[28.x] Backport wallets directory deletion fixes #34223

pull achow101 wants to merge 11 commits into bitcoin:28.x from achow101:28.x-createfromdump-deletion changing 12 files +395 −28
  1. achow101 commented at 10:03 pm on January 7, 2026: member
    Backports #34222 to 28.x
  2. DrahtBot added the label Backport on Jan 7, 2026
  3. DrahtBot commented at 10:03 pm on January 7, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34223.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Stale ACK bensig

    If your review is incorrectly listed, please copy-paste <!–meta-tag:bot-skip–> into the comment that the bot should ignore.

    LLM Linter (✨ experimental)

    Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

    • sqlite3_open_v2(m_file_path.c_str(), &m_db, flags, nullptr) in src/wallet/sqlite.cpp

    2026-01-09

  4. bensig commented at 10:16 pm on January 7, 2026: contributor
    ACK 67f8bfa5287be3243f189844529fe3815f6e235f
  5. achow101 force-pushed on Jan 7, 2026
  6. achow101 renamed this:
    [28.x] wallettool: fix unnamed createfromdump failure walletsdir deletion
    [28.x] Backport wallets directory deletion fixes
    on Jan 8, 2026
  7. achow101 marked this as a draft on Jan 8, 2026
  8. achow101 commented at 3:05 am on January 8, 2026: member
    Going to backport the new commits from #34222 but it’s unclean and will take a little while.
  9. refactor: remove sqlite dir path back-and-forth conversion 
    Github-Pull: bitcoin/bitcoin#31423
Rebased-From: d04f6a97ba9a55aa9455e1a805feeed4d630f59a
    0a944e62cb
  10. achow101 force-pushed on Jan 8, 2026
  11. achow101 marked this as ready for review on Jan 8, 2026
  12. achow101 force-pushed on Jan 9, 2026
  13. wallet: introduce method to return all db created files 
    Github-Pull: bitcoin/bitcoin#31423
Rebased-From: 1de423e0a08bbc63eed36c8772e9ef8b48e80fb8
    5f07b93d7f
  14. wallettool: do not use fs::remove_all in createfromdump cleanup 
    Github-Pull: bitcoin/bitcoin#34215
Rebased-From: f78f6f1dc8e16d5a8a23749e77bc3bf17c91ae42
    b54cdfc617
  15. wallet: RestoreWallet failure, erase only what was created 
    Track what RestoreWallet creates so only those files and directories
are removed during a failure and nothing else. Preexisting paths
must be left untouched.

Note:
Using fs::remove_all() instead of fs::remove() in RestoreWallet does
not cause any problems currently, but the change is necessary for the
next commit which extends RestoreWallet to work with existing directories,
which may contain files that must not be deleted.

Github-Pull: bitcoin/bitcoin#34156
Rebased-From: 4ed0693a3f2a427ef9e7ad016930ec29fa244995
    e1e9d71da9
  16. wallet: fix unnamed wallet migration failure 
    When migrating any legacy unnamed wallet, a failed migration would
cause the cleanup logic to remove its parent directory. Since this
type of legacy wallet lives directly in the main '/wallets/' folder,
this resulted in unintentionally erasing all wallets, including the
backup file.

To be fully safe, we will no longer call `fs::remove_all`. Instead,
we only erase the individual db files we have created, leaving
everything else intact. The created wallets parent directories are
erased only if they are empty.
As part of this last change, `RestoreWallet` was modified to allow
an existing directory as the destination, since we no longer remove
the original wallet directory (we only remove the files we created
inside it). This also fixes the restore of top-level default wallets
during failures, which were failing due to the directory existence
check that always returns true for the /wallets/ directory.

This bug started after:
https://github.com/bitcoin/bitcoin/commit/f6ee59b6e2995a3916fb4f0d4cbe15ece2054494
Previously, the `fs::copy_file` call was failing for top-level wallets,
which prevented the `fs::remove_all` call from being reached.

Github-Pull: bitcoin/bitcoin#34156
Rebased-From: f4c7e28e80bf9af50b03a770b641fd309a801589
    6f6c72861a
  17. test: add coverage for unnamed wallet migration failure 
    Verifies that a failed migration of the unnamed (default) wallet
does not erase the main /wallets/ directory, and also that the
backup file exists.

Github-Pull: bitcoin/bitcoin#34156
Rebased-From: 36093bde63286e19821a9e62cdff1712b6245dc7
    f9b43721fb
  18. test: restorewallet, coverage for existing dirs, unnamed wallet and prune failure 
    The first test verifies that restoring into an existing empty directory
or a directory with no .dat db files succeeds, while restoring into a
dir with a .dat file fails.

The second test covers restoring into the default unnamed wallet
(wallet.dat), which also implicitly exercises the recovery path used
after a failed migration.

The third test covers failure during restore on a prune node. When
the wallet last sync was beyond the pruning height.

Github-Pull: bitcoin/bitcoin#34156
Rebased-From: f011e0f0680a8c39988ae57dae57eb86e92dd449
    d92128f07e
  19. wallet: improve post-migration logging 
    Right now, after migration the last message users see is "migration completed",
but the migration isn't actually finished yet. We still need to load the new wallets
to ensure consistency, and if that fails, the migration will be rolled back. This
can be confusing for users.

This change logs the post-migration loading step and if a wallet fails to load and
the migration will be rolled back.

Github-Pull: bitcoin/bitcoin#34156
Rebased-From: d70b159c42008ac3b63d1c43d99d4f1316d2f1ef
    5b80cc3205
  20. wallet: migration, fix watch-only and solvables wallets names 
    Because the default wallet has no name, the watch-only and solvables
wallets created during migration end up having no name either.

This fixes it by applying the same prefix name we use for the backup
file for an unnamed default wallet.

Before: watch-only wallet named "_watchonly"
After:  watch-only wallet named "default_wallet_watchonly"

Github-Pull: bitcoin/bitcoin#34156
Rebased-From: 82caa8193a3e36f248dcc949e0cd41def191efac
    3f300a07a2
  21. test: coverage for migration failure when last sync is beyond prune height 
    Github-Pull: bitcoin/bitcoin#34156
Rebased-From: b7c34d08dd9549a95cffc6ec1ffa4bb4f81e35eb
    75809e2db7
  22. wallet: test: Failed migration cleanup 
    Refactor a common way to perform the failed migration test that exists
for default wallets, and add relative-path wallets and absolute-path
wallets.

Github-Pull: 34226
Rebased-From: eeaf28dbe0e09819ab0e95bb7762b29536bdeef6
    f48270bfa7
  23. achow101 force-pushed on Jan 9, 2026


achow101 DrahtBot bensig

Labels
Backport

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-01-09 06:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me