From e67a01a9f3e1aa5db375212c06dc447df46073b7 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Wed, 19 May 2021 15:42:55 -0600 Subject: [PATCH 01/11] add config option to whitelist peers --- config_spec.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/config_spec.yaml b/config_spec.yaml index 24ad2df..4f40697 100644 --- a/config_spec.yaml +++ b/config_spec.yaml @@ -231,3 +231,13 @@ advanced: integral: true units: MiB default: automatic + whitelist: + name: Whitelist + description: Whitelist peers connecting from the given netmask or IP address. + type: list + subtype: string + default: [] + spec: + pattern: "(^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)|((^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$)|(^[a-z2-7]{16}\\.onion$)|(^([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$))" + patternDescription: Must be either an IPv4 or IPv6 address or domain name + range: "[0,*)" From 0bfa6473623679fb38b6e78521c9788102ca6fe4 Mon Sep 17 00:00:00 2001 From: Keagan McClelland Date: Thu, 20 May 2021 11:27:39 -0600 Subject: [PATCH 02/11] 0.21.1.1 and make clean --- Makefile | 4 ++++ manifest.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 08c47d2..a146124 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,10 @@ MANAGER_SRC := $(shell find ./manager -name '*.rs') manager/Cargo.toml manager/C all: bitcoind.s9pk +clean: + rm bitcoind.s9pk + rm image.tar + install: bitcoind.s9pk appmgr install bitcoind.s9pk diff --git a/manifest.yaml b/manifest.yaml index 21a32a0..4000982 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -1,6 +1,6 @@ compat: v0 id: bitcoind -version: "0.21.1" +version: "0.21.1.1" title: "Bitcoin Core" description: short: "A Bitcoin Full Node by Bitcoin Core" From e8ac5e9773490f8dd24d257fde820158033234f5 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Fri, 21 May 2021 15:06:31 -0600 Subject: [PATCH 03/11] add whitelist config mapping --- manager/src/main.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manager/src/main.rs b/manager/src/main.rs index 11097a5..e29be0c 100644 --- a/manager/src/main.rs +++ b/manager/src/main.rs @@ -563,6 +563,8 @@ fn inner_main(reindex: bool) -> Result<(), Box> { .and_then(|v| v.get(&Value::String("peers".to_owned()))) .and_then(|v| v.as_mapping()) .and_then(|v| v.get(&Value::String("onlyonion".to_owned()))) + .and_then(|v| v.as_mapping()) + .and_then(|v| v.get(&Value::String("whitelist".to_owned()))) .and_then(|v| v.as_bool()) .unwrap_or(false) { From 350e8a85c02103937581b8d456c13c584ed8f0b3 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 24 May 2021 11:46:49 -0600 Subject: [PATCH 04/11] add whitelist to template --- assets/bitcoin.conf.template | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/assets/bitcoin.conf.template b/assets/bitcoin.conf.template index 8430bed..956fb81 100644 --- a/assets/bitcoin.conf.template +++ b/assets/bitcoin.conf.template @@ -54,6 +54,11 @@ addnode={{advanced.peers.addnode}} onlynet=onion }} +## WHITELIST +{{#FOREACH advanced.whitelist +whitelist={{advanced.whitelist}} +}} + ## PRUNING {{#IF advanced.pruning.mode = "manual" prune=1 From 603d7db8353ca8a5de1ce89d1e3f3dd19dac75fc Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 24 May 2021 14:38:57 -0600 Subject: [PATCH 05/11] default whitelist to subnet of all services --- config_spec.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config_spec.yaml b/config_spec.yaml index 4f40697..86daeee 100644 --- a/config_spec.yaml +++ b/config_spec.yaml @@ -233,10 +233,10 @@ advanced: default: automatic whitelist: name: Whitelist - description: Whitelist peers connecting from the given netmask or IP address. + description: Whitelist peers connecting from the given netmask or IP address. Defaults to the subnet of all services. type: list subtype: string - default: [] + default: ['172.18.0.0/16'] spec: pattern: "(^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)|((^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$)|(^[a-z2-7]{16}\\.onion$)|(^([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$))" patternDescription: Must be either an IPv4 or IPv6 address or domain name From 72af4cab892f908a51e9a91db3843948288ae305 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 24 May 2021 14:44:27 -0600 Subject: [PATCH 06/11] update whitelist regex --- config_spec.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config_spec.yaml b/config_spec.yaml index 86daeee..8eccc53 100644 --- a/config_spec.yaml +++ b/config_spec.yaml @@ -238,6 +238,6 @@ advanced: subtype: string default: ['172.18.0.0/16'] spec: - pattern: "(^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)|((^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$)|(^[a-z2-7]{16}\\.onion$)|(^([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?\\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$))" + pattern: "(^(([12]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])(\.|\/)){4}([1-2]?[0-9]|3[0-2])$)" patternDescription: Must be either an IPv4 or IPv6 address or domain name range: "[0,*)" From 46a7c76977eefc6ae04ba39338536ed024657499 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 24 May 2021 14:57:54 -0600 Subject: [PATCH 07/11] fix escaping --- config_spec.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config_spec.yaml b/config_spec.yaml index 8eccc53..286bdde 100644 --- a/config_spec.yaml +++ b/config_spec.yaml @@ -238,6 +238,6 @@ advanced: subtype: string default: ['172.18.0.0/16'] spec: - pattern: "(^(([12]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])(\.|\/)){4}([1-2]?[0-9]|3[0-2])$)" + pattern: "(^(([12]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])(\\.|\/)){4}([1-2]?[0-9]|3[0-2])$)" patternDescription: Must be either an IPv4 or IPv6 address or domain name range: "[0,*)" From ff640bddd851190b4e22f32f445258332c5767d8 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Mon, 24 May 2021 15:01:23 -0600 Subject: [PATCH 08/11] comment out pattern for now --- config_spec.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config_spec.yaml b/config_spec.yaml index 286bdde..2542b3c 100644 --- a/config_spec.yaml +++ b/config_spec.yaml @@ -237,7 +237,7 @@ advanced: type: list subtype: string default: ['172.18.0.0/16'] - spec: - pattern: "(^(([12]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])(\\.|\/)){4}([1-2]?[0-9]|3[0-2])$)" - patternDescription: Must be either an IPv4 or IPv6 address or domain name + # spec: + # pattern: "(^(([12]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])(\\.|\/)){4}([1-2]?[0-9]|3[0-2])$)" + # patternDescription: Must be either an IPv4 or IPv6 address or domain name range: "[0,*)" From 5e1eb76375345efd6d786ae18a368df9d117ecd4 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Tue, 25 May 2021 10:27:23 -0600 Subject: [PATCH 09/11] update template to whitelist all embassy services rather than user configuration --- assets/bitcoin.conf.template | 5 ++--- config_spec.yaml | 10 ---------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/assets/bitcoin.conf.template b/assets/bitcoin.conf.template index 956fb81..9b8a04a 100644 --- a/assets/bitcoin.conf.template +++ b/assets/bitcoin.conf.template @@ -55,9 +55,8 @@ onlynet=onion }} ## WHITELIST -{{#FOREACH advanced.whitelist -whitelist={{advanced.whitelist}} -}} +## whitelist all services subnet +whitelist=172.18.0.0/16 ## PRUNING {{#IF advanced.pruning.mode = "manual" diff --git a/config_spec.yaml b/config_spec.yaml index 2542b3c..24ad2df 100644 --- a/config_spec.yaml +++ b/config_spec.yaml @@ -231,13 +231,3 @@ advanced: integral: true units: MiB default: automatic - whitelist: - name: Whitelist - description: Whitelist peers connecting from the given netmask or IP address. Defaults to the subnet of all services. - type: list - subtype: string - default: ['172.18.0.0/16'] - # spec: - # pattern: "(^(([12]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])(\\.|\/)){4}([1-2]?[0-9]|3[0-2])$)" - # patternDescription: Must be either an IPv4 or IPv6 address or domain name - range: "[0,*)" From 8badef444ea62a55308f142bf2babdfdc289873c Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Tue, 25 May 2021 10:32:38 -0600 Subject: [PATCH 10/11] revert whitelist in configurator --- manager/src/main.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/manager/src/main.rs b/manager/src/main.rs index e29be0c..11097a5 100644 --- a/manager/src/main.rs +++ b/manager/src/main.rs @@ -563,8 +563,6 @@ fn inner_main(reindex: bool) -> Result<(), Box> { .and_then(|v| v.get(&Value::String("peers".to_owned()))) .and_then(|v| v.as_mapping()) .and_then(|v| v.get(&Value::String("onlyonion".to_owned()))) - .and_then(|v| v.as_mapping()) - .and_then(|v| v.get(&Value::String("whitelist".to_owned()))) .and_then(|v| v.as_bool()) .unwrap_or(false) { From 74b026828f2bed240545e7a328eea9ca6a35d8c5 Mon Sep 17 00:00:00 2001 From: Lucy Cifferello <12953208+elvece@users.noreply.github.com> Date: Tue, 25 May 2021 11:58:30 -0600 Subject: [PATCH 11/11] add release notes --- manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.yaml b/manifest.yaml index 4000982..920352b 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -6,7 +6,7 @@ description: short: "A Bitcoin Full Node by Bitcoin Core" long: "Bitcoin is an innovative payment network and a new kind of money. Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network. Bitcoin is open-source; its design is public, nobody owns or controls Bitcoin and everyone can take part. Through many of its unique properties, Bitcoin allows exciting uses that could not be covered by any previous payment system." release-notes: | - https://bitcoincore.org/en/releases/0.21.1/ + Whitelists service IP addresses. ports: - internal: 8332 tor: 8332