Armory 0.93.3 with BIP62 compliance

[coinbtm]

First off, thanks for all your work, past and hopefully future, on this wonderful project.

Humbly, may I request on behalf of mac users everywhere: If the steps are relatively simple to build the binaries as the other posters have mentioned, and correctly include the low/high-S patches, can we get one of the armory devs to please sign a pre-built app & place it in the secure uploader so cold storage will still be accessible to a mac online armory version?

...otherwise it requires lot of jumping through VM hoops.
Thanks!

[1713987189]

1713987189

[1713987189]

1713987189

[1713987189]

1713987189

[bitsolutions]

First off, thanks for all your work, past and hopefully future, on this wonderful project.

Humbly, may I request on behalf of mac users everywhere: If the steps are relatively simple to build the binaries as the other posters have mentioned, and correctly include the low/high-S patches, can we get one of the armory devs to please sign a pre-built app & place it in the secure uploader so cold storage will still be accessible to a mac online armory version?

...otherwise it requires lot of jumping through VM hoops.
Thanks!

Yeah, I think they should try and do that soon before someone else releases a potentially backdoored binary. If you happen to trust me I can PM you the one I built but it's bad practice to trust binary files from random people on the internet.

[Carlton Banks]

First off, thanks for all your work, past and hopefully future, on this wonderful project.

Humbly, may I request on behalf of mac users everywhere: If the steps are relatively simple to build the binaries as the other posters have mentioned, and correctly include the low/high-S patches, can we get one of the armory devs to please sign a pre-built app & place it in the secure uploader so cold storage will still be accessible to a mac online armory version?

...otherwise it requires lot of jumping through VM hoops.
Thanks!

Yeah, I think they should try and do that soon before someone else releases a potentially backdoored binary. If you happen to trust me I can PM you the one I built but it's bad practice to trust binary files from random people on the internet.

A pull request with the changes needed to get the build working could be submitted to the Armory github. It can only be rejected, so not much to lose in trying.

[bitsolutions]

A pull request with the changes needed to get the build working could be submitted to the Armory github. It can only be rejected, so not much to lose in trying.

As I mentioned earlier in this thread I've already done that, it is #315.

[Carlton Banks]

A pull request with the changes needed to get the build working could be submitted to the Armory github. It can only be rejected, so not much to lose in trying.

As I mentioned earlier in this thread I've already done that, it is #315.

My apologies, I do that sort of thing sometimes. I'll try to keep the noise down

[goatpig]

I've reviewed the code. Looks kosher (I'm no OSX specialist). I'll drop a word to etotheipi. I won't merge it in myself, because chain of command.

[picobit]

It would be nice to see this version appear on the Armory home page, since it is a very important compatibility fix.

[bitsolutions]

Since this seems to be taking a while I'm going to post my OSX build here before someone tries to release something with a backdoor.

Edit: Download removed since there is an official release.

[Plento]

Since this seems to be taking a while I'm going to post my OSX build here before someone tries to release something with a backdoor.

Download armory_0.93.3_osx.tar.gz
MD5: a086fb85547eecc0369d9d2f2fd67b6c
SHA1: ef3f6692b8eaa2132d678592de729850a7e39c4d
SHA256: f227d7d54971ba2747dce4a0722774d48f905c7eba74c74bc7a3bff5726b09e7

No offence if you're a dev, but how can we be sure you didn't just post a malcious file?
Can someone run something?

If it's clean, which it probably is, thank you.

[coinbtm]

I've reviewed the code. Looks kosher (I'm no OSX specialist). I'll drop a word to etotheipi. I won't merge it in myself, because chain of command.

With respect for chain of command, it's been quite a few days now.... Mac users everywhere would be very much appreciated if there was at least one last officially compiled binary update to take care of the high/low-S patch

...Please consider elevating the priority of this request...

[Roy Badami]

Dumb github question, but is there as easy way to apply a pull request to a local clone of the git repo?  I can't even figure out how to download a pull request as a unified diff, let alone how to pull it properly with git.

The github help tells me to browse to the pull request and click "command line" but I don't see such a link.

EDIT: And many thanks to bitsolutions for doing (and sharing) the necessary work - and of course to Alan and goatpig and all at ATI for their continuing work on Armory!

EDIT^2: I'm also being dumb as there's no way (I think) to download the actual pull request that goatpig reviewed, since pull requests are mutable (for obvious reasons).  The change is small enough it's easy enough to review, though, so if you posted a diff that would be just as good.  I'm still curious as to the answer to my question, though.

EDIT^3: nm, I found a (good enough) answer that at least allows me to download the diff: browse to the pull request and then edit the URL to add ".patch" or ".diff" to the end of the URL   Ugh! Did I tell you I hate github?   EDIT^4: But .patch and .diff give different results  though (I don't think they're substantively different but am failing to see why both exist).  BTW, did I tell you I hate github?

[achow101]

Dumb github question, but is there as easy way to apply a pull request to a local clone of the git repo?  I can't even figure out how to download a pull request as a unified diff, let alone how to pull it properly with git.

The github help tells me to browse to the pull request and click "command line" but I don't see such a link.

EDIT: And many thanks to bitsolutions for doing (and sharing) the necessary work - and of course to Alan and goatpig and all at ATI for their continuing work on Armory!

EDIT^2: I'm also being dumb as there's no way (I think) to download the actual pull request that goatpig reviewed, since pull requests are mutable (for obvious reasons).  The change is small enough it's easy enough to review, though, so if you posted a diff that would be just as good.  I'm still curious as to the answer to my question, though.

EDIT^3: nm, I found a (good enough) answer that at least allows me to download the diff: browse to the pull request and then edit the URL to add ".patch" or ".diff" to the end of the URL   Ugh! Did I tell you I hate github?   EDIT^4: But .patch and .diff give different results  though (I don't think they're substantively different but am failing to see why both exist).  BTW, did I tell you I hate github?

Create a local branch which tracks the branch which is being merged in the pull request. At the top it will say something like "merge <branch 1> from <branch 2>". You want to clone and track branch 2 locally. Then you can merge it locally into your master.

[bitsolutions]

No offence if you're a dev, but how can we be sure you didn't just post a malcious file?
Can someone run something?

If it's clean, which it probably is, thank you.

I'm not part of the Armory development team but I am a developer/sysadmin. Yeah, there isn't really a way to know other than analyzing it I guess, that's why you should ideally compile it yourself. I built it from source though so it shouldn't have anything malicious.

[Carlton Banks]

No offence if you're a dev, but how can we be sure you didn't just post a malcious file?
Can someone run something?

If it's clean, which it probably is, thank you.

I'm not part of the Armory development team but I am a developer/sysadmin. Yeah, there isn't really a way to know other than analyzing it I guess, that's why you should ideally compile it yourself. I built it from source though so it shouldn't have anything malicious.

If Armory continued the Gitian development they were doing, this would be an ideal showcase for the power of that technology.

Temporarily dropping support for OS X is something I suggested once in the past, on the grounds that it seemed to hold ATI devs back when on the verge of an official version release, so I totally understand this decision. On the other hand, that leaves Mac users with the decision to aquire either new hardware or some virtulaisation software to run Armory on Linux. Not so great.

But Gitian support could've made this a sort of win-win. ATI could've dropped official builds for 0.93.3, and a whole load of users could (and demonstrably would) take on all the responsibility for building, signing and distributing an unofficial build fix. Depending on the source and/or who signs/public feedback, the typical user can feel confident that they're getting something they can use, and it's all the product of spontaneous self organisation.

[pf]

No more support for Mac/OSX:
Due to the high resource consumption of maintaining the Mac builds and lack of continued support from the Qt team for Qt4/PyQt4, we have no choice but to pull OSX support until we can upgrade Armory to Python3 and Qt5.

Are there any changes that would prevent me from compiling it myself for Mac/OSX?

Edit: Got it working and pull requested fixes for Qt. PM me if you want the binary I compiled.

Any chance you can write out the steps I can use to compile it myself for OS X? Thanks.

Just follow the instructions here with pull request #315.

Thanks, that worked like a charm to compile Armory 0.93.3 on OS X El Capitan. And sending transactions with Bitcoin Core 0.11.1 worked fine too. For those who are still a bit unsure, here are more detailed steps:

• Run "git clone git@github.com:jameshilliard/BitcoinArmory.git". Note this is not the official Armory repo. It contains the commit for the pull request #315 in the official repo. This commit has the needed fixes for making OS X building work.
• Checkout the commit cad8d2d39b11cbbe1c728bcd7895620eedb90141 from this repository.
• Follow these instructions to build it: https://github.com/etotheipi/BitcoinArmory/blob/master/osxbuild/osx_build_notes.txt

That's it. Worked great. Thanks again!

[Roy Badami]

Ok, so just reviewing bitsolution's changes, my one question for bitsolution (or anyone else who is Qt-savvy) is:

This change introduces a new dependency on qt-project.org.  I presume this is a trustworthy source, since there are existing references to qt-project.org in upstream - but they all seem to be commented out AFAICS, so it seems this change does involve trusting a new domain.

Could someone explain to me the relationship between qt-project.org and the Qt project/qt.io, as my Google fu is failing me?

Thanks,

roy

EDIT TO ADD: I'm absolutely not suggesting there is anything untoward going on here - I'm sure there isn't.  I'm just doing my due diligence and as Qt is not my area of expertese, I'm just trying to understand the provenance of the Qt code that bitsolutions is using.  As there are (currently usused) references to this source in the official Armory code, I expect this source is trustworthy, but I just want to understand why it's there before I run this.

[Roy Badami]

At the top it will say something like "merge <branch 1> from <branch 2>"

Thanks, knightdk, that's obvous now you explain it.  I was just looking for an obvious clickable link, I guess.

Although I also realise that if I just check out bitsoultions's branch, and also review the pull request on github at the time I do the checkout that tells me what changes I'm running - modulo the race condition that the branch (and pull request) could change as I'm checking it out.  But it is good enough for me.

[bitsolutions]

Ok, so just reviewing bitsolution's changes, my one question for bitsolution (or anyone else who is Qt-savvy) is:

This change introduces a new dependency on qt-project.org.  I presume this is a trustworthy source, since there are existing references to qt-project.org in upstream - but they all seem to be commented out AFAICS, so it seems this change does involve trusting a new domain.

Could someone explain to me the relationship between qt-project.org and the Qt project/qt.io, as my Google fu is failing me?

Thanks,

roy

EDIT TO ADD: I'm absolutely not suggesting there is anything untoward going on here - I'm sure there isn't.  I'm just doing my due diligence and as Qt is not my area of expertese, I'm just trying to understand the provenance of the Qt code that bitsolutions is using.  As there are (currently usused) references to this source in the official Armory code, I expect this source is trustworthy, but I just want to understand why it's there before I run this.

All I did there was fix a dead link, the URL pointed to a snapshot which didn't exist anymore so I just changed it to the regular release version(which is newer than the snapshot and is unlikely to be deleted anytime soon). The url was in the main repo, I just uncommented it and commented out the line that points to the snapshot(which was dead).

At the top it will say something like "merge <branch 1> from <branch 2>"

Thanks, knightdk, that's obvous now you explain it.  I was just looking for an obvious clickable link, I guess.

Although I also realise that if I just check out bitsoultions's branch, and also review the pull request on github at the time I do the checkout that tells me what changes I'm running - modulo the race condition that the branch (and pull request) could change as I'm checking it out.  But it is good enough for me.

Just check the commit hash, you can't change git history without changing the commit hash.

[Roy Badami]

All I did there was fix a dead link, the URL pointed to a snapshot which didn't exist anymore so I just changed it to the regular release version(which is newer than the snapshot and is unlikely to be deleted anytime soon). The url was in the main repo, I just uncommented it and commented out the line that points to the snapshot(which was dead).

Ok, just wondering why it's at qt-project.org.  If I google Qt, the main page is at qt.io, as are the download links I could find.

EDIT: Actually, I think download.qt-project.org and download.qt.io seem to take you to the same downloads; I think maybe they just changed the project's domain?

EDIT^2: Confirmed: http://download.qt-project.org/official_releases/qt/4.8/4.8.7/qt-everywhere-opensource-src-4.8.7.tar.gz and http://download.qt.io/official_releases/qt/4.8/4.8.7/qt-everywhere-opensource-src-4.8.7.tar.gz are binary identical.  Sorry for the noise.

[Roy Badami]

Just check the commit hash, you can't change git history without changing the commit hash.

True.  Though goatpig didn't quote the hash of the changeset they reviewed - and although pf quoted the hash, they didn't say whether they'd reviewed the changes.

Anyway, FWIW, I've briefly reviewed cad8d2d39b11cbbe1c728bcd7895620eedb90141 and all the changes seem fairly self-evidently benign.  (But of course, you shouldn't take my word for it unless you know/trust me.)

Just built it, and it seems to work.  (Not used it for any transactions yet, but it successfully built and scanned the databases and displays the correct balances...)

Thanks, bitsolutions, for your work on this - it's particularly valuable to me since I've just bought a new Mac laptop - mainly because two blockchains are now too large for my old one - and so would have found it incredibly frustrating if I could no longer use it for Armory anyway!  I'd tip you but you I don't know where to send the coins :-)

roy