This PR lets bitcoind call an arbitrary command -signer=<cmd>, e.g. a hardware wallet driver, where it can fetch public keys, ask to display an address, and sign a transaction (using PSBT under the hood).
It’s design to work with https://github.com/bitcoin-core/HWI, which supports multiple hardware wallets. Any command with the same arguments and return values will work. It simplifies the manual procedure described here.
Usage is documented in doc/external-signer.md, which also describes what protocol a different signer binary should conform to.
Use --enable-external-signer to opt in, requires Boost::Process:
0Options used to compile and link:
1 with wallet = yes
2 with gui / qt = no
3 external signer = yes
It adds the following RPC methods:
enumeratesigners: asks for a list of signers (e.g. devices) and their master key fingerprint
signerdisplayaddress <address>: asks to display an address
It enhances the following RPC methods:
createwallet: takes an additional external_signer argument and fetches keys from device
send: automatically sends transaction to device and waits
Usage TL&DR:
clone HWI repo somewhere and launch bitcoind -signer=../HWI/hwi.py
check if you can see your hardware device: bitcoin-cli enumeratesigners
create wallet and auto import keys bitcoin-cli createwallet "hww" true true "" true true true
display address on device: bitcoin-cli signerdisplayaddress ...
to spend, use send RPC and approve transaction on device
(automatically) verify (a subset of) keys on the device after import, through message signing
DrahtBot
commented at 10:16 pm on August 4, 2019:
member
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
Conflicts
Reviewers, this pull request conflicts with the following ones:
#21207 (MOVEONLY: CWallet transaction code out of wallet.cpp/.h by ryanofsky)
#21073 (wallet: check when create wallets for the reserved name “wallets” by Saibato)
#20744 ([POC] Use std::filesystem. Remove Boost Filesystem & System by fanquake)
#20354 (test: Add feature_taproot.py –previous_release by MarcoFalke)
#20191 (wallet, refactor: make DescriptorScriptPubKeyMan agnostic of internal flag by S3RK)
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
DrahtBot added the label
Build system
on Aug 4, 2019
DrahtBot added the label
Docs
on Aug 4, 2019
DrahtBot added the label
GUI
on Aug 4, 2019
DrahtBot added the label
RPC/REST/ZMQ
on Aug 4, 2019
DrahtBot added the label
Tests
on Aug 4, 2019
DrahtBot added the label
Utils/log/libs
on Aug 4, 2019
DrahtBot added the label
Wallet
on Aug 4, 2019
in
src/wallet/rpcwallet.cpp:2729
in
10b713dc90outdated
2672@@ -2653,6 +2673,8 @@ static UniValue createwallet(const JSONRPCRequest& request)
2673 {"blank", RPCArg::Type::BOOL, /* default */ "false", "Create a blank wallet. A blank wallet has no keys or HD seed. One can be set using sethdseed."},
2674 {"passphrase", RPCArg::Type::STR, RPCArg::Optional::OMITTED, "Encrypt the wallet with this passphrase."},
2675 {"avoid_reuse", RPCArg::Type::BOOL, /* default */ "false", "Keep track of coin reuse, and treat dirty and clean coins differently with privacy considerations in mind."},
2676+ {"descriptors", RPCArg::Type::BOOL, /* default */ "false", "Create a native descriptor wallet. The wallet will use descriptors internally to handle address creation"},
2677+ {"external_signer", RPCArg::Type::BOOL, /* default */ "false", "Use an external signer such as a hardware wallet. Requires -signer to be configured. Wallet creation will fail if keys cannot be fetched. Requires disable_private_keys and descriptors set to true."},
Storing signer in the wallet makes sense, but I also think it can wait for a later PR. In practice afaik the only tool that currently works is HWI and it can handle multiple wallets. In the long run however I do hope that wallet manufactures provide their own software that just uses the same commands / responses.
fanquake removed the label
Build system
on Aug 4, 2019
fanquake removed the label
Docs
on Aug 4, 2019
fanquake removed the label
GUI
on Aug 4, 2019
fanquake removed the label
Utils/log/libs
on Aug 4, 2019
Sjors force-pushed
on Aug 5, 2019
Sjors force-pushed
on Aug 5, 2019
DrahtBot added the label
Needs rebase
on Aug 6, 2019
Sjors force-pushed
on Sep 4, 2019
DrahtBot removed the label
Needs rebase
on Sep 4, 2019
Sjors force-pushed
on Sep 4, 2019
DrahtBot added the label
Needs rebase
on Sep 7, 2019
Relaxo143
commented at 11:45 am on September 12, 2019:
none
Can we expect this to be merged and included in 0.19? It’s a really useful and requested feature! Thanks to everyone who is working on it.
Sjors
commented at 8:54 am on September 16, 2019:
member
@Relaxo143 not a chance; this is still work in progress and there’s several pull requests that need to be reviewed and merged first. There’s also a feature freeze on 0.19.
Sjors force-pushed
on Sep 16, 2019
Sjors
commented at 4:27 pm on September 16, 2019:
member
I dropped the dependency on my new send RPC proposal #16378, in favor of just tweaking sendmany and sendtoaddress. It’s less powerful, but should reduce the review burden once native descriptors are merged.
Sjors force-pushed
on Sep 18, 2019
Sjors force-pushed
on Oct 10, 2019
Sjors force-pushed
on Oct 25, 2019
DrahtBot removed the label
Needs rebase
on Oct 25, 2019
Sjors force-pushed
on Oct 27, 2019
DrahtBot added the label
Needs rebase
on Oct 29, 2019
Sjors force-pushed
on Oct 29, 2019
DrahtBot removed the label
Needs rebase
on Oct 29, 2019
Sjors force-pushed
on Oct 29, 2019
Sjors force-pushed
on Oct 29, 2019
DrahtBot added the label
Needs rebase
on Oct 30, 2019
Sjors force-pushed
on Oct 30, 2019
Sjors force-pushed
on Oct 31, 2019
DrahtBot removed the label
Needs rebase
on Oct 31, 2019
Sjors force-pushed
on Oct 31, 2019
DrahtBot added the label
Needs rebase
on Oct 31, 2019
Sjors force-pushed
on Nov 3, 2019
Sjors force-pushed
on Nov 7, 2019
Sjors force-pushed
on Nov 7, 2019
Sjors force-pushed
on Nov 7, 2019
Sjors force-pushed
on Nov 7, 2019
Sjors force-pushed
on Nov 7, 2019
DrahtBot removed the label
Needs rebase
on Nov 7, 2019
DrahtBot added the label
Needs rebase
on Nov 8, 2019
Sjors force-pushed
on Dec 9, 2019
DrahtBot removed the label
Needs rebase
on Dec 9, 2019
DrahtBot added the label
Needs rebase
on Dec 16, 2019
Sjors force-pushed
on Jan 30, 2020
Sjors force-pushed
on Jan 30, 2020
DrahtBot removed the label
Needs rebase
on Jan 30, 2020
Sjors force-pushed
on Jan 30, 2020
Sjors force-pushed
on Jan 30, 2020
Sjors force-pushed
on Jan 30, 2020
DrahtBot added the label
Needs rebase
on Feb 4, 2020
in
build-aux/m4/ax_boost_process.m4:17
in
0a0d295415outdated
12+# requires a preceding call to AX_BOOST_BASE. Further documentation is
13+# available at <http://randspringer.de/boost/index.html>.
14+#
15+# This macro calls:
16+#
17+# AC_SUBST(BOOST_PROCESS_LIB)
DrahtBot removed the label
Needs rebase
on Mar 23, 2020
DrahtBot added the label
Needs rebase
on Mar 23, 2020
Sjors force-pushed
on Mar 27, 2020
DrahtBot removed the label
Needs rebase
on Mar 27, 2020
Sjors force-pushed
on Apr 1, 2020
DrahtBot added the label
Needs rebase
on Apr 6, 2020
Sjors force-pushed
on Apr 22, 2020
Sjors force-pushed
on Apr 22, 2020
DrahtBot removed the label
Needs rebase
on Apr 22, 2020
Sjors force-pushed
on Apr 23, 2020
Sjors force-pushed
on Apr 27, 2020
Sjors force-pushed
on Apr 27, 2020
Sjors force-pushed
on Apr 27, 2020
Sjors renamed this:
[WIP] External signer support - Wallet Box edition
External signer support - Wallet Box edition
on Apr 27, 2020
Sjors
commented at 2:08 pm on April 27, 2020:
member
I’m marking this ready for review, even though 372eef4 is a placeholder commit (to be fixed in other pull requests). There’s still rough edges, but it does work, as does the GUI followup in #16549.
Sjors force-pushed
on Apr 27, 2020
fjahr
commented at 2:02 pm on April 28, 2020:
member
Concept ACK
DrahtBot added the label
Needs rebase
on May 1, 2020
Sjors force-pushed
on May 7, 2020
DrahtBot removed the label
Needs rebase
on May 7, 2020
DrahtBot added the label
Needs rebase
on May 11, 2020
Sjors force-pushed
on May 18, 2020
DrahtBot removed the label
Needs rebase
on May 18, 2020
Sjors force-pushed
on May 18, 2020
DrahtBot added the label
Needs rebase
on May 21, 2020
Sjors force-pushed
on May 22, 2020
DrahtBot removed the label
Needs rebase
on May 22, 2020
DrahtBot added the label
Needs rebase
on May 27, 2020
Sjors force-pushed
on Jun 10, 2020
Sjors force-pushed
on Jun 10, 2020
DrahtBot removed the label
Needs rebase
on Jun 10, 2020
Sjors force-pushed
on Jun 16, 2020
Sjors force-pushed
on Jun 16, 2020
Sjors force-pushed
on Jun 18, 2020
Sjors closed this
on Jun 18, 2020
Sjors reopened this
on Jun 18, 2020
Sjors force-pushed
on Jun 19, 2020
DrahtBot added the label
Needs rebase
on Jun 19, 2020
Sjors force-pushed
on Jun 19, 2020
DrahtBot removed the label
Needs rebase
on Jun 19, 2020
meshcollider added this to the "PRs" column in a project
DrahtBot added the label
Needs rebase
on Jun 24, 2020
Sjors force-pushed
on Jun 25, 2020
DrahtBot removed the label
Needs rebase
on Jun 25, 2020
DrahtBot added the label
Needs rebase
on Jun 29, 2020
Sjors force-pushed
on Jun 29, 2020
DrahtBot removed the label
Needs rebase
on Jun 29, 2020
DrahtBot added the label
Needs rebase
on Jul 2, 2020
Sjors force-pushed
on Jul 2, 2020
DrahtBot removed the label
Needs rebase
on Jul 2, 2020
Sjors force-pushed
on Jul 6, 2020
DrahtBot added the label
Needs rebase
on Jul 11, 2020
Sjors force-pushed
on Jul 14, 2020
DrahtBot removed the label
Needs rebase
on Jul 14, 2020
DrahtBot added the label
Needs rebase
on Jul 17, 2020
Sjors force-pushed
on Jul 18, 2020
DrahtBot removed the label
Needs rebase
on Jul 18, 2020
DrahtBot added the label
Needs rebase
on Jul 28, 2020
Sjors force-pushed
on Jul 30, 2020
DrahtBot removed the label
Needs rebase
on Jul 30, 2020
DrahtBot added the label
Needs rebase
on Jul 30, 2020
Sjors force-pushed
on Jul 31, 2020
DrahtBot removed the label
Needs rebase
on Jul 31, 2020
meshcollider referenced this in commit
e4df534c60
on Aug 5, 2020
sidhujag referenced this in commit
06bceb01d7
on Aug 5, 2020
Sjors force-pushed
on Aug 6, 2020
DrahtBot added the label
Needs rebase
on Aug 9, 2020
Sjors force-pushed
on Aug 28, 2020
Sjors
commented at 6:43 pm on August 28, 2020:
member
Rebased and dropped 3c65029b2cd7dc4874055cc55424bb7512071d2b since it’s unused.
DrahtBot removed the label
Needs rebase
on Aug 28, 2020
DrahtBot added the label
Needs rebase
on Sep 7, 2020
Sjors force-pushed
on Sep 7, 2020
DrahtBot removed the label
Needs rebase
on Sep 7, 2020
meshcollider referenced this in commit
ffaac6e614
on Sep 15, 2020
sidhujag referenced this in commit
2d9d86f6b8
on Sep 15, 2020
DrahtBot added the label
Needs rebase
on Sep 15, 2020
Sjors force-pushed
on Sep 15, 2020
Sjors
commented at 2:44 pm on September 15, 2020:
member
Rebased on top of the ultimate send RPC #16378; it now uses send instead of sendtoaddress.
DrahtBot removed the label
Needs rebase
on Sep 15, 2020
Sjors
commented at 9:55 am on September 16, 2020:
member
Something is causing Travis on ARM64 to bail out right before the functional tests. I already tried a restart.
laanwj added this to the "Blockers" column in a project
DrahtBot added the label
Needs rebase
on Sep 29, 2020
Sjors force-pushed
on Oct 1, 2020
DrahtBot removed the label
Needs rebase
on Oct 1, 2020
DrahtBot added the label
Needs rebase
on Oct 7, 2020
Sjors force-pushed
on Oct 8, 2020
DrahtBot removed the label
Needs rebase
on Oct 8, 2020
jojoe30 approved
Sjors force-pushed
on Oct 15, 2020
Sjors
commented at 9:35 am on October 15, 2020:
member
in
src/wallet/externalsigner.h:20
in
fa453656d0outdated
15+class ExternalSignerException : public std::runtime_error {
16+public:
17+ using std::runtime_error::runtime_error;
18+};
19+
20+//! Enables interaction with an external signing device or service, such as a
Not sure if we need so many of these. This function should never be called if external signer is not enabled, right? Is this a belts & suspenders approach or is there a reason why it is absolutely necessary?
In this PR you have to use --with-boost-process in order to enable external signer support. So it’s opt-in. But in the GUI followup that’s flipped if you have GUI enabled.
Alternatively you can use --with-external-signer which implies --with-boost-process and fails if Boost::Process is missing.
in
src/wallet/externalsigner.cpp:1
in
be811a8d3coutdated
Wouldn’t it be better to mention --enable-external-signer configure flag in this error message instead of boost (which is just an implementation detail)?
in
src/wallet/wallet.h:839
in
8aa7f0feadoutdated
832@@ -829,6 +833,12 @@ class CWallet final : public WalletStorage, public interfaces::Chain::Notificati
833834 std::vector<OutputGroup> GroupOutputs(const std::vector<COutput>& outputs, bool single_coin, const size_t max_ancestors) const;
835836+#ifdef ENABLE_EXTERNAL_SIGNER
837+ ExternalSigner GetExternalSigner() EXCLUSIVE_LOCKS_REQUIRED(cs_wallet);
838+#endif
839+ /* Display address on an external signer. Returns false if external signer support is not compiled */
Do you really want to construct a new instance every time and return by value here?
This function is called reasonably often (e.g. when signing, when displaying addresses).
It seems that these could be cached, and in that case a pointer (e.g. std::shared_ptr) would make more sense.
But not sure.
My guess would be that this is negligible compared to the slow USB communication and sluggish hardware wallets in general. I might leave that for someone else to improve.
in
src/wallet/externalsigner.h:54
in
8aa7f0feadoutdated
49+ static bool Enumerate(const std::string& command, std::vector<ExternalSigner>& signers, bool mainnet = true, bool ignore_errors = false);
50+
51+ //! Display address on the device. Calls `<command> displayaddress --desc <descriptor>`.
52+ //! @param[in] descriptor Descriptor specifying which address to display.
53+ //! Must include a public key or xpub, as well as key origin.
54+ UniValue displayAddress(const std::string& descriptor) const;
I should update the comment, but yes: signet, testnet and regtest use the same address format, which is the only thing that seems to matter when using hardware wallets (at the least the devices I’ve worked with). They don’t even have their own BIP44/49/81 coin types.
achow101
commented at 8:21 pm on February 8, 2021:
For at least testnet and regtest, the bech32 address format is different.
But also, HWI only has mainnet and testnet so maybe just a bool is fine?
@laanwj@fjahr thanks for the reviews! I was waiting for another PR (bitcoin-core/gui#171) to land which I expect to require a rebase, but I might do it sooner.
DrahtBot removed the label
Needs rebase
on Jan 29, 2021
Sjors force-pushed
on Jan 29, 2021
in
build_msvc/bitcoin_config.h:57
in
235445a431outdated
52@@ -53,6 +53,9 @@
53 /* define if the Boost::Process library is available */
54 #define HAVE_BOOST_PROCESS /**/
5556+/* define if external signer support is enabled (requires Boost::Process) */
57+#define ENABLE_EXTERNAL_SIGNER 1 /**/
achow101
commented at 7:39 pm on February 8, 2021:
In 235445a431c6146bb194761335761fa423469ac0 “msvc: define ENABLE_EXTERNAL_SIGNER”
Since this is supposed to be defaults, I don’t think you should have 1 there. It should be like HAVE_BOOST_PROCESS right above.
Just defining or setting it to 1 always confused me. As does MSVC. But it sounds reasonable… @sipsorcery?
achow101
commented at 4:54 pm on February 9, 2021:
I think it’s supposed to be either the default or a fixed setting indicating what msvc should be building. Either way, having HAVE_BOOST_PROCESS not defined above and still defining ENABLE_EXTERNAL_SIGNER is a conflict because we can’t have external signer support without boost process.
sipsorcery
commented at 10:35 pm on February 10, 2021:
I think msvc is the same as the other compilers. If you want to set a pre-processor define to act like a boolean flag there’s no need to set a value on it. #define ENABLE_EXTERNAL_SIGNER is all you need if you’re only checking for its existence with #ifdef ENABLE_EXTERNAL_SIGNER.
Good question. It’s been under development and publicly visible since 2018 though.
in
src/wallet/external_signer_scriptpubkeyman.h:24
in
54cfea82c8outdated
18+ {}
19+
20+ /** Provide a descriptor at setup time
21+ * Returns false if already setup or setup fails, true if setup is successful
22+ */
23+ bool SetupDescriptor(std::unique_ptr<Descriptor>desc);
achow101
commented at 8:00 pm on February 8, 2021:
In 54cfea82c85bcbcef012922ad78dcb3ba3ae1c6e “wallet: add ExternalSignerScriptPubKeyMan”
Oh I’ve been plowing through rebases while descriptor wallets were being built. This is nothing :-)
Sjors
commented at 5:59 pm on February 9, 2021:
member
Rebased and addressed @achow101’s feedback. It now calls HWI with --regtest (unsupported), --testnet or --signet instead of using --testnet for all non-mainnet networks. I might change that to --chain ... depending on what happens to https://github.com/bitcoin-core/HWI/pull/451, but shouldn’t be blocking here.
Sjors force-pushed
on Feb 9, 2021
Sjors force-pushed
on Feb 9, 2021
laanwj
commented at 10:59 am on February 12, 2021:
member
This has been open for a long time. Hardware wallet support seems quite important. It would be nice if it got some more review and/or ACKs so that we can move forward with it.
laanwj
commented at 11:02 am on February 12, 2021:
member
Linting errors:
0Python's open(...) seems to be used to open text files without explicitly
1specifying encoding="utf8":
23test/functional/mocks/signer.py: with open(mock_result_path, "r") as f:
4test/functional/wallet_signer.py: with open(os.path.join(node.cwd, "mock_result"), "w") as f:
5^---- failure generated from test/lint/lint-python-utf8-encoding.sh
DrahtBot added the label
Needs rebase
on Feb 12, 2021
Sjors force-pushed
on Feb 12, 2021
Sjors
commented at 3:36 pm on February 12, 2021:
member
Rebased, appeased linter and switched to using the new HWI --chain argument. Wallet experts, please bless #21127 as well.
DrahtBot removed the label
Needs rebase
on Feb 12, 2021
gruve-p
commented at 4:55 pm on February 12, 2021:
contributor
fanquake
commented at 3:07 am on February 13, 2021:
member
I’ve only looked at the build system commit. I don’t understand the changes here. There should be a single configure option enable/disable-external-signer, which defaults to off. with-boost-process should be removed entirely. Boost process checking should only occur with enable-external-signer, and if it’s not available, configure should fail. We don’t need all the duplicate checking for if the wallet is enabled for setting defaults etc.
Sjors
commented at 10:47 am on February 13, 2021:
member
@fanquake boost process is used by RunCommandParseJSON (introduced in #15382). This can be used by any feature that involves calling an external command. Hence the separation. However, if you prefer I can still drop --with-boost-process. It just means that if we add another feature that uses this, that feature will require a separate configure flag. That’s probably fine.
During the development, when switching between branches all the time, I find --with-boost-process convenient, because it works on this branch as well as master. But that’s not a strong argument for keeping it.
laanwj referenced this in commit
43981ee2c8
on Feb 13, 2021
sidhujag referenced this in commit
1aa9dbea4b
on Feb 13, 2021
Sjors force-pushed
on Feb 14, 2021
fanquake
commented at 7:43 am on February 15, 2021:
member
It just means that if we add another feature that uses this, that feature will require a separate configure flag. That’s probably fine.
That’s exactly what should happen. Having a --with-boost-process configure flag just to be a catch-all for “turn on anything that uses boost process” is not something we want. Significant new features should have their own configure flags.
I find –with-boost-process convenient, because it works on this branch as well as master. But that’s not a strong argument for keeping it.
No it isn’t.
The Boost Process macro itself is mostly just confusing. Boost Process is header only, so having a macro that run a bunch of checks for a library to link against is pointless? I don’t really understand why it was written like that in the first place, and am planning on removing it.
fanquake referenced this in commit
1e4b1973a0
on Feb 15, 2021
fanquake referenced this in commit
1b960f0780
on Feb 15, 2021
fanquake referenced this in commit
ffe3d65aaa
on Feb 15, 2021
Sjors force-pushed
on Feb 15, 2021
in
src/wallet/wallet.cpp:4466
in
4106d7e45foutdated
4463+ if (IsWalletFlagSet(WALLET_FLAG_EXTERNAL_SIGNER)) {
4464+#ifdef ENABLE_EXTERNAL_SIGNER
4465+ auto spk_manager = std::unique_ptr<ScriptPubKeyMan>(new ExternalSignerScriptPubKeyMan(*this, desc));
4466+ m_spk_managers[id] = std::move(spk_manager);
4467+#else
4468+ throw std::runtime_error(std::string(__func__) + ": Configure with --enable-external-signer to use this");
meshcollider
commented at 11:52 pm on February 16, 2021:
What “this” is may not be clear to the user
fanquake referenced this in commit
7bf04e358a
on Feb 17, 2021
in
doc/external-signer.md:7
in
af6c0c39dboutdated
0@@ -0,0 +1,171 @@
1+# Support for signing transactions outside of Bitcoin Core
2+
3+Bitcoin Core can be launched with `-signer=<cmd>` where `<cmd>` is an external tool which can sign transactions and perform other functions. For example, it can be used to communicate with a hardware wallet.
4+
5+## Example usage
6+
7+The following example is based on the [HWI](https://github.com/bitcoin-core/HWI) tool. Although this tool is hosted under the Bitcoin Core Github organization and maintained by Bitcoin Core developers, it should be used with caution. It is considered experimental and has far less review than Bitcoin Core itself. Be particularly careful when running tools such as these on a computer with private keys on it.
meshcollider
commented at 0:14 am on February 17, 2021:
micro-nit: GitHub
in
doc/external-signer.md:107
in
af6c0c39dboutdated
102+
103+The command returns a psbt with any signatures.
104+
105+The `psbt` SHOULD include bip32 derivations. The command SHOULD fail if none of the bip32 derivations match a key owned by the device.
106+
107+The command SHOULD fail if the user cancels (return code?).
meshcollider
commented at 0:24 am on February 17, 2021:
Is this “return code?” meant for the final doc
in
src/wallet/external_signer.cpp:14
in
b27ec70b1aoutdated
meshcollider
commented at 3:29 am on February 17, 2021:
style nit: spacing after if(
in
src/wallet/externalsigner.cpp:87
in
fb3559c9d1outdated
82+{
83+ // Serialize the PSBT
84+ CDataStream ssTx(SER_NETWORK, PROTOCOL_VERSION);
85+ ssTx << psbtx;
86+
87+ // Check if signer fingerpint matches any input master key fingerprint
meshcollider
commented at 3:31 am on February 17, 2021:
nit: fingerpint -> fingerprint
meshcollider
commented at 3:33 am on February 17, 2021:
contributor
Code review ACK modulo my inexperience with build system stuff + the rebase on fanquake’s PR
laanwj referenced this in commit
04336086d3
on Feb 17, 2021
Sjors
commented at 3:25 pm on February 17, 2021:
member
Rebased and addressed nits.
Sjors force-pushed
on Feb 17, 2021
sidhujag referenced this in commit
5d5698c0ae
on Feb 17, 2021
meshcollider
commented at 8:12 pm on February 17, 2021:
contributor
Will do some testing
achow101
commented at 8:25 pm on February 17, 2021:
member
ACK85da1ad0442b243e10e7f671e14812e70e74f624
in
configure.ac:1406
in
85da1ad044outdated
1405- [ AC_MSG_ERROR([Boost::Process is not available!])]
1406+ [ AC_MSG_RESULT(yes)
1407+ AC_DEFINE([HAVE_BOOST_PROCESS],,[define if Boost::Process is available])
1408+ AC_DEFINE([ENABLE_EXTERNAL_SIGNER],,[define if external signer support is enabled])
1409+ ],
1410+ [ AC_MSG_RESULT(no)]
Oops, good catch, that indeed fell through the rebase cracks. Hard to test presence of boost::process seperate from the rest of boost on macOS, because they’re bundled. But on Windows this matters.
in
src/wallet/external_signer.cpp:16
in
85da1ad044outdated
I would prefer to introduce a CBaseChainParams.externalSignerChainName() instead of an elaborate if() here, for this to keep the chain definition data-driven in one place.
(not necessarily in this PR though, we can do this later)
Alternatively, also out of scope, we could turn CBaseChainParams into an enum, so it’s easier to use switch statements, and less likely to be forgotten if we add another network type.
That’d be another option, but I prefer to have all this information in one place. It was the point of having chainparams structures in the first place.
laanwj
commented at 6:44 pm on February 18, 2021:
member
Code review ACK96f991a11a871502d1a39f684994c1e2664c3af7
Verified that the only changes since 85da1ad0442b243e10e7f671e14812e70e74f624 are the configure.ac change, and simpllyfing ExternalSigner::NetworkArg() (removing a include for strencodings.h along the way).
achow101
commented at 7:54 pm on February 18, 2021:
member
re-ACK96f991a11a871502d1a39f684994c1e2664c3af7
in
src/wallet/external_signer_scriptpubkeyman.cpp:45
in
96f991a11aoutdated
40+ ExternalSigner::Enumerate(command, signers, Params().NetworkIDString());
41+ if (signers.empty()) throw std::runtime_error(std::string(__func__) + ": No external signers found");
42+ // TODO: add fingerprint argument in case of multiple signers
43+ return signers[0];
44+#else
45+ throw std::runtime_error(std::string(__func__) + ": Wallets with external signers require Boost::System library.");
fanquake
commented at 3:38 am on February 21, 2021:
Shouldn’t this be Boost::Process?
in
src/wallet/wallet.cpp:4569
in
96f991a11aoutdated
fanquake
commented at 7:02 am on February 21, 2021:
From what I can see, GetExternalSigner() is only called from code that is inside ENABLE_EXTERNAL_SIGNER #idfefs. So why can’t we wrap this whole function in an #ifdef, and drop the need for the throw()? I think the same goes for most of this file, and some other functions in this PR. It seems weird that when external signing is not enabled, we’d still be compiling functions that aren’t called from anywhere, and who’s purpose is to throw a runtime error to tell you about external signing and it’s need of Boost Process.
If turns out I can put the entire ExternalSignerScriptPubKeyMan inside #ifdef. The most important throw()s are already in wallet.cpp.
fanquake
commented at 7:04 am on February 21, 2021:
member
In 903f277f982ed390dc68114c9c1eb70b4a59bb19 is where we should be able to drop HAVE_BOOST_PROCESS entirely. I realise that boost process could potentially be used for other things in future, but currently, it’s not, and as this is implemented, there’s a bit of an awkward split between HAVE_BOOST_PROCESS & ENABLE_EXTERNAL_SIGNER for code which, as I understand it, is all essentially the same feature. So I think for now we should just replace the few usages of HAVE_BOOST_PROCESS with ENABLE_EXTERNAL_SIGNER.
configure: add --enable-external-signer
This option replaces --with-boost-process
This prepares external signer support to be disabled by default.
It adds a configure option to enable this feature and to check
if Boost::Process is present.
This also exposes ENABLE_EXTERNAL_SIGNER to the test suite via test/config.ini
Sjors
commented at 4:31 pm on February 21, 2021:
member
Rebased onto CI fix. @fanquake I replaced the remaining instances of HAVE_BOOST_PROCESS with ENABLE_EXTERNAL_SIGNER. In the process I squashed the MSVC and doc commit, since they’re now just a simple rename.
Sjors force-pushed
on Feb 21, 2021
laanwj
commented at 11:30 am on February 22, 2021:
member
Please squash the move-only: add underscore to externalsigner.h commit as well. It’s introduced in this PR, so let’s introduce it with the eventual name directly.
Sjors
commented at 6:41 pm on February 22, 2021:
member
That may be a rather big rebase hell though, because the commits make incremental changes to these files so I’d have to divide this commit in 10 pieces, squash them in the right place and then deal with rebase conflicts. Unless there’s an intelligent Git incantation to rename a file across all commits?
ryanofsky
commented at 9:31 pm on February 22, 2021:
member
Unless there’s an intelligent Git incantation to rename a file across all commits?
Something like this will rename the one file. You can extend it to rename other files or do more replacements across commits:
laanwj
commented at 7:41 am on February 23, 2021:
member
Also git tends to be smart enough to take into account renamed files when rebasing. If you go to the first commit with git rebase -i, amend it for editing, git mv src/wallet/externalsigner.h src/wallet/external_signer.h, then git rebase --continue, that should not cause any merge conflicts.
Sjors force-pushed
on Feb 23, 2021
Sjors
commented at 11:14 am on February 23, 2021:
member
@ryanofsky’s thanks! That worked (with some tweaks), and despite warnings from the git, it still compiles and history looks sane. @laanwj I have indeed seen Git behave sanely when it comes to renames, so maybe my worries were not necessary.
wallet: add -signer argument for external signer command
Create basic ExternalSigner class with contructor. A Signer(<cmd>)
is added to CWallet on load if -signer=<cmd> is set.
laanwj
commented at 4:50 pm on February 23, 2021:
member
re-ACKf75e0c1edde39a91cc353b0102638e232def9476
laanwj merged this
on Feb 23, 2021
laanwj closed this
on Feb 23, 2021
in
doc/external-signer.md:40
in
f75e0c1edd
35+The master key fingerprint is used to identify a device.
36+
37+Create a wallet, this automatically imports the public keys:
38+
39+```sh
40+$ bitcoin-cli createwallet "hww" true true "" true true true
MarcoFalke
commented at 5:10 pm on February 23, 2021:
This is a metadata mirror of the GitHub repository
bitcoin/bitcoin.
This site is not affiliated with GitHub.
Content is generated from a GitHub metadata backup.
generated: 2024-12-18 09:13 UTC
This site is hosted by @0xB10C More mirrored repositories can be found on mirror.b10c.me