I recently added a signing subkey, which is used to sign gitian
asserts as well as commits.
Old:
```
pub rsa2048/0x74810B012346C9A6 2011-08-24
uid Wladimir J. van der Laan <laanwj@gmail.com>
sub rsa2048/0xF69705ED890DE427 2011-08-24
```
New:
```
pub rsa2048/0x74810B012346C9A6 2011-08-24 [expires: 2019-02-14]
uid Wladimir J. van der Laan <laanwj@visucore.com>
uid Wladimir J. van der Laan <laanwj@gmail.com>
sub rsa2048/0xF69705ED890DE427 2011-08-24
sub rsa2048/0x1E4AED62986CD25D 2017-05-17 [expires: 2019-05-17]
sub rsa2048/0x69B4C4CDC628F8F9 2017-05-17 [expires: 2019-05-17]
```
d5711f4 Filter subtrees and and benchmarks from coverage report (Andrew Chow)
405b86a Replace lcov -r commands with faster way (Andrew Chow)
c8914b9 Have `make cov` optionally include branch coverage statistics (Andrew Chow)
Tree-SHA512: 9c349a7baeb7430ea586617c52f91177df58e3546d6dc573e26815ddb79e30ab1873542d85ac1daca5e1fb2c6d6c8965824b42d027b6b0496a744af57b095852
A few "a->an" and "an->a".
"Shows, if the supplied default SOCKS5 proxy" -> "Shows if the supplied default SOCKS5 proxy". Change made on 3 occurrences.
"without fully understanding the ramification of a command" -> "without fully understanding the ramifications of a command".
Removed duplicate words such as "the the".
5432fc3 Fail on commit with VERIFY SCRIPT but no scripted-diff (Pieter Wuille)
Tree-SHA512: 687b6c825f6f882f9c8e9d301bc893383710bad70216fa40b95f7e24d83a7148f9c759c3e4bd905a6cd26960829f8f6bd03106dc6c83ac312bf34ad239917018
Remove leveldb baseline coverage gathering.
Added filter rules to remove all of the subtress (leveldb, secp256k1, ctaes, univalue) and
benchmarking from the coverage report. These items are unnecessary as we do not test for any
of the subtrees and benchmark coverage is unneeded.
Instead of using lcov -r (which is extremely slow), first use a python script to perform bulk cleanup of the /usr/include/* coverage. Then use lcov -a to remove the duplicate entries. This has the same effect of lcov -r but runs significantly faster
Downloading all the binaries of all platforms can take quite long,
especially for slow connections, which may deter people from using
this script and, therefore, to disregard security altogether.
This change introduces the new possibility of specifying the
platform along with the version number, so that only the binaries
that contain the platform name are downloaded.
Add comment how further options can be added or existing ones
modified. Use /run/${RuntimeDirectory} for PID file.
Remove TimeoutStopSec, TimeoutStartSec, StartLimitInterval,
StartLimitBurst directives as those should be set indivdually.
Remove Group to user the bitcoin user's default group.
Changed Restart from 'always' to 'on-failure' (can also be overwritten
individually).
ac9cd95 contrib: Update location of seeds.txt (Wladimir J. van der Laan)
Tree-SHA512: c12a75787ba87f03707c21731da083b466762a7e0af9ca501107695ea1074025907cc24805c7c87f4a66daa7f4f13e574da16be1681e61deaf1acbd72176b3ff
ed1fcdc Bugfix: Detect genbuild.sh in repo correctly (Luke Dashjr)
e98e3dd Bugfix: Only use git for build info if the repository is actually the right one (Luke Dashjr)
Tree-SHA512: 510d7ec8cfeff4e8e0c7ac53631eb32c7acaada7017e7f8cc2e6f60d86afe1cd131870582e01022f961c85a783a130bcb8fef971f8b110070c9c02afda020726
91700aa Re-enable upnp support in contrib/debian (Matt Corallo)
c5071e1 Build with QT5 on Debian-based systems using contrib/debian (Matt Corallo)
a8e9286 Bump minimum boost version in contrib/debian (Matt Corallo)
9970219 Update contrib/debian to latest Ubuntu PPA upload. (Matt Corallo)
Tree-SHA512: ee4d3c5927a9cfb2794672eaca883c4af5df541383afbdbc6500714ee17518e78b58f509b2e9805bbc424ef97a5e64be0b9a977212c5002cb682f0569d28099b
This:
* Partially reverts 9f68ed6 (which fixed spelling in a changelog,
though generally changelogs should be append-only).
* Disables UPnP support (PPA has not had it for a while, and I
still don't trust miniupnpc, plus it seems uneccessary - its
been a while since we needed to care about Bitcoin-Qt home users
getting their inbound ports auto-mapped).
* Enables ZMQ.
* Forces GUI to Qt4 to fix various issues people have been seeing
on Ubuntu and elsewhere with Qt5.
* Reverts 70899d70b (Bitcoin does not enable "instant payments",
not is transaction management "carried out collectively by the
network", for whatever "transaction management" means, finally
Bitcoin Core is not the only way to use the Bitcoin currency,
as seemingly implied in the description).
b508424 contrib: github-merge improvements (Wladimir J. van der Laan)
Tree-SHA512: 56a34e887716bf6bfcd1b6520f6b9a1bb742e1ad17e75618caf982af71fceb75d50caec1bf4279cb9a2f7a74319f1bcec4c824682841bd6e994acc0991616451
Some minor github-merge improvements I've made over time:
User interface:
- Print merge details again before signing off, to refresh your memory -
usually I'll have done lots of different things in the shell so this
will have scrolled out a long time ago.
- Require a valid answer on the prompts. One of the requested answers
must be typed, if not, the prompt will re-ask. This prevents
accidentally rejecting.
Efficiency:
- Condense "accept merge" and "sign off" prompts. There's no reason to
have this as two separate prompts, both are just opportunities to skip
out on the merge, no action is performed in between.
Merging:
- Strip spaces from github title. This avoids redundant spaces
surrounding it from getting into the commit message.
b99fbad Fix init README format to render correctly on github (Jameson Lopp)
Tree-SHA512: 52b8ed9661e48e830c9e0c0e9aa670fe8d1a3848426d2d854494b477a9926f286d87e0586c2bc63f433136f8e5acd2cab3ab1f616380fb517c5a8f9d34ed52da
c0651cc Update bitcoin.conf with example for pruning (Kyle Honeycutt)
Tree-SHA512: f27180ac5d5a4bd32c7a63de156ca14eb8068509e64d386ca84ee16d0dacfa8e1bab9a8e7b88175fae12c8d823f71f8705d413f224a15d5aa7cf059f416fa023
This option is becoming more popular recently, and I propose an example to be shown in the bitcoin.conf.
pruning comments
updated and corrected pruning comments
Revised details on pruning in bitcoin.conf
Revised details on pruning in bitcoin.conf
spelling and space
spelling and space
add details on pruning in bitcoin.conf
Adds a datadir configuration option to the linearize scripts to allow the script to use the RPC cookie instead of requiring the user to set a rpcuser and rpcpassword for the rpc server.
This changes tree_sha512sum() to requests the objects for hashing from
git instead of from the working tree.
The change should make the process more deterministic (it hashes what
will be pushed) and hopefully avoids the frequent miscomputed SHA512's
that happen now.
df5bae2 Update trusted-sha512-root-commit for new bad tree hash (Matt Corallo)
efc06c2 If GNU sha512sum is missing, try perl shasum in verify-commits (Matt Corallo)
8ed849f Fix travis failing to fetch keys from the sks keyserver pool (Matt Corallo)
fd5e905 Make verify-commits.sh non-recursive (Matt Corallo)
Tree-SHA512: 457cc81d6e0a77ab32d030ecd058c59857f22cb998a1394593e115639081f3fdc74a6376035b77be0712ad5cb9143bc3f498b77e99eb66034492dbbb38c39bc6
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)
Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
bbd7579 Fix regsig checking for subkey sigs in verify-commits (Matt Corallo)
d025bc7 Allow any subkey in verify-commits (Matt Corallo)
eddc77a Add comment re: why SHA1 is disabled (Peter Todd)
d9c450f Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1 (Matt Corallo)
be908a6 Fail merge if there are any symlinks (Matt Corallo)
Tree-SHA512: bb66c59cc1c6b1c86d7d8be7adb0769c6598c0e28ad927409941f30af87d390521e82fc13700ee22e92db1bd571db3e19a152ec7b2c0349c6e06f5de62c0b65f
This removes the option from the wallet to not pay a fee on "small"
transactions which spend "old" inputs.
This code is no longer worth keeping around, as almost all miners
prefer not to include transactions which pay no fee at all.
b471daf Adddress nits, use asyncio signal handling, create_task (Bob McElrath)
4bb7d1b Add python version checks and 3.4 example (Bob McElrath)
5406d51 Rewrite to not use Polling wrapper for asyncio, link to python2.7 example (Bob McElrath)
5ea5368 ZMQ example using python3 and asyncio (Bob McElrath)
7179e7c qt: Periodic translations update (Wladimir J. van der Laan)
5e903a5 devtools: Handle Qt formatting characters edge-case in update-translations.py (Wladimir J. van der Laan)
If both numeric format specifiers and "others" are used, assume we're
dealing with a Qt-formatted message. In the case of Qt formatting (see
https://doc.qt.io/qt-5/qstring.html#arg) only numeric formats are
replaced at all. This means "(percentage: %1%)" is valid (which was
introduced in #9461), without needing any kind of escaping that would be
necessary for strprintf. Without this, this function would wrongly
detect '%)' as a printf format specifier.
ba94426 Test that pushes to bitcoin/bitcoin are signed per verify-commits (Matt Corallo)
3e900ac Require merge commits merge branches on top of other merge commits (Matt Corallo)
Specifically, require that the left branch (first restult of git
show -s --format=format:%P) is a signed merge commit, instead of
allowing either. This is fine for now, but might need to be relaxed
in the future.
Also fixes an out-of-file-descriptors issue by holding too many
open FDs writing to /dev/null
- The last-timestamp-encountered variable wasn’t being used properly. Rewrite code to properly allow for new blockchain files to be written when split by month.
- Properly set a blockchain file’s access and modify times.
- Add a “debug output” option to quiet certain output that might not always be desirable.
- Update the README.
Also change the mac filename to match
The procedure remains the same, but now there's a nifty script to automate
the signing process.
Future steps:
- Build osslsigncode in the gitian-win descriptor so that the signer itself is
deterministic.
- Verify in the gitian-win-signer descriptor that the expected cert chain was
used.