f3cc445c87 Automated update to Github CI to rustc stable-1.86.0 (Update Stable Rustc Bot)
Pull request description:
Automated update to Github CI workflow `semver-checks.yml` by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action
ACKs for top commit:
tcharding:
ACK f3cc445c87
Tree-SHA512: 1111f912ed137de0b5a328ba5909bcbeb0b8d66e82bf8729e3e3a825c1ba73147fd19200e0c7018a97604535d199ee82b54f515feb83ccee2224cdd4a0a56756
b387b923c8 Update contributing guide re merging and CI (Tobin C. Harding)
Pull request description:
Lately we have had a bunch of new devs bumping PRs trying to get things merged. Everyone gets excited, no need to be too harsh on them. At least we can try to explain why we might be taking so long.
We (*cough* Andrew) runs a custom CI box that leads to slightly unusual merge behaviour in this repo if one is unaware of it.
Document our CI better and ask folk not to bump too much.
ACKs for top commit:
apoelstra:
ACK b387b923c810e72e4da1f538cecf3ac4c3369ddb; successfully ran local tests
Tree-SHA512: 96505714a444b3a3aa86a7e41de6fda954f40a444917a8066fc0c395ac4207a7f4ea310d8e2d7f76c2bfacc1db18047a26536d738c1f1b8bd17a9d09f87d3998
ebaf162a96 Add push_relative_lock_time() and deprecate push_sequence() (Erick Cestari)
Pull request description:
This pr improves the script builder API to better align with Bitcoin semantics when working with relative timelocks:
- Add `push_relative_lock_time()` method that takes a `relative::LockTime` parameter, which correctly represents the semantic meaning when working with CHECKSEQUENCEVERIFY
- Deprecate `push_sequence()` in favor of `push_relative_lock_time()` to avoid confusion between sequence numbers and relative timelocks
This addresses a potential confusion point in the API where developers might incorrectly push raw sequence numbers in scripts when what they actually need is to push a relative locktime value that will be checked against the transaction's sequence numbers by CHECKSEQUENCEVERIFY.
Closes#4301
ACKs for top commit:
apoelstra:
ACK ebaf162a962494329c6cb5f6d375a6a4a97fe83b; successfully ran local tests
tcharding:
ACK ebaf162a96
Tree-SHA512: 52c37b6e8bbcaa3f9346c5fd5db26eba69169bce13f915906df95fdc65204067fd75f803f8b5adad76978c9baad553c99281628736db4d1d317b149ab257d81f
Lately we have had a bunch of new devs bumping PRs trying to get things
merged. Everyone gets excited, no need to be too harsh on them. At least
we can try to explain why we might be taking so long.
We (*cough* Andrew) runs a custom CI box that leads to slightly unusual
merge behaviour in this repo if one is unaware of it.
Document our CI better and ask folk not to bump too much.
While we are at it remove the `API changes` section because we removed
the API files already.
From my reading of the new sanity rules (#4090) we should only have a
single constructor that accesses the inner field of the amount types.
Furthermore we have one const constructor inside the privacy boundry and
a couple outside.
Move the const constructors outside of the privacy boundry.
Internal change only.
Please note
The function being inside privacy boundary allows it to not have the
"runtime" check (most likely optimized-away after inlining). But if we
wanted to get rid of that check we should have _unchecked method
instead. But we don't want that (yet), since the check here will have
zero performance impact in optimized builds and it's not worth the
cost of dealing with unchecked constructors to optimize debug builds.
Recently I wrote a panic message that included the maximum value of an
integer however I used the max of a 16 bit value for both signed and
unsigned - this is incorrect.
Use the correct values for `u16::MAX` and `i16::MAX`.
157fe48dfd minor docstring fixups (planetBoy)
Pull request description:
ACKs for top commit:
apoelstra:
ACK 157fe48dfdc4029a0db63b393d8d9fd32a197e30; successfully ran local tests
Tree-SHA512: 29fe6168ff729f0f65f32a2c6ad28d45e36e0761cac4455b57b891f9c0bd2622db51a21b4961d33fa5a8934302eefca4a77c20732bf047e2721a5bc5d655c340
ab63ec9768 fix correction typos (Bilog WEB3)
Pull request description:
tesnet - testnet `fixed`
How may blocks - How many blocks `fixed`
ACKs for top commit:
apoelstra:
ACK ab63ec976845586d3616ebad6e211e93efba1e8d; successfully ran local tests
Tree-SHA512: 6e84cdc45973c7a9831a7cad4f408cb90dc5a9b01c3f929b4df7449b5719e7f9148ce308797d29e72caa3e1fd73e7ca645e27ae4598f18e133b49dc8f979b480
This commit improves the script builder API to better align with Bitcoin
semantics when working with relative timelocks:
- Add push_relative_lock_time() method that takes a relative::LockTime
parameter, which correctly represents the semantic meaning when working
with CHECKSEQUENCEVERIFY
- Deprecate push_sequence() in favor of push_relative_lock_time() to avoid
confusion between sequence numbers and relative timelocks
This addresses a potential confusion point in the API where developers
might incorrectly push raw sequence numbers in scripts when what they
actually need is to push a relative locktime value that will be checked
against the transaction's sequence numbers by CHECKSEQUENCEVERIFY.
6ba0e46b53 chore: remove unused serde_json dep (lfg2)
Pull request description:
checked by [shear](https://github.com/boshen/cargo-shear)
```
bitcoin_hashes -- hashes/Cargo.toml:
serde_json
Fixed 1 dependencies!
```
cargo +nightly build in local env is ok, local cargo.lock is ok(not include serde_json) so no need update cargo.lock
```
[[package]]
name = "bitcoin_hashes"
version = "0.16.0"
dependencies = [
"bitcoin-internals",
"hex-conservative 0.3.0",
"serde",
"serde_test",
]
```
but check CI seems need update
`error: the lock file /home/runner/work/rust-bitcoin/rust-bitcoin/Cargo.lock needs to be updated but --locked was passed to prevent this
If you want to try to generate the lock file without accessing the network, remove the --locked flag and use --offline instead.`
ACKs for top commit:
Kixunil:
ACK 6ba0e46b53
apoelstra:
ACK 6ba0e46b53fbc9d6ea0c3e23a553920581930e75; successfully ran local tests
Tree-SHA512: 68a444e05876733af9606d4489ca30a18c9d3439dedf932e40db67dcfdb5ae40ab0f8cf937146f6b1ef92edc626dcb27a441b63c283e6945aa8071500bcc43a4
51d3a83891 updated and corrected links CHANGELOG.md (Bilog WEB3)
Pull request description:
Hey , I read through the whole `CHANGELOG.md` and fixed all the links + adjusted some
ACKs for top commit:
apoelstra:
ACK 51d3a83891395195fb89ae8590addded7efb4871; successfully ran local tests
Kixunil:
ACK 51d3a83891
Tree-SHA512: d36f38dd4b4fb83e615a3cdfe5efdbec5418283b53b09a0e7f288d88711626123c3e1dd5d3dac151186a4592dfbbaa26c90e4d409ed9f1cbf2116292979c3e20
89d61304af chore: remove needless question mark (lfgtwo)
Pull request description:
There’s no reason to use ? to short-circuit when execution of the body will end there anyway.
ACKs for top commit:
apoelstra:
ACK 89d61304af8e05757e5ce3d57497ddbef716674e; successfully ran local tests; sure
Kixunil:
ACK 89d61304af
Tree-SHA512: ac266c9e1d5104c1cb05488a6f3d8d5710e53a17a678ceff7a8a53f839683c3c55e5d229c2df132b0338580f53340686c0c8c554852787c0ead1225b0ef790fa
2d9e240fb6 [hashes] Use `fixed_time_eq` for `Hmac::eq` (Matt Corallo)
7ac7273013 [hashes] Disable fixed-time equality cmp when building for fuzzers (Matt Corallo)
Pull request description:
Fuzzers want to break memcmp calls into separate comparisons for coverage monitoring, allowing them to not-quite-brute-force find inputs that fully match. Thus, we disable our fancy fixed-time comparison when built with the `hashes_fuzz` cfg.
ACKs for top commit:
Kixunil:
ACK 2d9e240fb6
apoelstra:
ACK 2d9e240fb6ae13e6139713f9bb8ccb51e5dc0bff; successfully ran local tests
Tree-SHA512: 372e344ae5497a10ca03a50baadb9d2e8a6dac914bbc4ca91fd5c9b839fb036f42c8b47c252ca3466c15286e889a6f5b51390cc0d938ba24dc50b13e8b863463
7b193b5125 fix err P2WPKH to P2WSH (planetBoy)
Pull request description:
The correction is important because “P2WPK” is not a valid name. In the BIP141 specifications, the correct terms are “P2WPKH” and “P2WSH”.
ACKs for top commit:
Kixunil:
ACK 7b193b5125
apoelstra:
ACK 7b193b5125336263f672f2e2c69447cc3ae58926; successfully ran local tests
Tree-SHA512: 951bcde2c28e2086a69043c1ed27bde0935df0918f418c5f6f89ed476ba9e182e99eec545a438f79ca4e1704ce496d443b5bc9e368a53dd583a884f1da405865
492073f288 Strengthen the type of `taproot_control_block()` (Martin Habovstiak)
e8a42d5851 Unify/reduce usage of `unsafe` (Martin Habovstiak)
d42364bd9d Swap around the fields in `Address` (Martin Habovstiak)
7a115e3cf1 Make `Address` obey sanity rules (Martin Habovstiak)
bc6da1fe07 Swap around the fields in `sha256t::Hash` (Martin Habovstiak)
8ee088df74 Make `sha256t` obey sanity rules (Martin Habovstiak)
Pull request description:
Well, I thought this PR will be just the last commit... 😅
Anyway, this implements a bunch of changes to allow returning `ControlBlock` from `Witness` method(s). One cool side effect is that this PR also reduces the number of `unsafe` blocks.
ACKs for top commit:
apoelstra:
ACK 492073f28876406f8fe5a07a8a2495c8e0ba1fb3; successfully ran local tests
Tree-SHA512: 11979517cc310abf25644fc93a75deccacae66af8ba2d9b4011fdc3f414b15fac7e748399c7eef492ca850c11b7aacc3f24ec46fccf95e6d57a400212979637e
When someone is checking if an `Hmac` is equal to some other
`Hmac`, its fairly common for them to be doing a
constant-time-ness-sensitive operation. Thus, here we default to
our existing `fixed_time_eq` method for `PartialEq` on `Hamc`,
rather than the naive Rust slice comparison.
While we should consider doing the same for all hash types, we do
not yet do so here.
2867a7074f chore: fix some typos in comment (todaymoon)
Pull request description:
I fix some typos in the comments to improve readability.
ACKs for top commit:
apoelstra:
ACK 2867a7074ffef9c77d0a660d788b30d9afaf7494; successfully ran local tests
Tree-SHA512: 64a418b36443b0c1fd653cfc66fb35c13fafd0f3dff388df365ded35a83b759c5a6a3565add626f7d9813f3985019df92635fb18acd1893e453e02687717de18
f15e461baf Add an exclusion for a mutant in a deprecated fn (Jamil Lambert, PhD)
9a2b56f381 Modify test in Amount to kill mutants (Jamil Lambert, PhD)
1d1cf00b1e Add test to BlockTime to kill mutants (Jamil Lambert, PhD)
Pull request description:
Weekly mutation testing found mutants in `Amount` and `BlockTime`.
Add a test to `BlockTime`.
Add two asserts to `Amount` tests.
Exclude deprecated function from mutation testing.
Closes#4225, #4243, #4278
ACKs for top commit:
apoelstra:
ACK f15e461baf463da0bf9d89018180c1d5032106c1; successfully ran local tests
Tree-SHA512: 18a405362db1b2eabac7c7ac01a56d306a1bf5f705626b5c217ec329e6420daa2f2e62b37c72537f29b7ee76b9fd795adde2da71b226fec3a74d0f25dca6cd96
Fuzzers want to break memcmp calls into separate comparisons for
coverage monitoring, allowing them to not-quite-brute-force find
inputs that fully match. Thus, we disable our fancy fixed-time
comparison when built with the `hashes_fuzz` cfg.
The type returned by `Witness::taproot_control_block()` was just `&[u8]`
which wasn't very nice since users then had to manually decode it which
so far also required allocation. Thanks to previous improvements to
`ControlBlock` it is now possible to return a `ControlBlock` type
directly.
To avoid expensive checks, this change adds a new type
`SerializedXOnlyPublicKey` which is a wrapper around `[u8; 32]` that is
used in `ControlBlock` if complete checking is undesirable. It is then
used in the `ControlBlock` returned from
`Witness::taproot_control_block`. Users can still conveniently validate
the key using `to_validated` method.
It then uses this type in the recently-added `P2TrSpend` type. As a side
effect this checks more properties of `Witness` when calling unrelated
methods on `Witness`. From correctness perspective this should be OK: a
witness obtained from a verified source will be correct anyway and, if
these checks were done by the caller, they can be removed.
From performance perspective, if the `Witness` was obtained from a
verified source (e.g. using Bitcoin Core RPC) these checks are wasted
CPU time. But they shouldn't be too expensive, we already avoid
`secp256k1` overhead and, given that they always succeed in such case,
they should be easy to branch-predict.
Since the introduction of `Script` `unsafe` started slowly creeping in
as more types with similar semantics were added. The `unsafe` in these
cases is just for trivial conversions between various pointer-like
types. As such, it's possible to move these into a single macro that
takes care of the conversions at one place and avoid repeating the same
`unsafe` code in the codebase. This decreases the cost of audits which
now only need to happen in `internals`, focuses any changes to happen in
that single macro and decreases the chance that we will mess up
similarly to the recent `try_into().expect()` issue (but this time with
UB rather than panic).
The new macro accepts syntax very similar to the already-existing struct
declarations with these differences:
* The struct MUST NOT have `#[repr(transparent)]` - it's added by the
macro
* If the struct uses `PhantomData` it must be the first field and the
real data must be the second field (to allow unsized types).
* The struct must be immediately followed by an impl block containing at
least on conversion function.
* If the struct has generics the impl block has to use the same names of
generics.
* The conversion functions don't have bodies (similarly to required
trait methods) and have a fixed set of allowed signatures.
* Underscore (`_`) must be used in place of the inner type in the
conversion function parameters.
The existing code can simply call the macro with simple changes and get
the same behavior without any direct use of `unsafe`. This change
already calls the macro for all relevant existing types. There are still
some usages left unrelated to the macro, except one additional
conversion in reverse direction on `Script`. It could be moved as well
but since it's on a single place so far it's not really required.
9a572dabde refactor: use path dependencies for workspace members in bitcoin/Cargo.toml (Eval EXEC)
Pull request description:
This PR want to:
1. make all workspace members use `workspace = true` syntax to import dependencies.
2. use `path = [balabala]` to define dependencies, instead of useing `[patch.crates-io.balabala]` , fix: https://github.com/rust-bitcoin/rust-bitcoin/issues/4283
ACKs for top commit:
Kixunil:
ACK 9a572dabde
apoelstra:
ACK 9a572dabdeb077f96b2ab66be1a80fcec3e805e3; successfully ran local tests
Tree-SHA512: 834ef881ed3fd324a9ecca440e8e591984a7e474eb6aeab86a0301cbd08b6dc96ecdc34b306ad146b11b50f7488024c289b8f8c7c6de1a2bdba7aec515b722ee
e966335447 chore: remove explicit into iteration (jike)
Pull request description:
```
warning: it is more concise to loop over containers instead of using explicit iteration methods
--> bitcoin/src/psbt/serialize.rs:209:21
|
209 | for cnum in self.1.into_iter() {
| ^^^^^^^^^^^^^^^^^^ help: to write this more concisely, try: `&self.1`
```
ACKs for top commit:
Kixunil:
ACK e966335447
apoelstra:
ACK e9663354476b0b9b2ec52ce034de5ab9223f9d29; successfully ran local tests
Tree-SHA512: 32fced1a5aba2caa6e48a2e586bf00dcf3d4b82b6b530d9c7f535b530737a40e24d5c05a7cea40747df4c7c4698ec141683b9416583b185b1ff6461f3c8f667f
fb29aadc47 Remove bip158 types from crate root (Tobin C. Harding)
Pull request description:
BIP-158 (Compact Block Filters for Light Clients) is not so common as to require re-exorting its types at the crate root - remove them.
ACKs for top commit:
apoelstra:
ACK fb29aadc47367ba8579f0004e97cd1fd7fd8236f; successfully ran local tests
Kixunil:
ACK fb29aadc47
Tree-SHA512: 8a2edaad858b18feded8cc9e1d15f03a76980bd41524fa34b91b4055b236788c6d828940c6293e086a8c8e33baadc5765a1a60920513fdff2de22e9d94c0e541
280eb2239a io: Remove the impl_write macro (Tobin C. Harding)
Pull request description:
We have found calling macros from other crates to be error prone, especially when they involve feature gates. Furthermore the `impl_write` macro is trivial to write, users can just write it in the crate that needs it.
Lets just remove the macro. While we are at it point users to the examples in `bitcoin/examples/io.rs` for usage of the `io` crate.
Close: #3872
ACKs for top commit:
Kixunil:
ACK 280eb2239a
apoelstra:
ACK 280eb2239a2fcaa83a35ae6fb1ce62fe35a1e222; successfully ran local tests
Tree-SHA512: 62766ff6e4b5f3fae2d6214e87bd90c15b3103248effd4399a070ac831473b0288e599eed2377c08d2b7eca263220f172c8399a607756793477f82d3dc8f1b67
84bee2f7b0 Simplify `Witness` construction in tests (Martin Habovstiak)
3551ec2c69 Don't access internalls of `Witness` in tests (Martin Habovstiak)
c8078360d2 Impl `PartialEq` between `Witness` and containers (Martin Habovstiak)
587a66da47 Add a bunch of missing conversions for `Witness` (Martin Habovstiak)
Pull request description:
This is supposed to go in front of #4250
`Witness` lacked a bunch of APIs that were making it harder to use and test, so this also adds them in addition to cleaning up tests. (I only realized they are missing when I tried to clean up tests and got a bunch of errors.)
ACKs for top commit:
tcharding:
ACK 84bee2f7b0
apoelstra:
ACK 84bee2f7b06a7bd1f435aaad18fa76a15188326e; successfully ran local tests
Tree-SHA512: 7973f2a56b070babba7b4c632f45858154ccd00f8e77956ad2d28cb66e1fd18ff60d92c031ba3b76d0958e4acd34adfca10607fa26ec569dfd52ba1c1e2c79eb
3ae21d5111 Use impl_add/sub_assign for block interval (Tobin C. Harding)
9d55922952 Use impl_op_for_references for block height/interval (Tobin C. Harding)
f5e17914b6 Move Assign impls together (Tobin C. Harding)
cc66838e80 units: Remove unnecessary code comments (Tobin C. Harding)
Pull request description:
Improve the ops impls in the `block` module using the already present macros.
ACKs for top commit:
apoelstra:
ACK 3ae21d5111444f5e01f6cfb1a2b9b314f66418a3; successfully ran local tests; nice!
Tree-SHA512: 6565426a06bb47d337d21cf5c59acca43e69228dbec8319fc95373025d220d8ec6273c54f214f312c4229603c455d08e4c6a8c108663c6db5086df36266979de
e744347022 Make usage of Self and type uniform across both modules (Erick Cestari)
dfb49f014c Rename impl_try_from_array to impl_from_array (Erick Cestari)
Pull request description:
This PR makes two main changes:
1. Standardizes the function signatures in the `Amount` and `SignedAmount` implementations by consistently using `Self` as the return type instead of the concrete type names. This improves code consistency, maintainability, and follows Rust's idiomatic practices.
2. Renames `impl_try_from_array` to `impl_from_array` to better reflect its functionality.
### Changes
**Consistent usage of Self instead of concrete types**
- Replace all occurrences of `-> Amount` with `-> Self `in unsigned.rs
- Replace all occurrences of `-> SignedAmount` with `-> Self` in signed.rs
- Make similar replacements for Option/Result return types
- Use `Self::` instead of explicit type name for static method calls
**Function rename**
Renamed `impl_try_from_array` to `impl_from_array` for better clarity
### Related Issues
Closes#4210Closes#4241
ACKs for top commit:
Kixunil:
ACK e744347022
tcharding:
ACK e744347022
apoelstra:
ACK e744347022d1ad1e0ca0a83ec9350501af08297b; successfully ran local tests
Tree-SHA512: 3113f3ccf595b298afe6b23514f1de790284df7fcb55a13658aabe3ef4fcea0e401b65b0a2c67ac18da87a1bcd247bd1f1484856fe03470b98dfa2614958a3bb
069d2fd07e Add XOnlyPublicKey support for PSBT key retrieval and improve Taproot signing (Erick Cestari)
Pull request description:
The `bip32_sign_schnorr` function was previously only attempting to retrieve private keys using `KeyRequest::Bip32`, which limited the ability to sign Taproot inputs with key maps that don't support BIP32 derivation paths.
## Changes
- Added new `KeyRequest::XOnlyPubkey` variant to support direct retrieval using XOnly public keys
- Implemented `GetKey` for `HashMap<XOnlyPublicKey, PrivateKey>` for more efficient Taproot key management
- Modified `HashMap<PublicKey, PrivateKey>` implementation to handle XOnlyPublicKey requests by checking both even and odd parity variants
- Added comprehensive tests for both key map implementations
These improvements enable wallet implementations to store keys indexed by either `PublicKey` or `XOnlyPublicKey` and successfully sign PSBTs.
Closes#4150
ACKs for top commit:
Kixunil:
ACK 069d2fd07e
apoelstra:
ACK 069d2fd07e7d6dad1401fce6ab28ab1dc9f3c60f; successfully ran local tests
Tree-SHA512: 0ae07309b772f1a53e7da45073f7e2337cc332ab2335925d623d0e1ad1503aab77673bbbd64e5533ae7fc8d57f3577db0ae7ac3b05279de92d3b34ab8eeae90f
There's a restriction that for structs containing unsized types the
unsized type has to be the last field. `Address` is not an unsize type
but we are going to introduce a macro that will assume this order to
work equally well with both sized and unsized types. Thus we swap it
upfront here.
Update Nightly Rustc Bot
merge-script
merge-script
planetBoy
Bilog WEB3
Erick Cestari
lfg2
Matt Corallo
Martin Habovstiak
VolodymyrBg
Eval EXEC
todaymoon
Jamil Lambert, PhD
jike