| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
If mdb_block_info changes again, the v2 to v3 conversion would
convert to an incorrect format.
|
|
|
|
|
|
|
|
It's a hash of an empty buffer, so we can avoid keccak
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
by avoiding repeated (de)serialization
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enabled by setting the MONERO_USE_CNV4_JIT env var to 1
|
|
|
|
Minimalistic JIT code generator for random math sequence in CryptonightR.
Usage:
- Allocate writable and executable memory
- Call v4_generate_JIT_code with "buf" pointed to memory allocated on the previous step
- Call the generated code instead of "v4_random_math(code, r)", omit the "code" parameter
|
|
|
|
|
|
|
|
The 10 minute one will never trigger for 0 blocks, as it's still
fairly likely to happen even without the actual hash rate changing
much, so we add a 20 minute window, where it will (for 0 blocks)
and a one hour window.
|
|
This runs a command whenever the block rate deviates too much
from the expectation
|
|
|
|
|
|
This curbs runaway growth while still allowing substantial
spikes in block weight
Original specification from ArticMine:
here is the scaling proposal
Define: LongTermBlockWeight
Before fork:
LongTermBlockWeight = BlockWeight
At or after fork:
LongTermBlockWeight = min(BlockWeight, 1.4*LongTermEffectiveMedianBlockWeight)
Note: To avoid possible consensus issues over rounding the LongTermBlockWeight for a given block should be calculated to the nearest byte, and stored as a integer in the block itself. The stored LongTermBlockWeight is then used for future calculations of the LongTermEffectiveMedianBlockWeight and not recalculated each time.
Define: LongTermEffectiveMedianBlockWeight
LongTermEffectiveMedianBlockWeight = max(300000, MedianOverPrevious100000Blocks(LongTermBlockWeight))
Change Definition of EffectiveMedianBlockWeight
From (current definition)
EffectiveMedianBlockWeight = max(300000, MedianOverPrevious100Blocks(BlockWeight))
To (proposed definition)
EffectiveMedianBlockWeight = min(max(300000, MedianOverPrevious100Blocks(BlockWeight)), 50*LongTermEffectiveMedianBlockWeight)
Notes:
1) There are no other changes to the existing penalty formula, median calculation, fees etc.
2) There is the requirement to store the LongTermBlockWeight of a block unencrypted in the block itself. This is to avoid possible consensus issues over rounding and also to prevent the calculations from becoming unwieldy as we move away from the fork.
3) When the EffectiveMedianBlockWeight cap is reached it is still possible to mine blocks up to 2x the EffectiveMedianBlockWeight by paying the corresponding penalty.
Note: the long term block weight is stored in the database, but not in the actual block itself,
since it requires recalculating anyway for verification.
|
|
Reported by cutcoin
|
|
|
|
Fixed by hyc
|
|
|
|
|
|
Building with docker is arguably easier and more familiar to most people
than either kvm, or lxc.
This commit also relaxes the back compat requirement a bit. 32 bit linux
now uses glibc version 2.0. Also, the docker shell could not handle gcc arguments
containing spaces, so the explicit '-DFELT_TYPE' declaration was dropped.
Lastly, this removes some packages from the osx descriptor.
|
|
|
|
|
|
Co-Authored-By: Lee Clagett <vtnerd@users.noreply.github.com>
|
|
It introduces random integer math into the main loop.
|
|
|
|
|
|
```
Undefined symbols for architecture x86_64:
"common_category()", referenced from:
make_error_code(common_error) in parse.cpp.o
make_error_code(common_error) in tor_address.cpp.o
"boost::system::detail::system_category_ncx()", referenced from:
boost::system::system_category() in parse.cpp.o
boost::system::system_category() in socks.cpp.o
boost::system::system_category() in libepee.a(net_utils_base.cpp.o)
"boost::system::detail::generic_category_ncx()", referenced from:
boost::system::generic_category() in parse.cpp.o
boost::system::generic_category() in socks.cpp.o
boost::system::generic_category() in tor_address.cpp.o
boost::system::generic_category() in libepee.a(string_tools.cpp.o)
boost::system::generic_category() in libepee.a(net_utils_base.cpp.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [src/net/libnet.dylib] Error 1
make[2]: *** [src/net/CMakeFiles/net.dir/all] Error 2
```
|
|
|
|
|
|
|
|
|
|
Implies protocol version management.
|
|
for long payment ids
|
|
The change made for v2 broke v1, and we have no way to know which
version we're serializing here. However, since we don't actually
care about space savings in this case, we continue serialiazing
both mask and amount.
|
|
RPC connections now have optional tranparent SSL.
An optional private key and certificate file can be passed,
using the --{rpc,daemon}-ssl-private-key and
--{rpc,daemon}-ssl-certificate options. Those have as
argument a path to a PEM format private private key and
certificate, respectively.
If not given, a temporary self signed certificate will be used.
SSL can be enabled or disabled using --{rpc}-ssl, which
accepts autodetect (default), disabled or enabled.
Access can be restricted to particular certificates using the
--rpc-ssl-allowed-certificates, which takes a list of
paths to PEM encoded certificates. This can allow a wallet to
connect to only the daemon they think they're connected to,
by forcing SSL and listing the paths to the known good
certificates.
To generate long term certificates:
openssl genrsa -out /tmp/KEY 4096
openssl req -new -key /tmp/KEY -out /tmp/REQ
openssl x509 -req -days 999999 -sha256 -in /tmp/REQ -signkey /tmp/KEY -out /tmp/CERT
/tmp/KEY is the private key, and /tmp/CERT is the certificate,
both in PEM format. /tmp/REQ can be removed. Adjust the last
command to set expiration date, etc, as needed. It doesn't
make a whole lot of sense for monero anyway, since most servers
will run with one time temporary self signed certificates anyway.
SSL support is transparent, so all communication is done on the
existing ports, with SSL autodetection. This means you can start
using an SSL daemon now, but you should not enforce SSL yet or
nothing will talk to you.
|
|
|
|
This was noticed because GCC warned about using an enum value in a
boolean context.
|
|
The original code did not compile with GCC 8.2.1 in C++17 mode, since
comparison functions for std::set's must be invocable as const.
|
|
According to [1], the ios_base::streampos member type is deprecated, and
removed in C++17. This type was an alias for pos_type, which this commit
uses instead.
[1]: https://en.cppreference.com/w/cpp/io/ios_base
|
|
|
|
|
|
This uses system time since it doesn't see the p2p network,
so is not 100% accurate
|
|
- Support for ".onion" in --add-exclusive-node and --add-peer
- Add --anonymizing-proxy for outbound Tor connections
- Add --anonymous-inbounds for inbound Tor connections
- Support for sharing ".onion" addresses over Tor connections
- Support for broadcasting transactions received over RPC exclusively
over Tor (else broadcast over public IP when Tor not enabled).
|
|
|
|
|
|
This will trigger if a reorg is seen. This may be used to do things
like stop automated withdrawals on large reorgs.
%s is replaced by the height at the split point
%h is replaced by the height of the new chain
%n is replaced by the number of new blocks after the reorg
|
|
|
|
These aren't processed as a shell does, so this may surprise users
|
|
|
|
|
|
|
|
This was an early ringct field, which was never used in production
|
|
saves space in the tx and is safe
Found by knaccc
|
|
Found by knaccc
|
|
Found by luigi1111
|
|
This makes it easier to modify the bulletproof format
|
|
The blockchain prunes seven eighths of prunable tx data.
This saves about two thirds of the blockchain size, while
keeping the node useful as a sync source for an eighth
of the blockchain.
No other data is currently pruned.
There are three ways to prune a blockchain:
- run monerod with --prune-blockchain
- run "prune_blockchain" in the monerod console
- run the monero-blockchain-prune utility
The first two will prune in place. Due to how LMDB works, this
will not reduce the blockchain size on disk. Instead, it will
mark parts of the file as free, so that future data will use
that free space, causing the file to not grow until free space
grows scarce.
The third way will create a second database, a pruned copy of
the original one. Since this is a new file, this one will be
smaller than the original one.
Once the database is pruned, it will stay pruned as it syncs.
That is, there is no need to use --prune-blockchain again, etc.
|
|
|
|
found by sarang
|
|
|
|
For better transaction uniformity, even though this wastes space.
|
|
|
|
extra is arbitrary, and the user may well want to send custom data
|
|
|
|
|
|
|
|
|
|
|
|
This involved a reorg of the code, to factor and speedup some bits,
as well as using the cache for all modes, and making both modes
usable in the same run.
|
|
Since the commitment has to be calculated for non rct outputs,
it slows down a lot unnecessarily if we don't need it
|
|
unless --long-payment-id-support is used
|
|
This allows filling in transfer_details when a cold signed tx
gets seen in a block next
|
|
|
|
Same behaviour as subaddress.cpp now.
|
|
Half of the patch was correct, but half was introducing another bug,
where a wallet asking for a fork that the daemon does not know about
yet would decide to use those rules.
|
|
|
|
|
|
(1) If the user denies something on the Ledger,
a proper error message is now shown.
(2) Ledger doesn't time out anymore while waiting
on user input.
(3) Lower the timeout to 2 seconds, this is enough for
normal Ledger <-> System communication.
|
|
This avoids the constant message about needed to run refresh
to enter a password.
Also mention the txpool when asking for the password if the
reason is a pool tx.
|
|
This variable was never set, resulting in the
device name always showing as "disconnected".
|
|
If there are more valid characters, add them in, I did not find
an actual list.
|
|
|
|
Coverity 190651
|
|
Coverity 190660
|
|
|
|
get_output_key method is commonly used when working with txs and their key images. Because the method is not const, passing blockchain object though const& or pointers to const is not possible in this context. This is especially problematic in external projects (e.g., projects in moneroexamples) that use monero C++ api to operate on the blockchain and txs.
Thus, having get_output_key method will simplify moving blockchain object around through const references and pointers to const objects.
|
|
|
|
|
|
in case it returns 0, and other uses don't, plus it's a estimation anyway.
|
|
Since we keep track of the hf version in the db, we pick it up
from there instead of doing the full reorg call, which is quite
expensive
|
|
|
|
This is now default, so it spares us the warnings
|
|
It can get heavy for large wallets
|
|
|
|
|
|
|
|
It seemed like a good idea at the time
|
|
|
|
|
|
Its od outputs small decimals with leading 0, which means octal in C
|
|
While the lookups are faster, the zeroCommit calls have to be
done again when storing the new outputs in the db, which ends
up making the whole thing slower after all, and the ways this
can be cached aren't very nice code wise, so let's forget it
since the gains aren't very large anyway.
|
|
To use if you want all key images, not just the ones for
recently imported outputs
|
|
Help messages describe the commands usage. When users run the command
with wrong arguments, it usually helpfully offers the usage, too.
Unfortunately, these two usage messages were duplicated in the code and
started to get out of sync.
Fixing with constant strings.
|
|
avoids pointless allocs and memcpy
|
|
Also add the type back, as it was somehow weirdly split into
two different fields, one being a union...
|
|
|
|
|
|
|
|
|
|
|
|
- tx_prefix_hash is required in the key derivation for decryption of the tx keys
|
|
|
|
- docker protobuf dependencies, cross-compilation
- device/trezor protobuf build fixes, try_compile
- libusb built under all platforms, used by trezor for direct connect
|
|
We know all the data we'll want for getblocks.bin is contiguous
|
|
|
|
|
|
Estimate restore height from given date
Check date format early, error out early if invalid
|
|
|
|
Found by Coverity (188336 in Anonimal's Coverity account).
|
|
|
|
|
|
|
|
and make them not default at log level 1
|
|
They'll get duplicated otherwise
|
|
|
|
while there, disable both operator= and copy ctor, since they
are not supposed to be around for a singleton
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
in particular with NFS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Otherwise it'd end up with whatever was included last
|
|
This ensures the io service that runs in another thread cannot
access data after it's deleted
|
|
- checks if the device is in the correct usable state
- implements check for the v2.0.9 firmware which does not support payment IDs
- simple transacttion check, payment id fmt consistency
- minor fixes, refactoring, webusb session counting fix
|
|
|
|
When doing a first refresh on HW-token based wallet KI sync is required if money were received. Received money may indicate wallet was already used before the restore I.e., some transaction could have been already sent from the wallet. The spent UTXO would not be detected as spent which could lead to double spending errors on submitting a new transaction.
Thus if the wallet is HW-token based with the cold signing protocol and the first refresh detected received money the user is asked to perform the key image sync.
|
|
- adds a new option `--hw-device-deriv-path` to the simple wallet. Enables to specify wallet derivation path / wallet code (path avoided so it can be misinterpreted as a file path).
- devices can use different derivation mechanisms. Trezor uses standard SLIP-10 mechanism with fixed SLIP-44 prefix for Monero
- Trezor: when empty, the default derivation mechanism is used with 44'/128'/0'. When entered the derivation path is 44'/128'/PATH.
- Trezor: the path is always taken as elements are hardened (1<<31 bit turned on)
|
|
|
|
|
|
To ensure that the binaries compiled by gitian run across many linux
distributions, enforce 2.17 as the minimum libc version supported.
|
|
|
|
Fixing a build warning on g++ 7.3.0
|
|
So people who want a timstamp get a timestamp
|
|
Since it's all inline, I suspect the compiler will merge the
duplicate stores anyway.
|
|
This avoids the miner erroring out trying to submit blocks
to a core that's already shut down (and avoids pegging
the CPU while we're busy shutting down).
|
|
Ledger does some basic checks on them
|
|
- simple device callback object added. Device can request passphrase/PIN entry via the callback or notify user some action is required
- callback is routed to wallet2, which routes the callback to i_wallet_callback so CLI or GUI wallets can support passphrase entry for HW tokens
- wallet: device open needs wallet callback first - passphrase protected device needs wallet callback so user can enter passphrase
|
|
add new public method to Blockchain and update according to code review
update after review: better lock/unlock, try catch and coding style
|
|
If not present, the tool will scan the blockchain, since scanning
for this is fairly fast.
|
|
Only for pre rct for obvious reasons.
Note: DO NOT use a known spent list which includes outputs
which are not known spent. If the list includes any output
that's just strongly thought to be spent, but not provably
so, you risk finding yourself unable to sync past the point
where that output is spent.
I estimate only 200 MB saved on current mainnet though,
unless the new blackballing rule unearths a good amount of
large-amount-set extra spent outs.
|
|
Some of the inputs for block in a span will be from other earlier
blocks in that span. Keep track of those outputs so we don't have
to look them up again after those early blocks are added to the
blockchain.
|
|
|
|
|
|
for show_transfers
Followup on #4728
|
|
|
|
|
|
- webusb transport based on libusb added. Provides direct access to Trezor via USB, no need for Trezor bridge.
- trezor protocol message handler improved, no recursion used. Ready for upcoming integration tests.
- libusb (for docker) bumped from v1.0.9 to v1.0.22, newer version required for webusb transport, for device enumeration.
- cmake improvements and fixes. Cmake Trezor checks are moved to a dedicated CheckTrezor.cmake file. In case of a problem Trezor is excluded from build.
- ifdefs made consistent to Ledger.
- UDP Transport enumeration disabled by default in release mode
|
|
|
|
|
|
Found by codacy.com
|
|
Found by codacy.com
|
|
Found by codacy.com
|
|
Found by codacy.com
|
|
Found by codacy.com
|
|
Makes more sense than uint64_t for an offset, and agrees with
the %zu used to print results.
Found by codacy.com
|
|
|
|
|
|
Motivated by https://monero.stackexchange.com/questions/10483
Some exchanges appear to have customized the wallet software
in an inappropriate way, making the tx extra field partially
unreadable. PR #3716 changed the wallet behavior disallowing
such partially valid tx extra.
An example tx reported by the user is
e87c675a85f34ecac58a8846613d25062f1813e1023c552b705afad32b972c38
where the normal tx pubkey appears again with the aditional
tx pubkeys tag `04` which is inappropriate.
|
