c0bdd51 Daemon should now exit on conflicting checkpoints (Thomas Winget)
f0b4138 various changes to runtime checkpoint updating (Thomas Winget)
7568f89 Fixed segfault with checkpoints loading (Thomas Winget)
b261d92 DNS checkpoint updating added, and daemon flag to enforce them (Thomas Winget)
30caebf reload checkpoints file every ~hr and print if any fail (Thomas Winget)
0e14491 updated DNSResolver/things that use it for DNSSEC (Thomas Winget)
6f2c2e1 Adding an identical existing checkpoint should not error (Thomas Winget)
If the "enforce DNS checkpoints" flag is not enabled, it should not exit
if DNS checkpoints conflict with the others, but should still print a
warning to the user.
json checkpoints will be checked every 10 minutes, dns every 60.
json checkpoints always enforced, dns still with flag.
conflicting checkpoints is hard fail, but soft if dns enforce flag not
set and dns checkpoints are wonky.
Bounds checking on blockchain_storage' m_blocks.size() when validating
against checkpoints. Also moved initial json & DNS checkpoints load to
after blockchain init.
The daemon should now check for updated checkpoints from
checkpoints.moneropulse.org as well as from the configured json file
every ~1hr (and on launch).
The daemon now has a flag to enable enforcing these checkpoints (rather
than just printing a warning when they fail).
TODO: an easily configurable list of DNS servers to check for
checkpoints as opposed to the hard-coded "checkpoints.moneropulse.org"
Note: DNSResolver does not yet *use* DNSSEC, but rather this commit is
preparation for including DNSSEC validation. The function in
src/wallet/wallet2.cpp that uses DNSResolver still needs its parameters
updated accordingly.
For checkpoints being read at runtime to work correctly, the checkpoint
add code needs to not return false if a checkpoint is added that already
exists. In this case, instead return false if the checkpoint is for a
height that already has a checkpoint and the hashes are different.
ldns dependency was only still around for constants defined in ldns/rr.h,
but those constants are RFC specified DNS constants, and to reduce deps
have been replicated in dns_utils.h instead of including ldns/rr.h.
Simplewallet should now do a DNS query on an address if it fails to
convert the given string to a binary representation of an address
(base58->binary). It will prompt the user, telling of what the "url"
passed was, what monero address it translated to, and whether or not
DNSSEC validation was a success, and ask for a confirmation that these
are all acceptable.
Also implemented rudimentary IPv6 support, but commented it out because
it's not widely supported by ISPs for now, and thus is not currently
supported by Monero.
CMake config file written, but was unable to test/get it working
properly because of a bug in CMake with functions related to
find_package. Simple "-lunbound" flag used in its stead for now. May
not build on non-Linux systems, not sure yet.
On 32-bit MinGW-w64, time_t is int32_t. The existing code was serializing
time_t directly and implicitly assuming that time_t is int64_t. This commit
formalizes that assumption by serializing int64_t directly and casting to
time_t where appropriate.
Thanks go to greatwolf for reporting this issue.
monero-project/bitmonero#88