4bf2fe74a8f861b3a3b3b891f2990ffc0e3b763d14f15568e977b70ee7337a5dc7d469c63098e0b43adc2ad80e3c
11713c9fa9 net: make CConnman::m_nodes_mutex non-recursive (Vasil Dimov)
aec4fa2de0 net: drop the only recursive usage of CConnman::m_nodes_mutex (Vasil Dimov)
Pull request description:
The only case of a recursive lock was a nested `ForNode()` call to trim
the size of `lNodesAnnouncingHeaderAndIDs` to `<= 3`. This need not be
nested, so take it out.
Before:
```
fornode(newnode)
if (size >= 3)
fornode(front) handle removal of front
pop front
push back newnode
```
After:
```
fornode(newnode)
push back newnode
if (size > 3)
fornode(front) handle removal of front
pop front
```
`lNodesAnnouncingHeaderAndIDs` is protected by `cs_main` which is locked
during the entire operation.
Partially resolves: https://github.com/bitcoin/bitcoin/issues/19303
---
_This PR included https://github.com/bitcoin/bitcoin/pull/32326 (first 3 commits in this PR). That PR was merged first, so the size of this was reduced._
ACKs for top commit:
Crypt-iQ:
utACK 11713c9fa9
w0xlt:
ACK 11713c9fa9
hodlinator:
re-ACK 11713c9fa9
sedited:
ACK 11713c9fa9
Tree-SHA512: 5c626423b5041bfecd8487e2201bfa29443aa2ebe955aa7dc6680e1ee4a094296c9034a6ad70d4d63046627edeeda87f73bd27059e08ae4fe20653d8ae380b71
eed7af666b doc: Add release note for disallowing some wallet path names (David Gumberg)
3d7f0e4ed5 wallettool: Use GetWalletPath to determine the wallet path (Ava Chow)
2b0dc0d228 wallet: Disallow . and .. from wallet names (Ava Chow)
Pull request description:
Wallet names including `..` and `.` are unintuitive and can lead to various issues, see #34497
This disallows creating or loading wallets that have any path elements that are `..` or `.`, including any present in an absolute path. This does not disallow relative paths altogether but rather limits them to only being subdirectories of the wallets directory.
ACKs for top commit:
davidgumberg:
crACK eed7af666b
w0xlt:
ACK eed7af666b
arejula27:
ACK eed7af666b
Tree-SHA512: bec5e54369061eb630d9afb94701badce09e8beb63686cf714016466fc01653d4841030fc10fcd14d44e6b1022c0994cb32253d80533807704d9e11eda2423ff
1d1ae6f0c4 wallet, test: Remove DuplicateMockDatabase (Ava Chow)
57820c472b bench: Utilize setup() for WalletLoading and use a real database (Ava Chow)
9a7604fd25 bench: Use setup() in WalletMigration to prepare the legacy wallet (Ava Chow)
426a94e7bd bench: Utilize setup() in WalletEncrypt to create the encryption wallet (Ava Chow)
d672455d20 bench: Utilitze setup() in WalletBalance for marking caches dirty (Ava Chow)
61412ef887 bench: Utilize setup() in WalletCreate to cleanup previous wallets (Ava Chow)
Pull request description:
Several of the wallet benchmarks have some setup or cleanup that needs to be done per run. Now that #34208 is merged, these can use `setup()`. Additionally, this allows for removing `DuplicateMockDatabase` in `WalletEncryptDescriptors`.
This PR also removes `DuplicateMockDatabase` in `WalletLoadingDescriptors`. `DuplicateMockDatabase` was added here in #24924 as part of benchmark performance improvements. However, it does not appear to make a significant difference today.
Removing `DuplicateMockDatabase` makes future database changes easier. In particular it should simplify #33032 and #33034, and any future changes that introduce sqlite features.
ACKs for top commit:
l0rinc:
code review ACK 1d1ae6f0c4
furszy:
Other than that, ACK 1d1ae6f0c4
sedited:
ACK 1d1ae6f0c4
Tree-SHA512: 41130144972b759b401f990820eaf524d1f17f47d81bf1afea4a529d15a21d253521838a9e31df8f424996582b718a92634ab255204c6fce703b7e47a1d23670
758f208cc1 contrib: override system locale in gen-manpages.py (Sjors Provoost)
Pull request description:
`bitcoin-qt --help` emits a translation of "version", which creates a diff when updating or verifying man pages.
The script aborts earlier however, because `bitcoin-qt --version` also emits a localized output, which triggers the `Copyright (C)` assertion on a translated term like "Auteursrecht".
Fix this by passing `--lang=en` to both `bitcoin-qt` invocations.
None of the actual command options are translated, so this commit does not affect the actual manual page.
Noticed while verifying the manual updates in #34800 on macOS with Dutch system locale.
See also https://github.com/bitcoin/bitcoin/blob/master/test/lint/lint-locale-dependence.py notes about localization (though the issue here is translation).
ACKs for top commit:
achow101:
ACK 758f208cc1
sedited:
ACK 758f208cc1
hebasto:
ACK 758f208cc1.
Tree-SHA512: 0947391b85a637ae6d1d0cf4b8de4ab74b42e772bf7d70991cf2b4e035c2cb99f0f46c6cb2cd8aac9cc1be22a9e8329594536688622d3bacab22289c8151e89d
938312d7a6 docs: clarify RPC credentials security boundary (crStiv)
Pull request description:
Explicitly states that RPC credentials grant full administrative access to the node and filesystem resources accessible by bitcoind. Adds a new section in JSON-RPC-interface.md to address issue https://github.com/bitcoin/bitcoin/issues/32274 by documenting that providing RPC credentials to untrusted clients
reopened#32424
P.S. I've tried to somehow squash all the commits from the previous pr but accidentally closed the pr and had no idea how to return back, therefore created a new pr, I'm really sorry for the inconvenience
ACKs for top commit:
achow101:
ACK 938312d7a6
janb84:
re ACK 938312d7a6
sedited:
ACK 938312d7a6
Tree-SHA512: 54db0651cfe4a92d700d09c822db5cb68f60f17a4634eb8f132939294e7a0ca2aea15ddc4d581610976158f7546e9c4463cfe113de9500162a0f107e168833cd
2104282ddd fuzz: Add tests for CCoinControl methods (Chandra Pratap)
43b09b993d fuzz: Improve oracle for existing CCoinControl tests (Chandra Pratap)
Pull request description:
The `ccoincontrol` fuzzer misses tests for a number of `CCoinControl` operations. Add them.
While at it, improve the oracle for the existing tests.
ACKs for top commit:
l0rinc:
Lightly tested code review ACK 2104282ddd
brunoerg:
reACK 2104282ddd
sedited:
Re-ACK 2104282ddd
Tree-SHA512: bfc8c9a51fca94437332056c476840d841a5b42dd6749cb34105b7ae78215ec9c3eb0f407e1a5f51b3ac20d7abb97cae7c21ad2146d5be9409edbc2cd2c568ee
Add btck_transaction_check() to the libbitcoinkernel C API, exposing
context-free transaction consensus validation (consensus/tx_check.h).
Introduces btck_TxValidationState with introspection and lifecycle
functions. btck_TxValidationResult is exposed for compatibility with
existing validation-state APIs, though btck_transaction_check currently
reaches only UNSET and CONSENSUS.
Includes C++ wrapper and test coverage for btck_transaction_check using
test vectors from tx_valid.json / tx_invalid.json.
1950da94fc test: enable `rpc_bind` on macOS and BSD (Lőrinc)
7236a05503 test: enable `feature_bind_extra` on macOS and BSD (Lőrinc)
Pull request description:
### Problem
Some functional tests are shown as skipped when running on macOS & BSD because `test_framework/netutil.py` only implemented the Linux-specific logic for checking which TCP sockets a node is listening on.
### Fix
Add macOS and BSD implementations in `test/functional/test_framework/netutil.py` so tests can query:
* which TCP sockets a node is listening on (`get_bind_addrs()`, via `lsof`)
* a non-loopback interface address (`all_interfaces()`, via `ifconfig`)
Then enable the previously Linux-only tests by switching to a shared POSIX platform guard.
### Commands
<details>
<summary><code>get_bind_addrs()</code> (<code>lsof</code> + regex)</summary>
> Command used
```bash
lsof -nP -a -p <pid> -iTCP -sTCP:LISTEN -Ftn
```
> Flags
- -D: device cache warnings
- -n: no hostname resolution
- -P: no service/port-name resolution
- -a: AND all conditions
- -p <pid>: filter by process ID
- -iTCP: TCP sockets only
- -sTCP:LISTEN: listening sockets only
- -Ftn: machine-readable output (fields: type `t`, name `n`)
> Regex parser
```regex
t(IPv[46])\nn(\*|\[.+?]|[^:]+):(\d+)
```
> Captured groups
- group 1: IPv4 / IPv6 (used to disambiguate `*`)
- group 2: host (`*`, `[::1]`, `127.0.0.1`, ...)
- group 3: port
</details>
<details>
<summary><code>all_interfaces()</code> (<code>ifconfig</code> + regex)</summary>
> Command used
```bash
ifconfig -au
```
> Regex parsing
Interface blocks:
```regex
(?m)^(?P<iface>\S+):(?P<block>[^\n]*(?:\n[ \t]+[^\n]*)*)
```
IPv4 extraction within each block:
```regex
inet (\S+)
```
</details>
### Notes
The only remaining platform skips on macOS are the USDT/BPF tracing tests (`interface_usdt_*.py`).
ACKs for top commit:
Sjors:
ACK 1950da94fc
achow101:
ACK 1950da94fc
willcl-ark:
tACK 1950da94fc
Tree-SHA512: 4cecc88852623f3fe3a7dccceb0e71932824c1ed7f1d4ab89b953ff6b7991afbd0b016c819c17e966bed53082dd623a832752b8847711861009cd5ffc4677367
1aa78cdab6 clusterlin: adopt STL ranges algorithms (refactor) (Pieter Wuille)
747da25360 feefrac: drop comparison and operator{<<,>>} for sorted wrappers (Pieter Wuille)
Pull request description:
Instead of having an unintuitive but strong implicit sort order on `FeeFrac` (first increasing feerate, then decreasing size), and separate overloaded `operator<<` and `operator>>` that implement a weak ordering that only looks at feerate, replace these with explicit wrapper classes which make the behavior more explicit (`ByRatio` and `ByRatioNegSize`).
This allows for things like `ByRatio{a} <= ByRatio{b}`, instead of the earlier `!(a >> b)`. It also supports usage inside `std::min`/`std::max`/`std::less`, and `std::greater`, so one can use:
* `std::max<ByRatioNegSize<FeeFrac>>(a, b)` to get the highest-feerate `FeeFrac`, tie-breaking by smallest size.
* `std::ranges::sort(v, std::greater<ByRatioNegSize<FeeFrac>>{});` to sort a vector that way.
Suggested in https://github.com/bitcoin/bitcoin/pull/34257#discussion_r2780475893.
ACKs for top commit:
achow101:
ACK 1aa78cdab6
sedited:
ACK 1aa78cdab6
ajtowns:
ACK 1aa78cdab6
Tree-SHA512: d76657b15f6d745e5ca01c67fd5b101fdc418e6301646d14e575b6564bfa2fe0eb40a95a7ff95a4420624ef6b67224d35e4713aa5bbc0d293e08fe44c0cc6db0
This change includes `s/RecursiveMutex/Mutex/` and a pile of
annotations to keep the compiler happy after the type change.
Partially resolves: https://github.com/bitcoin/bitcoin/issues/19303
The only recursive usage of `CConnman::m_nodes_mutex` is from
`PeerManagerImpl::MaybeSetPeerAsAnnouncingHeaderAndIDs()` which uses
nested calls to `CConnman::ForNode()` to trim the size of
`lNodesAnnouncingHeaderAndIDs` to `<= 3`. This need not be nested, so
take it out.
Before:
```
fornode(newnode)
if (size >= 3)
fornode(front) handle removal of front
pop front
push back newnode
```
After:
```
fornode(newnode)
push back newnode
if (size > 3)
fornode(front) handle removal of front
pop front
```
`lNodesAnnouncingHeaderAndIDs` is protected by `cs_main` which is locked
during the entire operation.
08925d5ee7 test: add coverage for loading a wallet in a non-writable directory (furszy)
0218966c0d test: add coverage for wallet creation in non-writable directory (furszy)
bc0090f1d6 wallet: handle non-writable db directories (furszy)
Pull request description:
Make wallet creation and load fail with a clear error when the db directory isn’t writable.
#### 1) For Wallet Creation
Before: creating a wallet would return a generic error:
"SQLiteDatabase: Failed to open database: unable to open database file"
After: creating a wallet returns:
"SQLiteDatabase: Failed to open database in directory <dir_path>: directory is not writable"
#### 2) For Wallet Loading
We currently allow loading wallets located on non-writable directories. This is problematic
because the node crashes on any subsequent write; generating a block is enough to trigger it.
Can be verified just by running the following test on master: 85fa4e2910
Also, to check directory writability, this creates a tmp file rather than relying on the
`permissions()` functions, since perms bits alone may not reliably reflect actual writability
in some systems.
Testing Note:
Pushed the tests in separate commits so they can be cherry-picked on master for comparison.
ACKs for top commit:
rkrux:
re-ACK 08925d5ee7
achow101:
ACK 08925d5ee7
seduless:
Tested ACK 08925d5ee7
Tree-SHA512: e480eab329a1d595fe0b191e83c97956e3ff1d1e335ada8ac6fe72bc4b2bb9b13b0d49db0254d34ad75f816db06d9cd0c21d3063d7d8ee6687a7ea2324c36288
walletcreatefundedpsbt, createpsbt, converttopsbt, and psbtbumpfee take
a psbt_version argument to set the version of the PSBT that they
produce. The default psbt_version is 2.
