zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,509 Commits 128 Branches 60 Tags 50 MiB
Commit Graph

2509 Commits

Author SHA1 Message Date
teor 52dcaa2544 Stop ignoring lightweight git tags in panic metadata 
Unfortunately, Zebra's first alpha release is an annotated tag, but
GitHub defaults to lightweight tags. (At least for pre-releases.)
 2021-05-20 09:00:56 +10:00
teor bcc59d11c3 Refactor metadata so git vars must be optional 
We don't test non-git builds, but we can use the type system to make sure
they are always optional.
 2021-05-20 09:00:56 +10:00
teor b6c5ef8041 Add VERGEN_CARGO_PROFILE to the panic env vars 
Some panics should only happen on debug profiles.
 2021-05-20 09:00:56 +10:00
teor 62f053de9e Enable cargo env vars when there is no .git 
But still disable git env vars.

This change requires vergen 5.1.4 or later.
 2021-05-20 09:00:56 +10:00
teor 55e398c10a
Stop generating V1-V3 transactions for non-finalized state proptests (#2159) 
These transactions cause a test panic in `UpdateWith`, in the rare cases
where the test gets that far.
 2021-05-19 18:53:44 -04:00
Deirdre Connolly bf72d6dbc0 Update zebra-network/src/peer/handshake.rs 
Co-authored-by: teor <teor@riseup.net>
 2021-05-18 14:02:19 +10:00
teor 92828bbb29 Reliability: send local listener address to peers 
When peers ask for peer addresses, add our local listener address to the
set of addresses, sanitize, then truncate. Sanitize shuffles addresses,
so if there are lots of addresses in the address book, our address will
only be sent to some peers.
 2021-05-18 14:02:19 +10:00
teor d2a8985dbc Reliability: Add inbound canonical addresses to the address book 
Add canonical addresses from inbound connections to the address book,
so that Zebra can use them for reconnection attempts.

Use the newly added `NeverAttemptedAlternate` state for these addresses,
so we try gossiped addresses first, then canonical addresses. This avoids
duplicate connections to inbound peers.
 2021-05-18 14:02:19 +10:00
teor eb2e58ba53
Security: reject compact sizes greater than the protocol message limit (#2155) 
These sizes should be impossible in valid messages.
So they likely represent a memory preallocation attack.
 2021-05-17 18:23:06 -04:00
teor 458c26f1e3 Limit initial candidate set fanout to the number of initial peers 
If there is a small number of initial peers, and they are slow, the
initial candidate set update can appear to hang. To avoid this issue,
limit the initial candidate set fanout to the number of initial peers.

Once the initial peers have sent us more peer addresses, there is no need
to limit the fanouts for future updates.

Reported by Niklas Long of Equilibrium.
 2021-05-18 07:54:03 +10:00
teor 679920f6b8 Stop trying to resolve empty initial peer lists 
Instead, log an error and return immediately.
 2021-05-18 07:54:03 +10:00
teor b600e82d6e
Security: Avoid silently corrupting invalid times during serialization (#2149) 
* Security: panic if an internally generated time is out of range

If Zebra has a bug where it generates blocks, transactions, or meta
addresses with bad times, panic. This avoids sending bad data onto the
network.

(Previously, Zebra would truncate some of these times, silently
corrupting the underlying data.)

Make it clear that deserialization of these objects is infalliable.
 2021-05-17 16:53:10 -04:00
teor b0b8b2f61a
Add extra instrumentation for initialize and handshakes (#2122) 
* Instrument the crawl task

When we created the crawl task, we forgot to instrument it with the
global span. This fix makes sure that the git and network span appears on
crawl logs.

* Instrument the connector

* Improve handshake instrumentation

Make some spans debug, so there are not too many spans.

* Add the address to initial peer connection errors
 2021-05-17 16:49:16 -04:00
teor 7969459b19
Security: Move the Verack response after the version check (#2121) 
We should do as many local checks as possible, before sending further
messages.
 2021-05-17 16:39:44 -04:00
dependabot[bot] e0fdadaca2
build(deps): bump tokio-test from 0.4.1 to 0.4.2 (#2162) 
Bumps [tokio-test](https://github.com/tokio-rs/tokio) from 0.4.1 to 0.4.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-test-0.4.1...tokio-test-0.4.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-17 20:47:46 +10:00
teor dd7747bc69
Security: Remove checkout credentials from GitHub actions (#2158) 
* Remove checkout credentials from CD action
* Remove checkout credentials from CI action
* Remove checkout credentials from coverage action
* Remove checkout credentials from docs action
* Remove checkout credentials from manual deploy action
* Remove checkout credentials from test action
* Remove checkout credentials from zcashd action
 2021-05-17 09:32:38 +10:00
Alfredo Garcia 1f25d84273
correct some docs (#2157) 2021-05-14 16:35:10 -03:00
teor c40cbee42f Remove address book peers that have changed to clients 
If an address book peer stops advertising the NODE_SERVICES bit, remove
it from the address book.
 2021-05-14 23:45:42 +10:00
teor f541f85792 Send unspecified addresses and client services for isolated connections 2021-05-14 23:45:42 +10:00
teor 9160365d06 Fix a comment 2021-05-14 23:45:42 +10:00
teor a8a0d6450c Security: stop gossiping temporary inbound remote addresses to peers 
- stop putting inbound addresses in the address book
- drop address book entries that can't be used for outbound connections
  - distinguish between temporary inbound and permanent outbound peer
    addresses
  - also create variants to handle proxy connections
    (but don't use them yet)
  - avoid tracking connection state for isolated connections
- document security constraints for the address book and peer set
 2021-05-14 23:45:42 +10:00
teor fde8f1e4ca
Security: stop panicking on out-of-range version timestamps, Credit: Equilibrium (#2148) 
* Security: stop panicking on out-of-range version timestamps

Instead, return a deserialization error, and close the connection.

This issue was reported by Equilibrium.
 2021-05-14 17:13:11 +10:00
teor c0326677a4
Add a new `zcash_serialize_bytes` utility function (#2150) 2021-05-14 12:23:02 +10:00
dependabot[bot] adcd13bdd3
build(deps): bump serde from 1.0.125 to 1.0.126 (#2151) 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.125 to 1.0.126.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.125...v1.0.126)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-14 10:23:51 +10:00
dependabot[bot] 2ea1d8624d
build(deps): bump codecov/codecov-action from 1 to 1.5.0 (#2142) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 1.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v1.5.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-12 22:12:49 +00:00
dependabot[bot] b8fe6617b8
build(deps): bump sha2 from 0.9.4 to 0.9.5 (#2147) 
Bumps [sha2](https://github.com/RustCrypto/hashes) from 0.9.4 to 0.9.5.
- [Release notes](https://github.com/RustCrypto/hashes/releases)
- [Commits](https://github.com/RustCrypto/hashes/compare/sha2-v0.9.4...sha2-v0.9.5)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-13 07:58:48 +10:00
dependabot[bot] 55b2127ddc
build(deps): bump futures from 0.3.14 to 0.3.15 (#2144) 
Bumps [futures](https://github.com/rust-lang/futures-rs) from 0.3.14 to 0.3.15.
- [Release notes](https://github.com/rust-lang/futures-rs/releases)
- [Changelog](https://github.com/rust-lang/futures-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/futures-rs/compare/0.3.14...0.3.15)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-13 07:56:47 +10:00
dependabot[bot] 300ce12a29
build(deps): bump actions-rs/cargo from 1 to 1.0.3 (#2140) 
Bumps [actions-rs/cargo](https://github.com/actions-rs/cargo) from 1 to 1.0.3.
- [Release notes](https://github.com/actions-rs/cargo/releases)
- [Changelog](https://github.com/actions-rs/cargo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/actions-rs/cargo/compare/v1...v1.0.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-13 07:54:02 +10:00
dependabot[bot] 48657506c5
build(deps): bump actions-rs/clippy-check from 1 to 1.0.7 (#2141) 
Bumps [actions-rs/clippy-check](https://github.com/actions-rs/clippy-check) from 1 to 1.0.7.
- [Release notes](https://github.com/actions-rs/clippy-check/releases)
- [Changelog](https://github.com/actions-rs/clippy-check/blob/master/CHANGELOG.md)
- [Commits](https://github.com/actions-rs/clippy-check/compare/v1...v1.0.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-13 07:52:10 +10:00
dependabot[bot] e4ed072c28
build(deps): bump actions/checkout from 2 to 2.3.4 (#2143) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-13 07:51:12 +10:00
Pili Guerra 500dc2e511
Update version strings for Zebra v1.0.0-alpha.8 release (#2136) 
* Update versions for zebra v1.0.0-alpha.8 release

* Update tower-batch and tower-fallback version strings

* Update Cargo.lock
 2021-05-12 14:27:36 +02:00
teor f8693ee004
Explain how to review version bump PRs (#2138) 2021-05-12 10:42:48 +02:00
teor 59b23f5724
Explicitly allow unencrypted disclosures for alpha releases (#2127) 2021-05-11 14:41:33 +02:00
teor 2827f6a7e6
Orchard: disable clippy warnings about comparing a newly created struct (#2117) 
In Orchard, we compare canonical Pallas bytes with a supplied byte array.

Since we need to perform calculations to get it into canonical form, we
need to create a newly owned object.
 2021-05-10 19:16:21 -03:00
teor 8b72e8627b
Make the RFC TOC into a separate step (#2126) 
We might remember it better that way.
 2021-05-10 10:17:42 -03:00
Alfredo Garcia 29893f2b9b
Validate nConsensusBranchId (#2100) 
* validate nConsensusBranchId
* add tests

* fix bug in transaction_to_fake_v5

Co-authored-by: teor <teor@riseup.net>
 2021-05-10 01:31:45 +00:00
Conrado Gouvea f222bf94ea
Update Zebra Book TOC (#2124) 2021-05-07 10:50:51 -03:00
teor 74e155ff9f
Spelling: gossipped -> gossiped (#2119) 2021-05-07 13:01:11 +02:00
teor 2ef5277d2b Update Cargo.lock 2021-05-06 20:31:54 -04:00
Deirdre Connolly 3901dc9adc
Merge pull request #2099 from ZcashFoundation/redpallas-sig-stub 
Flesh out redpallas, direct port of redjubjub
 2021-05-06 10:56:00 -04:00
dependabot[bot] c2706f448a build(deps): bump sha2 from 0.9.3 to 0.9.4 
Bumps [sha2](https://github.com/RustCrypto/hashes) from 0.9.3 to 0.9.4.
- [Release notes](https://github.com/RustCrypto/hashes/releases)
- [Commits](https://github.com/RustCrypto/hashes/compare/sha2-v0.9.3...sha2-v0.9.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-06 08:58:07 -04:00
dependabot[bot] 7721544bdb build(deps): bump inferno from 0.10.4 to 0.10.5 
Bumps [inferno](https://github.com/jonhoo/inferno) from 0.10.4 to 0.10.5.
- [Release notes](https://github.com/jonhoo/inferno/releases)
- [Changelog](https://github.com/jonhoo/inferno/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jonhoo/inferno/compare/v0.10.4...v0.10.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-06 08:54:44 -04:00
teor 328f343515
RFC: add tokio-console/TurboWish prototype (#2111) 2021-05-06 09:59:29 +10:00
dependabot[bot] a04022adfc build(deps): bump inferno from 0.10.3 to 0.10.4 
Bumps [inferno](https://github.com/jonhoo/inferno) from 0.10.3 to 0.10.4.
- [Release notes](https://github.com/jonhoo/inferno/releases)
- [Changelog](https://github.com/jonhoo/inferno/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jonhoo/inferno/compare/v0.10.3...v0.10.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-05 07:15:51 -04:00
teor 74fd2a65fe
Rename feature to match RFC filename 2021-05-04 10:20:52 +10:00
teor 6f2dbd9de8
Async in Zebra RFC (#1965) 
* Initial async RFC version

* Add a table of contents

Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>

* Add a toc anchor

Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>

* Add some words that need definitions

Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>

* Write guide intro based on feedback
* Add a code example for each reference section
* Link to code examples using commit hashes
* Link to PR and commit for each code example

* Fix typos

Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>

* Remove redundant version in docs.rs link

* Link the guide to the reference

And expand the guide descriptions

* Mention TurboWish as a future diagnostic tool
* Add an example of a compiler error that prevents deadlock

Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
 2021-05-03 21:00:49 -03:00
dependabot[bot] 5632d8cbb8
build(deps): bump tracing-subscriber from 0.2.17 to 0.2.18 (#2097) 
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.2.17 to 0.2.18.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.2.17...tracing-subscriber-0.2.18)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-04 09:13:14 +10:00
dependabot[bot] 84aca7e78b build(deps): bump tracing from 0.1.25 to 0.1.26 
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.25 to 0.1.26.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.25...tracing-0.1.26)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-03 17:05:49 -04:00
teor 0793c903b4
Clarify that orchard::ShieldedData has an orchard::tree::Root 2021-05-04 05:51:26 +10:00
dependabot[bot] 72547cafff build(deps): bump secp256k1 from 0.20.1 to 0.20.2 
Bumps [secp256k1](https://github.com/rust-bitcoin/rust-secp256k1) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/rust-bitcoin/rust-secp256k1/releases)
- [Changelog](https://github.com/rust-bitcoin/rust-secp256k1/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-bitcoin/rust-secp256k1/commits)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-30 11:22:35 -04:00