Bug 1020292 - Review Request: bitcoin - Peer-to-peer digital currency
Review Request: bitcoin - Peer-to-peer digital currency
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Warren Togami
Fedora Extras Quality Assurance
: Reopened
Depends On: 319901 999584 1021898
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-17 07:55 EDT by Juan Orti
Modified: 2016-12-03 08:30 EST (History)
35 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-22 05:35:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Juan Orti 2013-10-17 07:55:58 EDT
Spec URL: http://jorti.fedorapeople.org/bitcoin/bitcoin.spec
SRPM URL: http://jorti.fedorapeople.org/bitcoin/bitcoin-0.8.5-2.fc19.src.rpm

Description: Bitcoin is an experimental new digital currency that enables instant
payments to anyone, anywhere in the world. Bitcoin uses peer-to-peer
technology to operate with no central authority: managing transactions
and issuing money are carried out collectively by the network.

Bitcoin is also the name of the open source software which enables the
use of this currency.

Fedora Account System Username: jorti
Comment 1 Juan Orti 2013-10-17 07:59:54 EDT
I submit this package now that EC crypto has been enabled in Fedora. Co-mantainers are welcomed!
Comment 2 Michael Hampton 2013-10-17 11:28:49 EDT
I'm happy to co-maintain this, especially since you've based this on my previous work.

One big problem that is not resolved here is that Bitcoin ships a bundled copy of leveldb, and this needs to be dealt with. This is harder than it looks: Bitcoin uses code from leveldb that Fedora does not currently ship, so leveldb is going to need to be changed first.

I'll do a full review later.
Comment 3 Warren Togami 2013-10-17 13:19:13 EDT
Upstream developers including gmaxwell, jgarzik and myself expressed an interest in being involved with this review.  Please DO NOT APPROVE without upstream cooperation.

Bitcoin is very strange software where distributions can create systemic risk if inappropriately modified nodes exist in large numbers due to the danger of altering the norms of global consensus.

http://bitcoinmagazine.com/5858/linux-distribution-packaging-and-bitcoin/
""For this reason, it is vital that as much of the network as possible uses unmodified implementations that have been carefully audited and tested, including dependencies. For instance, if the included copy of LevelDB in bitcoind is replaced by a system-wide shared library, any change to that shared library requires auditing and testing, a requirement generally not met by standard distributor packaging practices."

<Luke-Jr> packagers can use system leveldb, but doing so safely *needs* appropriate care
<Luke-Jr> most distros aren't willing to give that care
<Luke-Jr> in particular, they need to lock leveldb to known-good versions (not even doing bugfixes), and disable snappy support

Bitcoin's leveldb is a fork or a separately built and maintained instance of leveldb.  I suggested that they rename this separate leveldb to make it clear that it is Bitcoin-specific.
Comment 4 Juan Orti 2013-10-17 15:12:14 EDT
If anyone with deeper understanding of the inner workings of Bitcoin want to take the ownership of this request, feel free to do it.

I'm not a developer, so all the work needed with the libraries will be hard to me.

Michael, thank you for your previous work.
Comment 5 Jeff Garzik 2013-10-17 17:22:39 EDT
Bitcoin is part of a new category of software that relies on distributed consensus.  The integrity of the entire system, the ability to secure money itself, relies on all nodes coming to a consensus on a timeline of transactions (block chain).

Any part of the system which causes a deviation, however slight, in a hash-secured system will partition nodes away from the main network.

In bitcoin's history, the database library has **already** played a role in causing the network consensus to fail: https://en.bitcoin.it/wiki/BIP_50

To be specific, if Fedora's system leveldb is upgraded, that could partition nodes receiving the upgrade away from other nodes on the network, if a network-exposed database detail is present.

It may seem counterintuitive, but for the sake of distributed consensus, we may even elect to _not_ upgrade a piece of code, thereby maintaining bug-for-bug compatibility with existing network nodes.

Bitcoin is quite literally a new form of database, similar to Amazon Dynamo's "eventually consistent" distributed database.

We need a special Fedora policy exception WRT system libraries, for this reason.

It is standard distro policy to remove embedded libs, for very good reasons:   an embedded zlib, for example, would not receive a bug fix that the system zlib will receive.

Bitcoin is the opposite.  We MUST be bug-for-bug compatible, and an upgrade of a system lib has the potential to break consensus.
Comment 6 Peter Lemenkov 2013-10-18 00:53:11 EDT
(In reply to Jeff Garzik from comment #5)

> To be specific, if Fedora's system leveldb is upgraded, that could partition
> nodes receiving the upgrade away from other nodes on the network, if a
> network-exposed database detail is present.

This sounds very strange to me. If it's true, and Bitcoin is so fragile due to changes in underlying libraries, then it looks like a potential attack vector.

Btw why not to maintain glibc, kernel, compilers in sync as well?
Comment 7 Jeff Garzik 2013-10-18 02:22:19 EDT
We have direct field experience[1], learned during the ongoing growth of this $1.6 billion dollar system[2], that database is a particularly sensitive area, and chose to bundle the database after discussion.

Further, we have seen packagers in other distros -- Debian -- unthinkingly change out bundled libraries and patch bitcoin to the point where the software simply did not work:  it would not validate the blockchain at all.

Few technologists have (1) experience with distributed consensus, and (2) have worked on sotware that secures over $1 billion in money from counterfeiting.  Details which need care are not readily apparent, if you are not already familiar with this technology.

Bitcoin has been compared to avionics or medical device software.  You simply /have/ to get all details right.  The consequences of failure are total loss of bitcoin value for the user, or even worse, total loss of value for all users.

Like avionics or medical device software, component and module upgrades are VERY carefully tested and staged, much more rigorously than "yum -y upgrade"

[1] https://en.bitcoin.it/wiki/BIP_50
[2] http://bitcoinwatch.com/
Comment 8 Gregory Maxwell 2013-10-18 03:38:15 EDT
(Jeff said all that I think needed to be said on the consensus points, so I'll leave that alone for the moment)

The patch bitcoin-0.8.5-libdb_path.patch is unnecessary. The build uses BDB_INCLUDE_PATH for this purpose, and it appears to be set in the spec so I'm not sure why this patch is there.

I don't think installing the "debian example configuration" is of any use. I'd forgotten that was in contrib at all, and the system will not work with that configuration alone in any case. (Though in principle I don't see anything wrong with using it in principle, the one in the bitcoin codebase is outdated and not useful).

The only thing that needs to be set for the daemon to actually be usable is the rpcuser / rpcpassword settings, and rpcpassword should be set to a cryptographically strong random value.
Comment 9 Juan Orti 2013-10-18 04:57:36 EDT
I have dropped the patch, qmake didn't get the environment variables, so I've added them as arguments.

Spec URL: http://jorti.fedorapeople.org/bitcoin/bitcoin.spec
SRPM URL: http://jorti.fedorapeople.org/bitcoin/bitcoin-0.8.5-3.fc19.src.rpm
Comment 10 Warren Togami 2013-10-18 14:41:15 EDT
Regarding selinux ...

/etc/bitcoin(/.*)?              gen_context(system_u:object_r:bitcoin_conf_t,s0)
/usr/bin/bitcoind               --      gen_context(system_u:object_r:bitcoin_exec_t,s0)
/var/lib/bitcoin(/.*)?          gen_context(system_u:object_r:bitcoin_var_lib_t,s0)

1) Is this the only location where we want Bitcoin to have its configuration and data files?  It is also very common for users to run it where all of this stuff is in ~/.bitcoin/

2) bitcoin-qt (using the ~/.bitcoin) is unconfined?

3) Is it normal for packages to ship their own policy?
Comment 11 Warren Togami 2013-10-18 17:17:36 EDT
Currently bitcoind is not well suited to operate as a system service.

The user's bitcoind as a RPC client could hypothetically operate to control the system bitcoind, but that isn't true of the user's bitcoin-qt.  This makes operating bitcoind as a system service confusingly disjunct from the user's bitcoind and bitcoin-qt.  The user's bitcoind and bitcoin-qt are meant to operate on the same data files and wallet while a system bitcoind.

bitcoin 0.9 is planned to have key improvements that make it more suitable to use as system service.

Perhaps bitcoin 0.8 as packaged should ...

* Include a README.FEDORA in %doc explaining the current state of the package, how it is meant to be used.
* The entire selinux policy design should be thought through carefully to be able to handle the future expected uses of bitcoin.
* To handle today's normal use, the selinux policies should confine and permit usage of the standard ~/.bitcoin directory in homedirs.
* Perhaps the selinux policy should additionally handle the system service directories, even though it isn't commonly used yet.  Would that within the same policy weaken protection of the system service?
* For now do not include the .service file.  That would misleadingly suggest that running it as a system service is the normal method of operation.  Wait until changes come in 0.9 then reassess the situation.
* Put the .service file in installed examples documented by README.FEDORA so people know how to use the unsupported method of operation for now if they really want it.
Comment 12 Michael Hampton 2013-10-18 23:20:44 EDT
(In reply to Warren Togami from comment #10)
> Regarding selinux ...
> 
> /etc/bitcoin(/.*)?             
> gen_context(system_u:object_r:bitcoin_conf_t,s0)
> /usr/bin/bitcoind               --     
> gen_context(system_u:object_r:bitcoin_exec_t,s0)
> /var/lib/bitcoin(/.*)?         
> gen_context(system_u:object_r:bitcoin_var_lib_t,s0)
> 
> 1) Is this the only location where we want Bitcoin to have its configuration
> and data files?  It is also very common for users to run it where all of
> this stuff is in ~/.bitcoin/
> 
> 2) bitcoin-qt (using the ~/.bitcoin) is unconfined?

The only real interest that I have had expressed to me with respect to an SELinux policy was for securing it when running as a service. Nobody has yet expressed interest in having a policy for the GUI client, though I think this is a good idea anyway.

> 3) Is it normal for packages to ship their own policy?

It's normal when there is no SELinux policy already existing upstream for the package. For instance, see (possibly out of date) https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft

Ideally the policy should eventually go upstream into the reference policy/Red Hat policy.

(In reply to Warren Togami from comment #11)
> Currently bitcoind is not well suited to operate as a system service.
> 
> The user's bitcoind as a RPC client could hypothetically operate to control
> the system bitcoind, but that isn't true of the user's bitcoin-qt.  This
> makes operating bitcoind as a system service confusingly disjunct from the
> user's bitcoind and bitcoin-qt.  The user's bitcoind and bitcoin-qt are
> meant to operate on the same data files and wallet while a system bitcoind.

It's been my experience that very few people who are interested in running a system service also want to run the GUI client _on the same machine_. The usual use case here is a service operator who wants his code to talk to bitcoind via its API, and there's no GUI anywhere on the server. But, as you noted, bitcoind isn't very well suited to run as a system service. The FHS compliance patch and init script in my build address this, but not as well as could be done with more extensive changes.

> bitcoin 0.9 is planned to have key improvements that make it more suitable
> to use as system service.

I am definitely looking forward to this.

> Perhaps bitcoin 0.8 as packaged should ...
> 
> * Include a README.FEDORA in %doc explaining the current state of the
> package, how it is meant to be used.

This is a good idea and I'll put it in my next release.

> * The entire selinux policy design should be thought through carefully to be
> able to handle the future expected uses of bitcoin.
> * To handle today's normal use, the selinux policies should confine and
> permit usage of the standard ~/.bitcoin directory in homedirs.
> * Perhaps the selinux policy should additionally handle the system service
> directories, even though it isn't commonly used yet.  Would that within the
> same policy weaken protection of the system service?

The SELinux policy definitely needs more eyeballs. It's functional for what it does though. But I expect it will need some perhaps significant work for the 0.9 changes you alluded to, so I want to look at how 0.9 is shaping up first.

> * For now do not include the .service file.  That would misleadingly suggest
> that running it as a system service is the normal method of operation.  Wait
> until changes come in 0.9 then reassess the situation.
> * Put the .service file in installed examples documented by README.FEDORA so
> people know how to use the unsupported method of operation for now if they
> really want it.

This is a problem because if we don't install the init script, we can't update it later except by overwriting the user's manually installed init script. (And I want to switch this out for a systemd unit file soon, which would still be a pain for users to manually install. This will almost certainly wait for 0.9.) And if we remove it, then existing installations break after updating. Bad news both ways.
Comment 13 Gregory Maxwell 2013-10-22 04:49:35 EDT
Please close. The OpenSSL RPM in Fedora has now been re-hobbled to only use NIST endorsed curves (commit b3551463cafee86a63c60e294f754a8c5cddc37a), unlike the initial w/ EC OpenSSL RPM, and thus stock Fedora is unsuitable for Bitcoin.
Comment 14 Vasiliy Glazov 2013-10-22 05:38:49 EDT
Juan, can you add this package to rpmfusion repository? With needed ssl additions.
Comment 15 Peter Lemenkov 2013-10-22 05:57:11 EDT
(In reply to Vasiliy Glazov from comment #14)
> Juan, can you add this package to rpmfusion repository? With needed ssl
> additions.

I doubt that the package (along with its dependencies) of this complexity can make it to RPMFusion. And I didn't say anything about the further state, and support of the package there.
Comment 16 Juan Orti 2013-10-22 06:15:56 EDT
(In reply to Vasiliy Glazov from comment #14)
> Juan, can you add this package to rpmfusion repository? With needed ssl
> additions.

There should be available openssl-freeworld as a parallel installable library first.
I think this bug should be reopened:
https://bugzilla.rpmfusion.org/show_bug.cgi?id=2842
Comment 17 Gregory Maxwell 2013-10-22 06:33:54 EDT
Please do not defame Bitcoin by sticking it in some "freeworld" repository and suggesting that there is any patent concern unless you are willing to contact me (in private, if you like) with the patent numbers in particular you are concerned with.

The patent environments around the authentication we use has been carefully reviewed and there are no known concerns.  If RedHat is interested in only shipping NIST approved cryptography thats its decision to make, but please don't use this decision to suggest that there is any patent concern with Bitcoin. It's simply not true as far as anyone knows.
Comment 18 Bill McGonigle 2013-10-22 09:32:24 EDT
CANTFIX is a silly resolution while bug 1021898 is open.  The real current status of this bug is that there's a dependency on other unfinished work.  Drama or distro politics doesn't belong in a bug tracker.
Comment 19 Peter Lemenkov 2013-10-22 09:37:52 EDT
(In reply to Bill McGonigle from comment #18)
> CANTFIX is a silly resolution while bug 1021898 is open.  The real current
> status of this bug is that there's a dependency on other unfinished work. 
> Drama or distro politics doesn't belong in a bug tracker.

Agree. Let's reopen it.
Comment 20 Luke Macken 2015-08-13 10:12:58 EDT
The secp256k1 curve has now been enabled in our openssl package (#1021898), so I think we can finally move forward with this.
Comment 21 Itamar Reis Peixoto 2015-08-13 10:28:12 EDT
is this time for a copr build ? 

anyone willing to take the review ?
Comment 22 Juan Orti 2015-08-13 10:40:23 EDT
I'll have to refresh myself about this package, since I haven't looked at it since a lot of time ago.

If someone wants to take over it, I'll be thankful, because I won't have many free time in the near term. If some one is willing to take it, I can help comaintaining.
Comment 23 Michael Hampton 2015-08-13 10:51:29 EDT
I'm happy to take this over (as I'm already building these anyway) but it'll be a few days before I have something reviewable up, as I do want to test the new OpenSSL version carefully before doing anything else. And it still needs a FESCo exception for bundling libraries (mainly LevelDB), that needs to be taken care of as well.
Comment 24 Warren Togami 2015-08-13 13:08:35 EDT
I strongly suggest that I either take over the package or have last say in the package review.  I work on the upstream project and yes, we have a number of special security and safety hazard considerations that require discussion with FESCO because it falls outside the ordinary rules of the packaging guidelines.
Comment 25 Bill McGonigle 2015-08-13 18:37:55 EDT
I've been using Michael's packages for quite a while - +1. 

Fedora's model is to trust the packagers.  If there's not a 'make test' validation suite then perhaps that can be fixed upstream.  We shouldn't treat any software as magic and requiring particular people's blessings (not meant to dissuade any potential packagers, of course).  If the upstream code is right and the SPEC is right, the binary should work correctly (or one or both need fixing).

I might well prefer to build from source anyway for a given mtune; if there's ambiguity in the correctness of the build process that's going to be a large problem for many users.

Warren - do you want to take lead on the FESCO ticket?
Comment 26 Michael Hampton 2015-08-13 18:51:35 EDT
There are actually several different test suites that should be run, which validate various things. Some of them are non-obvious, some aren't enabled by default, and some require downloading a separate test suite.

I've made a draft package (cutting out all the old EL6 stuff since we can't build for it anymore) and I'll be submitting it here as soon as the openssl build lands in updates-testing and I can do koji scratch builds. But all the tests are passing for me locally.

I would be happy to pass off part or all of this work to Warren or another Bitcoin Core developer. In fact I'm quite happy that upstream is so closely involved; this is not a typical thing with most software projects. 

What is needed for a bundling exception is documented here: https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Exceptions

I would fill this out, but since upstream is involved I think it would be better for an upstream developer to do it, as they'll be able to better make the case for it.
Comment 27 Warren Togami 2015-08-13 22:56:25 EDT
Upstream has several major concerns about how to proceed here.  It is rather complex to the point that I need to draft several pages and get them to review it before approaching FESCo.

Please be patient and know that I am handling this.  This must not be rushed if you want Bitcoin to be safe.  It matters that we get this right in how Fedora and (and later EPEL) ships Bitcoin because a Fedora-specific bug could cause the entire world to fail due to the peculiar and relatively new field of consensus critical networks.
Comment 28 Warren Togami 2015-08-13 23:20:19 EDT
http://luke.dashjr.org/tmp/code/20130723-linux-distribution-packaging-and-bitcoin.md.asc
This was a 2013 note on the hazards of consensus.  This is not a mere hypothetical, paranoid concern.  It consensus already broke once due to leveldb in early 2013, and things got close to horribly wrong due to unexpected behaviors or bugs in openssl.

http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html

This is fixable and Fedora can feasibly ship Bitcoin safely.  We just need to fully communicate the issues between upstream Bitcoin and FESCo and decide on what we can do together.  More details forthcoming.
Comment 29 Warren Togami 2015-09-02 17:04:07 EDT
Sorry for the delay.  Long story short, upstream Bitcoin recommends extreme caution against shipping Bitcoin linked against the heavily patched openssl that Fedora uses.  Upstream openssl has proven to be buggy and hazardous to consensus due to unexpected behaviors on different architectures, and they do not have the bandwidth to doubly check bug-for-bug compatibility with another variant that is Fedora's openssl.

https://github.com/bitcoin/secp256k1
The next major release of Bitcoin within months will switch the consensus critical portion of secp256k1 ECDSA signing and validation to a super optimized and 2-year audited internal implementation that will be much safer.

The upstream recommendation is to HOLD on shipping Bitcoin in Fedora until the new version is available.  The possibility of breaking the Bitcoin network due to a large quantity of nodes having a subtly different rule is not only a hypothetical problem.  The security issue recently fixed in BIP66 would have been a way to break the network accidentally or intentionally.

There are other challenges in the build that will require discussion with FESCo.
Comment 30 Warren Togami 2015-09-24 13:39:33 EDT
http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-September/011182.html
Release schedule for Bitcoin Core 0.12
Comment 31 Warren Togami 2015-11-15 15:11:10 EST
https://fedoraproject.org/wiki/BITCOIN
See packaging and security notes
Comment 32 Bill McGonigle 2015-11-16 08:12:40 EST
> the binary output packaged must be identical when built by anyone. 

Are we having Fedora-level problems where this isn't always true?  I'm used to comparing md5sums when locally building to verify security-related packages.  Not super-recently, though; wondering if there's been breakage. We had issues dealing with ugly buildroots on CentOS 6, but I thought this was all straight at this point.

> There are other challenges in the build that will require discussion with FESCo.

can you outline those here?  We have folks on this bug who can help work those in parallel.
Comment 33 Warren Togami 2015-11-16 20:44:23 EST
>> the binary output packaged must be identical when built by anyone. 
> Are we having Fedora-level problems where this isn't always true?

When using mock to build a clean buildroot, given a set of N-V-R's the binary output must be identical as the same package built in an identical buildroot.  This would require build-time hacks beyond the usual 

>> There are other challenges in the build that will require discussion with FESCo.
> can you outline those here?

A few examples:
* The official file format of the wallet.dat is BDB4.  For this reason it MUST build against libdb4-devel.  It appears this is fine in Fedora, but RHEL7 ships only libdb4 without the -devel package, so we'd need an exception for EPEL.
* The leveldb/ directory of the source is a Bitcoin-specific fork of leveldb.  Upstream leveldb is abandoned as a project, and leveldb is consensus critical so it is unsafe to link it to an general distribution library maintained in a separate package that could differ from leveldb used by non-Fedora Bitcoin nodes.  FESCo would need to approve Bitcoin shipping its own fork of leveldb that is static linked in Bitcoin itself.
* libsecp256k1/ directory of the source is another consensus critical library static linked in Bitcoin.  FESCo must just allow Bitcoin to maintain and ship its own internal components, especially these components that are shipped in the Bitcoin source itself because they are consensus critical.
Comment 34 Sascha Spreitzer 2016-04-27 06:20:23 EDT
bitcoin (core) > 0.12 is released

Like to ask whether I can take over the maintainership of this package?

When you are reviewing this spec, please take a closer look on the crypto part.
Please also take a look on the daemon part as I dont feel fully comfortable about the %pre and %post steps. As well as that their maybe should be a daemon default config file?

Spec URL: https://raw.githubusercontent.com/sspreitzer/bitcoin-specs/master/bitcoin.spec
SRPM URL: https://kojipkgs.fedoraproject.org//work/tasks/1826/13821826/bitcoin-0.12.1-2.fc23.src.rpm
Description:
Bitcoin is an experimental new digital currency that enables instant
payments to anyone, anywhere in the world. Bitcoin uses peer-to-peer
technology to operate with no central authority: managing transactions
and issuing money are carried out collectively by the network. Bitcoin Core
is the name of the open source software which enables the use of this currency.

Fedora Account System Username: sspreitz
Comment 35 Juan Orti 2016-04-27 06:25:50 EDT
(In reply to Sascha Spreitzer from comment #34)
> Like to ask whether I can take over the maintainership of this package?

Sure. Thank you.
Comment 36 Warren Togami 2016-05-07 18:45:04 EDT
A few of the upstream Bitcoin Core project requests that Fedora reconsider shipping any Bitcoin package at all.  It is notable that Debian does not, and Ubuntu stopped shipping a bitcoin package a while ago.  Upstream has a new plan to address the needs of the leading deb and rpm distros that significantly reduces security risk for both the Linux distributions and the users.  I will be bring the reasons to FESCo as this is not a normal situation after the new plan has been implemented in code.  Sorry for the delays.
Comment 37 Sascha Spreitzer 2016-05-31 08:21:15 EDT
Please consider that in 0.12 the vital cryptograpic parts are shipped with the source:

[..]
-rw-r--r-- root/root      1057 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/COPYING
drwxr-xr-x root/root         0 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/include/
-rw-r--r-- root/root      1014 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/include/secp256k1_ecdh.h
-rw-r--r-- root/root     25771 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/include/secp256k1.h
-rw-r--r-- root/root      4700 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/include/secp256k1_recovery.h
-rw-r--r-- root/root      8302 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/include/secp256k1_schnorr.h
-rw-r--r-- root/root       322 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/libsecp256k1.pc.in
-rw-r--r-- root/root      3521 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/Makefile.am
-rw-r--r-- root/root     61657 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/Makefile.in
drwxr-xr-x root/root         0 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/
-rw-r--r-- root/root       944 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/basic-config.h
-rw-r--r-- root/root      1576 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/bench_ecdh.c
-rw-r--r-- root/root      1726 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/bench.h
-rw-r--r-- root/root     12623 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/bench_internal.c
-rw-r--r-- root/root      2022 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/bench_recover.c
-rw-r--r-- root/root      2462 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/bench_schnorr_verify.c
-rw-r--r-- root/root      1594 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/bench_sign.c
-rw-r--r-- root/root      2437 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/bench_verify.c
-rw-r--r-- root/root      1172 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/ecdsa.h
-rw-r--r-- root/root     10247 2016-01-01 01:00 bitcoin-0.12.1/src/secp256k1/src/ecdsa_impl.h
[..]

Thus bitcoin is now safe for packaging for distributions? Please raise this to the FESCo.
Comment 38 Warren Togami 2016-05-31 21:39:32 EDT
A few upstream developers were alarmed to hear how quickly Fedora releases are EOL'ed.  This is of concern because it is hazardous for unmaintained versions of Bitcoin to continue running after EOL.

There is a separate even bigger concern that it is very dangerous to have automatic updates of Bitcoin software.  Does Fedora infrastructure have options to further lock down the ability of insiders or hackers to push a trojan through the update process?  The scenario of a compromised auto-update leading to millions of dollars of losses is not a trivial risk when the incentive is very high.

For reasons like this Ubuntu and Debian do not distribute Bitcoin at all.

Upstream goes through extreme effort to build deterministic, bit-for-bit reproducible binaries that are verifiable as being identical to what others can build as added protection against the possibility of trojan distribution.  They are now in favor of upstream adding both rpm and deb outputs to distribute their existing deterministic binary.

So yes, upstream would strongly caution against Fedora distributing Bitcoin for the above reasons.  If Fedora insists on shipping Bitcoin then let us discuss how to mitigate the risks in ways like:

* Ship the upstream deterministic binary in an RPM.  This is very much against Fedora policy but this is the safest and easiest to maintain option.
* Make the build of Bitcoin within the Fedora build system deterministic and verifiable when compared to building it on an identical buildroot.
* Add additional safeguards to the update process to require a much higher threshold of review including build determinism testing.
Comment 39 Neal Gompa 2016-06-03 12:05:46 EDT
It might be worth considering exclusively offering Bitcoin in an out-of-band repository built somewhat differently. For example, perhaps building against EL7 and using that build for all Fedora targets along with EL7. Since it uses its own bundled crypto, I would suggest that's probably the best way to go. It might even be worth working with upstream to provide fully deterministic builds that would work for RPM based distributions, built from the Fedora infrastructure.
Comment 40 Alexandre Franke 2016-06-03 12:11:29 EDT
Has upstream considered building and distributing a Flatpak of Bitcoin? That would solve quite a few issues, including those exposed here.
Comment 41 Warren Togami 2016-10-13 00:50:56 EDT
Bitcoin is now getting close to building a self-hosted, general purpose deterministic toolchain.  This toolchain will eventually be buildable from any Linux distro, and using it in a controlled manner will allow building binaries that are bit-for-bit identical no matter what Linux system you built it upon.  I think this is the highest level of assurance we can realistically achieve in guarding against potential compromise.

When this toolchain is ready we'll be able to separately package it in Fedora and use it to build a Bitcoin RPM where the binary output could be identical to binaries that we build elsewhere.  It could be compared to be similar in concept to a cross-compilation toolchain.

Now it is a separate question if Fedora would allow special casing beyond the normal packaging guidelines to allow for the use of such a different build toolchain.

Another question is if Fedora will allow special casing to allow Bitcoin to ship with its own static linked copies of libraries that it maintains internally.  This is the only way it can achieve bit-for-bit determinism.

https://fedoraproject.org/wiki/Chromium
Historically Chromium was not allowed into Fedora because it relied upon Google maintained internal copies of libraries, but it seems this was allowed into Fedora August 2016.  Looking at the .spec it looks like Fedora must have allowed it in as a special case, as it ships its own internal Google-maintained libraries.  I wonder if they decided to just trust that the libraries maintained by the vendor are well cared for.

So perhaps this a good sign that Fedora may allow this crazy package to be built in a way that is compatible with upstream's security concerns.
Comment 42 Warren Togami 2016-10-13 00:59:25 EDT
Hmm, looking deeper at the chromium.spec it appears that we actually mostly rely on Fedora's libraries, so this isn't a good point of comparison.

I think given the upcoming deterministic toolchain we can at least hopefully look forward toward a COPR or maybe upstream yum/dnf repo.

There remains the concern that upstream is against automatic upgrades.  I don't have a good suggestion for dealing with this issue.
Comment 43 Simone Caronni 2016-10-13 07:45:40 EDT
(In reply to Warren Togami from comment #42)
> Hmm, looking deeper at the chromium.spec it appears that we actually mostly
> rely on Fedora's libraries, so this isn't a good point of comparison.

Am I missing something here? I see this in the chromium rpm:

bundled(NSBezierPath) = 1.0
bundled(SMHasher) = 0
bundled(angle) = 2422
bundled(bintrees) = 1.0.1
bundled(boringssl)
bundled(brotli)
bundled(bspatch)
bundled(cacheinvalidation) = 20150720
bundled(cardboard) = 0.5.4
bundled(colorama) = 799604a104
bundled(crashpad)
bundled(dmg_fp)
bundled(expat) = 2.1.0
bundled(fdmlibm) = 5.3
bundled(ffmpeg) = 2.6
bundled(fips181) = 2.2.3
bundled(fontconfig) = 2.11.0
bundled(gperftools) = svn144
bundled(gtk3) = 3.1.4
bundled(hunspell) = 1.3.2
bundled(iccjpeg)
bundled(icu) = 54.1
bundled(kitchensink) = 1
bundled(leveldb) = r80
bundled(libXNVCtrl) = 302.17
bundled(libaddressinput) = 0
bundled(libjingle) = 9564
bundled(libphonenumber) = svn584
bundled(libpng) = 1.6.22
bundled(libsrtp) = 1.5.2
bundled(libudis86) = 1.7.1
bundled(libvpx) = 1.4.0
bundled(libwebp) = 0.4.3
bundled(libyuv) = 1444
bundled(lzma) = 9.20
bundled(mesa) = 9.0.3
bundled(mozc)
bundled(mt19937ar) = 2002.1.26
bundled(ots) = 767d6040439e6ebcdb867271fcb686bd3f8ac739
bundled(protobuf) = r476
bundled(qcms) = 4
bundled(re2)
bundled(sfntly) = svn111
bundled(skia)
bundled(snappy) = r80
bundled(speech-dispatcher) = 0.7.1
bundled(sqlite) = 3.8.7.4
bundled(superfasthash) = 0
bundled(talloc) = 2.0.1
bundled(usrsctp) = 0
bundled(v8) = 4.5.103.35
bundled(webrtc) = 90usrsctp
bundled(woff2) = 445f541996fe8376f3976d35692fd2b9a6eedf2d
bundled(x86inc) = 0
bundled(xdg-mime)
bundled(xdg-user-dirs)
bundled(zlib) = 1.2.5

It bundles a lot of stuff that is already in Fedora.
Comment 44 Warren Togami 2016-10-13 20:31:20 EDT
OK thanks, I misunderstood what I was seeing.  I have not been keeping close tabs on Fedora dev in recent years.

https://fedoraproject.org/wiki/Bundled_Libraries
It seems that we have some hope for packaging this in a way that would be compatible with upstream's security concerns.  We now need to wait for the deterministic toolchain, demonstrate how it works, and then proceed to get approval for this.

Note You need to log in before you can comment on or make changes to this bug.