19:01:20 #startmeeting 19:01:20 Meeting started Thu Dec 12 19:01:20 2019 UTC. The chair is wumpus. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:01:20 Useful Commands: #action #agreed #help #info #idea #link #topic. 19:01:25 hi 19:01:27 hi 19:01:28 hi 19:01:28 hi 19:01:31 hi 19:01:38 #bitcoin-core-dev Meeting: wumpus sipa gmaxwell jonasschnelli morcos luke-jr sdaftuar jtimon cfields petertodd kanzure bluematt instagibbs phantomcircuit codeshark michagogo 19:01:39 marcofalke paveljanik NicolasDorier jl2012 achow101 meshcollider jnewbery maaku fanquake promag provoostenator aj Chris_Stewart_5 dongcarl gwillen jamesob ken281221 ryanofsky gleb moneyball kvaciral ariard digi_james amiti fjahr jeremyrubin lightlike emilengler jonatack 19:01:49 hi 19:01:49 hi 19:01:51 hi 19:02:24 hi 19:02:33 one proposed topic for this week in https://gist.github.com/moneyball/071d608fdae217c2a6d7c35955881d8a : appveyor CI future 19:02:51 cc sipsorcery 19:02:59 hi 19:03:14 my suggestion is to switch from appveyor to github actions (which is Azure CI under the hood) purely for speed 19:03:42 I personally think we should use Cirrus CI only as it supports Windows, Linux, macOS and also FreeBSD 19:03:44 sorry, that was not the start of the topic 19:04:07 this is still the "propose your topics" phase of the meeting, then we'll start with high priority for review 19:04:13 I am hoping to get some feedback this week on #17717 19:04:14 https://github.com/bitcoin/bitcoin/issues/17717 | Proposed PSBT sign/broadcast flow · Issue #17717 · bitcoin/bitcoin · GitHub 19:04:16 HI 19:04:20 oh sorry 19:04:21 oops sorry 19:04:45 gwillen: ok, let's addd that as topic then 19:04:53 #topic High priority for review 19:05:02 #proposedmeetingtopic finish up #12763 19:05:05 https://github.com/bitcoin/bitcoin/issues/12763 | Add RPC Whitelist Feature from #12248 by JeremyRubin · Pull Request #12763 · bitcoin/bitcoin · GitHub 19:05:07 https://github.com/bitcoin/bitcoin/projects/8 8 blockers, 7 chasing concept ACK 19:05:13 oh sorry *not* high priority 19:06:05 anything to add/remove or that is ready for merge? 19:06:13 #17537 for hi prio 19:06:15 https://github.com/bitcoin/bitcoin/issues/17537 | wallet: Cleanup and move opportunistic and superfluous TopUp()s by achow101 · Pull Request #17537 · bitcoin/bitcoin · GitHub 19:06:46 hi 19:07:06 achow101: for blockers I guess? 19:07:10 yes 19:07:22 ok, added 19:08:17 #topic appveyor CI future (sipsorcery) 19:08:29 Like I said, I personally think we should use Cirrus CI only as it supports Windows, Linux, macOS and also FreeBSD 19:08:30 sipsorcery | my suggestion is to switch from appveyor to github actions (which is Azure CI under the hood) purely for speed 19:08:53 second suggestion is to cache the vcpkg dependencies in a .zip file to avoid failures unrelated to PR's. 19:09:09 emilengler: ppc64? 19:10:00 luke-jr: I'm not sure about that but we keep using travis for this purpose only 19:10:06 I don't think MarcoFalke is here 19:10:06 could keep* 19:10:43 is anyone against moving to github actions for just the MSVC build? 19:10:50 emilengler: what about distros? 19:10:58 (there is no question of moving *all*CI to github actions, to be clear) 19:11:13 wumpus: given that github is a microsoft product seems reasonable :p 19:11:27 jeremyrubin: heh! 19:11:36 As long as that involves removing all Appveyor usage. 19:11:58 luke-jr: I'm not sure about distros 19:12:17 fanquake: yes, it would 19:12:22 But anyway, I believe that we should use Cirrus CI in the long term. Maybe only for FreeBSD? 19:12:31 But that's anotehr topic 19:12:38 fanquake: this would be about replacing appveyor 19:13:32 wumpus great. If it's faster, and isn't going to be broken seemingly every thrid day for reasons outside our control. 19:13:45 I can't comment on that 19:13:53 Maybe the vcpkg maintainers will stop randomly slicing up their packages. 19:14:15 I got the appveyor timeout back to 90 minutes 19:14:22 Anything else needs to be fixed? 19:14:36 but is the issue with appveyor itself, or the fact that vcpkg changes out from under us all the time? 19:14:57 My understanding was that it's vcpkg 19:15:03 both, appveyor is slow and has a low timeout, and the packages switch under us all the time 19:15:08 But that actions will make it less annoying for non windows maintainers 19:15:08 There's a good summary of some of the issues in #17736 19:15:09 https://github.com/bitcoin/bitcoin/issues/17736 | Update msvc build for Visual Studio 2019 v16.4 by sipsorcery · Pull Request #17736 · bitcoin/bitcoin · GitHub 19:15:14 okay, so there are two independent issues to be fixed 19:15:37 3 if you include the compiler issues. 19:15:42 yes, I'm not sure in how far they're correlated 19:16:16 well my earlier suggestion for dealing with vcpkg issues will not work if appveyor is too slow 19:16:28 at a guesstimate on appveyor failures: 5% genuinely relate to PR's, 30% vcpkg, 25% python functional tests, 5% appveyor image, 30% appveyor timeout, 5% other. 19:16:56 a literal roulette wheel 19:17:23 suspect GitHub, Cirrus or Circle could all be the same excepting the timeouts. 19:18:17 assuming similar reliability, my vote would go to whichever one is fastest 19:18:46 yes 19:19:06 GitHub is substantially faster than appveyor. I haven't tested any other but would be happy to do so if it would help? 19:19:33 speed seems likely to be dependent on how many projects are using them 19:19:39 ie, if we switch, it will get slow :P 19:20:07 fair enough, our test suite is pretty heavy! 19:20:21 sipsorcery: let's just try github next imo 19:20:32 sipsorcery: no one was strongly against trying them 19:20:33 What about #17736 ? 19:20:35 https://github.com/bitcoin/bitcoin/issues/17736 | Update msvc build for Visual Studio 2019 v16.4 by sipsorcery · Pull Request #17736 · bitcoin/bitcoin · GitHub 19:21:12 #17736 would be necessary no matter the CI I think 19:21:13 https://github.com/bitcoin/bitcoin/issues/17736 | Update msvc build for Visual Studio 2019 v16.4 by sipsorcery · Pull Request #17736 · bitcoin/bitcoin · GitHub 19:21:19 if appveyor is being canned 17736 is not required (at least until GitHub upgrade). 19:21:25 oh 19:21:56 Has anyone tested the GitHub CI and found any issues? 19:22:00 I merged it a few days ago 19:22:46 I didn't realise that Github seems to automatically turn the CI on for any repos that have the config file? Had to turn it off for my own fork. 19:22:58 Didn't realise until a build had failed and it emailed me. 19:23:03 Huh 19:23:11 It was turned off for bitcoin/bitcoin 19:23:12 fanquake: maybe you're part of a weird opt in program? 19:23:17 ^ 19:23:57 Yea I'm not talking about bitcoin/bitcoin. Which we had tried to turn "Actions" off for. This was one my fanquake/bitcoin fork. 19:24:03 sipa could be 19:24:33 someone, not me at least turned 'actions' back on for bitcoin/bitcoin (which is okay if we're going to use it) 19:24:49 [13bitcoin] 15jamesob opened pull request #17737: Add ChainstateManager, remove BlockManager global (06master...062019-12-au.chainman) 02https://github.com/bitcoin/bitcoin/pull/17737 19:24:49 wumpus Yea I was wondering how that happened 19:25:14 in any case, let'stest it and talk about it next meeting or so 19:25:26 Ok, so unless there are objections: Merge #17736 as short term fix, and then (next week maybe) switch to GitHub Actions CI? 19:25:28 https://github.com/bitcoin/bitcoin/issues/17736 | Update msvc build for Visual Studio 2019 v16.4 by sipsorcery · Pull Request #17736 · bitcoin/bitcoin · GitHub 19:25:41 +1 19:25:49 +1 19:25:49 ack 19:25:52 +1 19:25:54 #topic Proposed PSBT sign/broadcast flow (gwillen) 19:26:11 #17717 19:26:12 https://github.com/bitcoin/bitcoin/issues/17717 | Proposed PSBT sign/broadcast flow · Issue #17717 · bitcoin/bitcoin · GitHub 19:26:32 yay, PSBT guis 19:27:11 this is building on top of Sjors' #17509 which is not merged yet 19:27:13 https://github.com/bitcoin/bitcoin/issues/17509 | gui: save and load PSBT by Sjors · Pull Request #17509 · bitcoin/bitcoin · GitHub 19:27:33 my general sense is, once we can load PSBTs, the next step is "what are the operations we support on them" 19:27:48 so I think introducing a simple dialog to analyze them, sign them, broadcast them, and save them is a good next step 19:28:04 (this is simpler than the dialog from my old branch, for those of you who saw that, but it will reuse a lot of the parts) 19:28:14 ack 19:28:24 i agree with the observation that an explicit update step is probably unnecessary 19:28:49 yeah my approach has always been to automatically update the PSBT eagerly when loading it, and that seems to produce good results 19:29:12 seems reasonable 19:29:27 anyway I'm trying to make this a small and uncontroversial step, so feedback welcomed on the issue, there will be a PR soon, thanks! 19:29:29 the only reason why you'd want that to be explicit is because of privacy concerns (you may not want to reveal bip32 paths you know about keys used), but the sentiment in #17264 seems to be that that needs to be solved differently anyway 19:29:33 https://github.com/bitcoin/bitcoin/issues/17264 | rpc: set default bip32derivs to true for psbt methods by Sjors · Pull Request #17264 · bitcoin/bitcoin · GitHub 19:29:46 sipa: hmm *nod*, will go read the notes on that 19:29:53 yeah making PSBT private is not super well defined to begin with, you need additional roles 19:31:31 especially as more special-case fields are entered into it 19:31:31 "update"? 19:31:45 luke-jr, filling fields like hd derivation path, etc 19:31:53 not signing, though, right? 19:31:55 luke-jr: it's possible to have a PSBT that doesn't have things like P2SH redeemscripts, witnessscripts, etc. that are required for signing 19:32:05 I would never have the UI sign automatically, no 19:32:10 luke-jr: correct. update is done before signing 19:32:12 luke-jr: BIP 174 updating is filling in UTXOs/prevtxs, bip32 paths, scripts used 19:32:12 thanks for noting that clarification 19:32:28 signing is always a big red button that's explicit 19:32:31 hmm 19:32:37 updating is done to "guide" signing, especially for dumb signers 19:32:49 exposing redeemscripts is arguably partially a signature? 19:33:10 well the design of PSBT in Core is such that the wallet creating the tx will already include them if it knows them 19:33:12 luke-jr: it doesn't involve private keys 19:33:21 the "update" step only ever occurs separately in unusual cases I think 19:33:28 sipa: I'm thinking the script itself is part of the private key 19:33:29 oh that's probably why I could never get rawtx to psbt conversion to work, I probably needed to call utxoupdatepsbt? 19:33:43 that conversion is sketchy :) 19:33:44 luke-jr: it should not be considered that way 19:33:57 luke-jr: as security should not ever depend on keeping scripts private 19:34:26 hmm 19:34:29 (it may matter for privacy to keep them secret, but that's a much more complicated issue to solve if desired) 19:34:45 given that PSBT is pretty dependent on the current workflow, I think the workflow is maybe outside the scope of my specific change 19:34:46 if you want privacy of scripts and derivations paths, psbt ain't it 19:34:54 but might be worth having a discussion about it at some point 19:34:55 I guess the scripts are strictly less a concern than derivation paths 19:35:41 sipa: it's sometimes possible to compress a HTLC in a taproot branch I think 19:36:28 jeremyrubin: taproot will have it's own set of fields that hopefully better preserve privacy 19:36:38 should the ui give a privacy warning when copying psbts to clipboard/saving when there's derivation paths included? 19:36:41 you'll still need additional roles/flows imo 19:36:56 jb55: imho, no - it's generally not actionable 19:36:58 better to me to actually define common flows, and design for those, rather than just guessing 19:37:12 jb55: you have the choice between private and broken, and non-private and functional 19:37:28 I think in general PSBTs are also never intended to be published, they are intended to be shared only with required signers 19:37:32 hww<->host<->curious co-signer, things like that 19:37:38 I suspect this really mutes a lot of the privacy issues that could otherwise exist 19:37:43 but there's no RPC flow for this 19:37:44 for most people the required signers will only ever be themselves 19:37:51 gwillen: the main privacy concern is for coinjoins 19:37:52 or people they already trust with their privacy 19:37:55 *nod* 19:38:09 I have not thought a lot about the coinjoin case 19:38:27 [13bitcoin] 15fanquake opened pull request #17738: build: remove linking librt for backwards compatibility (06master...06remove_librt_back_compat) 02https://github.com/bitcoin/bitcoin/pull/17738 19:38:33 depends on what co-signers require to sign, there can be additional proof data etc 19:38:44 in coinjoins you don't know or trust the other participants. deriv path and scripts could provide an easy way for a coinjoin participant to deanonymize other coinjoin participatns 19:38:48 yeah, the (interesting) privacy issues appear when you're combinging multi-party signing for some inputs, and distinct signers for other inputs 19:39:18 there could be some best effort where we remove bip32 derivation info from finalized inputs 19:39:36 we may already do that 19:39:45 pretty sure we do 19:39:46 I know that we strip partial signatures from finalized inputs once we combine them 19:40:01 I think the spec for finalizer says drop everything but final sig/witness and utxo 19:40:02 oh, ok 19:40:12 achow101: i vaguely remember that indeed 19:40:37 oh that's not too bad then for most uses already 19:41:03 I think the workflow we should be going for is really the hardware wallet/cold storage one 19:41:17 I still wish there was some hrp that I could glance at the various states a psbt is in, but I guess that ship has sailed 19:41:20 well that one can be very naive 19:42:41 jb55: can you expand "hrp" 19:42:55 human readable aprt 19:42:57 *part 19:43:01 there is the analyzepsbt rpc which produces what you want, I think 19:43:04 the stage depends on the input... 19:43:16 and my goal is for my UI to also expose as much of that as makes sense 19:43:37 yeah perhaps thats just difficulties arising from copying and pasting psbts and the cli, but ui could help a lot here 19:43:42 I don't think it would make sense to put an hrp in the PSBT itself, you could attack people by having it be secretly out of sync with the rest 19:43:48 jb55, different signers may expect different input, so it's kind of hard to say. e.g., one may expect xpub for multisig detection, other may not 19:46:31 Anything else on this topic? 19:46:40 I think further comments on my proposal can go on the issue 19:46:48 #topic RPC Whitelist Feature (jeremyrubin) 19:47:02 I think this is more or less ready to merge 19:47:22 The test (#17536) is also rebased on the squashed commit 19:47:23 It adds the ability to whitelist certain RPCs for credentials for those unfamiliar 19:47:24 https://github.com/bitcoin/bitcoin/issues/17536 | test: Add test for rpc_whitelist by emilengler · Pull Request #17536 · bitcoin/bitcoin · GitHub 19:48:26 could you snipe the test? :) if that's ok emilengler 19:48:53 instagibbs: What do you mean? 19:48:57 snipe meaning put onto the same branch? I could, I just didn't want to unfairly steal emilengler's merge stats ;) 19:49:13 jeremyrubin: It's fine 19:49:14 emilengler, can jeremy cherry-pick into his branch? I don't like features without tests :) 19:49:21 big credit to emilengler for putting in the effort to get the tests over the line 19:49:22 sure 19:49:34 just make sure to keep the author data the same 19:49:46 +1 19:49:46 Would be nice if you colud put me into the longer commit description 19:50:20 will do 19:50:28 will review 19:50:30 thanks :) 19:50:34 do it without an @ or he'll get spammed by altcoins 19:50:39 Will close the PR then 19:50:49 (usually just maintaining the Author field is enough?) 19:51:24 will review 19:52:39 8 minutes, any other topics? 19:52:41 thanks everyone, I don't think we have any more topics so that concludes the meeting 19:52:44 kk 19:52:49 #endmeeting