View wallets do not have the spend secret key, and are thus
unable to derive key images for incoming outputs. Moreover,
a previous patch set key images to zero as a means to mark
an output as having an unknown key image, so they could be
filled in when importing key images at a later time. That
later patch caused spurious collisions. We now use public
keys to detect duplicate outputs. Public keys obtained from
the blockchain are checked to be identical to the ones
derived locally, so can't be spoofed.
m_amount_out was sometimes getting initialized with the sum of
an transaction's outputs, and sometimes with the sum of outputs
that were not change. This caused confusion and bugs. We now
always set it to the sum of outputs. This reverts an earlier
fix for bad amounts as this used the other semantics. The wallet
data should be converted automatically in a percentage of cases
that I'm hesitant to estimate. In any case, restoring from seed
or keys or rebuilding the cache will get it right.
48b57d8 monero.supp: valgrind suppressions file (moneromooo-monero)
ffd8c41 ringct: check the size of amount_keys is the same as destinations (moneromooo-monero)
836669d ringct: always shutdown the boost io service (moneromooo-monero)
Compute derivation only once per tx, instead of once per output. Approx 33% faster while using 75% as much CPU on my machine. Note old functions in cryptonote_core (lookup_acc_outs and is_out_to_acc) are still used by tests.
7e6d3cf wallet: set incoming outputs' key image to 0 on view wallets (moneromooo-monero)
1f9e6a4 wallet: print tx overview on submit_transfer too (moneromooo-monero)
The fee will vary based on the base reward and the current
block size limit:
fee = (R/R0) * (M0/M) * F0
R: base reward
R0: reference base reward (10 monero)
M: block size limit
M0: minimum block size limit (60000)
F0: 0.002 monero
Starts applying at v4
The intended use is to export outputs from a hot wallet, which
can scan incoming transfers from the network, and import them
in the cold wallet, which can't. The cold wallet can then compute
key images for those outputs, which can then be exported with
export_key_images, etc.
Re-creating the transaction on the cold wallet was not splitting
the change, causing the transaction to be rejected by the network.
This worked on testnet since amounts do not have to be split.
Also add selected_transfers, which can now be saved since they're
size_t rather than iterators. This allows the view wallet to
properly set the sent outputs as spent and update balance.
Bump transfer file version numbers to match.
Factor locked_transfer into transfer_main, which brings various
improvements for free (multiple addresses, proper detection of
multiple payment ids, obeying the prompt settings).
Also fix a few things, such as using uint64_t instead of int
for block heights, actually checking whether getting blockchain
height succeeded, etc.
10a79ea daemon: report transaction relay status in print_pool* commands (moneromooo-monero)
1e16366 core: notify the txpool when transactions are relayed (moneromooo-monero)
f3c374f tx_pool: set relayed flag on relay (moneromooo-monero)
0950be9 wallet: speed up output selection, and fix bug with relatedness calculation (moneromooo-monero)
0eba133 wallet: fix mixup between mixin 2 and 4 before/after v5 (moneromooo-monero)
3429bfb ringct: thread verRct and verRctSimple (moneromooo-monero)
e06a4da ringct: remove unneeded type conversions (moneromooo-monero)
afc70df ringct: reserve space in vectors to avoid excessive reallocation (moneromooo-monero)
9ebf7b6 ringct: avoid unnecessary memcpy (moneromooo-monero)
1fe75c1 ringct: add a few consts where possible (moneromooo-monero)
ab002a1 ringct: pass vectors by const ref where possible (moneromooo-monero)
25% of the outputs are selected from the last 5 days (if possible),
in order to avoid the common case of sending recently received
outputs again. 25% and 5 days are subject to review later, since
it's just a wallet level change.
4038e86 Add performance timers for ringct tx verification (moneromooo-monero)
74dfdb0 perf_timer: new class and macros to make performance logs easier (moneromooo-monero)
3126ba7 ringct: use const refs as parameters where appropriate (moneromooo-monero)
d8eae67 tests: add performance test for ge_frombytes_vartime (moneromooo-monero)
3cb2436 core: remove some unused code (moneromooo-monero)
1eaa3e8 tests: add performance tests for rct signatures (moneromooo-monero)
This was still using the old transaction creation algorithm,
coupled with a deterministic output selection scheme, which
made it ill suited to the job, since it'd loop indefinitely
in case the fee increased between the test tx and adding the
fee.
714ee99 Fix description for locked_transfer (Oyvind Kvanes)
71538f3 Rename to lockblocks and add max value (Oyvind Kvanes)
68ac060 Fix locked_transfer (Oyvind Kvanes)
7d020bd Add locked_transfer (Oyvind Kvanes)
d5f918a Revert transfer_main in simplewallet (Oyvind Kvanes)
3451963 Add motifications to test out locked_transfer (Oyvind Kvanes)
e5e6d88 Add more information to transaction in wallet (Oyvind Kvanes)
9b8a062 Make a small test change (Oyvind Kvanes)
10be903 Brackets to prevent premature return (NanoAkron)
fb1785a Brackets to ensure doesn't function prematurely return (NanoAkron)
8ed0d72 Moved logging to target functions rather than caller (NanoAkron)
442bfd1 Added messages at log level 2 to reflect deactivation procedure (NanoAkron)
8b20cbf libwallet_api: do not use fast-refresh on recovery (Ilya Kitaev)
10fe626 libwallet_api: fast-refresh in case of opening non-synced wallet (Ilya Kitaev)
0019e31 libwallet_api: fix unhandled exception on address check (Ilya Kitaev)
1f73f80 libwallet_api: fast-refresh for new wallet (Ilya Kitaev)
4789347 libwallet_api: test for create/init wallet on mainnet (Ilya Kitaev)
bba6af9 wallet: cold wallet transaction signing (moneromooo-monero)
9872dcb wallet: fix log confusion between bytes and kilobytes (moneromooo-monero)
d9b0bf9 cryptonote_core: make extra field removal more generic (moneromooo-monero)
98f19d4 serialization: add support for serializing std::pair and std::list (moneromooo-monero)
Changed the wording from "from 0 to maximum available" to "from 2 to maximum available".
May I also suggest putting in a number rather than "maximum available" and also clarifying that mixin = 0 is still allowed if the user has unmixable outputs (dust), which he wants to "undust" using sweep_unmixable (comment from dEBRUYNE-1 ).
This change adds the ability to create a new unsigned transaction
from a watch only wallet, and save it to a file. This file can
then be moved to another computer/VM where a cold wallet may load
it, sign it, and save it. That cold wallet does not need to have
a blockchain nor daemon. The signed transaction file can then be
moved back to the watch only wallet, which can load it and send
it to the daemon.
Two new simplewallet commands to use it:
sign_transfer (on the cold wallet)
submit_transfer (on the watch only wallet)
The transfer command used on a watch only wallet now writes an
unsigned transaction set in a file called 'unsigned_monero_tx'
instead of submitting the tx to the daemon as a normal wallet does.
The signed tx file is called 'signed_monero_tx'.
This is intended to catch traffic coming from a web browser,
so we avoid issues with a web page sending a transfer RPC to
the wallet. Requiring a particular user agent can act as a
simple password scheme, while we wait for 0MQ and proper
authentication to be merged.
This fixes misreporting of amount/fee in rct txes, as the rct
tx construction code was lumping all dests (whether change or
not) in the same dests vector, while the pre-rct code was
keeping it separate.
Support building internal libraries as shared. This reduces
development time by eliminating the need to re-link all
binaries every time non-interface code in the library changes.
Instead, can hack on libxyz, then `make libxyz`, and re-run
monerod.
By default BUILD_SHARED_LIBS is OFF in release build type,
and ON in debug build type, but can be overriden with -D.
Keep the immediate direct deps at the library that depends on them,
declare deps as PUBLIC so that targets that link against that library
get the library's deps as transitive deps.
Break dep cycle between blockchain_db <-> crytonote_core.
No code refactoring, just hide cycle from cmake so that
it doesn't complain (cycles are allowed only between
static libs, not shared libs).
This is in preparation for supproting BUILD_SHARED_LIBS cmake
built-in option for building internal libs as shared.
We keep 1, 2, 3 multipliers till the fee decrase from 0.01/kB
to 0.002/kB, where we start using 1, 20, 166 multipliers.
This ensures the higher multiplier will compensate for the
block reward penalty when pushing past 100% of the past median.
The fee-multiplier wallet setting is now rename to priority,
since it keeps its [0..3] range, but maps to different multiplier
values.
This adds [snap](https://snapcraft.io) packaging to the project. See the
link for more information on snaps. Snap packages install on all Linux
distributions. On Ubuntu, snap confinement with apparmor and seccomp
provide an additional layer of security.
This snap sets up monerod as a systemd service, which should start
immediately on install. To access the wallet CLI, simply run `monero`
(/snap/bin/monero). I think it's a really quick & easy way to get
started with monero.
I've made some opinionated decisions in the packaging just to kick this
off, but I'm happy to iterate on this stuff.
This was disabled earlier as part of diagnosing failing tests
on ARM, which turned out to be due to aliasing, fixed by
adding -fno-strict-aliasing. So, re-enabling it back.
32-bit build would fail to link with 'mdb_env_create undefined' (because
for 32-bit build, mdb_env_create_vl32 is defined instead).
This bug was introduced with the recent change to virtual object
libraries. The problem is that the COMPILE_DEFINITIONS property
was not propagated from dependee target (lmdb) to depedent
target's (blockchain_db) virtual object lib (obj_blockchain_db).
This patch makes that happen.
I chose to include INTERFACE_COMPILE_DEFINITIONS because there
should not be a need to propagate private defs, but it doesn't
make a difference in this case.
f1d87c8 simplewallet: add magic and public keys to key image export file (moneromooo-monero)
f4e894a simplewallet: make the key image export format binary (moneromooo-monero)
Since this queries block heights for blocks that may or may not
exist, queries for non existing blocks would throw an exception,
and that would slow down the loop a lot. 7 seconds to go through
a 30 hash list.
Fix this by adding an optional return block height to block_exists
and using this instead. Actual errors will still throw an
exception.
This also cuts down on log exception spam.
CMake issued a warming about policy CMP0026: access of LOCATION
target property at config time was disallowed. Offending code
was the code that merged static libraries to generate
libwallet_merged.a.
This patch does that same merge task in a much simpler way. And,
since it doesn't violate the policy, the warning went away.
The code used to cap at 5000 blocks per sync. It also treated 0 as 1.
Remove these checks; if specified as 0 do no periodic syncs at all.
Then the user is responsible for syncing in some external process.
When RingCT is enabled, outputs from coinbase transactions
are created as a single output, and stored as RingCT output,
with a fake mask. Their amount is not hidden on the blockchain
itself, but they are then able to be used as fake inputs in
a RingCT ring. Since the output amounts are hidden, their
"dustiness" is not an obstacle anymore to mixing, and this
makes the coinbase transactions a lot smaller, as well as
helping the TXO set to grow more slowly.
Also add a new "Null" type of rct signature, which decreases
the size required when no signatures are to be stored, as
in a coinbase tx.
This allows the key to be not the same for two outputs sent to
the same address (eg, if you pay yourself, and also get change
back). Also remove the key amounts lists and return parameters
since we don't actually generate random ones, so we don't need
to save them as we can recalculate them when needed if we have
the correct keys.
The whole rct data apart from the MLSAGs is now included in
the signed message, to avoid malleability issues.
Instead of passing the data that's not serialized as extra
parameters to the verification API, the transaction is modified
to fill all that information. This means the transaction can
not be const anymore, but it cleaner in other ways.
This plugs a privacy leak, where the wallet tells the daemon
which transactions contain outputs for the wallet by asking
for additional information for that particular transaction.
As a nice bonus, this actually makes refresh slightly faster.
With RCT, we allow 0 size outputs, to try and encourage txes
with two inputs and two outputs. Consolidation would then
have two non zero inputs, one zero output, and one larger
output.
Before the normal selection, we attempt to find either one or two
suitable outputs to use as inputs to the rct tx. The intent is that
most rct txes will have one or two inputs, and we want all to look
the same if possible.
When two outputs are needed, we try to find a pair which are not
related (ie, by being from the same or similar block height).
The "transfer" simplewallet command is renamed to "transfer_original".
"transfer_new" is renamed "transfer", "transfer_rct" is removed,
and the new "transfer" now selects rct or non rct transactions
based on the current block height.
Since these are needed at the same time as the output pubkeys,
this is a whole lot faster, and takes less space. Only outputs
of 0 amount store the commitment. When reading other outputs,
a fake commitment is regenerated on the fly. This avoids having
to rewrite the database to add space for fake commitments for
existing outputs.
This code relies on two things:
- LMDB must support fixed size records per key, rather than
per database (ie, all records on key 0 are the same size, all
records for non 0 keys are same size, but records from key 0
and non 0 keys do have different sizes).
- the commitment must be directly after the rest of the data
in outkey and output_data_t.
The mixRing (output keys and commitments) and II fields (key images)
can be reconstructed from vin data.
This saves some modest amount of space in the tx.
If the blockchain gets reorganized, all outputs spent in the part
of the blockchain that's blown away need to be reset to unspent
(they may end up spent again on the blocks that replace the blocks
that are removed, however).
It may be suboptimal, but it's a pain to have to rebuild everything
when some of this changes.
Also, no clue why there seems to be two different code paths for
serializing a tx...
A new version of genRct takes the mixRing as parameter, instead
of the inPk. inPk are part of the mixRing, and it is cleaner to
pass the mixRing data than to fetch it from the RingCT code.
A new version of decodeRct also returns the mask.
Also, failure to decode throws, so errors are properly detected.
This lets my gcc picks those instead of the generic template
where appropriate (and then fail since std::vector<something>
does not have a serialize method.
99dd572 libwallet_api: tests: checking for result while opening wallet (Ilya Kitaev)
bcf7b67 libwallet_api: Wallet::amountFromString fixed (Ilya Kitaev)
32bc7b4 libwallet_api: helper method to return maximumAllowedAmount (Ilya Kitaev)
cbe534d libwallet_api: tests: removed logged passwords (Ilya Kitaev)
b1a5a93 libwallet_api: do not store wallet on close if status is not ok (Ilya Kitaev)
This plugs a privacy leak from the wallet to the daemon,
as the daemon could previously see what input is included
as a transaction input, which the daemon hadn't previously
supplied. Now, the wallet requests a particular set of
outputs, including the real one.
This can result in transactions that can't be accepted if
the wallet happens to select too many outputs with non standard
unlock times. The daemon could know this and select another
output, but the wallet is blind to it. It's currently very
unlikely since I don't think anything uses non default
unlock times. The wallet requests more outputs than necessary
so it can use spares if any of the returns outputs are still
locked. If there are not enough spares to reach the desired
mixin, the transaction will fail.
f0c0a3fFix#864 Squashed commit of the following: commit 9af9e4223b58bbb65a3519af2c2bfc273cbd23d6 fixed some formatting commit c7920e1cf88ff46eb9294101344d9a567f22e2da Merge: 97eb28b 1da1c68 fix#864 fix using boolean commit 97eb28ba5dd49ddde8c8785f39b24d955e5de31c Fix#864 boolean value used to verify on new wallet commit 1da1c68bd3a9a373c70482b6e6e95251096149f1 fix#864 changed to boolean to prompt for verify commit 5bee96652434762d2c91ce31a1b1c9f169446ddc fix 864; made variable names easier for understanding branching. commit 45715960d30293f781b2ff9e5e647c2ec893f4a3 fix#864; allow password to be entered twice for new wallets for verification. fix#864 password entry verification; ammended boolean fix#864 ; default constructor for password_container should set verify=true (guzzi_jones)
Simplewallet improperly skipped the restore from height code if
restoring a deterministic wallet AND not specifying a wallet file in the
command line. The other generate options require a wallet file as an
argument, which prevents "ask_wallet_create_if_needed()" from being
called, which in turn causes "m_generate_new" to remain unset.
Specifying a wallet file at launch with --restore-deterministic emulated
this behavior.
This constrains the number of instances of any amount
to the unlocked ones (as defined by the default unlock time
setting: outputs with non default unlock time are not
considered, so may be counted as unlocked even if they are
not actually unlocked).
Squashed commit of the following:
commit 9af9e4223b58bbb65a3519af2c2bfc273cbd23d6
fixed some formatting
commit c7920e1cf88ff46eb9294101344d9a567f22e2da
Merge: 97eb28b 1da1c68
fix#864 fix using boolean
commit 97eb28ba5dd49ddde8c8785f39b24d955e5de31c
Fix#864 boolean value used to verify on new wallet
commit 1da1c68bd3a9a373c70482b6e6e95251096149f1
fix#864 changed to boolean to prompt for verify
commit 5bee96652434762d2c91ce31a1b1c9f169446ddc
fix 864; made variable names easier for understanding branching.
commit 45715960d30293f781b2ff9e5e647c2ec893f4a3
fix#864; allow password to be entered twice for new wallets for verification.
fix#864 password entry verification; ammended boolean
fix#864 ; default constructor for password_container should set verify=true
The previous logic that used a COMMON_*_FLAGS intermediate variable
and then re-assigned CMAKE_*_FLAGS before including each subdirectory
was confusing and ugly. This PR is the right way to do it.
This commit is purely refactoring: built binaries unchanged.
By default the flag is enabled whenever libunwind is found on the
system, with the exception of static build on OSX (for which we can't
install the throw hook #932 due to lack of support for --wrap in OSX
ld64 linker).
They are used to export a signed set of key images from a wallet
with a private spend key, so an auditor with the matching view key
may see which of those are spent, and which are not.
It is not clear why libunbound was added to this in the first place,
since it wasn't here before and #915 doesn't seem to introduce any
new dependency on it.
Tested build with STATIC=OFF (with and without libunbound-dev libunbound8
installed) and STATIC=ON, on Ubuntu Trusty, Debian Jessie, and Arch
Linux. For static builds, beware of #926 and #907.
If this hack was introduced to make it build on some other system
(Windows? OS X?), then it will have to be dealt with, but not this way.
f07f120 cmake: don't try to link with atomic on Apple (redfish)
19349d7 cmake: ARM: clang: make warning non-fatal: inline asm (redfish)
f3e09f3 cmake: link with -latomic for clang (redfish)
f4b35ae cmake: include -ldl via cmake built-in var (redfish)
fa85cd8 common: stack trace: make clang happy with func ptrs (redfish)
4dce26b cmake: do not pass -stdlib=c++ to clang >=3.7 (redfish)
78cc10f daemon: fix ban seconds being misinterpreted as absolute (moneromooo-monero)
34ecfdb rpc: fix get_bans and set_bans RPC names, they were missing a _ (moneromooo-monero)
Signing is done using the spend key, since the view key may
be shared. This could be extended later, to let the user choose
which key (even a per tx key).
simplewallet's sign/verify API uses a file. The RPC uses a
string (simplewallet can't easily do strings since commands
receive a tokenized set of arguments).
Tested that it builds with:
gcc 6.1.1, STATIC=OFF,i686
gcc 6.1.1, STATIC=OFF,armv7h
clang 3.8, STATIC=OFF,i686
clang 3.8, STATIC=OFF,armv7h
gcc 6.1.1, STATIC=ON,i686
clang 3.8, STATIC=ON,i686
Also tested that stack trace is generated fine on exception on:
i686, gcc 6.1.1, STATIC=OFF
(didn't bother testing all the other platforms/configs)
This should fix the build problem on OSX (#871, #901), but
I don't have OSX, so I could only test Clang on Linux.
Keep the working directory (and umask) inherited from
the parent. Otherwise, it's impossible to control
the working directory of the daemon (from systemd, for
example).
Furthermoer, bitmonerod attempts to create logging directories and files
*in current working directory*. This fails due to permission denied and
generates a (caught, nonfatal) exception. Below is the strace with this
patch applied (so, no `chdir("/")`), showing successful opens at `log/`
relative path. Without this patch they fail (sorry, didn't save the
trace).
```
28911 getcwd("/.../bitmonero", 128) = 25
28911 stat64("/var/lib/bitmonero/.bitmonero", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
28911 stat64("/etc/bitmonerod.conf", {st_mode=S_IFREG|0644, st_size=244, ...}) = 0
28911 open("/etc/bitmonerod.conf", O_RDONLY|O_LARGEFILE) = 3
28911 open("/var/log/bitmonero/bitmonero.log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0666) = 3
28911 stat64("log", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
28911 stat64("log/dbg", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
28911 open("log/dbg/main.log", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4
```
The reasoning of chdir("/") in order to prevent the daemon from holding
a filesystem in busy state is not compelling at all: the choice of
working directory for the daemon is the user's business not the
daemon's.
When an exception happens while reading the config file, we need
to print the error, as the logging system isn't initialized yet,
so the generic catch will not print anything.
Fee can now be multiplied by 2 or 3, if users want to give
priority to their transactions. There are only three levels
to avoid too much fingerprinting. Default is 1 (minimum fee).
The default multiplier can be set by "set fee-multiplier X".
The former was a faulty "fix" for gmtime_r not existing on Windows. The latter is needed only for dynamic builds, and is not included with msys2, which ends up fine because Windows is only built static at this time.
5dc09f2 wallet_rpc_server: fix some string values being returned between <> (moneromooo-monero)
f8213c0 Require 64/16 characters for payment ids (moneromooo-monero)
c5f00bc cn_deserialize: add minergate data (moneromooo-monero)
2470b20 cn_deserialize: print extra nonce as hex data (moneromooo-monero)
77d8fc3 tx_extra: parse new chunk added by minergate (blashyrkh)
The destructors get a noexcept(true) spec by default, but these
destructors in fact throw exceptions. An alternative fix might be to not
throw (most if not all of these throws are non-essential
error-reporting/logging).
1c0bffb Restrict also 'get_connections' and 'getbans' APIs. (osensei)
9f8bc49 Don't allow 'flush_txpool' and 'setbans' JSON_RPC methods when running in restricted mode. (osensei)
The tests for rejection of unmixable outputs in v2 are commented out,
as there are no unmixable outputs created anymore. This should be
restored at some point.
It sets the max number of threads to use for a parallel job.
This is different that the number of total threads, since monero
binaries typically start a lot of them.
It allows a simple get_transfers (with default 0 min_height and
max_height) to return all transactions, instead of the unexpected
set of txes in block 0, which is probably none at all.
We want to lock operations which access the blockchain in
wallet2. We also want the background refresh to happen again
when we cancel a foreground refresh. Wrap the locking setup
in a macro so it doesn't get copy/pasted/mangled, and use
a scope exit trick to ensure it's always properly restored.
This sends all outputs in a wallet to a given address, alleviating
the difficulty people have had trying to send all monero but
being left with some small amount left.
modified: src/wallet/wallet2.cpp
modified: src/wallet/wallet2.h
Update to fix unconfirmed balance and give a slightly more verbose and informative confirmation message for transfers
When m_refresh_from_block_height has been set, only hashes will be
retrieved up to that height, instead of full blocks. The same will
be done for "refresh <height>" when the specified height is beyond
the current local blockchain.
When reaching the tail emission phase, the amount of coins will
eventually go over MONEY_SUPPLY, overflowing 64 bits. There was
a check added to blockchain_storage, but this was not ported to
the blockchain DB version.
Reported by smooth.
d662ab5 rpc: print human readable time since received when printing pool (moneromooo-monero)
5c9dd23 rpc: add a do_not_relay boolean to tx submission (moneromooo-monero)
^C when in RPC mode would not save the wallet while it was still
refreshing after starting up.
Also, save the wallet out of the signal handler. We don't want
to call complex stuff in a signal handler.
Also bumped DB VERSION to 1
Another significant speedup and space savings:
Get rid of global_output_indices, remove indirection from output to keys
This is the change warptangent described on irc but never got to finish.
This speeds up wallet refresh by directly retrieving a tx's amount output indices.
It removes the indirection and walking the amount output duplicate list
for every amount in each requested tx.
"tx_outputs" is used by:
Amount output indices are needed for wallet refresh.
Global output indices are needed for removing a tx.
Both amount output indices and global output indices are now stored in
an array of 64-bit unsigned ints:
tx_outputs[<tx_hash>] -> [ <a1_oi, a1_gi, a2_oi, a2_gi, ...> ]
Previously it was:
tx_outputs[<tx_hash>] -> duplicate list of <a1_gi, a2_gi, a3_gi, ...>
The amount output list had to be walked for every amount in order to
find each amount's output index, by comparing the amount's global output
index with each one in the duplicate list until a match was found.
See also d045dfa7ce
b4eada9 wallet: make load_keys check types when loading JSON (moneromooo-monero)
3e55725 wallet: make the JSON reading type safe (moneromooo-monero)
f8d05f3 common: new json_util.h (moneromooo-monero)
This can generate non decomposed outputs for very large block
rewards (or not so large ones if a miner decides to not quantize
the block rewards). Out of an abundance of caution, we refuse
to generate those. They are still accepted by the consensus code,
however.
d5d46e6 tests: obligatory hardfork unit build fix after interface change (moneromooo-monero)
25672d3 wallet: pass std::function by const ref, not value (moneromooo-monero)
0be6e08 wallet: do not leak owned amounts to the daemon unless --trusted-daemon (moneromooo-monero)
12146da wallet: change sweep_dust to sweep_unmixable (moneromooo-monero)
600a3cf New RPC and daemon command to get output histogram (moneromooo-monero)
f9a2fd2 wallet: handle rare case where fee adjustment can bump to the next kB (moneromooo-monero)
f26651a wallet: factor fee calculation (moneromooo-monero)
This allows appropriate action to be taken, like displaying
the reason to the user.
Do just that in simplewallet, which should help a lot in
determining why users fail to send.
Also make it so a tx which is accepted but not relayed is
seen as a success rather than a failure.
With the change in mixin rules for v2, the "annoying" outputs are
slightly changed. There is high correlation between dust and
unmixable, but no equivalence.
This is a list of existing output amounts along with the number
of outputs of that amount in the blockchain.
The daemon command takes:
- no parameters: all outputs with at least 3 instances
- one parameter: all outputs with at least that many instances
- two parameters: all outputs within that many instances
The default starts at 3 to avoid massive spamming of all dust
outputs in the blockchain, and is the current minimum mixin
requirement.
An optional vector of amounts may be passed, to request
histogram only for those outputs.
This was meant to go in v2, but the miner tx slipped through
the cracks as it doesn't go through the main tx verification
since it doesn't get added to the pool.
It takes a filename containing JSON data to generate a wallet.
The following fields are valid:
version: integer, should be 1
filename: string, path/filename for the newly created wallet
scan_from_height: 64 bit unsigned integer, optional
password: string, optional
viewkey: string, hex representation
spendkey: string, hex representation
seed: string, optional, list of words separated by spaces
Either seed or private keys should be given. If using private
keys, the spend key may be omitted (the wallet will not be
able to spend, but will see incoming transactions).
If scan_from_height is given, blocks below this height will not
be checked for transactions as an optimization.
tx_pool.h doxygen documentation completed.
Many notes made on areas for improvement, be that functionality or
code clarity.
Commented code and unused code removed.
The functions in src/cryptonote_core/checkpoints_create.{h,cpp} should
be member functions of the checkpoints class, if nothing else for the
sake of keeping their documentation together.
This commit covers moving those functions to be member functions of the
checkpoints class as well as documenting those functions.
All functions in src/cryptonote_core/checkpoints.h are now documented in
doxygen style.
checkpoints.cpp has been reviewed, one function has been marked for
discussion on correctness.
All functions are now documented in doxygen format. Comments have been
updated to reflect the current state of the code. Many areas for
improvement in clarity and design have been noted, as well as cruft to
be removed. These changes are not reflected in this commit both to
allow time for comment and to keep commits organized by purpose.
Example of current return for `print_block 912345`:
timestamp: 1452793716
previous hash:
b61c58b2e0be53fad5ef9d9731a55e8a81d972b8d90ed07c04fd37ca6403ff78
nonce: 1646
is orphan: 0
height: 912345
depth: 85434
hash:
e22cf75f39ae720e8b71b3d120a5ac03f0db50bba6379e2850975b4859190bc6difficul
ty: 815625611
reward: 7388968946286
{
"major_version": 1,
"minor_version": 2,
…
Without `std::endl`, the difficulty gets smashed on the end of the hash.
It would try to join the auto refresh thread, which would
only happen after it was done, which would take a long time
when doing so on a newly created wallet.
8bc1bd6 wallet: use minimum mixin when RPC asks for too low mixin (moneromooo-monero)
31d2e0f wallet_rpc_server: make use_fork_rules public (moneromooo-monero)
After the fork, normal transfer functions called via RPC
use the minimum mixin 2 if 0 or 1 is requested. While the
incoming transaction may be valid (eg, it has an unmixable
and at most a mixable input), it is a simple way to make
sure RPC users can't get a seemingly random accept/reject
behavior if they don't update their requested mixin.
bdec7cb BlockchainLMDB: Use DB error helper consistently (warptangent)
c5932eb BlockchainLMDB: Add DB error to exception (warptangent)
a49c355 Blockchain: Omit verbose time stats messages by default (warptangent)
TEST:
blockchain_export -h
This should show "berkeley" as an available option to --database.
With an existing BerkeleyDB database, run:
blockchain_export --database berkeley
This is already the default for the daemon, but by checking a command
line argument and calling a Blockchain member function setter.
Initialize the variable to false so it's not dependent on an external
command-line argument check. This allows utilities like
blockchain_import to have a reasonable default without code changes.
c2a1fee simplewallet: prompt for private keys when generating wallets (moneromooo-monero)
4513b4c simplewallet: add a new --restore-from-keys option (moneromooo-monero)
11d555c Fix crash in std::map for connections_map (Howard Chu)
014f886 std::condvar is broken on Win32 with gcc/g++ 4.8 too (Howard Chu)
7c86c59 Use boost::thread instead of std::thread (Howard Chu)
57e75fa BlockchainBDB: Check if hard fork subdbs need reset (warptangent)
47f6cf8 BlockchainBDB: Support blockchain_import --drop-hard-fork command (warptangent)
27d4e50 core: check whether an update is needed straight away (moneromooo-monero)
8892173 core: print "update needed" hard fork notifications in red (moneromooo-monero)
Pass the CMake bit width setting to compile flags for blockchain_import
and blockchain_converter.
For LMDB on 32-bit, hyc has found that batch size of 100 appears to be a
good default.
3b13a74 Shutup about VERSION 0 (Howard Chu)
1537477 Use cursor in get_output_key (Howard Chu)
f2faf8c Use MDB_APPEND mode where possible (Howard Chu)
090b548 Use cursors in write txns (Howard Chu)
ed08d21 Keep a running blocksize count (Howard Chu)
0fc9334 Win32 import batchsize tweaks (Howard Chu)
27f76e2 blockchain_import: Build string for db type list (warptangent)
1aa8a9d blockchain_import: Add mode argument representing multiple DB flags (warptangent)
cffc411 blockchain_import: Support BerkeleyDB (warptangent)
19c1aaa blockchain_import: Add database type argument (warptangent)
0fedce0 blockchain_import: Make LMDB-specific names general (warptangent)
When keys are contiguous and monotonically increasing, this gets
denser page utilization (doesn't leave padding in page splits).
Can't be used for keys that are inserted in random order (e.g. hashes)
In total this only saves around 1.5% of space compared to original
DB code. The previous patch accounted for 0.8% savings on its own;
the blocks tables just aren't that big.
These modes match those optionally provided as part of the daemon's
--db-type argument.
Argument after the # is interpreted as a composite mode if there's only
one (no comma separated arguments).
Sample usage:
blockchain_import --database lmdb#fastest
blockchain_import --database berkeley#fastest
Multiple specific DB flags are still supported, e.g.
blockchain_import --database lmdb#nosync,nordahead
blockchain_import --database berkeley#txn_nosync
1995923 BlockchainLMDB: Deal with DB exceptions at block level with particularity (warptangent)
c16cc20 BlockchainLMDB: Add sanity check for inconsistent state (warptangent)
9118d0a BlockchainLMDB: Call destructor on allocated txn if setup fails (warptangent)
f5581c3 BlockchainLMDB: Replace remaining txn pointer NULLs with nullptr (warptangent)
c7e6b77 crypto: only check MONERO_USE_SOFTWARE_AES once (moneromooo-monero)
74aef21 crypto: use software AES based on the MONERO_USE_SOFTWARE_AES env var (moneromooo-monero)
Add another DB error exception type to distinguish failed txn setup from
general use of txn.
This keeps the error handling flow the same as before the block-level
txn setup changes that moved control up a layer to BlockchainDB.
Remove LINK_SEARCH_START_STATIC and LINK_SEARCH_END_STATIC. This is more
appropriate when the compiler flag -static is used.
This had been causing CMake to omit the linker flags necesssary to
distinguish static and dynamic library linking. CMake had assumed static
linking for the target, causing it to omit explicit static link flags.
That is problematic without the -static compile flag being set.
With a library located in system directories, like libboost_date_time,
the full static path (.a), though found correctly by CMake, was treated
by the linker as a dynamic library. This is because
target_link_libraries() transforms the full path to -l<libname> if it's
in a system directory. Without -static or explicit linker flags, the
dynamic library (.so) is linked.
Removing the above two properties removes the assumption of static. So
-Wl;-Bstatic is inserted where needed. This causes -l<libname> to
properly refer to the static library instead of dynamic.
Setting to no or 0 also works. If set, any other value enables it.
Useful for running with valgrind in cases where it fails at
properly implementing AES-NI.
We also replace the --fakechain option with an optional structure
containing details about configuration for the core/blockchain,
for test purposes. This seems more future friendly.
7658ac0 blockchain: revert handle_get_objects adding block id on tx not found (moneromooo-monero)
3a0f4d8 berkeleydb: fix delete/free mismatch (moneromooo-monero)
1642be2 minor bugfixes and refactoring (Thomas Winget)
098dcf2 unit_tests: fix mnemonics unit test testing invalid seeds (moneromooo-monero)
If it is, it points to reuse of a tx key, which isn't meant to happen.
If it does, a key image collision means that only one of those
outputs is spendable, so the wallet selects the larger amount,
unless that output was spent already.
This causes a discrepancy betewen reported received inputs and
payment total.
Since tx keys are 256 bits, this should never happen except if
done on purpose, or if a sender uses a bad PRNG.
Locking just one db turns out to not have been a good idea, since
the pool and p2p state fdles have to be used anyway.
Also ensure the directory exists before tring to lock.
- Blockchain should store if it's running on testnet or not
- moved loading compiled-in block hashes to its own function for clarity
- on handle_get_objects, should now correctly return false if a block's
transactions are missing
- replace instances of BOOST_FOREACH with C++11 for loops in Blockchain.
7fc6fa3 wallet: forbid dust altogether in output selection where appropriate (moneromooo-monero)
5e1a739 blockchain: log number of outputs available for a new tx (moneromooo-monero)
bcac101 daemon: fix a few issues reported by valgrind (moneromooo-monero)
a7e8174 tx_pool: fix serialization of new relayed data (moneromooo-monero)
601ad76 hardfork: fix mixup in indexing variable in get_voting_info (moneromooo-monero)
444e22f blockchain: remove unused timer (moneromooo-monero)
7edfdd8 blockchain: fix m_sync_counter uninitialized variable use (moneromooo-monero)
d97582c epee: use generate_random_bytes for new random uuids (moneromooo-monero)
17c7c9c epee: remove dodgy random code that nobody uses (moneromooo-monero)
A boost lock is used to determine whether more than one process
wants to access the database. The boost file_lock doesn't seem
to like locking directories, so we use an arbitrary file in it.
This allows to still run two daemons if they have different
database directories (ie, LMDB/BDB, different data directories).
In particular, ensure we check the status of RPC response structures,
as some functions will return success, but with a BUSY status, when
the daemon is not yet synced, and the response will not filled.
94b98fb tx_pool: do not accept txes not in a block if they timed out before (moneromooo-monero)
eadbdf3 tx_pool: fix use of invalidated iterator (moneromooo-monero)
3b1d7e0 Fix V1/V2 use of hard fork related parameters (moneromooo-monero)
This is intended to avoid cases where a timed out tx will be
re-relayed by another peer for which it has not timed out yet,
which would cause the tx to stay in the network's pool for a
long time (until all peers time it out before another one
tries to relay it again).
This improves blockchain reorganization time by allowing one of the more
expensive DB lookups when popping a block to not have to seek through a
long dup list in the "output_amounts" db. This is most noticeable for
HDDs.
See ffcf6bdb95
Data should be removed in the reverse order it was added.
This matches the order of removal in
blockchain_storage::pop_transaction_from_global_index.
See f11def012f
c5baf30 use load_file_to_string and exit with error on file read errors (Fabian Hirschmann)
7b2d27f remove new lines at the end of the password only (Fabian Hirschmann)
302cc9c add --password-file option (Fabian Hirschmann)
The value will be different depending on whether we've reached
the first hard fork, which allows a larger size, or not.
This fixes transactions being rejected by the daemon on mainnet
where the first hard fork is not yet active.
This ensures this will be done without fail, as the error prone
matching of every return with a call to KILL_IOSERVICE leads to
hard to debug corruption when one is missing.
- only try to stop if actually started
- print number of threads before zeroing it
This fixes the suspiciously doubled "Mining has been stopped"
message on exit.
Blockchain hashes and key images are flushed, and blocks are
pulled anew from the daemon.
The console command is shortened to match bc_height.
This should make it a lot easier on users who are currently
told to remove this particular cache file but keep the keys
one, etc, etc.
61ce8d6 wallet_rpc_server: exit async, so we reply to stop_wallet RPC (moneromooo-monero)
9847db6 wallet: do not return error if incoming_transfers finds none (moneromooo-monero)
b39aae7 Tweak 45800a25e9 (hyc)
4a5a5ff blockchain: always stop the ioservice before returning (moneromooo-monero)
78b65cf db_lmdb: safety close db at exit (moneromooo-monero)
45800a2 db_lmdb: fix a strdup/delete[] mistmatch (moneromooo-monero)
79beed2 tests: fix various tests by using parameters better suited to monero (moneromooo-monero)
d0a8362 tests: fix some double spending tests (moneromooo-monero)
2358d0d tests: use 255 as a "too high" block version (moneromooo-monero)
f33a88c blockchain: fix a few block addition bugs (moneromooo-monero)
a9ff11c blockchain: fix an off by one error in unlocked time check (moneromooo-monero)
f294be3 blockchain: reinstate double spending checks in check_tx_inputs (moneromooo-monero)
737b6d6 blockchain: make some flag twiddling code closer to the original (moneromooo-monero)
81cb0fc blockchain: fix bitflipping test with quantized block rewards (moneromooo-monero)
22ddf09 blockchain: add missing m_tx_pool.on_blockchain_dec (moneromooo-monero)
d837c0c blockchain: fix switch to alternative blockchain for more than one block (moneromooo-monero)
5cec076 blockchain: add a missing validity check to rollback_blockchain_switching (moneromooo-monero)
3cabdb5 core: catch exceptions from get_output_key (moneromooo-monero)
5eef645 db: throw when given a non txout_to_key output to add (moneromooo-monero)
If the block reward was too high, the verification failed flag
was set, but the function continued. The code which was supposed
to trap this flag and return failure failed to trap it, and,
while the block was not added to the chain, the function would
return success.
The reason for avoiding returning when the block reward problem
was detected was to be able to return any transactions to the
pool if needed. This is now mooted by moving the transaction
return code to a separate function, which is now called at all
appropriate points, making the logic much simpler, and hopefully
correct now.
We also move the hard fork version check after the prev_id check,
as block which does not go on the top of the chain might not
have the expected version there, without being invalid just for
this reason.
Last, we trap the case where a block fails to be added due to
using already spent key images, to set the verification failed
flag.
This fixes some double spending tests.
This may or may not be unneeded in normal (non test) circumstances,
to be determined later. Keeping these for now may be slower, but safer.
Block reward may now be less than the full amount allowed.
This was breaking the bitflipping test.
We now keep track of whether a block which was accepted by the core
has a lower than allowed block reward, and allow this in the test.
The check was explicit in the original version, so it seems
safer to make it explicit here, especially as it is now done
implicitely in a different place, away from the original check.
ffcf6bd BlockchainLMDB: When removing, find amount output index fast by starting at end (warptangent)
f11def0 BlockchainLMDB: Remove tx outputs in reverse order (warptangent)
Data should be removed in the reverse order it was added. Not doing so
breaks assumptions and can cause problems in other DB implementations.
This matches the order of tx removal in
blockchain_storage::purge_block_data_from_blockchain.
This improves blockchain reorganization time by allowing one of the more
expensive DB lookups when popping a block to not have to seek through a
long dup list in the "output_amounts" subdb. This is most noticeable for
HDDs.
As before, the dup list is still walked if necessary (but in reverse),
and the global output index still confirmed to be the one looked for.
But under proper use, the result will be found at the end of the dup
list, so we start there.
Removing an amount output index is always done in the context of popping
a block, so the global output index being looked for should be the last
one in that amount key's dup list. Even if the txs themselves aren't
removed in reverse order (supposed to be according to original
implementation), the specified amount output index will still be near
the end, because the txs are in the same block.
TEST:
Pop blocks with blockchain_import.
Blocks should be successfully removed with no errors shown.
bitmonerod should be able to start syncing from the reduced blockchain
height.
8ea7af1 Allow the wallet to access hard fork information (moneromooo-monero)
760331b epee: make log macros behave like statements (moneromooo-monero)
3f2970f Add missing semicolons after log statements (moneromooo-monero)
In particular, <boost/program_options.hpp> blows up daemon.cpp.obj,
making it too big to compile in debug mode on Win32. Even on a
release build it drops daemon.cpp.o on Linux from 31MB to 20MB.
This has no effect on the final linked binary size.
The version number passed to those data's serialize function
was always 0, not the wallet's version as I had expected.
A version number now exists for these structures so they're
versioned correctly.
9079a32 Fix typo (warptangent)
3796941 blockchain.cpp: Change indentation from 4 to 2 spaces (warptangent)
725acc7 Replace tabs with two spaces for consistency with rest of codebase (warptangent)
Sample use:
DNS_PUBLIC=tcp torsocks bin/bitmonerod --p2p-bind-ip 127.0.0.1
Test:
Run above with --log-level 4 with and without DNS_PUBLIC environment
variable set.
DNS debugging info should show successful DNS lookups only when
DNS_PUBLIC is set to "tcp":
DNS lookup for seeds.moneroseeds.se: 17 results
DNS lookup for seeds.moneroseeds.ae.org: 17 results
DNS lookup for seeds.moneroseeds.ch: 12 results
DNS lookup for seeds.moneroseeds.li: 12 results
cbded43 core_tests: fix ring_signature_1 tests (moneromooo-monero)
c3d208f core_tests: bump default test fee to 0.02 monero (moneromooo-monero)
10da0a0 add a --fakechain argument for tests (moneromooo-monero)
eee44e6 unit_tests: fix block reward test using post hard fork settings (moneromooo-monero)
595893f blockchain: log block (not chain) height in "BLOCK SUCCESFULLY ADDED" (moneromooo-monero)
2369968 blockchain: fix off by one in get_blocks (moneromooo-monero)
8af913a db_lmdb: implement BlockchainLMDB::reset (moneromooo-monero)
4833f4f db_bdb: implement BlockchainBDB::reset (moneromooo-monero)
18bf06e tx_pool: fix "minumim" typo in message (moneromooo-monero)
44f1267 tests: fix a typo in test name (moneromooo-monero)
1494557 db_lmdb: create all needed directories, not just the leaf one (moneromooo-monero)
015b68a db_bdb: create all needed directories, not just the leaf one (moneromooo-monero)
f141869 tests: remove data-dir argument registration (moneromooo-monero)
This prevents the intermediate thread from exiting properly, as
fork creates a child process with only one thread, so any existing
data_logger thread will not be in the child. Since this thread
sets a flag the data_logger dtor blocks on, all children threads
will hang on exit.
When throwing an exception from being unable to begin an LMDB
transaction, include the reason.
It's often been due to a write transaction attempted within a write
transaction (batch mode), but there can be other reasons such as write
transaction attempted while database was opened read only, or
environment's map needs to be resized.
The core tests use the blockchain, and reset it to be able
to add test data to it. This does not play nice with the
databases, since those will save that data without an explicit
save call.
We add a fakechain flag that the tests will set, which tells
the core and blockchain code to use a separate database, as
well as skip a few things like checkpoints and fixup, which
only make sense for real data.
Data is only guaranteed to be valid within the lifetime of a txn.
You cannot use data returned from LMDB after the txn ends.
Also, fixed a missing txn.commit BlockchainLMDB::get_tx_unlock_time()
This fixes coretests, which does not register daemon specific arguments,
but uses core, which uses those arguments. Also gets rid of an unwanted
dependency on daemon code from core.
This is a precaution for older Berkeley DB versions.
- smooth reports an issue running with 4.7:
DB_ENV->log_set_config: DB_LOG_IN_MEMORY: method not permitted
after handle's open method
- this works just fine with 5.3
- we do not use DB_LOG_IN_MEMORY, but we use DB_LOG_AUTO_REMOVE
- libdb docs say some flags must be set before open, and some
may be set at any time, but never say some must be set after
open
- moving the call to log_set_config before open works with 5.3
Therefore, it seems best to move the call before open.
Early DB versions did not store key images for inputs if the
transaction spending them had no outputs (ie, all fee). This
is not correct, as this would allow these outputs to be double
spent. This was fixed in 533acc30ed
a few months ago, but databases having synced blocks 2021612 and
685498 with a faulty version will be missing those key images
in the spent keys database. This code checks for this, and adds
those key images if they are missing.
Berkeley DB uses 1 based indices for RECNO databases, and the
implementation of BlockchainDB for Berkeley DB assumes 1 based
indices are passed to the API, whereas the LMDB one assumes
0 based indices. This is all internally consisteny, but since
the BDB code stores 1 based indices in the database, external
users have to be aware of this, as the indices will be off by
one depending on which DB is used.
^C while in manual refresh will cancel the refresh, since that's
often an annoying thing to have to wait for. Also, a manual refresh
command will interrupt any running background refresh and take
over, rather than wait for the background refresh to be done, and
look to be hanging.
9ee48e9 wallet2: speed up wallet refresh for large miners (moneromooo-monero)
4905903 wallet2: parallelize pulling blocks and processing them on refresh (moneromooo-monero)
d0eaf1d wallet2: maintain the short chain manually when refreshing (moneromooo-monero)
a4e9506 wallet2: split pull blocks between pulling and processing (moneromooo-monero)
The daemon will be polled every 90 seconds for new blocks.
It is enabled by default, and can be turned on/off with
set auto-refresh 1 and set auto-refresh 0 in the wallet.
This allows them to be saved as a fixed (one byte) chunk whatever
the value. Using a varint will use two bytes as the high bit gets
set.
This is backward compatible with current usage (0-2 values).
d887c18 hardfork: fix more major/minor issues (moneromooo-monero)
3b47ca2 hardfork: fix rescan on load (moneromooo-monero)
4cea2b1 Add IP blocking for misbehaving nodes (adapted from Boolberry) (Javier Smooth)
9c64b12 quiet down p2p logging a bit (Javier Smooth)
53c75ab blockchain: log versions as numbers, not characters (moneromooo-monero)
edade8d hardfork: fix actual/voting confusion (moneromooo-monero)
9b945f5 wallet: make the refresh optimizations selectable via command line (moneromooo-monero)
d2c0313 wallet: speedup refresh from daemon (moneromooo-monero)
ea707c7 wallet2: minor cleanup (moneromooo-monero)
55a2da7 wallet2: speedup refresh a bit (moneromooo-monero)
Also add some more tests, and rename some instances of
"version" and "add" for clarity.
NOTE: the starting height values are sometimes wrong.
I suspect this is due to the hard fork reorg code being
buggy, since they're good when syncing after the fact.
However, they're not actually used by the consensus code,
so I'm ignoring this for now, but this needs debugging.