Just-in-case sanity test for JSON spirit and AmountFromValue.
Also update rpc_format_monetary_values test to use ValueFromAmount,
so that ValueFromAmount is also tested.
Simplifies the dialog (makes it look less crowded) as well
as the code and makes it possible to copy multiple fields at once.
Also format bitcoin URI as URI, add copy button for URI.
Also update URI parsing to fill in this field.
Note that the message is not currently used in any way with the client.
It should be stored with the transaction.
These no longer make sense in the new workflow. It's less
clicks to reach sign/verify message from the menu. And sending
from the address book is one kind of automatic address reuse
we're trying to avoid.
The existing CNode::addrLocal member is revealed to the user,
as an address string, similar to the existing "addr" field.
Instead of showing garbage or empty string,
it simply will not appear in the output if local address not known yet.
This adds an executable `bitcoin-rpc` that only serves as a Bitcoin RPC
client.
The commit does not remove RPC functionality from the `bitcoind` yet,
this functionality should be deprecated but is left for a later version
to give users some time to switch.
This ensures the allocator is ready no matter when it's needed (as
some STL implementations allocate in constructors -- i.e., MSVC's STL
in debug builds).
Using boost::call_once to guarantee thread-safe static initialization.
Adding some comments describing why the change was made.
Addressing deinitialization of the LockedPageManager object
by initializing it in a local static initializer and adding
an assert in the base's destructor.
Selecting the button for a pages was going through bitcoingui->walletframe->walletview->bitcoingui.
Because of this, the actions for the pages had to be exposed on the BitcoinGUI object.
- rename reportError() into message() to be in line with our default
message() signal/slot naming (and can be used for all types of messages)
- rename some QStrings to not collide with message() function
- add a missing message for malformed URIs that IS also used in BitcoinGUI
- fix / extend some comments and misc style fixes
There were too many levels of indirection here, and the functionality of
walletframe and walletstack can easily be merged. This commit
merges the two which cuts a lot of lines of boilerplate code.
- this extends the accepted ciphersuites with TLSv1.2 ones
- also removes !AH, as I could not find documentation on it and the change
did not result in a changed ciphersuite list (checked via openssl
ciphers -v)
- closes#3096 (which also contains more details)
SendMessages() tries to acquire a cs_main lock now, but this isn't nessecary
for much of its functionality. Move those parts out of the locked section,
so they can always be performed, and we hold cs_main for a shorter time.
This removes a few unused CBlockLocator methods, and moves the
construction and fork-finding logic to CChain (which can do these
more efficiently, as it has a height-indexable chain available).
It also makes CBlockLocator independent from the validation code.
971bb3e Added ping time measurement. New RPC "ping" command to request ping. Implemented "pong" message handler. New "pingtime" field in getpeerinfo, to provide results to user. New "pingwait" field, to show pings still in flight, to better see newly lagging peers. (Josh Lehan)
- I observed a massive amount of redefinition warnings after #3071, which
are silenced by this patch
- uses the same style as we do in other places, where we define _WIN32_WINNT
- make processPaymentRequest() use our own HTML-escaping function from
GUIUtil
- make string "application/bitcoin-payment" a constant (below similar
constant strings in the .cpp file)
- clear(): clear all UI elements (for secure and insecure payments)
- setValue(): only modify UI elements, which need to be set (for secure
or insecure payments)
Create an allocators.cpp, and move all of the #ifdef WIN32
code and the #include of windows.h into it.
Two motives for this cleanup:
1. I'm getting a weird error in windows.h in my smartfee branch.
2. allocators.h is included (indirectly) just about everywhere, so
this should speed up Windows compiles quite a lot.
- fixes#3037 by adding missing join_all() call and brings bitcoind
shutdown code in line with Bitcoin-Qt shutdown code
- added a comment for the if (!fRet) case
- when closing the client with an open debug window, that window could
become stuck/unsuable (it was still shown wherea the main window was
hidden already)
- fix this by hiding the debug window, when quitting the the client
Changes the maximum size of a free transaction that will be created
from 10,000 bytes to 1,000 bytes.
The idea behind this change is to make the free transaction area
available to a greater number of people; with the default 27K-per-block,
just three very-large very-high-priority transactions could fill the space.
Remove the (relay/mempool) rule that all outputs of free transactions
must be greater than 0.01 XBT. Dust spam is now taken care of by making
dusty outputs non-standard.
New RPC "ping" command to request ping.
Implemented "pong" message handler.
New "pingtime" field in getpeerinfo, to provide results to user.
New "pingwait" field, to show pings still in flight, to better see newly lagging peers.
- remove some unneeded translatable strings from sendcoinsentry.ui file and
rename some elements for better readability
- optimize string prorcessing in SendCoinsDialog::on_sendButton_clicked()
- make all UI labels for secure payments plain text and move the settings
to sendcoinsentry.ui file
- remove unneeded button and default button definiton from warning message
boxes
- remove fixed font-size when sending coins to an address with label and
use monospace font for addresses
- make BitcoinGUI::showPaymentACK() use a reference for msg and use our
own GUIUtil::HtmlEscape() function
- ensure QTimer usage in clientmodel is the same as in walletmodel
- remove an unneeded debug message in walletframe
- flag some parameters as unused in DebugMessageHandler()
- small code formatting changes
Instead of building a full copy of a CTransaction being signed, and
then modifying bits and pieces until its fits the form necessary
for computing the signature hash, use a wrapper serializer that
only serializes the necessary bits on-the-fly.
This makes it easier to see which data is actually being hash,
reduces load on the heap, and also marginally improves performances
(around 3-4us/sigcheck here). The performance improvements are much
larger for large transactions, though.
The old implementation of SignatureHash is moved to a unit tests,
to test whether the old and new algorithm result in the same value
for randomly-constructed transactions.
If BDB_CPPFLAGS returns only "-I", the next argument sent to the preprocessor
is treated as a path. There are 2 fixes here:
1. Check in CPPFLAGS, as a user might have manually passed a path to check.
2. Ensure the value is not empty before setting BDB_CPPFLAGS to "-I value"
This changes the priority calculation to not include the size of per-txin
data including up to 110 bytes of scriptsig so that transactions which
sweep up extra UTXO don't lose priority relative to ones that don't.
I'd toyed with some other variations, but it seems like any formulation
which results in an incentive stronger than making them not count will
sometimes create incentives to add extra outputs so that you have
extra inputs to consume later. The maximum credit is limited so that
users don't lose the disincentive to stuff random data in their
transactions, the limit of 110 is based on the size of a P2SH
redemption with a compressed public key.
This shouldn't need a staged deployment because the priority is not
used as a relay criteria, only a mining criteria.
This change moves test data into the binaries rather than reading them from
the disk at runtime.
Advantages:
- Tests become distributable
- Cross-compile friendly. Build on one machine and execute in an arbitrary
location on another.
- Easier testing for backports. Users can verify that tests pass without having
to track down corresponding test data.
- More trustworthy test results and easier quality assurance as tests make
fewer assumptions about their environment.
- Tests could theoretically run at client/daemon startup and exit on failure.
Disadvantages:
- Required 'hexdump' build-dependency. This is a standard bsd tool that should
be usable everywhere. It is likely already installed on all build-machines.
- Tests can no longer be fudged after build by altering test-data.
libleveldb.a and libmemenv.a should be able to build in parallel, but in
practice calling the leveldb makefile ends up rewriting build_config.mk. If
one target tries to build while the other is halfway through writing the
.mk, the make ends up in an undefined state.
Fix that by making one depend on the other. This also reorders the variables
to be passed by param rather than via the environment, and combines the targets
into a single rule to avoid needless duplication.
As we'd previously learned, OSX's fsync is a data eating lie.
Since 0.8.4 we're still getting some reports of disk corruption on
OSX but now all of it looks like the block files have gotten out of
sync with the database. It turns out that we were still using fsync()
on the block files, so this isn't surprising.
- ensure message boxes are shown in center of our main window, not
centered on the users desktop
- always prefer user supplied titles for message boxes over the functions
defaults (fixes a bug, where transaction info messages did not contain
information, if it was incoming or outgoing)
- rename URL into URI in paymentserver where correct
- add some missing Qt-coding-stuff in paymentserver
- change QSpinBox to QLineEdit as base for BitcoinAmountField in .ui files
(as this is the result when converting the BAF back into base)
- remove some c_str() and replace with QString::fromStdString()
- remove several new-lines
- remove unneeded spaces
- indentation fixes
This also makes negative transaction versions non-standard.
This avoids an issue triggered in block 256818 where transactions with
negative version numbers were incorrectly serialized into the UTXO set.
On restart nodes detect the inconsistency and refuse to start so long as
a block with these transactions is inside the self-consistency check
window, logging "coin database inconsistencies found". The software
recommends reindexing, but reindexing does not correct the problem.
This should be fixed by changing the chainstate serialization, but
working around it seems harmless for now because the version is not
used by any network rule currently.
A patch free workaround is to start with -checklevel=2 which skips
the consistency checks, but the IsStandard change is important for
miners in order to protect unpatched nodes.
I've seen users confused multiple times thinking they
should be using -tor to set their tor proxy and then
finding in horror that they were still connecting to
the IPv4 internet.
Even Jeff guesses wrong about what the knob does, so
I think we should rename it. This leaves the old
knob working, we can pull it out completely in a
later release.
- prepend "Bitcoin-Qt" in front of debug.log entries, which come from Qt
- move DebugMessageHandler installation upwards to the event handler
installation, which fits much better
Correctly use the purpose of addresses that are added after the start
of the client. Addresses with purpose "refund" and "change" should not
be visible in the GUI. This is now handled correctly.
- extend PaymentServer with setOptionsModel() and rework initNetManager()
to make use of that
- fix all other places in the code to use display unit from options and no
hard-coded unit
There have been several incidents where mainnet experimentation with
raw transactions resulted in insane fees. This is hard to prevent
in the raw transaction api because the inputs may not be known.
Since sending doesn't work if the inputs aren't known, we can catch
it there.
This rejects fees > than 10000 * nMinRelayTxFee or 1 BTC with the
defaults and can be overridden with a bool at the rpc.
We're not seeing large reorgs that would justify waiting a large
amount past the rule required maturity, and the extra three
hours is just a nuisance. Take one more block to at least give
the 100th block time to propagate.
Seems it was forgotten about when IsPushOnly() and the unittests were
written. A particular oddity is that OP_RESERVED doesn't count towards
the >201 opcode limit unlike every other named opcode.
getblocktemplate only uses certain portions of the coinbase transaction,
notably ignoring the coinbase TX output entirely.
Use CreateNewBlock() rather than CreateNewBlockWithKey(), eliminating
the needless key passing.
Should be zero behavior changes.
With an encrypted wallet the GUI was prompting for a passphrase every time
the user requested a new address. This is unnecessary, increases the
exposure to keyboard sniffers, and discourages using fresh addresses for
every transaction.
Instead only prompt for a passphrase when the keypool runs out, also call
the new address function with the flag that prevents reuse.
Thanks to AlexNagy on IRC for pointing this out and who wouldn't take any
lip from a curmudgeonly developer and insisted on what he knew to be true.
WalletView:
- add new signal showNormalIfMinimized()
- emit the new signal in handleURI() to fix a bug, preventing the main
window to show up when using bitcoin: URIs
WalletStack:
- connect the showNormalIfMinimized() signal from WalletView with the
showNormalIfMinimized() slot in BitcoinGUI
- rework setCurrentWallet() to return a bool
- add check for valid walletModel in addWallet()
- add missing gui attribute initialisation in constructor
WalletFrame:
- remove unused or unneded class attributes gui and clientModel
- add a check for valid clientModel in setClientModel()
General:
- small code formatting changes
Add support for a Payment Protocol to Bitcoin-Qt.
Payment messages are protocol-buffer encoded and communicated over
http(s), so this adds a dependency on the Google protocol buffer
library, and requires Qt with OpenSSL support.
- move SelectParamsFromCommandLine() from init.cpp to bitcoin.cpp to allow
to use TestNet() for Bitcoin-Qt instead of GetBoolArg("-testnet", false)
- change order in bitcoind.cpp to match bitcoin.cpp functionality
- hamonize error message strings for missing datadir and failing
SelectParamsFromCommandLine() in bitcoin.cpp and bitcoind.cpp
- use TestNet() call in splashscreen.cpp
Straight refactor, so mapAddressBook stores a CAddressBookData
(which just contains a std::string) instead of a std::string.
Preparation for payment protocol work, which will add the notion
of refund addresses to the address book.
Replaces the validation check for "amount == 0" with an isDust check,
so very small output amounts are caught before the wallet
is unlocked, a transaction is created, etc.
- update translation master files
- include current translations from Transifex
- add several new languages
- fix a bug in bitcoin.qrc, which prevents some languages from beeing used
(wrong file extension .ts instead of .qm was used)
This reduces a peer's ability to attack network resources by
using a full bloom filter, but without reducing the usability
of bloom filters. It sets a default match everything filter
for peers and it generalizes a prior optimization to
cover more cases.
To fix a minor malleability found by Sergio Lerner (reported here:
https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898)
The problem is that if (R,S) is a valid ECDSA signature for a given
message and public key, (R,-S) is also valid. Modulo N (the order
of the secp256k1 curve), this means that both (R,S) and (R,N-S) are
valid. Given that N is odd, S and N-S have a different lowest bit.
We solve the problem by forcing signatures to have an even S value,
excluding one of the alternatives.
This commit just changes the signing code to always produce even S
values, and adds a verification mode to check it. This code is not
enabled anywhere yet. Existing tests in key_tests.cpp verify that
the produced signatures are still valid.
The length of vectors, maps, sets, etc are serialized using
Write/ReadCompactSize -- which, unfortunately, do not use a
unique encoding.
So deserializing and then re-serializing a transaction (for example)
can give you different bits than you started with. That doesn't
cause any problems that we are aware of, but it is exactly the type
of subtle mismatch that can lead to exploits.
With this pull, reading a non-canonical CompactSize throws an
exception, which means nodes will ignore 'tx' or 'block' or
other messages that are not properly encoded.
Please check my logic... but this change is safe with respect to
causing a network split. Old clients that receive
non-canonically-encoded transactions or blocks deserialize
them into CTransaction/CBlock structures in memory, and then
re-serialize them before relaying them to peers.
And please check my logic with respect to causing a blockchain
split: there are no CompactSize fields in the block header, so
the block hash is always canonical. The merkle root in the block
header is computed on a vector<CTransaction>, so
any non-canonical encoding of the transactions in 'tx' or 'block'
messages is erased as they are read into memory by old clients,
and does not affect the block hash. And, as noted above, old
clients re-serialize (with canonical encoding) 'tx' and 'block'
messages before relaying to peers.
Fixes issue#2838; this is a tweaked version of pull#2845 that
should not leak the length of the password and is more generic,
in case we run into other situations where we need
timing-attack-resistant comparisons.
Orphan transactions were stored as a CDataStream pointer;
this changes the mapOrphanTransactions data structures to
store orphans as a CTransaction.
This also fixes CVE-2013-4627 by always re-serializing
transactions before relaying them.
- move the code for saving and restoring window positions from BitcoinGUI
to GUIUtil, make it more generic and also use it for saving/restoring
debug window positions
- it was possible to trigger an infinite loop in FreespaceChecker::check() by
simply removing the drive letter on Windows (which leads to an infinite
loop in the FreespaceChecker thread)
- this was caused by not checking if we make progress with
parentDir.parent_path()
- remove an unneded include for mswsock.h as we use winsock2.h anyway
- move typedef u_int SOCKET; into the #ifndef WIN32 part
- remove typedef int socklen_t; as this is defined in ws2tcpip.h
- fixes src\net.cpp:1601: Error:invalid conversion from 'void*' to
'const char*' [-fpermissive] in a setsockopt() call on Win32 that was
found by using MinGW 4.8.1 compiler suite
The key refactor changed the way unencrypted private keys with compressed
public key are stored in the wallet. Apparently older versions relied on
this to verify the correctness of stored keys.
Note that earlier pre-release versions do risk creating wallets that can
not be opened by 0.8.3 and earlier.
use std::string instead of psz for WalletFile
only allow wallets within $DATADIR
Use strWalletFile in salvage/recover
fix: remove unused variable pszWalletFile
move strWalletFile to init.h/init.cpp
avoid conversion of strWalletfile to c-string
dumpwallet: produce a dump of all keys in a wallet, in a format
compatible with Bitcoin Wallet for Android and Multibit.
importwallet: import such a dump
Compute safe lower bounds on the birth times of all wallet keys. For
pool keys or keys with metadata, the actually stored birth time is
used. For all others, the birth times are inferred from the wallet
transactions.
This function finds all keys affected by a particular output script,
supporting everything ExtractDestinations supports (pay-to-pubkey,
pay-to-pubkeyhash, multisig) and recurses into subscripts (P2SH).
In case no database exists yet, and -txindex(=1) is passed, we currently first
check whether fTxIndex differs from -txindex (and ask the user to reindex in
that case), and only afterwards initialize the database. By swapping these
around (the initialization is a no-op in case the database already exists),
we allow it to be born in txindex mode, without warning.
That also means we don't need to check -reindex anymore, as the wiping/reinit
of the databases happens before checking.
Refactor keytime:
* Key metadata is kept in a CWallet::mapKeyMetadata (std::map<CKeyId,CKeyMetadata>).
* When generating a new key, time is put in that map, and new key is written.
* AddKeyPubKey and AddCryptedKey do not take a creation time argument, but instead
pull it from that map, if it exists there.
Bugfix:
* AddKeyPubKey and AddCryptedKey in CWallet didn't override the CKeyStore
definition anymore. This is fixed, as they no longed need the nCreationTime
argument now.
Also a few related other changes:
* Metadata can be overwritten.
* Only GenerateNewKey calls GetTime(), as it's the only place where we know for
sure a key was not constructed earlier.
* When the nTimeFirstKey is known to be inaccurate, it is set to the value 1
(instead of 0, which would mean unknown).
* Use CPubKey instead of std::vector<unsigned char> where possible.
The new class is accessed via the Params() method and holds
most things that vary between main, test and regtest networks.
The regtest mode has two purposes, one is to run the
bitcoind/bitcoinj comparison tool which compares two separate
implementations of the Bitcoin protocol looking for divergence.
The other is that when run, you get a local node which can mine
a single block instantly, which is highly convenient for testing
apps during development as there's no need to wait 10 minutes for
a block on the testnet.
This adds an introduction screen that is shown when the client is first
started in which the user can choose a data directory.
It is also possible to force the intro screen to appear using command
line argument `-choosedatadir`.
The user is warned that the client will download and store 10Gb of data.
The intro screen shows how much space is available on the device that
contains the chosen directory and warns if this is less than the 10Gb.
To make it possible to translate the introduction dialog, the initialization
sequence is changed so that translations are
loaded before the data directory. This has the by-effect that it is
no longer possible to specify a language in bitcoin.conf inside the data
directory.
This (nearly) doesn't change fee rules at all:
* To make it into the fee transaction area, the dPriority comparison
changed from < to <=
* We now just ignore transactions > MAX_BLOCK_SIZE/4 instead of
doing some calculations to require increasingly large fees as
size increases.
Without this include, sometimes BOOST_VERSION was defined and sometimes
it was not, depending on which includes came before it. The result was a
random mix of sleep or sleep_for for boost versions >= 1.50.
- removes our NewThread() function an replaces remaining calls with
boost::thread with our TraceThread template
- remove ExitThread() function
- fix THREAD_PRIORITY_ABOVE_NORMAL for non Windows OSes
- adds a reindex dialog for Bitcoin-Qt to change -txindex without the need
to supply -reindex
- now also does a -reindex, when removing the -txindex switch
Removed AreInputsStandard from CTransaction, made it a regular function in main.
Moved CTransaction::GetOutputFor to CCoinsViewCache.
Moved GetLegacySigOpCount and GetP2SHSigOpCount out of CTransaction into regular functions in main.
Moved GetValueIn and HaveInputs from CTransaction into CCoinsViewCache.
Moved AllowFree, ClientCheckInputs, CheckInputs, UpdateCoins, and CheckTransaction out of CTransaction and into main.
Moved IsStandard and IsFinal out of CTransaction and put them in main as IsStandardTx and IsFinalTx. Moved GetValueOut out of CTransaction into main. Moved CTxIn, CTxOut, and CTransaction into core.
Added minimum fee parameter to CTxOut::IsDust() temporarily until CTransaction is moved to core.h so that CTxOut needn't know about CTransaction.
Added explicit include of main.h in init.cpp, changed include of init.h to include of main.h in net.cpp.
Added function registration for net.cpp in init.cpp's network initialization.
Removed protocol.cpp's dependency on main.h.
TODO: Remove main.h include in net.cpp.
This will allow each to have its own main(), meaning that we can build a common
base client and simply link in the correct startup object to create the
appropriate binary.
- harmonize BitcoinGUI::setClientModel() and RPCConsole::setClientModel()
- now RPCConsole::setClientModel() also includes a direct call to
setNumBlocks()
- this directly sets up all GUI elements that have testnet special-casing
without first setting up main net stuff and changing afterwards (titles,
icons etc.)
- also fixes 2 wrong icons shown during testnet usage on our toolbar
- explicitly set the default of all GetBoolArg() calls
- rework getarg_test.cpp and util_tests.cpp to cover this change
- some indentation fixes
- move macdockiconhandler.h include in bitcoin.cpp to the "our headers"
section
This commit squashes all the changes in the Qt5 branch
relative to master.
Backward compatibility with Qt4 is retained.
Original authors:
- Philip Kaufmann <phil.kaufmann@t-online.de>
- Jonas Schnelli <jonas.schnelli@include7.ch>
This commit decouples the pMiningKey initialization and shutdown from the RPC
threads.
`getwork` and `getblocktemplate` rely on pMiningKey, and can also be ran
from the debug window in the UI even when the RPC server is not running.
Solves issue #2706.
Write bestblock records in wallets:
* Every 20160 blocks synced, no matter what (before: none during IBD)
* Every 144 blocks after IBD (before: for every block, slow)
* When creating a new wallet
* At shutdown
This should result in far fewer spurious rescans.
Remove the pnext pointer in CBlockIndex, and replace it with a
vBlockIndexByHeight vector (no effect on memory usage). pnext can
now be replaced by vBlockIndexByHeight[nHeight+1], but
FindBlockByHeight becomes constant-time.
This also means the entire mapBlockIndex structure and the block
index entries in it become purely blocktree-related data, and
independent from the currently active chain, potentially allowing
them to be protected by separate mutexes in the future.
At startup, check that the expected genesis is loaded. This should prevent
cases where accidentally a datadir from the wrong network is loaded
(testnet vs mainnet, e.g.).
Compiling on my OSX 10.6 build machine, I get:
Undefined symbols:
"boost::chrono::steady_clock::now()", referenced from:
boost::cv_status boost::condition_variable::wait_for<long long, boost::ratio<1ll, 1000000000ll> >(boost::unique_lock<boost::mutex>&, boost::chrono::duration<long long, boost::ratio<1ll, 1000000000ll> > const&)in bitcoinrpc.o
Linking against the boost_chrono fixes the issue.
Windows builds already link against boost_chrono; Linux doesn't, but compiles (on pull-tester / gitian, at least).
A base_uint used to be made of an array of unsigned ints. This works
fine on most platforms, but might not work on certain present or future
platforms. The code breaks if an unsigned int is 16 or 64 bits, so it's
important to be specific. Also changed "u" to "you".
New method in bitcoinrpc: RunLater, that uses a map of deadline
timers to run a function later.
Behavior of walletpassphrase is changed; before, calling
walletpassphrase again before the lock timeout passed
would result in: Error: Wallet is already unlocked.
You would have to call lockwallet before walletpassphrase.
Now: the last walletpassphrase with correct password
wins, and overrides any previous timeout.
Fixes issue# 1961 which was caused by spawning too many threads.
Test plan:
Start with encrypted wallet, password 'foo'
NOTE:
python -c 'import time; print("%d"%time.time())'
... will tell you current unix timestamp.
Try:
walletpassphrase foo 600
getinfo
EXPECT: unlocked_until is about 10 minutes in the future
walletpassphrase foo 1
sleep 2
sendtoaddress mun74Bvba3B1PF2YkrF4NsgcJwHXXh12LF 11
EXPECT: Error: Please enter the wallet passphrase with walletpassphrase first.
walletpassphrase foo 600
walletpassphrase foo 0
getinfo
EXPECT: wallet is locked (unlocked_until is 0)
walletpassphrase foo 10
walletpassphrase foo 600
getinfo
EXPECT: wallet is unlocked until 10 minutes in future
walletpassphrase foo 60
walletpassphrase bar 600
EXPECT: Error, incorrect passphrase
getinfo
EXPECT: wallet still scheduled to lock 60 seconds from first (successful) walletpassphrase
A green testnet splashscreen with a normal, orange dock icon looks strange and can confuse users.
Signed-off-by: Jonas Schnelli <jonas.schnelli@include7.ch>
So we stop getting pull requests (like #2604) fixing problems with disabled Script opcodes.
A hard fork would be required to re-enable these, and if we ever did that we'd require extensive review and testing.
When debugging another issue, I found a hang-during-startup race condition due to
LoadWallet calling SetMinVersion (via LoadCryptedKey).
Writing to the file that you're in the process of reading is a bad idea.
Bitcoin-Qt could core dump if application initialization failed in certain ways.
I double-fixed this:
1) qt/bitcoin.cpp now shuts down core threads cleanly if AppInit2 returns false
2) init.cpp now exits before StartNode() if strErrors is set (no reason to StartNode if we're just going to exit immediately anyway).
Tested by triggering all of the various ways AppInit2 can fail, either by passing bogus command-line arguments or just recompiling tweaked code to simulate failure.
This is a partial fix for #2480
Instead of killing a connection when the receive buffer overflows,
just temporarily halt receiving before that happens. Also, no
matter what, always allow at least one full message in the receive
buffer (otherwise blocks larger than the configured buffer size
would pause indefinitely).
It is possible to have a wallet.dat file without any bestblock
record at all (if created offline, for example), which - when
loaded into a client with a up-to-date chain - does no rescan and
shows no transactions.
Also make sure to write the current best block after a rescan, so
it isn't necessary twice.
* Bugfix: output the correct best block hash (during IBD, it can
differ from the actual current best block)
* Add height to output
* Add hash_serialized, which is a hash of the entire UTXO state.
Can be useful to compare two nodes.
* Add total_amount, the sum of all UTXOs' values.
Previously, JSON-RPC clients accessed URI "/", and the JSON-RPC server
did not care about the URI at all, and would accept any URI as valid.
Change the JSON-RPC server to require URI "/" for all current accesses.
This changes enables the addition of future interfaces at different
URIs, such as pull request #1982 which demonstrates HTTP REST wallet
download.
Or, a future, breaking change in JSON-RPC interface could be introduced
by serving JSON-RPC calls from new URI "/v2/".
This value gets stale really quickly, do not hardcode it into a message.
Completely remove it for now.
Later on, a mechanism will be added to determine fees based on the mempool.
Closes#2576
On black toolbars, the new icon doesn't look very well.
Now the toolbar icon has again a transparent "B" for better style on toolbars.
Does not affect the mac client.
Signed-off-by: Jonas Schnelli <jonas.schnelli@include7.ch>
why:
- the current splash-screen has no referring to official images on - https://en.bitcoin.it/wiki/Promotional_graphics
- the current splash screen only exists in a low res jpg
- current splash screen looks dark and "hackish"
- new splash screen should generate positive, "trust-emotions".
- new splash screen gives the user infos about the running client.
- new splash screen can handle long messages (in a lot of - languages the text is cropped in current release)
- new size (x2) 400x312
- contains textual information about the client
- textinfos are dynamicly written to the pixmap
when -testnet is switch on, the splashscreen will show the bitcoin logo in testnet-color (as well as a text [testnet])
example: https://dl.dropbox.com/u/7383846/new_bitcoin_splash.png
- this solution works stable on mac and ensures that the window get's reopened when the user clicks the dock icon .
- tested on 10.8 with Qt4.8.4 and Qt5.0.1
Signed-off-by: Jonas Schnelli <jonas.schnelli@include7.ch>
Having the export button at the top was confusing people into thinking
the entire wallet was exported.
This commit moves the export button to the address book, receiving
addresses and transaction tabs separately.
Every block index entry currently requires a separately-allocated
CBigNum. By replacing them with uint256, it's just 32 bytes extra
in CBlockIndex itself.
This should save us a few megabytes in RAM, and less allocation
overhead.
- updates ClientModel::getBlockSource() to return all available states and
sorts enum BlockSource in order of usage cases (none default, then reindex,
import and network)
- updates BitcoinGUI::setNumBlocks() to better use getBlockSource() and
also adds a message, when we have NO block source available
- continue the mac behavior of clearing button icons (because it's unusual on mac apps)
- fix: new button variable names, new buttons (verifyMessage, signMessage)
Signed-off-by: Jonas Schnelli <jonas.schnelli@include7.ch>
- redefined the green color
- created new toolbar icons
- updated the assets-attribution.txt
Signed-off-by: Jonas Schnelli <jonas.schnelli@include7.ch>
This introduces the concept of the 'sync node', which is the one we
asked for missing blocks. In case the sync node goes away, a new one
will be selected.
For now, the heuristic is very simple, but it can easily be extended
later to add better policies.
- added languages in bitcoin.qrc: bs, ca, cy, eo, gu_IN, hi_IN, ja, la,
lv_LV and th_TH (some translations files were already in src/qt/locale
but not added in the .qrc file
- new windows .ico contains multiple resolutions up to 256px
- new testnet (green) icon
- new png icon for llinux, etc.
- new doxygen icon
- changed the assets-attribution.txt
Signed-off-by: Jonas Schnelli <jonas.schnelli@include7.ch>
- this allows us to use the progressbar and the label independently (if
needed) and still prevents setStatusTip() to use them, if one of the 2
is active
It seems there were two mechanisms for assessing whether a CNode
was still in use: a refcount and a release timestamp. The latter
seems to have been there for a long time, as a safety mechanism.
However, this timer also keeps CNode objects alive for far longer
than necessary after disconnects, potentially opening up a DoS
window.
This commit removes the timestamp-based mechanism, and replaces
it with an assert(nRefCount >= 0), to verify that the refcounting
is indeed correctly working.
As these were not updated when 'backporting' the 225430 checkpoint
into head.
Additionally, also report verification progress in debug.log, and
tweak the sigcheck-verification-speed-factor a bit.
- use labelExplanation for sending and receiving tab and move the string
from the ui-file to the source
- ensure that the table holding the label and address is resized so that
the address column fits the address and the label column is stretched to
fit the window size
- rename some stuff for much easier readbility in the code (I find it hard
to get the meaning of stuff like labels or buttons)
Two reasons for this change:
1. Need to always use boost::thread's sleep, even on Windows, so the
sleeps can be interrupted (prior code used Windows' built-in Sleep).
2. I always forgot what units the old Sleep took.
Create a boost::thread_group object at the qt/bitcoind main-loop level
that will hold pointers to all the main-loop threads.
This will replace the vnThreadsRunning[] array.
For testing, ported the BitcoinMiner threads to use its
own boost::thread_group.
- adds 6 methods in BitcoinGUI to access some actions needed by the new
WalletView class
- updates WalletView class to use these instead of trying to duplicate
these
- cleanup walletview.{cpp/h} and remove all unneeded stuff
- this fixes problems with tabs toolbar (#2451) and export broken (#2436)
- more details in #2447
- added new created and documented svg version of shaded icon
- changed "B" background to white (no longer transparent)
- removed PSD (Adobe Photoshop) document
- license is now MIT
Signed-off-by: Jonas Schnelli <jonas.schnelli@include7.ch>
- as QClipboard::Selection isn't available on Windows ensure that the
correct mode is called, but sill allow selection for e.g. X11
- start conversion from QCoreApplication::instance() to qApp in
guiutil.cpp (I intend to harmonize this all over the source with my Qt5
compatibility pull)
This will result in re-requesting invs if we are under heavy inv
load, however as long as we get no more than 16,000 invs in two
minutes, this should have no effect on runtime behavior.
- the send coins context menu entry was not working anymore, because
a non current version of #2220 was merged onto current master
- also removes some unneeded spaces and adds a comment to
WalletModel::getNumTransactions()
Tabs don't fits in line in Spanish/German/Russian when they has two words.
Wallet has limited functionality. It can send & receive coins. So we can
safely rename "Send coins" to "Send" and "Receive coins" to "Receive".
Address book is just stored addresses.
There exists a per-message-processed send buffer overflow protection,
where processing is halted when the send buffer is larger than the
allowed maximum.
This protection does not apply to individual items, however, and
getdata has the potential for causing large amounts of data to be
sent. In case several hundreds of blocks are requested in one getdata,
the send buffer can easily grow 50 megabytes above the send buffer
limit.
This commit breaks up the processing of getdata requests, remembering
them inside a CNode when too many are requested at once.
- this should prevent GUI issues on Mac that were observed before (disappearing
GUI - see #1522)
- the patch ensures, that createTrayIconMenu() is always called on Mac to
process and use our MacDockIconHandler
* Change CNode::vRecvMsg to be a deque instead of a vector (less copying)
* Make sure to acquire cs_vRecvMsg in CNode::CloseSocketDisconnect (as it
may be called without that lock).
1) "optimistic write": Push each message to kernel socket buffer immediately.
2) If there is write data at select time, that implies send() blocked
during optimistic write. Drain write queue, before receiving
any more messages.
This avoids needlessly queueing received data, if the remote peer
is not themselves receiving data.
Result: write buffer (and thus memory usage) is kept small, DoS
potential is slightly lower, and TCP flow control signalling is
properly utilized.
The kernel will queue data into the socket buffer, then signal the
remote peer to stop sending data, until we resume reading again.
Replaces CNode::vRecv buffer with a vector of CNetMessage's. This simplifies
ProcessMessages() and eliminates several redundant data copies.
Overview:
* socket thread now parses incoming message datastream into
header/data components, as encapsulated by CNetMessage
* socket thread adds each CNetMessage to a vector inside CNode
* message thread (ProcessMessages) iterates through CNode's CNetMessage vector
Message parsing is made more strict:
* Socket is disconnected, if message larger than MAX_SIZE
or if CMessageHeader deserialization fails (latter is impossible?).
Previously, code would simply eat garbage data all day long.
* Socket is disconnected, if we fail to find pchMessageStart.
We do not search through garbage, to find pchMessageStart. Each
message must begin precisely after the last message ends.
ProcessMessages() always processes a complete message, and is more efficient:
* buffer is always precisely sized, using CDataStream::resize(),
rather than progressively sized in 64k chunks. More efficient
for large messages like "block".
* whole-buffer memory copy eliminated (vRecv -> vMsg)
* other buffer-shifting memory copies eliminated (vRecv.insert, vRecv.erase)
-dbcache was originally used to set the maximum buffer size in the
BDB environment, and was later changed to set the chainstate cache
and leveldb caches. No need to use it for BDB now that only the
wallet remains there.
This should reduce memory allocation (but not necessarily memory
usage) a bit.
Step for buttons 'up' and 'down' - 0.001. With BTC and mBTC all ok, but
0.001 uBTC is lower than minimal value (satoshi)
User should press 10 times on 'up' button to get 0.01 uBTC
- allows to directly select an address from the addressbook, chose "send
coins" from the context menu, which sends you to sendcoins tab and fills
in the selected address
- try to enforce the same style to all Qt related files
- remove unneeded includes from the files
- add missing Q_OBJECT, QT_BEGIN_NAMESPACE / QT_END_NAMESPACE
- prepares for a pull-req to include Qt5 compatibility
- remove an unneeded MODAL flag, as MSG_ERROR sets MODAL
- re-order an if-clause in main to have bool checks before a function call
- fix some log messages that used wrong function names
- make a log message use a correct ellipsis
- remove some unneded spaces, brackets and line-breaks
- fix style for adding files in the Qt project
This fixes test_bitcoin failures on openbsd reported by dhill on IRC.
On some systems rand() is a simple LCG over 2^31 and so it produces
an even-odd sequence. ApproximateBestSubset was only using the least
significant bit and so every run of the iterative solver would be the
same for some inputs, resulting in some pretty dumb decisions.
Using something other than the least significant bit would paper over
the issue but who knows what other way a system's rand() might get us
here. Instead we use an internal RNG with a period of something like
2^60 which is well behaved. This also makes it possible to make the
selection deterministic for the tests, if we wanted to implement that.
Switch to using Qt's QLocalServer/QLocalSocket to handle bitcoin
payment links (bitcoin:... URIs)
Reason for switch: the boost::interprocess mechanism seemed flaky,
and doesn't mesh as well with "The Qt Way"
qtipcserver.cpp/h is replaced by paymentserver.cpp/h
Click-to-pay now also works on OSX, with a custom Info.plist
that registers Bitcoin-Qt as a handler for bitcoin: URLs and
an event listener on the main QApplication that handles
QFileOpenEvents (Qt translates 'url clicked' AppleEvents into
QFileOpenEvents automagically).
Extremely large transactions with lots of inputs can cost the network
almost as much to process as they cost the sender in fees.
We would never create transactions larger than 100K big; this change
makes transactions larger than 100K non-standard, so they are not
relayed/mined by default. This is most important for miners that might
create blocks larger than 250K big, who could be vulnerable to a
make-your-blocks-so-expensive-to-verify-they-get-orphaned attack.
Two changes:
Use IsConfirmed() instead of IsFinal(), so 'getbalance "*" 0' uses the same
'is this output spendable' criteria as 'getbalance'. Fixes issue #172.
And a tiny refactor to CWallet::GetBalance() (redundant call to IsFinal -- IsConfirmed
calls IsFinal).
getbalance with no arguments and 'getbalance "*" 0' could return different different results,
- this change allows us to keep the translation without the need to
re-translate any string, when we update the copyright year
- copyright symbol is changed to HTML to ensure we get no encoding
issues and it's removed from the translation string so translators don't
break it by mistake
Version numbers changed from 0.7.99 to 0.8.0
Set CLIENT_VERSION_IS_RELEASE to remove pre-release warning
Updated copyright in COPYING and doc/READMEs to 2013
Updated doc/release-notes.txt
At least one service that accepted zero-confirmation transactions
was vulnerable because an attacker could send a transaction
with a lock time far in the future, and then have plenty of time in
which to get a double-spend mined (perhaps from a miner who wasn't
on the network when the first transaction was broadcast).
That is a variation on the "Finney attack". We still don't
recommend anybody accept 0-confirmation transactions as final
payment for anything. This change keeps non-final transactions
from appearing in the wallet, and, assuming most of the network
accepts this change, will prevent them from being relayed until
they are final.
* Pass txid's to CCoinsView functions by reference instead of by value
* Add a method to swap CCoins, and use it in some places to avoid a
allocating copy + destruct.
* Optimize CCoinsViewCache::FetchCoins to do only a single search
through the backing map.
- don't show QR Code context menu, when USE_QRCODE=1 was not specified
when compiling the client
- re-work on_showQRCode_clicked() for better readability and remove an
unneeded duplicate check
- re-work on_signMessage_clicked() and on_verifyMessage_clicked() to match
foreach in on_showQRCode_clicked(), which seems more robust / cleaner
- re-order context menu stuff to match real context menu layout
- add comments for all private slots in the class
Several changes to make the native windows leveldb code compile
with mingw32 and run on 32-bit Windows:
* Remove -std=c++0x dependency (modified code to use NULL instead of
nullptr)
* Link with -lshlwapi
* Only #define snprintf/etc if compiling with Visual Studio
* Do not link against DbgHelp.lib (wrote a CreateDir instead of using
DbgHelp's MakeSureDirectoryPathExists
* Define WINVER=0x0500 so MinGW32 can use the 64-bit-filesystem Windows
api calls
* Define __USE_MINGW_ANSI_STDIO=1 to use MinGW's printf (which supports
%ll)
I also cleaned up makefile.mingw, assuming that dependencies would be in
the standard /usr/local/{include,lib} by default but allowing overriding
with make DEPSDIR=... etc
This actually simplifies some SPV code, as they can keep track of
a filtered block and its txn before accepting both in one step.
The previous argument was that SPV nodes should handle the txn the
same as any other free txn and then mark them as connected to a
block when they get the filtered block itself. However, it now
appears that SPV nodes will need to put in more effort to verify
loose txn than they would to verify txn in blocks, thus making it
more approriate to send the txn after the filtered block.
By specifying -txindex when initializing the database, a txid-to-diskpos
index is maintained in the blktree database. This database is used to
help answering getrawtransaction() RPC queries, when enabled.
Changing the -txindex value requires a -reindex; the client will abort
at startup if the database and the specified -txindex mismatch.
- this flag allows bitcoin-qt.exe / bitcoind.exe (32-bit application) to
handle addresses larger than 2GB (up to 3GB on x86 Windows and up to
4GB on x64 Windows)
Note that the default value for fRelayTxes is false, meaning we
now no longer relay tx inv messages before receiving the remote
peer's version message.
Fixes issue #2178 : attacker could penny-flood with invalid-signature
transactions to deduce which addresses belonged to your node.
I'm committing this early for code review; I still need to write up
a test plan.
Executive summary of fix: check all transactions received from the network
for penny-flood rate-limiting before adding to the memory pool. But do NOT
ratelimit transactions added to the memory pool:
- because of blockchain reorgs
- stored in the wallet and added at startup
- sent from the GUI or one of the send* RPC commands (CWallet::CommitTransaction)
The limit-free-transactions code really should be a method on CNode, with
counters per-peer. But that is a bigger change for another day.
- it was bad, that quite some messages were just talking about a database,
I think a user should know, if we are talking about wallet db or
block/coin db
- also adds a new init message for "Verifying block database integrity..."
- this pull adds an InitMessage() function to noui.cpp, which outputs init
messages to debug.log (this allows to remove some printf() calls from
init.cpp)
- change InitMessage() in bitcoin.cpp to also write init messages to
debug.log to ensure nothting is missing in the log because of the
removal of printf() calls in init.cpp
Client (SPV) mode never got implemented entirely, and whatever part was already
working, is likely not been tested (or even executed at all) for the past two
years. This removes it entirely.
If we want an SPV implementation, I think we should first get the block chain
data structures to be encapsulated in a class implementing a standard interface,
and then writing an alternate implementation with SPV semantics.
- add qSort() for cachedAddressTable, as qLowerBound() and qUpperBound()
require the list to be in ascending order (see
http://harmattan-dev.nokia.com/docs/library/html/qt4/qtalgorithms.html#qLowerBound)
- add a new check in AddressTableModel::setData() to just return, when no
changes were made to a label or an address (prevents entry duplication
issue)
- remove "rec->label = value.toString();" from
AddressTableModel::setData() as the label gets updated by
AddressTablePriv::updateEntry() anyway (seems @sipa added this line via
1025440184 (L6R225))
- add another new check in AddressTableModel::setData() to just return, if
a duplicate address was found (prevents address overwrite)
- add a new check to EditAddressDialog::setModel() to prevent setting an
invalid model
- re-work the switch-case statement in AddressTableModel::accept() to
always break (as return get's called anyway) and order the list to match
the enum definition
- make accept() in editaddressdialog.h a public slot, which it should be
- misc small coding style changes
Previously when a transaction was set to lock at a specific block the
calculation was reversed, returning a negative number. This broke the UI
and caused it to display %n in place of the actual number.
In addition the previous calculation would display "Open for 0 blocks"
when the block height was such that the next block created would
finalize the transaction. Inserted the word "more" and changed the
calculation so that the last message would be "Open for 1 more block" to
better match user expectations.
Since block validation happens in parallel, multiple threads may be
accessing the signature cache simultaneously. To prevent contention:
* Turn the signature cache lock into a shared mutex
* Make reading from the cache only acquire a shared lock
* Let block validations not store their results in the cache
* During block verification (when parallelism is requested), script
check actions are stored instead of being executed immediately.
* After every processed transactions, its signature actions are
pushed to a CScriptCheckQueue, which maintains a queue and some
synchronization mechanism.
* Two or more threads (if enabled) start processing elements from
this queue,
* When the block connection code is finished processing transactions,
it joins the worker pool until the queue is empty.
As cs_main is held the entire time, and all verification must be
finished before the block continues processing, this does not reach
the best possible performance. It is a less drastic change than
some more advanced mechanisms (like doing verification out-of-band
entirely, and rolling back blocks when a failure is detected).
The -par=N flag controls the number of threads (1-16). 0 means auto,
and is the default.
- ensure we use strCaption for printf and fprintf, as before it could
happen to have an error message in the debug.log, which had no "Error"
(or whatever) in front
- this prevents an interference with the IPC message queue (which is used
for URI processing) when running a testnet and mainnet instance in
parallel
- to check for testnet, I had to raise the ParseParameters() call in
main() to the topmost position
- a click on "Reset Options" sets all options to the default values by
removing all stored settings (QSettings), loading the defaults and
saving them as the new settings
- before the reset is executed the user is presented a confirmation dialog
- special casing was needed for StartAtStartup
- some users reported it as weird, that the estimated block count could be
lower than our own nodes block number (which is indeed true and not good)
- this pull adds a new default behaviour, which displays our own block
number as estimated block number, if own >= est. block count
- the pull raises space for nodes block counts in cPeerBlockCounts to 8 to
be more accurate
- also removes a reduntant setNumBlocks() call in RPCConsole and moves
initialisation of numBlocksAtStartup in ClientModel, where it belongs
-checklevel gets a new meaning:
0: verify blocks can be read from disk (like before)
1: verify (contextless) block validity (like before)
2: verify undo files can be read and have good checksums
3: verify coin database is consistent with the last few blocks
(close to level 6 before)
4: verify all validity rules of the last few blocks
Level 3 is the new default, as it's reasonably fast. As level 3 and
4 are implemented using an in-memory rollback of the database, they
are limited to as many blocks as possible without exceeding the
limits set by -dbcache. The default of -dbcache=25 allows for some
150-200 blocks to be rolled back.
In case an error is found, the application quits with a message
instructing the user to restart with -reindex. Better instructions,
and automatic recovery (when possible) or automatic reindexing are
left as future work.