e4d0b44 Consistently log CValidationState on failure (Ben Woosley)
Pull request description:
This replaces potential silent failures and partial logging with full logging. Seems providing at least minimal visibility to the failure is a good practice. E.g. `FlushStateToDisk` can return a rare but meaningful out of disk space error that would be better to note than leave out.
Note many of these are related to `ActivateBestChain` or `FlushStateToDisk`. Only a few cases of ignored state remain, e.g. LoadExternalBlockFile and RelayWalletTransaction, where I expect logging would likely be spammy.
Tree-SHA512: fb0e521039e5a5250cd9c82e7a8676423b5e3899d495649c0e71752059d1984e5175f556386ade048f51a7d59f5c8e467df7fe91d746076f97d24c000ccf7891
cf02779 Add logging and error handling for file syncing (Wladimir J. van der Laan)
Pull request description:
Add logging and error handling inside, and outside of FileCommit.
Functions such as fsync, fdatasync will return error in case of hardware I/O errors, and ignoring this means it can silently continue through data corruption.
(c.f. https://lwn.net/SubscriberLink/752063/12b232ab5039efbe/)
EINVAL is handled specially to avoid crashing out on (network, fuse) filesystems that don't handle `f[data]sync`.
I checked that the syncing inside leveldb is already generating an I/O error as appropriate.
Tree-SHA512: 64cc9bbedca3ecc97ff4bac0a7b7ac6526a7ed763c66f6786d03ca4f2e9e366e42b152cb908299c060448d98ca39ff03395280bffaca51d592e728aa2516f5dd
Add logging and error handling inside, and outside of FileCommit.
Functions such as fsync, fdatasync will return error in case of hardware
I/O errors, and ignoring this means it can silently continue through
data corruption. (c.f.
https://lwn.net/SubscriberLink/752063/12b232ab5039efbe/)
3cc9094 scripted-diff: Rename CChainState::g_failed_blocks to m_failed_blocks (Ben Woosley)
Pull request description:
To reflect its actual status as a member rather than a global value.
g_failed_blocks was previously global: 2862aca40f
Tree-SHA512: a0e679a151e0fb70d245a7a1821449d0a4738f5ba503abca9f19d9cfbcbb0e72a1598e3364e29775b0c203acd6d04d882d2788208f685edc57aaba5e946fde3b
Default `-printtoconsole` to false for the GUI. GUI programs should not
print to the console unnecessarily. For example, when launched by the
window manager, the output might end up in the X session log file,
resulting in duplicate logging. On Windows, it is pointless as well
because bitcoin-qt isn't a console application.
3c058fd wallet: Add HasWallets (João Barbosa)
373aee2 wallet: Add AddWallet, RemoveWallet, GetWallet and GetWallets (João Barbosa)
6efd964 refactor: Drop CWalletRef typedef (João Barbosa)
Pull request description:
This is a small step towards dynamic wallet load/unload. The wallets *registry* `vpwallets` is used in several places. With these new functions all `vpwallets` usage are removed and `vpwallets` is now a static variable (no external linkage).
The typedef `CWalletRef` is also removed as it is narrowly used.
Tree-SHA512: 2ea19da2e17b521ad678bfe10f3257e497ccaf7ab9fd0b6647f9d829f1d6131cfa68db8e8492421711c6da399859432b963a568bdd4ca40a77dd95b597839423
150b2f0 Default to defining endian-conversion DECLs in compat w/o config (Matt Corallo)
Pull request description:
While this isn't a supported build configuration, some build
systems need to build without going through our autotools steps,
so defaulting to something sane may make it easier to build.
Specifically, this fixes the inability to build
rust-bitcoinconsensus on some non-x86 platforms. It needs to build
without our autotools/configure steps to ensure correct compile
args are passed from the rust build system to gcc. Converting the
args from the rust build system to gcc would be a lot of
unmaintainable work.
Tree-SHA512: 776fdb8c91b66f421fc751cb281c99c53c47e496f46b26c9f49bb6fdb6da3d2dda5dcc1c5bf413206bdd9ff3cbe5cef2823455900462519a4944631d9c48b54c
c1d742025c [tests] Fix feature_block flakiness (John Newbery)
Pull request description:
feature_block.py occasionally fails on Travis. I believe this is due to
a a race condition when reconnecting to bitcoind after a subtest that
expects disconnection. If the test runs ahead and sends the INV for the
subsequent test before we've received the initial sync getheaders, then
we may end up sending two headers messages - one as a response to the
initial sync getheaders and one in response to the INV getheaders. If
both of those headers fail validation with a DoS score of 50 or higher,
then we'll unexpectedly be disconnected.
There is only one validation failure that has a DoS score bewteen 50 and
100, which is high-hash. That's why the test is failing immediately
after the "Reject a block with invalid work" subtest.
Fix is to wait for the initial getheaders from the peer before we
start populating our blockstore. That way we won't have any invalid
headers to respond to it with.
Tree-SHA512: dc17d795fcfaf0f8c0bf1e9732b5e11fbc8febbfafba4c231b7c13a5404a2c297dcd703a7a75bc7f353c893e12efc87f424f2201abd47ba5268af32d4d2e841f
feature_block.py occasionally fails on Travis. I believe this is due to
a a race condition when reconnecting to bitcoind after a subtest that
expects disconnection. If the test runs ahead and sends the INV for the
subsequent test before we've received the initial sync getheaders, then
we may end up sending two headers messages - one as a response to the
initial sync getheaders and one in response to the INV getheaders. If
both of those headers fail validation with a DoS score of 50 or higher,
then we'll unexpectedly be disconnected.
There is only one validation failure that has a DoS score bewteen 50 and
100, which is high-hash. That's why the test is failing immediately
after the "Reject a block with invalid work" subtest.
Fix is to wait for the initial getheaders from the peer before we
start populating our blockstore. That way we won't have any invalid
headers to respond to it with.
Adding systemd service for bitcoind, to provide for a simpler
out-of-the-box experience.
Configuration file is /etc/bitcoin/bitcoin.conf. This file is a
copy of the sample configuration file.
The service user 'bitcoin' is added during install. Its homedir
is in '/var/lib/bitcoin'.
bitcoind.service is disabled by default to allow the user to
configure it, before starting it the first time.
On package purge, the 'bitcoin' user as well as its homedir is
left intact, to not accidentally remove a wallet or something of
equal importance. Instead the user is presented with information
on how to perform the cleanup manually, after making sure all
important data has been backed up.
b77b6e2345 MOVEONLY: Move logging code from util.{h,cpp} to new files. (Jim Posen)
Pull request description:
Split out first commit from #12954 to reduce amount of rebasing necessary.
This introduces a cyclic dependency between `logging` and `util` that should be cleaned up in a future PR.
Tree-SHA512: 695e512f9c2f7b4ca65e367fc924358e3cb2dc531bcbb7a6f62710b2a87280b35aba7793aa272e457fcd65448abe3feb1deb3b8064ed208917ca356b0f410813
Such outputs can still be watched, and signed for, but they aren't treated as valid payments.
That means they won't cause transactions to appear in listtransactions, their outputs to be
shown under listunspent, or affect balances.
Inside IsMine we care about the distinction between scriptPubKey execution
and P2SH redeemScript execution. The consensus code does not care about this
distinction, and thus SigVersion does not have a field for P2SH. As the IsMine
code will care, it uses a separate enum with more fields.
Only IsMine's internal code needs this, as part of a recursion into P2SH and P2WSH
scripts. The exposed functions always operate on actual scriptPubKeys and not on
redeemScripts or witness scripts.
8b56fc0b91 [qa] Test that v0 segwit outputs can't be spent pre-activation (Suhas Daftuar)
ccb8ca42a4 Always enforce SCRIPT_VERIFY_WITNESS with P2SH (Suhas Daftuar)
5c31b20a35 [qa] Remove some pre-activation segwit tests (Suhas Daftuar)
95749a5836 Separate NULLDUMMY enforcement from SEGWIT enforcement (Suhas Daftuar)
ce650182f4 Use P2SH consensus rules for all blocks (Suhas Daftuar)
Pull request description:
As discussed at the IRC meeting back in October (https://botbot.me/freenode/bitcoin-core-dev/2017-10-12/?msg=92231929&page=2), I had looked into the feasibility of enforcing P2SH and SCRIPT_VERIFY_WITNESS back to the genesis block.
The P2SH change is pretty straightforward -- there was only one historical block on mainnet that violated the rule, so I carved out an exception to it, similar to the way we have exceptions for the BIP30 violators.
The segwit change is not entirely as clear. The code changes themselves are relatively straightforward: we can just always turn on SCRIPT_VERIFY_WITNESS whenever P2SH is active. However conceptually, this amounts to splitting up BIP141 into two parts, the part that implements new script rules, and the part that handles witness commitments in blocks.
Arguably though the script rules are really defined in BIP 143 anyway, and so this really amounts to backdating BIP 143 -- script rules for v0 segwit outputs -- back to genesis. So maybe conceptually this isn't so bad...
I don't feel strongly about this change in either direction; I started working on it because I was searching for a way to simplify the way we understand and implement the consensus rules around segwit, but I'm not yet sure whether I think this achieves anything toward that goal.
ping @TheBlueMatt
Tree-SHA512: 73551d4a983eb9792c7ac67f56005822528ac4d1fd52c27cee6d305ebee953f69687ef4ddee8bdc0fec77f77e6b5a9d669750793efee54c076533a095e233042
2c084a6 net: Minor accumulated cleanups (Thomas Snider)
Pull request description:
From now-derelict larger changes I had been working on, here are a series of DRY refactors/cleanups. Net loss of 35 lines of code - a small step in the good fight.
In particular I think operator!= should only ever be implemented as a negation of operator==. Lower chance for errors, and removes the possibility of divergent behavior.
Tree-SHA512: 58bf4b542a4e8e5bc465b508aaa16e9ab51448c3f9bee52cd9db0a64a5c6c5a13e4b4286d0a5aa864934fc58064799f6a88a40a87154fd3a4bd731a72e254393
1bf3f33b46 node: Removed unused wallet-related methods from the Node interface. (Thomas Snider)
b38200459f benchmark: Removed bench/perf.cpp (Thomas Snider)
Pull request description:
Not sure if these should be separate PRs.
First is removal of a platform abstraction for getting cycle counters where possible. Since the benchmarking switch to counting number of iterations over a fixed window instead of counting cycles per iteration, these are unused.
Second is removal of a few methods from the Node interface that seem vestigial from when the concepts of wallet/node were not as clearly separated.
Tree-SHA512: de1460a7d4473ca19db4e2ca845185c63c765d12462c2685044a1f27dedab266cd908bc52235a881a7ad98bc251a4abf4eae523e5f599c169e3511e489f19a0d
Seems providing at least minimal visibility to the failure is a good practice.
The only remaining ignored state is in LoadExternalBlockFile, where logging
would likely be spammy.
To reflect its actual status as a member rather than a global value.
g_failed_blocks was previously global: 2862aca40f
-BEGIN VERIFY SCRIPT-
sed -i 's/g_failed_blocks/m_failed_blocks/g' src/validation.cpp
-END VERIFY SCRIPT-
7d8a8cc Avoid launching as admin when NSIS installer ends. (JeremyRand)
Pull request description:
The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This PR works around the issue by having `explorer.exe` launch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin.
I've tested this with Sysinternals Process Explorer on Windows 10 32-bit. I wouldn't expect any differences in behavior on other Windows releases, but if anyone would like to test on other Windows releases, feel free.
h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code.
Fixes#7990.
Tree-SHA512: f40d6b6e5bb72952dcfbf223b68bfeb9a03bd5638f41b1700f4651f6452ce3fe7468129f6652c4f546210a5fd2521b2574c4b6068c5aea01ed2d719a8a838cd8
aff16fd depends: Add 'make clean' and 'make clean-all' rules (Henrik Jonsson)
Pull request description:
It's useful to have a standard way to clean up the work done by the
depends system when testing changes to it.
Tree-SHA512: d56686ca810c2531d852049420f242178d124d45a2508feeac0acf80408e8a95fc9915fb777ff0cbc4edc496990f5fdecf699c87d7986164c74b8fbf418ebf49