backport: bitcoin#17127, #23810, #25867, #26226, #26705, #26904, #26956, #27081, bitcoin-core/gui#653, partial bitcoin#15294

ci/test/04_install.sh

@@ -81,6 +81,9 @@ if [[ $DOCKER_NAME_TAG == *centos* ]]; then
   CI_EXEC_ROOT yum -y install epel-release
   CI_EXEC_ROOT yum -y install "$DOCKER_PACKAGES" "$PACKAGES"
 elif [ "$CI_USE_APT_INSTALL" != "no" ]; then
+  if [[ -n "${APPEND_APT_SOURCES_LIST}" ]]; then
+    CI_EXEC_ROOT echo "${APPEND_APT_SOURCES_LIST}" >> /etc/apt/sources.list
+  fi
   ${CI_RETRY_EXE} CI_EXEC_ROOT apt-get update
   ${CI_RETRY_EXE} CI_EXEC_ROOT apt-get install --no-install-recommends --no-upgrade -y "$PACKAGES" "$DOCKER_PACKAGES"
 fi

contrib/devtools/clang-format-diff.py

@@ -146,7 +146,7 @@ def main():
                          stdout=subprocess.PIPE,
                          stderr=None,
                          stdin=subprocess.PIPE,
-                         universal_newlines=True)
+                         text=True)
     stdout, stderr = p.communicate()
     if p.returncode != 0:
       sys.exit(p.returncode)

contrib/devtools/gen-manpages.py

@@ -23,7 +23,7 @@
 # If not otherwise specified, get top directory from git.
 topdir = os.getenv('TOPDIR')
 if not topdir:
-    r = subprocess.run([git, 'rev-parse', '--show-toplevel'], stdout=subprocess.PIPE, check=True, universal_newlines=True)
+    r = subprocess.run([git, 'rev-parse', '--show-toplevel'], stdout=subprocess.PIPE, check=True, text=True)
     topdir = r.stdout.rstrip()
 
 # Get input and output directories.
@@ -36,7 +36,7 @@
 for relpath in BINARIES:
     abspath = os.path.join(builddir, relpath)
     try:
-        r = subprocess.run([abspath, "--version"], stdout=subprocess.PIPE, check=True, universal_newlines=True)
+        r = subprocess.run([abspath, "--version"], stdout=subprocess.PIPE, check=True, text=True)
     except IOError:
         print(f'{abspath} not found or not an executable', file=sys.stderr)
         sys.exit(1)

contrib/devtools/github-merge.py

@@ -306,7 +306,7 @@ def main():
                 print(range_diff_output.decode('utf-8'))
             try:
                 subprocess.check_call([GIT,'log','--graph','--topo-order','--pretty=format:'+COMMIT_FORMAT])
-            except:
+            except Exception:
                 pass
             review_reply = ask_prompt("Do you want to continue with force push? Type 'yes' to continue or anything else to abort.").lower()
             if review_reply != 'yes':

contrib/devtools/optimize-pngs.py

@@ -50,7 +50,7 @@ def content_hash(filename):
             try:
                 subprocess.call([pngcrush, "-brute", "-ow", "-rem", "gAMA", "-rem", "cHRM", "-rem", "iCCP", "-rem", "sRGB", "-rem", "alla", "-rem", "text", file_path],
                                 stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
-            except:
+            except Exception:
                 print("pngcrush is not installed, aborting...")
                 sys.exit(0)
 

contrib/devtools/security-check.py

@@ -34,7 +34,7 @@ def check_ELF_RELRO(binary) -> bool:
         flags = binary.get(lief.ELF.DYNAMIC_TAGS.FLAGS)
         if flags.value & lief.ELF.DYNAMIC_FLAGS.BIND_NOW:
             have_bindnow = True
-    except:
+    except Exception:
         have_bindnow = False
 
     return have_gnu_relro and have_bindnow

contrib/devtools/test-security-check.py

@@ -41,7 +41,7 @@ def env_flags() -> List[str]:
 
 def call_security_check(cxx, source, executable, options):
     subprocess.run([*cxx,source,'-o',executable] + env_flags() + options, check=True)
-    p = subprocess.run([os.path.join(os.path.dirname(__file__), 'security-check.py'), executable], stdout=subprocess.PIPE, universal_newlines=True)
+    p = subprocess.run([os.path.join(os.path.dirname(__file__), 'security-check.py'), executable], stdout=subprocess.PIPE, text=True)
     return (p.returncode, p.stdout.rstrip())
 
 def get_arch(cxx, source, executable):

contrib/devtools/test-symbol-check.py

@@ -23,7 +23,7 @@ def call_symbol_check(cxx: List[str], source, executable, options):
         env_flags += filter(None, os.environ.get(var, '').split(' '))
 
     subprocess.run([*cxx,source,'-o',executable] + env_flags + options, check=True)
-    p = subprocess.run([os.path.join(os.path.dirname(__file__), 'symbol-check.py'), executable], stdout=subprocess.PIPE, universal_newlines=True)
+    p = subprocess.run([os.path.join(os.path.dirname(__file__), 'symbol-check.py'), executable], stdout=subprocess.PIPE, text=True)
     os.remove(source)
     os.remove(executable)
     return (p.returncode, p.stdout.rstrip())

contrib/devtools/update-translations.py

@@ -56,7 +56,7 @@ def find_format_specifiers(s):
             break
         try:
             specifiers.append(s[percent+1])
-        except:
+        except Exception:
             print('Failed to get specifier')
         pos = percent+2
     return specifiers

contrib/macdeploy/macdeployqtplus

@@ -185,7 +185,7 @@ def getFrameworks(binaryPath: str, verbose: int) -> List[FrameworkInfo]:
     objdump = os.getenv("OBJDUMP", "objdump")
     if verbose:
         print(f"Inspecting with {objdump}: {binaryPath}")
-    output = run([objdump, "--macho", "--dylibs-used", binaryPath], stdout=PIPE, stderr=PIPE, universal_newlines=True)
+    output = run([objdump, "--macho", "--dylibs-used", binaryPath], stdout=PIPE, stderr=PIPE, text=True)
     if output.returncode != 0:
         sys.stderr.write(output.stderr)
         sys.stderr.flush()

doc/developer-notes.md

@@ -110,6 +110,10 @@ code.
   - `nullptr` is preferred over `NULL` or `(void*)0`.
   - `static_assert` is preferred over `assert` where possible. Generally; compile-time checking is preferred over run-time checking.
   - Align pointers and references to the left i.e. use `type& var` and not `type &var`.
+  - Use a named cast or functional cast, not a C-Style cast. When casting
+    between integer types, use functional casts such as `int(x)` or `int{x}`
+    instead of `(int) x`. When casting between more complex types, use static_cast.
+    Use reinterpret_cast and const_cast as appropriate.
   - Prefer [`list initialization ({})`](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Res-list) where possible.
     For example `int x{0};` instead of `int x = 0;` or `int x(0);`
 

doc/init.md

@@ -69,7 +69,7 @@ NOTE: When using the systemd .service file, the creation of the aforementioned
 directories and the setting of their permissions is automatically handled by
 systemd. Directories are given a permission of 710, giving the dashcore user and group
 access to files under it _if_ the files themselves give permission to the
-dashcore user and group to do so (e.g. when `-sysperms` is specified). This does not allow
+dashcore user and group to do so. This does not allow
 for the listing of files under the directory.
 
 NOTE: It is not currently possible to override `datadir` in

share/rpcauth/rpcauth.py

@@ -4,22 +4,20 @@
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 from argparse import ArgumentParser
-from base64 import urlsafe_b64encode
 from getpass import getpass
-from os import urandom
-
+from secrets import token_hex, token_urlsafe
 import hmac
 
 def generate_salt(size):
     """Create size byte hex salt"""
-    return urandom(size).hex()
+    return token_hex(size)
 
 def generate_password():
     """Create 32 byte b64 password"""
-    return urlsafe_b64encode(urandom(32)).decode('utf-8')
+    return token_urlsafe(32)
 
 def password_to_hmac(salt, password):
-    m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
+    m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256')
     return m.hexdigest()
 
 def main():
@@ -38,8 +36,8 @@ def main():
     password_hmac = password_to_hmac(salt, args.password)
 
     print('String to be appended to dash.conf:')
-    print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
-    print('Your password:\n{0}'.format(args.password))
+    print(f'rpcauth={args.username}:{salt}${password_hmac}')
+    print(f'Your password:\n{args.password}')
 
 if __name__ == '__main__':
     main()

src/Makefile.am

@@ -946,8 +946,9 @@ libbitcoin_common_a_SOURCES = \
   protocol.cpp \
   psbt.cpp \
   rpc/evo_util.cpp \
-  rpc/rawtransaction_util.cpp \
   rpc/external_signer.cpp \
+  rpc/rawtransaction_util.cpp \
+  rpc/request.cpp \
   rpc/util.cpp \
   saltedhasher.cpp \
   scheduler.cpp \
@@ -982,7 +983,6 @@ libbitcoin_util_a_SOURCES = \
   messagesigner.cpp \
   random.cpp \
   randomenv.cpp \
-  rpc/request.cpp \
   stacktraces.cpp \
   support/cleanse.cpp \
   sync.cpp \
@@ -1082,6 +1082,7 @@ endif
 dash_cli_LDADD = \
   $(LIBBITCOIN_CLI) \
   $(LIBUNIVALUE) \
+  $(LIBBITCOIN_COMMON) \
   $(LIBBITCOIN_UTIL) \
   $(LIBBITCOIN_CRYPTO)
 dash_cli_LDADD += $(BACKTRACE_LIBS) $(EVENT_LIBS) $(GMP_LIBS)

src/i2p.cpp

@@ -362,7 +362,7 @@ void Session::GenerateAndSavePrivateKey(const Sock& sock)
 {
     DestGenerate(sock);
 
-    // umask is set to 077 in init.cpp, which is ok (unless -sysperms is given)
+    // umask is set to 0077 in util/system.cpp, which is ok.
     if (!WriteBinaryFile(m_private_key_file,
                          std::string(m_private_key.begin(), m_private_key.end()))) {
         throw std::runtime_error(

src/init.cpp

@@ -582,11 +582,6 @@ void SetupServerArgs(ArgsManager& argsman)
 #if HAVE_SYSTEM
     argsman.AddArg("-startupnotify=<cmd>", "Execute command on startup.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
     argsman.AddArg("-shutdownnotify=<cmd>", "Execute command immediately before beginning shutdown. The need for shutdown may be urgent, so be careful not to delay it long (if the command doesn't require interaction with the server, consider having it fork into the background).", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
-#endif
-#ifndef WIN32
-    argsman.AddArg("-sysperms", "Create new files with system default permissions, instead of umask 077 (only effective with disabled wallet functionality)", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
-#else
-    hidden_args.emplace_back("-sysperms");
 #endif
     argsman.AddArg("-version", "Print version and exit", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
 
@@ -1119,10 +1114,6 @@ bool AppInitBasicSetup(const ArgsManager& args)
     }
 
 #ifndef WIN32
-    if (!args.GetBoolArg("-sysperms", false)) {
-        umask(077);
-    }
-
     // Clean shutdown on SIGTERM
     registerSignalHandler(SIGTERM, HandleSIGTERM);
     registerSignalHandler(SIGINT, HandleSIGTERM);

src/qt/sendcoinsdialog.cpp

@@ -787,7 +787,7 @@ void SendCoinsDialog::setBalance(const interfaces::WalletBalances& balances)
         CAmount balance = 0;
         if (model->wallet().hasExternalSigner()) {
             ui->labelBalanceName->setText(tr("External balance:"));
-        } else if (model->wallet().privateKeysDisabled()) {
+        } else if (model->wallet().isLegacy() && model->wallet().privateKeysDisabled()) {
             balance = balances.watch_only_balance;
             ui->labelBalanceName->setText(tr("Watch-only balance:"));
         } else if (m_coin_control->IsUsingCoinJoin()) {

src/rpc/request.cpp

@@ -88,7 +88,7 @@ bool GenerateAuthCookie(std::string *cookie_out)
     std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);
 
     /** the umask determines what permissions are used to create this file -
-     * these are set to 077 in init.cpp unless overridden with -sysperms.
+     * these are set to 0077 in util/system.cpp.
      */
     std::ofstream file;
     fs::path filepath_tmp = GetAuthCookieFile(true);

src/script/sign.cpp

@@ -107,7 +107,6 @@ static bool SignStep(const SigningProvider& provider, const BaseSignatureCreator
                      std::vector<valtype>& ret, TxoutType& whichTypeRet, SigVersion sigversion, SignatureData& sigdata)
 {
     CScript scriptRet;
-    uint160 h160;
     ret.clear();
     std::vector<unsigned char> sig;
 
@@ -135,16 +134,16 @@ static bool SignStep(const SigningProvider& provider, const BaseSignatureCreator
         ret.push_back(ToByteVector(pubkey));
         return true;
     }
-    case TxoutType::SCRIPTHASH:
-        h160 = uint160(vSolutions[0]);
+    case TxoutType::SCRIPTHASH: {
+        uint160 h160{vSolutions[0]};
         if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
             ret.push_back(std::vector<unsigned char>(scriptRet.begin(), scriptRet.end()));
             return true;
         }
         // Could not find redeemScript, add to missing
         sigdata.missing_redeem_script = h160;
         return false;
-
+    }
     case TxoutType::MULTISIG: {
         size_t required = vSolutions.front()[0];
         ret.push_back(valtype()); // workaround CHECKMULTISIG bug

src/util/system.cpp

@@ -1438,6 +1438,11 @@ void SetupEnvironment()
     SetConsoleCP(CP_UTF8);
     SetConsoleOutputCP(CP_UTF8);
 #endif
+
+#ifndef WIN32
+    constexpr mode_t private_umask = 0077;
+    umask(private_umask);
+#endif
 }
 
 bool SetupNetworking()

src/wallet/init.cpp

@@ -155,9 +155,6 @@ bool WalletInit::ParameterInteraction() const
         gArgs.ForceRemoveArg("rescan");
     }
 
-    if (gArgs.GetBoolArg("-sysperms", false))
-        return InitError(Untranslated("-sysperms is not allowed in combination with enabled wallet functionality"));
-
     if (gArgs.IsArgSet("-walletbackupsdir")) {
         if (!fs::is_directory(gArgs.GetArg("-walletbackupsdir", ""))) {
             InitWarning(strprintf(_("Warning: incorrect parameter %s, path must exist! Using default path."), "-walletbackupsdir"));

test/functional/feature_dbcrash.py

@@ -85,7 +85,7 @@ def restart_node(self, node_index, expected_tip):
                 self.nodes[node_index].waitforblock(expected_tip)
                 utxo_hash = self.nodes[node_index].gettxoutsetinfo()['hash_serialized_2']
                 return utxo_hash
-            except:
+            except Exception:
                 # An exception here should mean the node is about to crash.
                 # If dashd exits, then try again.  wait_for_node_exit()
                 # should raise an exception if dashd doesn't exit.

test/functional/feature_llmq_connections.py

@@ -91,7 +91,7 @@ def run_test(self):
                             self.mine_cycle_quorum()
                             mn.get_node(self).mockscheduler(60) # we check for old connections via the scheduler every 60 seconds
                     removed = True
-                except:
+                except Exception:
                     pass # it's ok to not remove connections sometimes
             if removed:
                 break
@@ -105,7 +105,7 @@ def run_test(self):
                     with mn.get_node(self).assert_debug_log(['adding mn inter-quorum connections']):
                         self.mine_cycle_quorum()
                     added = True
-                except:
+                except Exception:
                     pass # it's ok to not add connections sometimes
             if added:
                 break

test/functional/feature_llmq_is_retroactive.py

@@ -37,7 +37,7 @@ def wait_for_tx(self, txid, node, expected=True, timeout=60):
         def check_tx():
             try:
                 return node.getrawtransaction(txid)
-            except:
+            except Exception:
                 return False
         if self.wait_until(check_tx, timeout=timeout, do_assert=expected) and not expected:
             raise AssertionError("waiting unexpectedly succeeded")

test/functional/feature_posix_fs_permissions.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+# Copyright (c) 2022 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+"""Test file system permissions for POSIX platforms.
+"""
+
+import os
+import stat
+
+from test_framework.test_framework import BitcoinTestFramework
+
+
+class PosixFsPermissionsTest(BitcoinTestFramework):
+    def set_test_params(self):
+        self.setup_clean_chain = True
+        self.num_nodes = 1
+
+    def skip_test_if_missing_module(self):
+        self.skip_if_platform_not_posix()
+
+    def check_directory_permissions(self, dir):
+        mode = os.lstat(dir).st_mode
+        self.log.info(f"{stat.filemode(mode)} {dir}")
+        assert mode == (stat.S_IFDIR | stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
+
+    def check_file_permissions(self, file):
+        mode = os.lstat(file).st_mode
+        self.log.info(f"{stat.filemode(mode)} {file}")
+        assert mode == (stat.S_IFREG | stat.S_IRUSR | stat.S_IWUSR)
+
+    def run_test(self):
+        self.stop_node(0)
+        datadir = os.path.join(self.nodes[0].datadir, self.chain)
+        self.check_directory_permissions(datadir)
+        walletsdir = os.path.join(datadir, "wallets")
+        self.check_directory_permissions(walletsdir)
+        debuglog = os.path.join(datadir, "debug.log")
+        self.check_file_permissions(debuglog)
+
+
+if __name__ == '__main__':
+    PosixFsPermissionsTest().main()

test/functional/p2p_node_network_limited.py

@@ -83,7 +83,7 @@ def run_test(self):
         self.connect_nodes(0, 2)
         try:
             self.sync_blocks([self.nodes[0], self.nodes[2]], timeout=5)
-        except:
+        except Exception:
             pass
         # node2 must remain at height 0
         assert_equal(self.nodes[2].getblockheader(self.nodes[2].getbestblockhash())['height'], 0)