wallettool: fix unnamed createfromdump failure walletsdir deletion #34215

1. 
   achow101 commented at 0:15 am on January 7, 2026: member

   As pointed out in #34156 (comment), it is possible for createfromdump to also accidentally delete the entire wallets directory if the wallet name is the empty string and the dumpfile contains a checksum error.

   This is also fixed by removing the files created by only removing the directory for named wallets, and avoiding the use of fs::remove_all.

2. wallettool: do not use fs::remove_all in createfromdump cleanup f78f6f1dc8
3. 
   DrahtBot commented at 0:15 am on January 7, 2026: contributor

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Code Coverage & Benchmarks

   For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34215.

   Reviews

   See the guideline for information on the review process.

   Type	Reviewers
   ACK	waketraindev, polespinasa, rkrux, willcl-ark, pablomartin4btc
   Approach ACK	w0xlt

   If your review is incorrectly listed, please copy-paste <!–meta-tag:bot-skip–> into the comment that the bot should ignore.

4. 
   w0xlt commented at 0:20 am on January 7, 2026: contributor

   Approach ACK
5. 
   waketraindev commented at 1:14 am on January 7, 2026: contributor

   lgtm ACK f78f6f1dc8e16d5a8a23749e77bc3bf17c91ae42

   tested manually, datadir no longer removed.

   0$ ./bitcoin-wallet -datadir=./local-datadir -dumpfile=test.dump createfromdump; ls local-datadir
   1Error: Got key that was not hex: malformedData13370776657273696f6e
   2test-wallet
   

6. DrahtBot requested review from w0xlt on Jan 7, 2026
7. polespinasa approved
8. 
   polespinasa commented at 12:33 pm on January 7, 2026: member

   code review and tACK f78f6f1dc8e16d5a8a23749e77bc3bf17c91ae42

   Unlike #34156 this one should be backported as v29.x is also affected by this bug. It can easily be tested with the commands shared here #34156 (comment)

9. fanquake added the label Needs backport (29.x) on Jan 7, 2026
10. fanquake added the label Needs backport (30.x) on Jan 7, 2026
11. fanquake added this to the milestone 30.2 on Jan 7, 2026
12. in src/wallet/dump.cpp:285 in f78f6f1dc8

    280+    std::vector<fs::path> paths_to_remove = wallet->GetDatabase().Files();
    281+    if (!name.empty()) paths_to_remove.push_back(wallet_path);
    282+
    283     wallet.reset(); // The pointer deleter will close the wallet for us.
    284 
    285     // Remove the wallet dir if we have a failure
    

    ---

    ---

    

    rkrux commented at 1:31 pm on January 7, 2026:

    0- // Remove the wallet dir if we have a failure
    1+ // If we have a failure, remove the wallet files and optionally the wallet dir if a named wallet
    

    ---

    

    pablomartin4btc commented at 2:28 pm on January 7, 2026:

    Or perhaps add the if a named wallet bit in the comment above about the gathering…
13. 
    rkrux commented at 1:36 pm on January 7, 2026: contributor

    Code review and tACK f78f6f1dc8e16d5a8a23749e77bc3bf17c91ae42

    I can see the following error in the latest functional test if the cpp changes are reverted.

    0    assert self.nodes[0].wallets_path.exists()
    1           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
    2AssertionError
    

14. in src/wallet/dump.cpp:288 in f78f6f1dc8

    284 
    285     // Remove the wallet dir if we have a failure
    286     if (!ret) {
    287-        fs::remove_all(wallet_path);
    288+        for (const auto& p : paths_to_remove) {
    289+            fs::remove(p);
    

    ---

    ---

    

    willcl-ark commented at 2:19 pm on January 7, 2026:

    One remaining unhandled case is that fs::remove() of the wallet_path fails (silently, as currently implemented) as the directory contains another file.

    I can’t think how that would be problematic, nor do I think it should be a blocker for this fix.

15. willcl-ark approved
16. 
    willcl-ark commented at 2:22 pm on January 7, 2026: member

    ACK f78f6f1dc8e16d5a8a23749e77bc3bf17c91ae42

    We now safely gather paths to remove, and by dropping fs::remove_all() usage only remove files and non-empty directories.

17. pablomartin4btc approved
18. 
    pablomartin4btc commented at 2:29 pm on January 7, 2026: member

    ACK f78f6f1dc8e16d5a8a23749e77bc3bf17c91ae42
19. fanquake merged this on Jan 7, 2026
20. fanquake closed this on Jan 7, 2026

    ---

21. fanquake referenced this in commit c4082a45e6 on Jan 7, 2026
22. fanquake removed the label Needs backport (30.x) on Jan 7, 2026
23. 
    fanquake commented at 2:35 pm on January 7, 2026: member

    Backported to 30.x in #34209.
24. 
    janb84 commented at 2:36 pm on January 7, 2026: contributor

    (Post merge) code review ACK f78f6f1dc8e16d5a8a23749e77bc3bf17c91ae42

    on failure a specific list of files and folders is removed not just the wallet_path, which was a bit harsh. Agree with the remarks of rkrux and willcl-ark

25. fanquake referenced this in commit abb6ae2ec5 on Jan 7, 2026
26. achow101 referenced this in commit edc003a563 on Jan 7, 2026
27. achow101 referenced this in commit 5b8e09bb82 on Jan 7, 2026
28. achow101 referenced this in commit 67f8bfa528 on Jan 7, 2026
29. achow101 referenced this in commit c6877e34c8 on Jan 7, 2026
30. achow101 referenced this in commit 36ce240a3a on Jan 7, 2026
31. achow101 referenced this in commit df00a2eaff on Jan 8, 2026
32. 
    polespinasa commented at 9:11 am on January 8, 2026: member

    Just checked and 28.x is also affected by this issue. Should it be backported? The release is in “Maintenance End” untill v31.0.
33. 
    fanquake commented at 10:27 am on January 8, 2026: member

    It is being backported to 28.x in #34223.
34. fanquake removed the label Needs backport (29.x) on Jan 8, 2026
35. 
    fanquake commented at 10:27 am on January 8, 2026: member

    Being backported to 29.x in #34222.

Contributors
achow101 DrahtBot w0xlt waketraindev polespinasa rkrux pablomartin4btc willcl-ark fanquake janb84

Review Requested
w0xlt

Milestone
30.2