UI external signer support (e.g. hardware wallet) #4

pull Sjors wants to merge 7 commits into bitcoin-core:master from Sjors:2019/08/hww-qt changing 19 files +284 −11
  1. Sjors commented at 6:10 pm on June 18, 2020: member

    Big picture overview in this gist.

    This PR adds GUI support for external signers, based on the since merged bitcoin/bitcoin#16546 (RPC).

    The UX isn’t amazing - especially the blocking calls - but it works.

    First we adds a GUI setting for the signer script (e.g. path to HWI):

    Then we add an external signer checkbox to the wallet creation dialog:

    It’s checked by default if HWI detects a device. It also grabs the name. It then creates a fresh wallet and imports the keys.

    You can verify an address on the device (blocking…):

    Sending, including coin selection, Just Works(tm) as long the device is present.

    External signer support is enabled by default when the GUI is configured and Boost::Process is present.

    External signer support remains disabled by default, see https://github.com/bitcoin/bitcoin/pull/21935.

  2. Sjors renamed this:
    2019/08/hww qt
    UI external signer support (e.g. hardware wallet)
    on Jun 18, 2020
  3. Sjors commented at 6:11 pm on June 18, 2020: member

    The original https://github.com/bitcoin/bitcoin/pull/16549#issuecomment-626652045 has a Concept ACK from @fjahr.

    I’ll split out the interface changes and PR them to bitcoin/bitcoin later.

  4. Sjors force-pushed on Jun 18, 2020
  5. Sjors force-pushed on Jun 19, 2020
  6. Sjors force-pushed on Jun 19, 2020
  7. Sjors force-pushed on Jun 25, 2020
  8. Sjors force-pushed on Jul 2, 2020
  9. Sjors force-pushed on Jul 6, 2020
  10. Sjors force-pushed on Jul 14, 2020
  11. laanwj referenced this in commit 31bdd86631 on Jul 15, 2020
  12. Sjors force-pushed on Jul 18, 2020
  13. luke-jr commented at 7:32 pm on July 31, 2020: member
    Shouldn’t the external signer program be per-wallet?
  14. Sjors force-pushed on Aug 7, 2020
  15. Sjors commented at 11:33 am on August 7, 2020: member
    @luke-jr in practice there’s only 1 program out there: HWI. It already knows what to do for different wallets based on their fingerprint. So, unless more such tools show up, I prefer to wait until we can store arbitrary settings in the wallet: https://github.com/bitcoin/bitcoin/issues/13044 and then keep -signer as the default.
  16. Sjors force-pushed on Aug 28, 2020
  17. Sjors force-pushed on Sep 15, 2020
  18. Bosch-0 commented at 4:20 am on September 16, 2020: none

    Hey Sjors,

    I could not see the signer script UI in the wallets settings when I compiled.

    image

  19. Sjors force-pushed on Sep 16, 2020
  20. Sjors commented at 10:29 am on September 16, 2020: member
    @Bosch-0 oops, I accidentally lost a commit in my rebase fury. Try again.
  21. Bosch-0 commented at 9:28 am on September 23, 2020: none

    Awesome, that worked! Having some issues with HWI though. After installing and setting the path to the hwi.py file I keep getting an exception error when creating a wallet.

    How would we overcome having to install HWI separately? Would it have to be something like shipping HWI alongside the GUI. I’m a not too familiar with this process but having the path set by default behind the scenes would be ideal from a UX perspective.

  22. Sjors commented at 12:42 pm on October 1, 2020: member

    What’s the error you’re seeing?

    Also, can you try from the command-line: hwi.py enumerate to see if HWI works standalone? This PR will certainly need followups to make it more user friendly.

  23. Sjors force-pushed on Oct 1, 2020
  24. Bosch-0 commented at 7:32 am on October 6, 2020: none

    Here is the error, though I think HWI is not installed properly. image

    Testing is being done on windows 10.

    Installation appears to be successful when running pip3 install .

    image

    When running ./hwi.py enumerate I get the below error. Tried the other dependency installation methods as well as installing libusb-1.0.dll and including it in HWI directory but no luck yet.

    image

  25. Sjors commented at 9:44 am on October 8, 2020: member
    Bitcoin QT shouldn’t crash like this, so that’s a bug in this PR. But for the problem with HWI itself, I suggest opening an issue in the HWI repository. We don’t do a lot of Windows testing, so that’s useful (cc @achow101).
  26. Sjors force-pushed on Oct 8, 2020
  27. Sjors force-pushed on Oct 15, 2020
  28. laanwj referenced this in commit 924a4ff7eb on Oct 29, 2020
  29. Sjors force-pushed on Nov 17, 2020
  30. promag commented at 11:02 pm on November 22, 2020: contributor

    Concept ACK. @Sjors you mention blocking calls, are you going to fix that here?

    Bitcoin QT shouldn’t crash like this

    Agree, I’m still on the base branch though.

  31. Sjors commented at 8:55 am on November 23, 2020: member
    I’m not very good at multi-threading stuff, so I might leave that problem to others, either via followup PR or cherry-picking a solution.
  32. ryanofsky commented at 4:09 pm on November 23, 2020: contributor

    I’m not very good at multi-threading stuff, so I might leave that problem to others, either via followup PR or cherry-picking a solution.

    A lot of current GUI multithreading code is stupidly complicated. I wrote a utility function AsyncUpdate(async_fn, update_fn) to run slow blocking code and then update the GUI in https://github.com/bitcoin/bitcoin/commit/39c5492fabab52a888e8bc5303877ff6e4cce6f8 (example usage https://github.com/bitcoin/bitcoin/commit/eacd34144c1ee989c9ab43eb439fecca76addc76 and description https://github.com/bitcoin/bitcoin/issues/16874#issuecomment-632424392). AsyncUpdate takes two lambdas. The first lambda runs asynchronously in a thread, and when it finishes, its return value is passed as an argument to the second lambda which runs synchronously. The first lambda can run slow and blocking code and take long as it wants without freezing the GUI, while the second lambda can take the result and update the GUI. Restrictions are straightforward: The first lambda can’t access widgets directly (it can only read initial values, return a final result, and send signals if it wants to show progress messages or update a progress bar). The second lambda needs to be fast and not block, but it can directly update and access Qt widgets with the final result.

  33. promag commented at 4:58 pm on November 23, 2020: contributor

    @ryanofsky your AsyncUpdate is fine when async function doesn’t require user input, doesn’t give feedback like progress, or both, possibly multiple times. Otherwise, in these cases it would have to call multiple AsyncUpdate and then it starts to be a mess chaining those.

    AsyncUpdate is also fine when there’s just one outcome, otherwise the async function needs to return a variant with each possible outcome and then the update function would have to check the effective result.

    There’s also the case where the user wants to interrupt the async function, like quit, and in this case it wouldn’t work.

    Another interesting problem with asynchronous updates are bursts, and usually most async calls should be avoid/debounced. I think we have a couple of these cases.

    This is not to say AsyncUpdate isn’t useful, but to say that things get stupid very easily.

    Lastly, I’d love to improve those stupidly complicated cases so we can use a consistent approach everywhere, and therefore anyone could feel confident and unafraid of asynchronous tasks.

  34. ryanofsky commented at 5:48 pm on November 23, 2020: contributor

    re: #4 (comment) @promag a lot of that comment isn’t true, and none of it is a reason not to write blocking code instead of calling AsyncUpdate.

    Writing an AsyncUpdate call is about as easy as writing blocking code, and it prevents the GUI from freezing while an operation is running. The only major thing it doesn’t support currently is cancel notification (but it could take an optional cancel_fn argument in the future). So if the parent widget is deleted right now, GUI freeze will happen at the point of deletion. This is still better than freezing during the entire operation.

    Almost everything in #4 (comment) is misleading. I would not suggest chaining AsyncUpdate calls: the only type of usage that makes sense is to having one AsyncUpdate call per long running operation. If there is a sequence of serial operations, they should all be in the same lambda. Supporting progress messages and progress updates is supported and trivial with signals. Input is possible with atomics, message queues, signals, or any other way you could think of passing data to an asynchronous thread. I don’t know what you are suggesting regarding multiple outcomes. Any outcome that can be represented as an object can be handled in the async_fn/update_fn paradigm, and if you are lazy and don’t want to specify an outcome type you can even have the async_fn return a std::function capturing arbitrary state and have the update_fn call that.

    There are cases where you might prefer a more complicated approach over calling AsyncUpdate, like if you want a thread pool. But there should be not many cases where freezing the UI thread is preferable to calling AsyncUpdate. And there is existing GUI code that could be simplified and made more responsive with AsyncUpdate.

  35. Sjors force-pushed on Nov 24, 2020
  36. jonasschnelli referenced this in commit c33662a0ea on Dec 2, 2020
  37. Sjors force-pushed on Dec 4, 2020
  38. RandyMcMillan commented at 4:27 pm on December 4, 2020: contributor

    checking whether to build with external signer support… configure: error: “External signer support requested but requires Boost.Pocess”

    Boost.Process?

  39. Sjors commented at 5:01 pm on December 4, 2020: member
    @RandyMcMillan what operating system are you on? On macOS and Linux Boost Process comes with Boost, but on Windows it’s a separate package.
  40. Sjors force-pushed on Dec 10, 2020
  41. Sjors force-pushed on Dec 17, 2020
  42. laanwj referenced this in commit e520e091db on Jan 6, 2021
  43. Sjors force-pushed on Jan 22, 2021
  44. Sjors commented at 7:47 pm on January 22, 2021: member
    I’m surprised the master branch passes given this error: @MarcoFalke does bitcoinbuilds.org not test a build with --with-boost-process? (Travis did when I added RunCommandParseJSON)
  45. Sjors force-pushed on Jan 29, 2021
  46. Sjors commented at 3:05 pm on January 29, 2021: member
    @jonasschnelli I believe the bitcoinbuilds.org Win64 machine needs to add --without-boost-process --disable-external-signer to its BITCOIN_CONFIG. I don’t know if that causes problems when building stuff before this PR. Alternatively it should not ignore ci/test/00_setup_env_win64.sh. https://bitcoinbuilds.org/?build=7162
  47. Sjors force-pushed on Jan 29, 2021
  48. Sjors force-pushed on Feb 13, 2021
  49. Sjors force-pushed on Feb 21, 2021
  50. laanwj referenced this in commit a9335e4f12 on Feb 23, 2021
  51. Sjors force-pushed on Feb 23, 2021
  52. luke-jr commented at 6:15 pm on February 28, 2021: member
    rpc_help test needs updating
  53. Sjors force-pushed on Mar 3, 2021
  54. Sjors commented at 12:49 pm on March 28, 2021: member
    I’ll rebase again after https://github.com/bitcoin/bitcoin/pull/21467 (which should also fix the rpc_help failure)
  55. Sjors force-pushed on Apr 2, 2021
  56. hebasto added the label Feature on Apr 3, 2021
  57. MarcoFalke referenced this in commit 590e49ccf2 on Apr 4, 2021
  58. RonSherfey changes_requested
  59. RonSherfey commented at 3:14 pm on April 11, 2021: none
    specified changes added
  60. bitcoin-core deleted a comment on Apr 11, 2021
  61. Sjors force-pushed on Apr 13, 2021
  62. bitcoin-core deleted a comment on Apr 14, 2021
  63. bitcoin-core deleted a comment on Apr 14, 2021
  64. Sjors force-pushed on Apr 14, 2021
  65. Sjors commented at 7:20 am on April 14, 2021: member
    Rebased after bitcoin/bitcoin#21666.
  66. hebasto added the label Wallet on Apr 19, 2021
  67. Sjors force-pushed on Apr 22, 2021
  68. Sjors marked this as ready for review on Apr 22, 2021
  69. DrahtBot added the label Needs rebase on Apr 25, 2021
  70. Sjors force-pushed on Apr 26, 2021
  71. DrahtBot removed the label Needs rebase on Apr 26, 2021
  72. RonSherfey changes_requested
  73. RonSherfey commented at 10:37 am on April 26, 2021: none
    Requested changes 1.4
  74. MarcoFalke referenced this in commit bce09da122 on Apr 28, 2021
  75. fanquake referenced this in commit fa00bb2c5c on Apr 29, 2021
  76. Sjors force-pushed on Apr 30, 2021
  77. bitcoin-core deleted a comment on Apr 30, 2021
  78. MarcoFalke referenced this in commit eb9a1fe037 on May 7, 2021
  79. hebasto commented at 11:11 am on May 10, 2021: member

    Concept ACK.

    Tested 8fcf25301cdbf00e81d749bbfff128c48bfa4f20 on Linux Mint 20.1 (Qt 5.12.8).

    The default create wallet procedure leads to an error:

    Screenshot from 2021-05-10 13-45-14

    Screenshot from 2021-05-10 13-43-59

    To workaround it I was forced to uncheck “External signer”, check “Disable Private Keys”, then check “External signer” again.

    Tested:

    • wallet creation
    • verifying receiving address on a hww screen
    • signing a tx with a hww

    Going to leave some comments about the code as well.

  80. in src/qt/forms/optionsdialog.ui:260 in 8fcf25301c outdated
    268+              </widget>
    269+             </item>
    270+            </layout>
    271+           </item>
    272+         </layout>
    273+        </widget>
    


    hebasto commented at 11:20 am on May 10, 2021:

    28cd645cfd1842720594e1a8998843ce8ca7a850

    I think the groupBoxHww should be placed before the verticalSpacer_Wallet.

  81. in src/qt/optionsdialog.cpp:202 in 8fcf25301c outdated
    198@@ -199,6 +199,7 @@ void OptionsDialog::setModel(OptionsModel *_model)
    199     connect(ui->prune, &QCheckBox::clicked, this, &OptionsDialog::togglePruneWarning);
    200     connect(ui->pruneSize, static_cast<void (QSpinBox::*)(int)>(&QSpinBox::valueChanged), this, &OptionsDialog::showRestartWarning);
    201     connect(ui->databaseCache, static_cast<void (QSpinBox::*)(int)>(&QSpinBox::valueChanged), this, &OptionsDialog::showRestartWarning);
    202+    connect(ui->externalSignerPath, &QLineEdit::textChanged, [this]{ showRestartWarning(); });
    


    hebasto commented at 11:26 am on May 10, 2021:

    28cd645cfd1842720594e1a8998843ce8ca7a850

    Note to other reviewers. The QLineEdit::textChanged signal has the QString parameter that actually is a new text. Using a lambda instead of a slot makes discarding of this parameter explicit. I think this is a good practice.


    promag commented at 11:44 pm on June 5, 2021:

    6cdbc83e9341d1552faee4ccd8c190babc63e8d1

    Should disable externalSignerPath if not defined ENABLE_EXTERNAL_SIGNER?

  82. in src/qt/optionsmodel.cpp:126 in 8fcf25301c outdated
    120+    if (!settings.contains("strExternalSignerPath"))
    121+        settings.setValue("strExternalSignerPath", "");
    122+
    123+    if (!gArgs.SoftSetArg("-signer", settings.value("strExternalSignerPath").toString().toStdString())) {
    124+        addOverriddenOption("-signer");
    125+    }
    


    hebasto commented at 11:31 am on May 10, 2021:

    28cd645cfd1842720594e1a8998843ce8ca7a850

    There is #295 that tries to unify new setting names. If you are agree with suggested convention, maybe rename strExternalSignerPath? If not, mind leaving a comment in #295?


    Sjors commented at 1:34 pm on May 10, 2021:
    I don’t have a strong preference either way. I renamed it to external_signer_path.
  83. in src/qt/createwalletdialog.cpp:103 in 8fcf25301c outdated
    93         ui->descriptor_checkbox->setEnabled(false);
    94         ui->descriptor_checkbox->setChecked(true);
    95 #endif
    96+
    97+#ifndef ENABLE_EXTERNAL_SIGNER
    98+        ui->external_signer_checkbox->setToolTip(tr("Compiled without external signing support (required for external signing)"));
    


    hebasto commented at 11:42 am on May 10, 2021:

    0aa4d2d931cafbad70dc3f814ec6d8318f198cb3

    Do you mind making a favor to translators by adding a translator comment, smth like this:

    0        //: "External signing" means using devices such as hardware wallets.
    1        ui->external_signer_checkbox->setToolTip(tr("Compiled without external signing support (required for external signing)"));
    
  84. Sjors commented at 11:42 am on May 10, 2021: member

    Odd, maybe a rebase issue; it should have checked the “disable private keys” box.

    Update: I was able to reproduce. It was because calling setChecked triggers the corresponding connect().

  85. in src/qt/receiverequestdialog.h:32 in 8fcf25301c outdated
    28@@ -29,6 +29,7 @@ class ReceiveRequestDialog : public QDialog
    29 private Q_SLOTS:
    30     void on_btnCopyURI_clicked();
    31     void on_btnCopyAddress_clicked();
    32+    void on_btnVerify_clicked();
    


    hebasto commented at 11:55 am on May 10, 2021:

    9a8ef73a82d1268cbe7f679ae2a29cc3a9ef1d9e

    I’d prefer to avoid the auto-connection feature in new code:

  86. in src/qt/sendcoinsdialog.cpp:203 in 8fcf25301c outdated
    198@@ -199,7 +199,16 @@ void SendCoinsDialog::setModel(WalletModel *_model)
    199         // set default rbf checkbox state
    200         ui->optInRBF->setCheckState(Qt::Checked);
    201 
    202-        if (model->wallet().privateKeysDisabled()) {
    203+        if (model->wallet().hasExternalSigner()) {
    204+            ui->sendButton->setText(tr("Sign on device"));
    


    hebasto commented at 11:59 am on May 10, 2021:

    2a6d94ce504f0edc14c151107721feec372874b1

    This is the send button :) Maybe add “… and send”?


    Sjors commented at 1:47 pm on May 10, 2021:

    That would make the button very large.

    Instead, I changed “Send” to “Sign and send” in the confirmation window.

  87. hebasto commented at 12:01 pm on May 10, 2021: member

    Approach ACK 8fcf25301cdbf00e81d749bbfff128c48bfa4f20.

    I think we should try to have it in v22.0. Maybe add more banners that this feature is experimental?

  88. hebasto added this to the milestone 22.0 on May 10, 2021
  89. hebasto commented at 12:16 pm on May 10, 2021: member

    Having compile errors:

    EDIT: Sorry for noise, forgot make clean

  90. Sjors force-pushed on May 10, 2021
  91. Sjors commented at 1:49 pm on May 10, 2021: member
    Rebased and addressed comments.
  92. Sjors force-pushed on May 10, 2021
  93. Sjors commented at 3:48 pm on May 10, 2021: member
    I modified 214346f6a1d021a0c986512f17b419ae26bb1af4 to use WalletModelTransaction.sendCoins rather than directly broadcasting it. This takes care of adding labels. In order to do this, I had to add setWtx(const CTransactionRef&); to WalletModelTransaction which is a bit ugly. I believe @achow101 is working on a PR to use PSBT internally everywhere, which would probably be a good place to clean this up.
  94. Sjors commented at 6:24 pm on May 10, 2021: member
    When installing with make deploy I get an error message using hwi.py from the cloned repo. However when I use the binary HWI release it works fine. My guess this is a problem with my local Python environmental disaster.
  95. DrahtBot added the label Needs rebase on May 10, 2021
  96. hebasto approved
  97. hebasto commented at 8:34 am on May 11, 2021: member

    ACK c18d97ca978c74a3e5989508894febbd7ee9e36b, needs rebase.

    The 214346f6a1d021a0c986512f17b419ae26bb1af4 commit breaks a bit changes from #220, but we could leave string optimizations and translation improvements for follow ups.

  98. Sjors force-pushed on May 11, 2021
  99. Sjors commented at 8:50 am on May 11, 2021: member
    Rebased and add QLatin1String(" (*.psbt)").
  100. DrahtBot removed the label Needs rebase on May 11, 2021
  101. hebasto approved
  102. hebasto commented at 9:39 am on May 11, 2021: member
    re-ACK 8e6b5468323e0c0cddda028c3dc2b0eef883cf4a, only rebased and comment addressed since my previous review.
  103. hebasto requested review from achow101 on May 11, 2021
  104. hebasto requested review from promag on May 11, 2021
  105. hebasto requested review from meshcollider on May 11, 2021
  106. in configure.ac:336 in 8e6b546832 outdated
    332@@ -333,9 +333,9 @@ AC_ARG_ENABLE([werror],
    333     [enable_werror=no])
    334 
    335 AC_ARG_ENABLE([external-signer],
    336-    [AS_HELP_STRING([--enable-external-signer],[compile external signer support (default is no, requires Boost::Process)])],
    337+    [AS_HELP_STRING([--enable-external-signer],[compile external signer support (default is yes, requires Boost::Process)])],
    


    fanquake commented at 1:14 am on May 12, 2021:
    When did we decide to turn this on by default? This is not a change that should be slipped in via the GUI repo.

    Sjors commented at 8:01 am on May 12, 2021:
    This commit has been part of this PR since before the GUI repo existed (https://github.com/bitcoin/bitcoin/pull/16549). I could split it out to the main repo though.

    Rspigler commented at 7:37 pm on May 12, 2021:
    In https://github.com/bitcoin/bitcoin/pull/16546 it defaulted to off, and I see no discussion of the change in this original PR (https://github.com/bitcoin/bitcoin/pull/16549). It should probably be an explicit conversation in the main repo?
  107. laanwj referenced this in commit ee9befe8b4 on May 12, 2021
  108. Sjors force-pushed on May 12, 2021
  109. Sjors commented at 7:53 pm on May 12, 2021: member
    I moved the commit to turn this feature on for GUI builds to https://github.com/bitcoin/bitcoin/pull/21935
  110. meshcollider commented at 9:12 am on May 13, 2021: contributor
    Concept ACK, will review
  111. Sjors commented at 10:52 am on May 13, 2021: member

    Repeating comment from @ryanofsky here:

    Would be nice to drop #ifdef ENABLE_EXTERNAL_SIGNER in the interface here and just return an empty vector in the implementation or throw a not-implemented exception. Cross-process interfaces are trying not to be conditional to avoid build complexity and fragile incompatibilities between builds.

    Also maybe in general in this PR, preprocessor is a little more widely used that it needs to be. Preprocessor is great when you need to write platform specific fragments or cut out a significant external or internal dependency like boost or the wallet. But if you just want to act conditionally, normal code is a good way to go. I’d try to avoid conditional compilation except for the parts of the code directly depending on boost.

  112. Sjors commented at 11:40 am on May 13, 2021: member
    It’s difficult to get rid of #ifdef ENABLE_EXTERNAL_SIGNER, because most of the time the code refers to ExternalSigner which is not defined (since https://github.com/bitcoin/bitcoin/pull/21666/commits/54569cc6d6f54788169061004026e62e1c08440e). That also applies to node.h.
  113. Sjors commented at 1:23 pm on May 13, 2021: member

    I added a commit to reduce #ifdef ENABLE_EXTERNAL_SIGNER usage to bitcoin/bitcoin#21935.

    CI failure is unrelated, see #327

  114. in src/qt/createwalletdialog.cpp:88 in 71f30c0ed4 outdated
    83@@ -63,11 +84,22 @@ CreateWalletDialog::CreateWalletDialog(QWidget* parent) :
    84         ui->descriptor_checkbox->setToolTip(tr("Compiled without sqlite support (required for descriptor wallets)"));
    85         ui->descriptor_checkbox->setEnabled(false);
    86         ui->descriptor_checkbox->setChecked(false);
    87+        ui->external_signer_checkbox->setEnabled(false);
    88+        ui->external_signer_checkbox->setChecked(false
    


    meshcollider commented at 2:12 am on May 15, 2021:
    missing );
  115. in src/qt/createwalletdialog.cpp:49 in 6080b0dcce outdated
    45+        }
    46+
    47+    });
    48+
    49+    connect(ui->external_signer_checkbox, &QCheckBox::toggled, [this](bool checked) {
    50+        if (checked) {
    


    meshcollider commented at 2:50 am on May 15, 2021:

    By the below comment The order matters, because connect() is called when toggling a checkbox, it would seem that the checkboxes should be disabled first before toggling?

    Related: I notice currently that enabling external signer actually leaves blank_wallet_checkbox ticked. I think that’s because in setting disable_privkeys_checkbox as checked, it re-checks blank automatically. (on Mac)


    Sjors commented at 4:43 pm on May 25, 2021:

    I’m not sure if programatically toggling a disabled checkbox prevents it from calling toggled, but I’ve moved the disabling code up.

    I also changed the behavior a bit: it now restores all other options to their default when unselecting external signer. I also documented that behavior.

  116. in src/qt/sendcoinsdialog.cpp:325 in 6080b0dcce outdated
    321@@ -313,14 +322,14 @@ bool SendCoinsDialog::PrepareSendText(QString& question_string, QString& informa
    322         formatted.append(recipientElement);
    323     }
    324 
    325-    if (model->wallet().privateKeysDisabled()) {
    326+    if (model->wallet().privateKeysDisabled() && !model->wallet().hasExternalSigner()) {
    


    meshcollider commented at 3:03 am on May 15, 2021:
    As this condition is pretty logical and common now, maybe it should be given its own name e.g. noPrivateKeys()

    Sjors commented at 4:43 pm on May 25, 2021:
    noPrivateKeys() is a big ambiguous. It would have to be something like noPrivateKeysAndNoExternalSigner() which is pretty ugly…

    meshcollider commented at 1:51 am on June 9, 2021:
    What about noPrivateKeyAccess() or something - the condition is that there are keys either in the wallet itself or that the wallet can ‘use’ via the external signer. Not a big deal though.
  117. meshcollider commented at 3:06 am on May 15, 2021: contributor
    Code review and light manual testing ACK 6080b0dccea11f21f54a073c97c9a45d19b401b5 modulo comments below
  118. MarcoFalke referenced this in commit c857148636 on May 15, 2021
  119. hebasto added the label Waiting for author on May 20, 2021
  120. jonatack commented at 7:10 pm on May 20, 2021: contributor
    Big concept ACK.
  121. Sjors commented at 8:01 pm on May 20, 2021: member
    (I’m going to accumulate a few more reviews before updating)
  122. hebasto removed the label Waiting for author on May 20, 2021
  123. Sjors force-pushed on May 25, 2021
  124. Sjors commented at 4:44 pm on May 25, 2021: member
    Rebased an addressed (most of) @meshcollider’s comments.
  125. Sjors force-pushed on May 26, 2021
  126. DrahtBot added the label Needs rebase on May 27, 2021
  127. gui: add external signer path to options dialog 6cdbc83e93
  128. gui: create wallet with external signer eef8d64529
  129. wallet: add displayAddress to interface 450cb40a34
  130. gui: display address on external signer 62ac119f91
  131. node: add externalSigners to interface 3f845ea299
  132. gui: wallet creation detects external signer 24815c6309
  133. gui: send using external signer 1c4b456e1a
  134. Sjors force-pushed on May 27, 2021
  135. Sjors commented at 12:43 pm on May 27, 2021: member
    Rebased and slightly clarified the last commit.
  136. DrahtBot removed the label Needs rebase on May 27, 2021
  137. hebasto commented at 4:30 pm on June 1, 2021: member

    Tested 1c4b456e1a0ccf0397d652f8c18201c3224c5c21 with HWW 2.0.2-rc.1 on Linux Mint 20.1 (Qt 5.12.8).

    UPDATE: it was my fault – hww connection issues. Ignore this.

    The “External signer” checkbox is disabled when trying Menu -> File -> Create Wallet…

    It could be enabled by checking the “Encrypt Wallet” checkbox, then unchecking it.

  138. hebasto approved
  139. hebasto commented at 6:05 pm on June 1, 2021: member

    ACK 1c4b456e1a0ccf0397d652f8c18201c3224c5c21, tested on Linux Mint 20.1 (Qt 5.12.8) with HWW 2.0.2-rc.1.

    Tested:

    • build with --without-bdb configure option
    • build with --without-sqlite configure option
    • creating a wallet
    • verifying an address on the hww screen
    • signing a tx

    The following comments could be addressed in follow ups.

    1. If no external signer is connected, it is possible to activate the “External signer” checkbox by checking the “Encrypt Wallet” checkbox, then unchecking it. Of course, the further attempt to create a wallet with an external signer will ends with the crash. This illness pattern works even if the client is compiled without SQLite support: Screenshot from 2021-06-01 20-30-02

    2. The “Confirm send coins” could still be opened while verifying transaction details on a signing device.

    3. All new translatable strings could be annotated with translator comments.

  140. in src/qt/createwalletdialog.cpp:33 in eef8d64529 outdated
    26@@ -27,14 +27,39 @@ CreateWalletDialog::CreateWalletDialog(QWidget* parent) :
    27     });
    28 
    29     connect(ui->encrypt_wallet_checkbox, &QCheckBox::toggled, [this](bool checked) {
    30-        // Disable the disable_privkeys_checkbox when isEncryptWalletChecked is
    31+        // Disable the disable_privkeys_checkbox and external_signer_checkbox when isEncryptWalletChecked is
    32         // set to true, enable it when isEncryptWalletChecked is false.
    33         ui->disable_privkeys_checkbox->setEnabled(!checked);
    34+        ui->external_signer_checkbox->setEnabled(!checked);
    


    promag commented at 11:28 pm on June 5, 2021:

    eef8d6452962cd4a8956d9ad268164715365b9ab

    This should take into account ENABLE_EXTERNAL_SIGNER.

    May I suggest adding a private slot update or updateState and move all logic there?


    Sjors commented at 5:23 pm on June 15, 2021:
    Adding a fix in bitcoin/bitcoin#21935. I agree this whole toggling code needs a refactor.
  141. in src/qt/receiverequestdialog.cpp:93 in 62ac119f91 outdated
    88@@ -89,6 +89,12 @@ void ReceiveRequestDialog::setInfo(const SendCoinsRecipient &_info)
    89         ui->wallet_tag->hide();
    90         ui->wallet_content->hide();
    91     }
    92+
    93+    ui->btnVerify->setVisible(this->model->wallet().hasExternalSigner());
    


    promag commented at 11:57 pm on June 5, 2021:

    62ac119f919ae1160ed67af796f24b78025fa8e3

    nit, drop this->.

  142. in src/node/interfaces.cpp:176 in 3f845ea299 outdated
    169@@ -170,6 +170,16 @@ class NodeImpl : public Node
    170         }
    171         return false;
    172     }
    173+#ifdef ENABLE_EXTERNAL_SIGNER
    174+    std::vector<ExternalSigner> externalSigners() override
    175+    {
    176+        std::vector<ExternalSigner> signers = {};
    


    promag commented at 0:20 am on June 6, 2021:

    3f845ea2994f53e29abeb3fa158c35f1ee56e7e8

    nit, drop = {}?

  143. in src/qt/createwalletdialog.cpp:128 in 24815c6309 outdated
    123+        // The order matters, because connect() is called when toggling a checkbox:
    124+        ui->blank_wallet_checkbox->setEnabled(false);
    125+        ui->blank_wallet_checkbox->setChecked(false);
    126+        ui->disable_privkeys_checkbox->setEnabled(false);
    127+        ui->disable_privkeys_checkbox->setChecked(true);
    128+        const std::string label = signers[0].m_name;
    


    promag commented at 0:27 am on June 6, 2021:

    24815c6309431cb0797defaf7add1150bcf4b567

    Could add comment “TODO show available signers in combobox, for now use 1st signer name”?


    meshcollider commented at 1:48 am on June 9, 2021:
    @promag it is just the name of the wallet so I don’t think it would be worth adding a combobox tbh. That might be confusing because it wouldn’t actually change between signers, it would just change the name.
  144. in src/qt/createwalletdialog.h:31 in 24815c6309 outdated
    26@@ -23,6 +27,10 @@ class CreateWalletDialog : public QDialog
    27     explicit CreateWalletDialog(QWidget* parent);
    28     virtual ~CreateWalletDialog();
    29 
    30+#ifdef ENABLE_EXTERNAL_SIGNER
    31+    void setSigners(std::vector<ExternalSigner>& signers);
    


    promag commented at 0:28 am on June 6, 2021:

    24815c6309431cb0797defaf7add1150bcf4b567

    nit const &.


    Sjors commented at 5:09 pm on June 15, 2021:
  145. in src/node/interfaces.cpp:174 in 3f845ea299 outdated
    169@@ -170,6 +170,16 @@ class NodeImpl : public Node
    170         }
    171         return false;
    172     }
    173+#ifdef ENABLE_EXTERNAL_SIGNER
    174+    std::vector<ExternalSigner> externalSigners() override
    


    promag commented at 0:30 am on June 6, 2021:

    3f845ea2994f53e29abeb3fa158c35f1ee56e7e8

    Should we let this throw runtime_error? cc @ryanofsky


    Sjors commented at 5:06 pm on June 15, 2021:
    Most of these ifdefs are gone in https://github.com/bitcoin/bitcoin/pull/21935
  146. promag commented at 0:49 am on June 6, 2021: contributor

    Tested ACK 1c4b456e1a0ccf0397d652f8c18201c3224c5c21 but rebased with e033ca1379, with HWI 2.0.2, with Nano S and Nano X.

    Testing included creating wallets, mess with settings, generate and verifying addresses, sign and sending.

    I’ll test more but wanted to leave the partial review feedback.

  147. achow101 commented at 5:31 pm on June 8, 2021: member

    Code Review ACK 1c4b456e1a0ccf0397d652f8c18201c3224c5c21

    Mostly reviewed the code, did a little bit of testing. I noticed that when HWI is doing something, there is no indication to the user that it is. It would be nice if there was some dialog box that said something was happening, otherwise there can be a minute or two where Core doesn’t indicate anything is happening, and nothing appears on the device.

  148. in src/qt/createwalletdialog.cpp:125 in 24815c6309 outdated
    120+        ui->external_signer_checkbox->setChecked(true);
    121+        ui->encrypt_wallet_checkbox->setEnabled(false);
    122+        ui->encrypt_wallet_checkbox->setChecked(false);
    123+        // The order matters, because connect() is called when toggling a checkbox:
    124+        ui->blank_wallet_checkbox->setEnabled(false);
    125+        ui->blank_wallet_checkbox->setChecked(false);
    


    meshcollider commented at 1:46 am on June 9, 2021:
    nit: to be consistent with gui: create wallet with external signer, this should be true (modulo comment about it being ambiguous anyway).
  149. meshcollider commented at 1:54 am on June 9, 2021: contributor

    re-code-review ACK 1c4b456e1a0ccf0397d652f8c18201c3224c5c21

    Agree with achow101’s comment about a ‘working’ message.

  150. meshcollider merged this on Jun 9, 2021
  151. meshcollider closed this on Jun 9, 2021

  152. Sjors deleted the branch on Jun 9, 2021
  153. sidhujag referenced this in commit fb0bf712b4 on Jun 9, 2021
  154. fanquake referenced this in commit 7c561bea52 on Jun 17, 2021
  155. jarolrod commented at 4:34 am on June 18, 2021: member
    post-merge ACK, wanted to document that I tested this out with a coldcard and the process was smooth.
  156. jb55 commented at 6:54 pm on June 23, 2021: contributor

    @Sjors I tried this with my trezor1, I unlocked it on the command line on a wallet with a bip39 password, this is what pops up when I click create wallet: Jun23-115101

    hwi --stdinpass --device-type=trezor --device-path webusb:001:14 enumerate

    0[
    1  {
    2    "type": "trezor",
    3    "path": "webusb:001:14",
    4    "model": "trezor_1",
    5    "needs_pin_sent": false,
    6    "needs_passphrase_sent": false,
    7    "fingerprint": "67e2434a"
    8  }
    9]
    

    dunno if I’m doing something wrong

  157. Sjors commented at 5:50 pm on June 24, 2021: member

    Mmm, I’m not sure how the passphrase flow works. @achow101?

    I might be that we need to add support for that, e.g. if needs_pin_sent or needs_passphrase_sent returns true, we prompt for that.

    However in your case those are false. Or did you actually enter a password in the command line example? (given --stdinpass)

  158. achow101 commented at 5:53 pm on June 24, 2021: member
    The passphrase should be cached by the device, so if you try again after running HWI manually, it should work. But we do need to implement a passphrase workflow for needs_passphrase_sent: true.
  159. jb55 commented at 6:38 pm on June 24, 2021: contributor
    @achow101 I’ve never been able to get the trezor_1 passphrase cached with hwi, I’ve always had to do --stdinpass on every command. hmm maybe I need to update firmware or something…
  160. achow101 commented at 6:53 pm on June 24, 2021: member
    Oh right, Trezor 1 doesn’t have that, only Trezor T.
  161. jb55 commented at 7:23 pm on June 24, 2021: contributor
    @achow101 fwiw it caches fine when using trezorctl, dunno what they are doing.
  162. hebasto added the label Needs release notes on Jun 28, 2021
  163. hebasto commented at 4:30 am on June 28, 2021: member
  164. Sjors commented at 9:15 am on June 28, 2021: member
    @hebasto done, also for the RPC.
  165. hebasto removed the label Needs release notes on Jun 28, 2021
  166. fanquake referenced this in commit fad381b2f8 on Jan 7, 2022
  167. MarcoFalke referenced this in commit 444b6b342d on Feb 15, 2022
  168. fanquake referenced this in commit f9b522e50d on Feb 23, 2022
  169. gwillen referenced this in commit 1756fb7e5a on Jun 1, 2022
  170. bitcoin-core locked this on Aug 16, 2022

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/gui. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 08:20 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me