├── FFS ├── NAMING.md ├── README.md ├── SERVER_SETUP_HARDENING.md ├── VULNERABILITY_RESPONSE_PROCESS.md ├── api └── lightwallet_rest.md ├── bitcointalk └── original-post └── buildbot └── master ├── commands └── coveralls.py └── master.cfg /FFS: -------------------------------------------------------------------------------- 1 | ## Funding, work start, payments 2 | 3 | 1. The project can begin before it's fully funded 4 | 2. Devs can be paid for milestone completion before it's fully funded 5 | 3. If the dev disappears, no problem, someone else can pick up from their last milestone 6 | 4. If the milestones are sufficiently small the dev doesn't have to go 6 months without pay 7 | 8 | ## Ideal FFS Workflow 9 | 10 | 1. An idea is presented in the **IDEAS** thread. A discussion occurs regarding whether the idea should be developed. 11 | 2. A developer (who either presented the idea, or saw the idea and realizes they can develop it) pitches their proposal to develop the idea in the **OPEN TASKS** section. At a minimum, this pitch should include 12 | 13 | **What** - describe the idea and how you plan to develop it 14 | **Who** - who are you? Why do you think you can develop it, and why should the Monero community believe you can? 15 | **Why** - Why do you want to develop this? 16 | **The Proposal and Milestones** - It is difficult to describe how each proposal should be broken down into milestones, but only you (the developer) knows how long things can take, and knows how to break the task apart. 17 | **Expiration** - Make it apparent that a time limit exists for the proposal. If the project is abandoned, funds will eventually be re-appropriated at the discretion of the core developers. At the minimum, development should start coding "soon" after the funding target has been met in order to avoid re-appropriation. 18 | 19 | 3. The community discusses the proposal. The proposal is amended, etc. Eventually the community approves, and the proposal is moved to **FUNDING REQUIRED** by a moderator. Here, funding occurs. People may or may not post that they have contributed. It is not necessary to post your contributions, though it is fine. 20 | 4. Once fully funded, or development begins, the thread is moved to the **WORK IN PROGRESS* thread, where the developer is expected to provide some kind of activity report. 21 | -------------------------------------------------------------------------------- /NAMING.md: -------------------------------------------------------------------------------- 1 | # Monero Release Naming Convention 2 | 3 | Monero's naming convention of a chemical element (in sequence), and celestial object, and was decided on via a discussion on the official forum in 2015. Alliteration or assonance is also required, for maximum awesomeness. As an example, the first Monero release following this convention was named "Hydrogen Helix". 4 | 5 | Note that the only time a chemical element has been out of periodic table sequence was with the release of Wolfram Warptangent, so named in memory of warptangent after his passing, and in recognition of all of his early contributions to Monero. 6 | 7 | Below is a list of elements and galactic bodies, as prepared by palexander. 8 | 9 | | Elements | Celestial Objects | 10 | | ------- | ------- | 11 | | Hydrogen | Ambartsumian's Knot | 12 | | Helium | Andromeda | 13 | | Lithium | Antennae | 14 | | Beryllium | Antila | 15 | | Boron | Aquarius Dwarf | 16 | | Carbon | Arp's | 17 | | Nitrogen | Atom For Peace | 18 | | Oxygen | Baade's | 19 | | Fluorine | Barbon's | 20 | | Neon | Barnard's | 21 | | Sodium | Bears Paw | 22 | | Magnesium | Beehive Cluster | 23 | | Aluminium | BL Lacertae | 24 | | Silicon | Black Eye | 25 | | Phosphorus | Bode's | 26 | | Sulfur | Burbidge Chain | 27 | | Chlorine | Butterfly Cluster | 28 | | Argon | BW Tauri | 29 | | Potassium | Capricorn Dwarf | 30 | | Calcium | Carafe | 31 | | Scandium | Carina Dwarf | 32 | | Titanium | Cartwheel | 33 | | Vanadium | Centauras A | 34 | | Chromium | Cetus A Galaxy | 35 | | Manganese | Cigar Galaxy | 36 | | Iron | Circinus | 37 | | Cobalt | Coddington's Nebula | 38 | | Nickel | Comet | 39 | | Copper | Copeland Septet | 40 | | Zinc | Crab Nebula | 41 | | Gallium | Cygnus A | 42 | | Germanium | De Mairan's Nebula | 43 | | Arsenic | Draco Dwarf | 44 | | Selenium | Dumbbell Nebula | 45 | | Bromine | Dwingeloo | 46 | | Krypton | Eagle Nebula | 47 | | Rubidium | Exclamation Mark | 48 | | Strontium | Fath 703 | 49 | | Yttrium | Fornax A | 50 | | Zirconium | Fourcade-Figuero | 51 | | Niobium | Gibson Reaves | 52 | | Molybdenum | Great Globular Cluster | 53 | | Technetium | Grus Quartet | 54 | | Ruthenium | Hanny's Object | 55 | | Rhodium | Hardcastle's | 56 | | Palladium | Helix | 57 | | Silver | Hercules A | 58 | | Cadmium | Hoag's Object | 59 | | Indium | Holmberg I | 60 | | Tin | Horologium Dwarf | 61 | | Antimony | Horseshoe Nebula | 62 | | Tellurium | Hucra's Lens | 63 | | Iodine | Hydra A | 64 | | Xenon | Integral Sign | 65 | | Caesium | Keenan's System | 66 | | Barium | Komossa's Object | 67 | | Lanthanum | Kowal's Object | 68 | | Cerium | Lagoon Nebula | 69 | | Praseodymium | Large Magellanic Cloud | 70 | | Neodymium | Leo Triplet | 71 | | Promethium | Lindsay-Shapley Ring | 72 | | Samarium | Little Dumbbell Nebula | 73 | | Europium | Lost | 74 | | Gadolinium | Maffei I | 75 | | Terbium | Malin 1 | 76 | | Dysprosium | Mayall's Object | 77 | | Holmium | McLeish's Object | 78 | | Erbium | Mice | 79 | | Thulium | Milky Way | 80 | | Ytterbium | Miniature Spiral | 81 | | Lutetium | Minkowski's Object | 82 | | Hafnium | Orion Nebula | 83 | | Tantalum | Owl Nebula | 84 | | Tungsten | Pancake | 85 | | Rhenium | Papillon | 86 | | Osmium | Pegasus Dwarf | 87 | | Iridium | Perseus A | 88 | | Platinum | Phoenix Dwarf Irregular G. | 89 | | Gold | Pinwheel | 90 | | Mercury | Pisces Cloud | 91 | | Thallium | Pleiades | 92 | | Lead | Polarissima Australis | 93 | | Bismuth | Ptolemy Cluster | 94 | | Polonium | Reinmuth 80 | 95 | | Astatine | Reticulum Dwarf | 96 | | Radon | Ring Nebula | 97 | | Francium | Sagittarius Dwarf | 98 | | Radium | Sagittarius Star Cloud | 99 | | Actinium | Sculptor Dwarf | 100 | | Thorium | Seashell | 101 | | Protactinium | Serpens Dwarf | 102 | | Uranium | Sextans A | 103 | | Neptunium | Seyfert's Sextet | 104 | | Plutonium | Shapley-Ames 1 | 105 | | Americium | Siamese Twins | 106 | | Curium | Silver Coin | 107 | | Berkelium | Small Magellanic Cloud | 108 | | Californium | Sombrero | 109 | | Einsteinium | Southern Pinwheel Galaxy | 110 | | Fermium | Spider | 111 | | Mendelevium | Spindle | 112 | | Nobelium | Stephan's Quintet | 113 | | Lawrencium | Sunflower | 114 | | Rutherfordium | Tadpole | 115 | | Dubnium | The Eyes | 116 | | Seaborgium | The Garland | 117 | | Bohrium | Triangulum | 118 | | Hassium | Trifid Nebula | 119 | | Meitnerium | Tucana Dwarf | 120 | | Darmstadtium | Ursa Minor Dwarf | 121 | | Roentgenium | Virgo A | 122 | | Copernicium | Whirlpool | 123 | | Ununtrium | Wild Duck Cluster | 124 | | Flerovium | Wild's Triplett | 125 | | Ununpentium | Wilman 1 | 126 | | Livermorium | Winnecke 4 | 127 | | Ununseptium | Wolf-Lundmark-Melotte | 128 | | Ununoctium | Zwicky's Triplet | 129 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # meta 2 | A Meta Repository for General Monero Project Matters 3 | 4 | Current Maintainer: luigi1111 5 | I will merge most any useful, not-extremely-stupid pull request. Subject to change. Have at it. 6 | -------------------------------------------------------------------------------- /SERVER_SETUP_HARDENING.md: -------------------------------------------------------------------------------- 1 | # Monero Server Setup and Hardening 2 | 3 | ## Introduction 4 | 5 | The following document outlines the technical setup of a number of hosted sites for the Monero community, namely: 6 | 7 | - A reverse proxy 8 | - The getmonero.org website 9 | - The downloads sub-site 10 | - The CCS sub-site 11 | 12 | Each of these systems is hosted in a secure container with respective controls for identifying and detecting vulnerabilities, attacks and anomalies as well as providing for post incident analysis. This document is intended to be a living document to be updated as and when new controls or enhancements are identified to replace the existing ones. 13 | 14 | ## Attribution and thanks 15 | 16 | This document, and the Monero server infrastructure itself, has only been possible thanks to the work and effort of Gus from [Tari Labs](https://tarilabs.com), Dan from [GloBee](https://globee.com), and others. In addition, the Monero community is extremely grateful for the ongoing sponsorship of server infrastructure by [GloBee](https://globee.com) and the global CDN by [Tari Labs](https://tarilabs.com). 17 | 18 | ## Contributing 19 | 20 | Anyone can contribute to this living document, particularly if they find aspects of the security hardening that can and should be improved. Feel free to open a pull-request or issue for the change, and after discussion and acceptance by those in the Monero ecosystem who are familiar with infosec (particularly those in the Monero VRP workgroup) changes can be implemented in the live infrastructure and in this document. 21 | 22 | ## Container configuration 23 | 24 | 25 | ### Auditing 26 | 27 | Firstly, as well as auditing normal Linux file system and system calls, we also audit all Docker related files and directories. The Docker daemon runs with root privileges and its behavior depends on some key files and directories. To enable auditing for docker we add the following lines to "/etc/audit/audit.rules" 28 | 29 | ``` 30 | -w /usr/lib/systemd/system/docker.service -k docker 31 | -w /usr/lib/systemd/system/docker.socket -k dockerDo 32 | -w /etc/default/docker -k docker 33 | -w /etc/sysconfig/docker -k docker 34 | -w /etc/docker/daemon.json -k docker 35 | -w /usr/bin/containerd -k docker 36 | -w /usr/sbin/runc -k docker 37 | ``` 38 | 39 | and restart the daemon. 40 | 41 | ``` 42 | ~$ sudo service auditd restart 43 | ``` 44 | 45 | ### Restrict container network traffic 46 | 47 | By default, unrestricted network traffic is enabled between all containers on the same host on the default network bridge. Because of this each container has the potential of reading all packets across the container network on the same host. This might lead to an unintended and unwanted disclosure of information to other containers. Therefore we need to restrict this. We edit the Docker daemon configuration file to ensure that ICC is disabled. It should contain the following setting: 48 | 49 | ``` 50 | "icc": false 51 | ``` 52 | 53 | *\* The database the CCS app uses listens on the host loopback adapter. 54 | 55 | *\* The Monero wallet for the CCS app listens on the host loopback adapter. 56 | 57 | ### Change ulimit 58 | 59 | "ulimit" provides control over the resources available to the shell and to processes which it starts. Setting system resource limits judiciously can save us from disasters such as a fork bomb. Setting the default ulimit for the Docker daemon enforces the ulimit for all container instances. To have proper control over system resources we define a default ulimit as is needed in the environment. For this we ensure "---default-ulimit" is added to /etc/docker/daemon.json. 60 | 61 | ### Namespace support 62 | 63 | The Linux kernel \"user namespace\" support within the Docker daemon provides additional security for the Docker host system. It allows a container to have a unique range of user and group IDs which are outside the traditional user and group range utilized by the host system. For example, the root user can have the expected administrative privileges inside the container but can effectively be mapped to an unprivileged UID on the host system. We enable user namespace support in Docker daemon to utilize container user to host user re-mapping. We create two files and restart the daemon with the "---userns-remap" flag. 64 | 65 | ``` 66 | ~$ touch /etc/subuid /etc/subgid 67 | 68 | ~$ dockerd --userns-remap=default 69 | ``` 70 | 71 | 72 | 73 | ### Centralized and remote logging 74 | 75 | Centralized and remote logging ensures that all important log records are safe even in the event of a major data availability issue. For our configuration we utilise both and start the docker daemon with the following logging driver: 76 | 77 | ``` 78 | ~$ dockerd --log-driver=syslog --log-opt syslog-address=tcp://x.x.x.x 79 | ``` 80 | 81 | ### Live restore 82 | 83 | By setting the "---live-restore\" flag within the Docker daemon we ensure that container execution is not interrupted when it is not available. This also makes it easier to update and patch the Docker daemon without application downtime. To enable this we add this setting to the "/etc/docker/daemon.json" file. 84 | 85 | ### Disable userland proxy 86 | 87 | The Docker engine provides two mechanisms for forwarding ports from the host to containers, hairpin NAT, and the use of a userland proxy. In most circumstances, the hairpin NAT mode is preferred as it improves performance and makes use of native Linux iptables functionality instead of using an additional component. To enable this we add set "---userland-proxy" to *false* in the "/etc/docker/daemon.json" file. 88 | 89 | ### Restrict containers 90 | 91 | A process can set the no\_new\_priv bit in the kernel and this persists across forks, clones and execve. The no\_new\_priv bit ensures that the process and its child processes do not gain any additional privileges via suid or sgid bits. This reduces the security risks associated with many dangerous operations because there is a much reduced ability to subvert privileged binaries. Setting this at the daemon level ensures that by default all new containers are restricted from acquiring new privileges. To do this we add the "---no-new-privileges\" parameter to the "/etc/docker/daemon.json" file. 92 | 93 | ### Container user 94 | 95 | It's generally good practice to run the container as a non-root user, where possible. This can be done either via the USER directive in the Dockerfile or through gosu or similar where used as part of the CMD or ENTRYPOINT directives. Each container used for Monero services is run as a non-root user. 96 | 97 | ### Content trust 98 | 99 | Content trust provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side verification of the identity and the publisher of specific image tags and ensures the provenance of container images. To enable content trust in a shell we run the following command: 100 | 101 | ``` 102 | export DOCKER_CONTENT_TRUST=1 103 | ``` 104 | 105 | ### HEALTHCHECK instruction 106 | 107 | An important security control is that of availability. Adding the HEALTHCHECK instruction to the container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational. Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones. HEALTHCHECK is enabled for each image. 108 | 109 | ### SELinux security 110 | 111 | SELinux provides a Mandatory Access Control (MAC) system that greatly augments the default Discretionary Access Control (DAC) model. We add an extra layer of safety to the containers by enabling SELinux on the Linux host. To enable SELinux for containers we start the service with the "---selinux-enabled" parameter. 112 | 113 | ### Limit memory usage 114 | 115 | By default a container can use all of the memory on the host. A memory limit mechanism is used to prevent a denial of service occurring where one container consumes all of the host's resources and other containers on the same host are therefore not able to function. All containers are run with limited memory. 116 | 117 | ### CPU priority 118 | 119 | CPU time is divided between containers equally. We control available CPU resources amongst container instances by using the CPU sharing feature. CPU sharing allows us to prioritize one container over others and prevents lower priority containers from absorbing CPU resources which may be required by other processes. This ensures that high priority containers are able to claim the CPU runtime they require. To do this we run each container with the "---cpu-shares" parameter. 120 | 121 | ### Read only filesystem 122 | 123 | We enable an option that forces containers at runtime to explicitly define their data writing strategy to persist or not persist their data. This also reduces security attack vectors since the container instance\'s filesystem cannot be tampered with or written to unless it has explicit read-write permissions on its filesystem folder and directories. We add the "---read-only" flag at container runtime to enforce the container's root filesystem being mounted as read only. 124 | 125 | ### Bind incoming container traffic 126 | 127 | As the system hosting these containers has multiple network interfaces the container can accept connections on exposed ports on any network interface. The containers do not accept incoming connections on any random interface, but only the one designated for their respective type of traffic. The exception here is with the web server reverse proxy which is bound to 0.0.0.0 128 | 129 | ### Container restart policy 130 | 131 | To avoid a potential denial of service through container restarts we restrict the number restarts to a maximum of "5". We enable this with the "\--detach ---restart=on-failure:5" parameter. 132 | 133 | ### Using latest versions 134 | 135 | Multiple Docker commands such as docker pull, docker run etc. are known to have an issue where by default, they extract the local copy of the image, if present, even though there is an updated version of the image with the same tag in the upstream repository. This could lead to using older images containing known vulnerabilites. Image versions are checked regularly to ensure they are up to date. 136 | 137 | ### PIDs limit 138 | 139 | Attackers could launch a fork bomb with a single command inside a container. This fork bomb could crash the entire system and would require a restart of the host to make the system functional again. Using the PIDs cgroup parameter \--pids-limit prevents this kind of attack by restricting the number of forks that can happen inside a container within a specified time frame. To enable this we "---pids-limit" parameter when launching the containers. 140 | 141 | ### Avoiding image sprawl 142 | 143 | Tagged images are useful if you need to fall back from the \"latest\" version to a specific version of an image in production. Images with unused or old tags may contain vulnerabilities that might be exploited if instantiated. This process is performed manually with the following commands: 144 | 145 | For removing exited containers: 146 | 147 | ``` 148 | ~$ docker ps --filter status=dead --filter status=exited -aq | xargs -r docker rm -v 149 | ``` 150 | 151 | For removing unused images: 152 | 153 | ``` 154 | ~$ docker images --no-trunc | grep '' | awk '{ print $3 }' | xargs -r docker rmi 155 | ``` 156 | 157 | For removing unused volumes: 158 | 159 | ``` 160 | ~$ docker volume ls -qf dangling=true | xargs -r docker volume rm 161 | ``` 162 | 163 | 164 | 165 | ## Container Monitoring 166 | 167 | 168 | Container monitoring is the process of implementing security tools and policies that will give you the assurance that everything in your container is running as intended, and only as intended. This includes protecting the infrastructure, the software supply chain, runtime, and everything in between. With this in mind, the process of securing and monitoring containers is continuous. As we are using docker for containerisation it's important that we don't introduce any vulnerabilities through this party libraries as well as scan continuously for any changes to our images. 169 | 170 | The [Anchore Engine](https://github.com/anchore/anchore-engine) is an open-source tool for scanning and analyzing container images for security vulnerabilities and policy issues. It is available as a Docker container image that can run within an orchestration platform, or as a standalone installation. 171 | 172 | To install we create the working directory, download the docker-compose.yaml and start: 173 | 174 | ``` 175 | ~$ mkdir anchore && cd anchore 176 | 177 | ~/anchore$ curl https://docs.anchore.com/current/docs/engine/quickstart/docker-compose.yaml > docker-compose.yaml 178 | ``` 179 | 180 | ### Verify Service Availability 181 | 182 | After a few moments (depending on system speed), your Anchore Engine services should be up and running, ready to use. You can verify the containers are running with docker-compose: 183 | 184 | ``` 185 | ~/achore$ docker-compose ps 186 | ``` 187 | 188 | ``` 189 | Name Command State Ports 190 | ------------------------------------------------------------------------------------------ 191 | anchor_analyzer_1 docker-entrypoint.sh anch ... Up 8228/tcp 192 | anchor_api_1 docker-entrypoint.sh anch ... Up 0.0.0.0:8228->8228/tcp 193 | anchor_catalog_1 docker-entrypoint.sh anch ... Up 8228/tcp 194 | anchordb_1 docker-entrypoit.sh postgres Up 5432/tcp 195 | anchor_policy-engine_1 docker-entrypoint.sh anch ... Up 8228/tcp 196 | anchor_queue_1 docker-entrypoint.sh anch ... Up 8228/tcp 197 | ``` 198 | 199 | Once up Anchor will need some time to for the engine to sync all vulnerability data. We can check this using the following command: 200 | 201 | ``` 202 | ~/anchore$ docker-compose exec api anchore-cli system feeds list 203 | ``` 204 | 205 | ``` 206 | Feed Group LastSyn RecordCount 207 | github github:composer pending None 208 | github github:gem pending None 209 | github github:java pending None 210 | github github:npm pending None 211 | github github:nuget pending None 212 | github github:python pending None 213 | nvdv2 nvdv2:cves pending 75000 214 | Vulnerabilities alpine:3.10 2020-06-18T09:04:24.097825 1725 215 | vulnerabilities alpine:3.11 2020-06-18T09:04:54.6675558 1904 216 | vulnerabilities alpine:3.3 2020-06-18T09:05:27.880919 457 217 | vulnerabilities alpine:3.4 2020-06-18T09:05:35.968058 681 218 | vulnerabilities alpine:3.5 2020-06-18T09:05:47.839692 875 219 | vulnerabilities alpine:3.6 2020-06-18T09:06:03.175967 1051 220 | vulnerabilities alpine:3.7 2020-06-18T09:06:21.220216 1395 221 | vulnerabilities alpine:3.8 2020-06-18T09:06:44.989782 1486 222 | vulnerabilities alpine:3.9 2020-06-18T09:07:10.199129 1558 223 | vulnerabilities amzn:2 2020-06-18T09:07:36.529917 371 224 | vulnerabilities centos:5 2020-06-18T09:08:00.023036 1347 225 | vulnerabilities centos:6 2020-06-18T09:08:50.5450995 1414 226 | vulnerabilities centos:7 2020-06-18T09:09:47.668024 1079 227 | vulnerabilities centos:8 2020-06-18T09:10:51.897518 293 228 | vulnerabilities debian:10 2020-06-18T09:11:17.521461 22987 229 | vulnerabilities debian:11 2020-06-18T09:17:06.693053 20132 230 | vulnerabilities debian:7 2020-06-18T09:22:28.995214 20455 231 | vulnerabilities debian:8 2020-06-18T09:27:56.393597 23959 232 | vulnerabilities debian:9 2020-06-18T09:34:20.024352 23057 233 | vulnerabilities debian:unstable 2020-06-18T09:40:30.568618 24383 234 | vulnerabilities ol:5 2020-06-18T09:46:44.468378 1248 235 | vulnerabilities ol:6 2020-06-18T09:47:36.301448 1528 236 | vulnerabilities ol:7 2020-06-18T09:48:46.926634 1213 237 | vulnerabilities ol:8 2020-06-18T09:49:58.987848 243 238 | vulnerabilities rhel:5 2020-06-18T09:50:18.132817 7297 239 | vulnerabilities rhel:6 2020-06-18T09:52:36.401724 6916 240 | vulnerabilities rhel:7 2020-06-18T09:54:41.226131 6198 241 | vulnerabilities rhel:8 2020-06-18T09:56:43.155089 1762 242 | vulnerabilities ubuntu:12.04 2020-06-18T09:57:18.428255 14959 243 | vulnerabilities ubuntu:12.10 2020-06-18T10:01:04.079754 5652 244 | vulnerabilities ubuntu:13.04 2020-06-18T10:02:28.484830 4127 245 | vulnerabilities ubuntu:14.04 2020-06-18T10:03:26.829261 21951 246 | vulnerabilities ubuntu:14.10 2020-06-18T10:08:42.606760 4456 247 | vulnerabilities ubuntu:15.04 2020-06-18T10:09:52.995509 5912 248 | vulnerabilities ubuntu:15.10 2020-06-18T10:11:19.476645 6513 249 | vulnerabilities ubuntu:16.04 2020-06-18T10:12:58.910023 19063 250 | vulnerabilities ubuntu:16.10 2020-06-18T10:17:52.827455 8647 251 | vulnerabilities ubuntu:17.04 2020-06-18T10:19:51.583886 9157 252 | vulnerabilities ubuntu:17.10 2020-06-18T10:21:54.662854 7941 253 | vulnerabilities ubuntu:18.04 2020-06-18T10:23:43.183380 13322 254 | vulnerabilities ubuntu:18.10 2020-06-18T10:27:04.729094 8397 255 | vulnerabilities ubuntu:19.04 2020-06-18T10:28:52.670142 8665 256 | vulnerabilities ubuntu:19.10 2020-06-18T10:30:49.078677 8106 257 | vulnerabilities ubuntu:20.04 2020-06-18T10:32:32.430732 7149 258 | ``` 259 | 260 | All the feeds will need to be completed before you can start using Anchore. A good indication is if all the feed counts are above 0. 261 | 262 | ### Analysing Images 263 | 264 | Once all feeds are completed we add our images for analysis. Image analysis is performed as a distinct, asynchronous, and scheduled task driven by queues that analyser workers periodically poll. As we built the dockers images ourselves the Dockerfile used to build the image needs to be passed to Anchore Engine at the time of image addition. This is performed with the following command example: 265 | 266 | ``` 267 | anchore-cli image add myrepo.com:5000/app/webapp:latest --dockerfile=/path/to/Dockerfile 268 | ``` 269 | 270 | 271 | 272 | ## Remote Access 273 | 274 | 275 | There are a number of hardening changes made to the default SSH setup on the server. The first few being fairly obvious and then some additional to further enhance security on the protocol. The SSH port currently in use has been removed for obvious reasons and 'Protocol 2' is not necessary to be enforced for newer versions of SSH. 276 | 277 | ### Root Login Disabled 278 | 279 | Remote login as root is disallowed. Any users who require root privileges are added to the group for sudo users. 280 | 281 | ``` 282 | PermitRootLogin no 283 | ``` 284 | 285 | ### Idle Session Timeout 286 | 287 | "ClientAliveInterval" sets a timeout interval in seconds after which if no data has been received from the client. "ClientAliveCountMax" sets the number of client alive messages which may be sent without sshd receiving any messages back from the client. 288 | 289 | The following setting will check the client after 10 minutes of inactivity three times and then disconnect. 290 | 291 | ``` 292 | ClientAliveInterval 600 293 | ClientAliveCountMax 3 294 | Disable X11Forwarding 295 | X11Forwarding is disabled as it is not required. 296 | X11Forwarding no 297 | ``` 298 | 299 | ### Detailed Logging 300 | 301 | Verbose system logging is enabled to include detailed information such as an event source, date, user, timestamp, source addresses, destination addresses, and other useful elements. 302 | 303 | ``` 304 | LogLevel VERBOSE 305 | ``` 306 | 307 | ### Ignore RHOSTS 308 | 309 | The IgnoreRhosts parameter specifies that .rhosts and .shosts files will not be used in RhostsRSAAuthentication or HostbasedAuthentication. 310 | 311 | ``` 312 | IgnoreRhosts yes 313 | ``` 314 | 315 | ### Disable GSSAPI Authentication 316 | 317 | GSSAPI authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system\'s GSSAPI to remote hosts, increasing the attack surface of the system. GSSAPI authentication must be disabled unless needed. 318 | 319 | ``` 320 | GSSAPIAuthentication no 321 | ``` 322 | 323 | ### 2-Factor Authentication 324 | 325 | To prevent against potential password attacks or in the event of a password compromise we enable Google Authenticator's TOTP (Time Based One Time Passwords). As part of the [Authenticator project](https://code.google.com/p/google-authenticator/) Google released a PAM (Pluggable Authentication Module) implementation of a 2-factor system. We enable this by installing the libpam module and enrolling users. 326 | 327 | ``` 328 | ~$ sudo apt-get install libpam-google-authenticator 329 | ~$ google-authenticator 330 | ``` 331 | 332 | The enrolment process presents the user with a QR code to be scanned by the mobile google authenticator application and asks a number of questions: 333 | 334 | ``` 335 | Do you want authentication tokens to be time-based (y/n) y 336 | 337 | Do you want to disallow multiple uses of the same authentication 338 | 339 | token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y 340 | 341 | By default, tokens are good for 30 seconds and in order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of 1:30min to about 4min. Do you want to do so (y/n) y 342 | 343 | If the computer that you are logging into isn\'t hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting (y/n) y 344 | ``` 345 | 346 | Then we edit the PAM rule file /etc/pam.d/sshd by adding the follow at the end: 347 | 348 | ``` 349 | auth required pam_google_authenticator.so 350 | ``` 351 | 352 | Lastly, we add PAM authentication and challenge/response within the sshd\_config and restart the SSH server. 353 | 354 | ``` 355 | UsePAM yes 356 | ChallengeResponseAuthentication yes 357 | ``` 358 | 359 | ### User Whitelisting 360 | 361 | We enable this feature to allow only authorised users to authenticate via SSH. 362 | 363 | ``` 364 | AllowUsers ***,***,*** 365 | ``` 366 | 367 | ### Changing Default Ciphers and Algorithms 368 | 369 | By default SSH comes bundled with a number of insecure key exchange algorithms, symmetric ciphers and message authentication codes. It's important that these are removed to prevent passive collection and potential key recovery at a later stage. 370 | 371 | We add the following to the SSH configuration file: 372 | 373 | ``` 374 | KexAlgorithms curve25519-sha256@libSSH.org 375 | Ciphers chacha20-poly1305@openSSH.com 376 | MACs hmac-sha2-512-etm@openSSH.com 377 | ``` 378 | 379 | ### Regenerate Moduli 380 | 381 | The use of multiple moduli inhibits a determined attacker from pre-calculating moduli exchange values, and discourages dedication of resources for analysis of any particular modulus. The /etc/ssh/moduli file that is installed with OpenSSH is identical to other new system installs of SSH. This does not necessarily mean they are insecure however it is generally good practice to regen these and strip small Diffie-Hellman moduli. We run the following commands: 382 | 383 | ``` 384 | ~$ rm /etc/ssh/ssh_host_* 385 | ~$ ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" 386 | ~$ ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N “" 387 | ~$ awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.safe 388 | ~$ mv /etc/ssh/moduli.safe /etc/ssh/moduli 389 | ``` 390 | 391 | Restart SSH service and download and run [ssh-audit](https://github.com/arthepsy/ssh-audit): 392 | 393 | ``` 394 | # general 395 | (gen) banner: SSH-2.0-OpenSSHL7.6p1 Ubuntu-4ubuntu0.3 396 | (gen) software: 0penSSH 7.6p1 397 | (gen) compatibility: OpenSSH 7.2+, Dropbear SSH 2013.62+- 398 | (gen) compression : enabled (zlib@openssh.com) 399 | 400 | # key exchange algorithms 401 | (kex) curve25519-sha256@l ibssh.org [info] available since 0penSSH 6.5, Dropbear SSH 2013.62 402 | 403 | # host-key algorithms 404 | (key) ssh-ed25519 -- [info] available since OpenSSH 6.5 405 | (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28 406 | (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2 407 | (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2 408 | 409 | # encryption algorithms (ciphers) 410 | (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5 411 | -- [info] default cipher since OpenSSH 6.9. 412 | 413 | # message authenti.cation code algorithms 414 | (mac) hmac-sha2-512-etm@openssh.comi -- [info] available since OpenSSH 6.2 415 | 416 | # algorithm recommendations (for OpenSSH 7.6) 417 | (rec) +di ffie-hellman-group18- sha512 -- kex algorithm to append 418 | (rec) +diffie-hellman-group14-sha256 -- kex algorithm to append 419 | (rec) +diffie-hel lman-group16-sha512 -- kex algorithm to append 420 | (rec) +aes256-ctr -- enc algorithm to append 421 | (rec) +aes192- ctr -- enc algorithm to append 422 | (rec) +aes128-ctr -- enc algorithm to append 423 | (rec) +aes128-gcm@openssh.com -- enc algorithm to append 424 | (rec) +aes256-gcm@openssh.com -- enc algorithm to append 425 | (rec) +hmac-sha2-256-etm@openssh.com -- mac algorithm to append 426 | (rec) +umac-128-etm@openssh.com -- mac algorithm to append 427 | ``` 428 | 429 | 430 | 431 | ### Fail2ban 432 | 433 | Fail2ban is a log-parsing application that monitors system logs for indicators of automated attacks. When an attempted compromise is located, using the defined parameters, fail2ban will add a new rule to iptables to block the IP address of the attacker, either for a set amount of time or permanently. To enable we run the following commands: 434 | 435 | ``` 436 | ~$ apt-get install fail2ban 437 | 438 | ~$ cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 439 | ``` 440 | 441 | Open the /etc/fail2ban/jail.d/defaults-debian.conf files and enable it for ssh, then restart: 442 | 443 | ``` 444 | [sshd] 445 | enabled = true 446 | service fail2ban restart 447 | Config File 448 | ``` 449 | 450 | The resulting /etc/ssh/sshd\_config file will look like this: 451 | 452 | ``` 453 | Port *** 454 | SyslogFacility AUTH 455 | HostKey /etc/ssh/ssh_host_ed25519_key 456 | HostKey /etc/ssh/ssh_host_rsa_key 457 | KexAlgorithms curve25519-sha256@libssh.org 458 | Ciphers chacha20-poly1305@openssh.com 459 | MACs hmac-sha2-512-etm@openssh.com 460 | GSSAPIAuthentication no 461 | LogLevel VERBOSE 462 | PermitRootLogin no 463 | MaxAuthTries 5 464 | IgnoreRhosts yes 465 | PasswordAuthentication no 466 | PermitEmptyPasswords no 467 | UsePAM yes 468 | ChallengeResponseAuthentication yes 469 | X11Forwarding no 470 | PrintMotd no 471 | ClientAliveInterval 600 472 | ClientAliveCountMax 3 473 | PrintLastLog yes 474 | TCPKeepAlive yes 475 | UseDNS yes 476 | AcceptEnv LANG LC_* 477 | Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO 478 | AllowUsers *** 479 | AuthenticationMethods publickey,keyboard-interactive 480 | ``` 481 | 482 | 483 | 484 | ## Operating System Compliance and Vulnerability Scans 485 | 486 | There are two open source tools currently available that will ensure a secure system setup and identify any areas of weakness for further hardening. These tools are OpenScapand Lynis. We begin by installing OpenSCAP. Since we\'re working from the command line, we\'re going to only install the OpenSCAP base (which is a command line-only tool): 487 | 488 | ``` 489 | ~$ sudo apt-get install libopenscap8 -y 490 | ``` 491 | 492 | Next we download the OVAL definitions specific to our OS that the OpenSCAP command will use for the audit: 493 | 494 | ``` 495 | ~$ wget https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.xenial.cve.oval.xml 496 | ``` 497 | 498 | Once this is completed we can run the audit: 499 | 500 | ``` 501 | ~$ oscap oval eval --results /tmp/oscap_results.xml --report /tmp/oscap_report.html com.ubuntu.xenial.cve.oval.xml 502 | ``` 503 | 504 | ** If we open the resulting html file it will highlight any areas of concern in red. 505 | 506 | To install Lynis we need to clone the repo from their website as the package installation will be out of date: 507 | 508 | ``` 509 | ~$ git clone https://github.com/CISOfy/Lynis 510 | ``` 511 | 512 | Once completed we can audit the system: 513 | 514 | ``` 515 | ~$ cd Lynis; ./lynis audit system 516 | ``` 517 | 518 | 519 | 520 | ## Remote Monitoring 521 | 522 | 523 | Remote monitoring of the server requires a combination of Wazuh and Osquery (Wazuh is an open-source intrusion detection system and Osquery is an endpoint threat hunting and incident response tool). The Wazuh server decodes and analyzes incoming information and passes the results along to an Elasticsearch cluster for indexing and storage. The agent/server authentication method is certificate based. 524 | 525 | ***Wazuh*** uses Elastic stack as a backend, which reads, parses, indexes and stores data generated by the Wazuh manager. The Wazuh agent collects system and Osquery logs, and proactively detects intrusions. The collected information is sent to the Wazuh manger using the ossec-remoted protocol, which encrypts data between the agent and the server. The Wazuh server (deployed on the internet) runs the Wazuh manager and API which collects and analysis data from the deployed agents. The server instance is deployed as a docker instance. 526 | 527 | ***Osquery*** is deployed on the Monero server and configured to work with Wazuh. All data from the Osquery logs are collected by the Wazuh agent (every 30 minutes) and gets pushed to the Wazuh manager for analysis. Osquery exposes an operating system as a relational database, which makes it easier to write and use basic SQL commands to search the operating system data. The basic architecture looks as such: 528 | 529 | The Wazuh agent use the OSSEC message protocol to send collected events to the Wazuh server over port 1514 (UDP or TCP). The Wazuh server then decodes and rule-checks the received events with the analysis engine. Events that trip a rule are augmented with alert data such as rule id and rule name. Events can be spooled to one or both of the following files, depending on whether or not a rule is tripped: 530 | 531 | 1. The file /var/ossec/logs/archives/archives.json contains all events whether they tripped a rule or not. 532 | 533 | 2. The file /var/ossec/logs/alerts/alerts.json contains only events that tripped a rule. 534 | 535 | 536 | \* The Wazuh message protocol uses AES encryption with 128 bits per block and 256-bit keys. 537 | 538 | ### Wazuh / Elastic Communication 539 | 540 | Wazuh server uses Filebeat to send alert and event data to Elasticsearch server using TLS encryption. Filebeat formats the incoming data and optionally enriches it with GeoIP information before sending it to Elasticsearch (port 9200/TCP). Once the data is indexed into Elasticsearch, Kibana (port 5601/TCP) is used to mine and visualize the information. 541 | 542 | The Wazuh App runs inside Kibana constantly querying the RESTful API (port 55000/TCP on the Wazuh manager) in order to display configuration and status related information of the server and agents, as well to restart agents when desired. This communication is encrypted with TLS and authenticated with username and password. 543 | 544 | ### Wazuh Server Installation 545 | 546 | Firstly, we install docker and docker compose. 547 | 548 | ``` 549 | ~$ curl -sSL https://get.docker.com/ | sh 550 | ``` 551 | 552 | Then we add our user to the docker group and add the execute permission. 553 | 554 | ``` 555 | ~$ usermod -aG docker $USER 556 | 557 | ~$ chmod +x /usr/local/bin/docker-compose 558 | ``` 559 | 560 | Elastic stack can use a fair amount of memory when in use. The default memory allocation is insufficient and we need to increase this. 561 | 562 | ``` 563 | ~$ sysctl -w vm.max_map_count**=**262144 564 | ``` 565 | 566 | We're ready to download the Wazuh docker compose file and start the Wazuh server components. 567 | 568 | ``` 569 | ~$ curl -sSL https://get.docker.com/ | sh 570 | 571 | ~$ curl -L "https://github.com/docker/compose/releases/download/{ver}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 572 | ``` 573 | 574 | If we run a *netstat -plunt* the following ports should be exposed after a successful installation: 575 | 576 | ------- ----------------------------- 577 | ``` 578 | 1514 Wazuh UDP 579 | 1515 Wazuh TCP 580 | 514 Wazuh UDP 581 | 55000 Wazuh API 582 | 5000 Logstash TCP input 583 | 9200 Elasticsearch HTTP 584 | 9300 Elasticsearch TCP transport 585 | 5601 Kibana 586 | 80 Nginx http 587 | 443 Nginx https 588 | ``` 589 | 590 | 591 | ------- ----------------------------- 592 | 593 | ### Wazuh Agent Installation 594 | 595 | Download the latest package from the Wazuh download site and install it. 596 | 597 | ``` 598 | ~$ wget https://packages.wazuh.com/x.x/osx/wazuh-agent-{ver}.pkg 599 | 600 | ~$ installer -pkg wazuh-agent-{ver}.pkg -target / 601 | ``` 602 | 603 | Once installed the agent files will be located at the following locations /Library/Ossec/ 604 | 605 | ### Connecting the Agent 606 | 607 | We need to create a certificate in order for the agent to authenticate with the server. 608 | 609 | ``` 610 | ~$ openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -out  611 | 612 | ~$ /var/ossec/etc/sslmanager.cert -keyout /var/ossec/etc/sslmanager.key 613 | ``` 614 | 615 | And then issue and sign the certificate for the agent. 616 | 617 | ``` 618 | ~$ openssl req -new -nodes -newkey rsa:2048 -keyout sslagent.key -out sslagent.csr -batch 619 | 620 | ~$ openssl x509 -req -days 365 -in sslagent.csr -CA rootCA.pem -CAkey rootCA.key -out sslagent.cert -CAcreateserial 621 | ``` 622 | 623 | Copy the CA key to the /var/ossec/etc folder on the Wazuh server and start the service. 624 | 625 | ``` 626 | ~$ cp rootCA.pem /var/ossec/etc 627 | 628 | ~$ /var/ossec/bin/ossec-authd -v /var/ossec/etc/rootCA.pem 629 | ``` 630 | 631 | Distribute the keys to the agent and connect to the Wazuh manager 632 | 633 | ``` 634 | ~$ cp sslagent.cert sslagent.key /var/ossec/etc 635 | 636 | ~$ /var/ossec/bin/agent-auth -m {ip} -x  637 | 638 | ~$ /var/ossec/etc/sslagent.cert -k /var/ossec/etc/sslagent.key 639 | ``` 640 | 641 | To test, logging into the interface and check how many clients are connected to the manager. As it the service listens locally access to the Wazuh management interface can only be accessed through a SSH tunnel. 642 | -------------------------------------------------------------------------------- /VULNERABILITY_RESPONSE_PROCESS.md: -------------------------------------------------------------------------------- 1 | # The Monero Project Vulnerability Response Process 2 | 3 | ## Preamble 4 | 5 | 1. This Vulnerability Response Process and subsequent bounty reward apply to the following: 6 | - Code implementation as seen in the Monero Project GitHub repositories 7 | * This includes code in all branches; including the master branch and any release branch 8 | - Written research from the Monero Research Lab which dictates said code implementation 9 | 10 | 2. Researchers/Hackers: while you research/hack, we ask that you please refrain from committing the following: 11 | - Denial of Service / Active exploiting against the Monero networks 12 | - Social Engineering of Monero Project staff or contractors 13 | - Any physical or electronic attempts against Monero community property and/or data centers 14 | 15 | 3. As a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in the scope of this process; only the code is!** 16 | 17 | 4. Bounty will be released for all projects in Monero XMR only. For more information on how to use Monero, visit the [Monero website](https://getmonero.org) 18 | 19 | 5. Bounty is not eligible to those who: 20 | - do not abide by the VRP for responsible disclosure 21 | - do not allow the completion of VRP points I through IV 22 | 23 | 6. Attacks which require more than 50% of the network hash rate (or equivalent luck for enough blocks to execute) are out of policy scope 24 | 25 | ## I. Points of contact for security issues 26 | 27 | **Please, CC all points of contact if you decide to use email instead of HackerOne** 28 | 29 | ``` 30 | luigi1111 [at] getmonero.org 31 | PGP fingerprint = 8777 AB8F 778E E894 87A2 F8E7 F4AC A018 3641 E010 32 | 33 | moneromooo on irc.libera.chat 34 | PGP fingerprint = 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3 35 | If pasting GPG encrypted data, use paste.debian.net or paste.ubuntu.com 36 | as these don't blackball Tor via Cloudflare. 37 | OTR: DA3DD149 6DEF8EF1 941FB6BC 4FD8DFCC 7EF36E39 on irc.libera.chat 38 | OTR: 6C7966BB 72E42F33 E1A3F137 2133AC39 D343514A on irc.freenode.net 39 | 40 | ``` 41 | 42 | ## II. Security response team 43 | 44 | - luigi1111 45 | - moneromooo 46 | 47 | ## III. Incident response 48 | 49 | 1. Researcher submits report via one or both of two methods: 50 | - a. PGP encrypted Email (use the appropriate fingerprints [listed in section I](#i-points-of-contact-for-security-issues) or as included in the Monero repo in `utils/gpg_keys/`) 51 | - b. [HackerOne](https://hackerone.com/monero) 52 | 53 | 2. Response Team designates a Response Manager who is in charge of the particular report based on availability and/or knowledge-set 54 | 55 | 3. In no more than 3 working days, Response Team should gratefully respond to researcher using only encrypted, secure channels 56 | 57 | 4. Response Manager makes inquiries to satisfy any needed information to confirm if submission is indeed a vulnerability 58 | - a. If submission proves to be vulnerable with PoC code / exploit, proceed to next step 59 | - b. If not vulnerable: 60 | - i. Response Manager responds with reasons why submission is not a vulnerability 61 | - ii. Response Manager moves discussion to a new or existing ticket on GitHub if necessary 62 | 63 | 5. If over email, Response Manager opens a HackerOne issue for new submission 64 | 65 | 6. Define severity: 66 | - a. Establish severity of vulnerability: 67 | - i. HIGH: impacts network as a whole, has potential to break entire monero network, results in the loss of monero, or is on a scale of great catastrophe 68 | - ii. MEDIUM: impacts individual nodes, routers, wallets, or must be carefully exploited 69 | - iii. LOW: is not easily exploitable or is low impact 70 | - b. If there are any disputes regarding bug severity, the Monero Response team will ultimately define bug severity 71 | - c. Since a systematic DoS hunt has not been completed on any code, DoS's which do not crash a node remotely will receive a lower bounty reward 72 | 73 | 7. Respond according to the severity of the vulnerability: 74 | - a. HIGH severities will be notified via at least one public communications platform (mailing list, reddit, website, or other) within 3 working days of patch release 75 | - i. The notification should list appropriate steps for users to take, if any 76 | - ii. The notification must not include any details that could suggest an exploitation path 77 | - iii. The latter takes precedence over the former 78 | - b. MEDIUM and HIGH severities will require a Point Release 79 | - c. LOW severities will be addressed in the next Regular Release 80 | 81 | 8. Response Team applies appropriate patch(es) 82 | - a. Response Manager designates a PRIVATE git "hotfix branch" to work in 83 | - b. Patches are reviewed with the researcher 84 | - c. Any messages associated with PUBLIC commits during the time of review should not make reference to the security nature of the PRIVATE branch or its commits 85 | - d. Vulnerability announcement is drafted 86 | - i. Include the severity of the vulnerability 87 | - ii. Include all vulnerable systems/apps/code 88 | - iii. Include solutions (if any) if patch cannot be applied 89 | - e. Release date is discussed 90 | 91 | 9. At release date, Response Team coordinates with developers to finalize update: 92 | - a. Response Manager propagates the "hotfix branch" to trunk 93 | - b. Response Manager includes vulnerability announcement draft in release notes 94 | - c. Proceed with the Point or Regular Release 95 | 96 | ## IV. Post-release disclosure process 97 | 98 | 1. Response Team has 90 days to fulfill all points within section III 99 | 100 | 2. If the Incident Response process in section III is successfully completed: 101 | - a. Researcher decides whether or not to opt out of receiving name/handle/organization credit. By default, the researcher will receive name/handle/organization credit. 102 | - i. If bounty is applicable, release bounty to the researcher as defined in section "Bounty Distribution" 103 | - b. Finalize vulnerability announcement draft and include the following: 104 | - i. Project name and URL 105 | - ii. Versions known to be affected 106 | - iii. Versions known to be not affected (for example, the vulnerable code was introduced in a recent version, and older versions are therefore unaffected) 107 | - iv. Versions not checked 108 | - v. Type of vulnerability and its impact 109 | - vi. If already obtained or applicable, a CVE-ID 110 | - vii. The planned, coordinated release date 111 | - viii. Mitigating factors (for example, the vulnerability is only exposed in uncommon, non-default configurations) 112 | - ix. Workarounds (configuration changes users can make to reduce their exposure to the vulnerability) 113 | - x. If applicable, credits to the original reporter 114 | - c. Release finalized vulnerability announcement on public communications platform (mailing list, reddit, website, or other) 115 | - d. For HIGH severities, release finalized vulnerability announcement on well-known mailing lists: 116 | - i. oss-security@lists.openwall.com 117 | - ii. bugtraq@securityfocus.com 118 | - e. If applicable, developers request a CVE-ID 119 | - i. The commit that applied the fix is made reference too in a future commit and includes a CVE-ID 120 | 121 | 3. If the Incident Response process in section III is *not* successfully completed: 122 | - a. Response Team and developers organize an IRC meeting to discuss why/what points in section III were not resolved and how the team can resolve them in the future 123 | - b. Any developer meetings immediately following the incident should include points made in section V 124 | - c. If disputes arise about whether or when to disclose information about a vulnerability, the Response Team will publicly discuss the issue via IRC and attempt to reach consensus 125 | - d. If consensus on a timely disclosure is not met (no later than 90 days), the researcher (after 90 days) has every right to expose the vulnerability to the public 126 | 127 | ## V. Bounty distribution 128 | 129 | - XMR for vulnerability-related bounties are solely contributed by community donators and escrowed by unpaid volunteers. Total availability of XMR contributed for bounties can be tracked [here](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone). XMR market values can be found at the various exchanges. See also [Cryptowatch](https://cryptowat.ch/) and [Live Coin Watch](https://www.livecoinwatch.com/). 130 | - As reports come in and payouts are made, the total bounty supply shrinks. This gives incentive for bug hunters to report bugs a.s.a.p. 131 | - The following percentages apply to available XMR bounty (severity is defined above in section III. 6.): 132 | 1. 10% reserved for LOW severity bugs 133 | 2. 30% reserved for MEDIUM severity bugs 134 | 3. 60% for HIGH severity bugs 135 | - Each bug will at most receive 10% of each category. Example: 10% of 60% for a HIGH severity bug. 136 | 137 | ## VI. Incident analysis 138 | 139 | 1. Isolate codebase 140 | - a. Response Team and developers should coordinate to work on the following: 141 | - i. Problematic implementation of classes/libraries/functions, etc. 142 | - ii. Focus on apps/distro packaging, etc. 143 | - iii. Operator/config error, etc. 144 | 145 | 2. Auditing 146 | - a. Response Team and developers should coordinate to work on the following: 147 | - i. Auditing of problem area(s) as discussed in point 1 148 | - ii. Generate internal reports and store for future reference 149 | - iii. If results are not sensitive, share with the public via IRC or GitHub 150 | 151 | 3. Response Team has 45 days following completion of section III to ensure completion of section V 152 | 153 | ## VII. Resolutions 154 | 155 | Any further questions or resolutions regarding the incident(s) between the researcher and response + development team after public disclosure can be addressed via the following: 156 | 157 | - IRC on libera.chat 158 | - `#monero-dev` 159 | - [GitHub](https://github.com/monero-project/monero/issues/) 160 | - [Monero (CLI)](https://github.com/monero-project/monero/issues/) 161 | - [Monero (GUI)](https://github.com/monero-project/monero-core/issues/) 162 | - [Monero (Website)](https://github.com/monero-project/monero-site/issues/) 163 | - [HackerOne](https://hackerone.com/monero) 164 | - [Reddit /r/Monero](https://reddit.com/r/Monero/) 165 | - Email 166 | 167 | ## VIII. Continuous improvement 168 | 169 | 1. Response Team and developers should hold annual meetings to review the previous year's incidents 170 | 171 | 2. Response Team or designated person(s) should give a brief presentation, including: 172 | - a. Areas of Monero affected by the incidents 173 | - b. Any network downtime or monetary cost (if any) of the incidents 174 | - c. Ways in which the incidents could have been avoided (if any) 175 | - d. How effective this process was in dealing with the incidents 176 | 177 | 3. After the presentation, Response Team and developers should discuss: 178 | - a. Potential changes to development processes to reduce future incidents 179 | - b. Potential changes to this process to improve future responses 180 | -------------------------------------------------------------------------------- /api/lightwallet_rest.md: -------------------------------------------------------------------------------- 1 | # Lightwallet API 2 | This document describes a reference standard specification for the Monero 3 | lightwallet server/client API. It’s implemented by OpenMonero, MyMonero, and 4 | the official Monero project, and is maintained with the purpose of organizing 5 | and recording the consensus of Monero lightwallet API projects, and to support 6 | alternate implementations. 7 | 8 | Modifications to this specification should only be made with consensus of the 9 | projects which participate by implementing the specification. 10 | 11 | ## Encoding Schemes 12 | ### JSON 13 | JSON is the original and required encoding scheme used for the API. Binary 14 | values (public keys, hashes, etc) are sent as an ascii-hex string. Some 15 | integers, that may exceed 2^53, are sent as strings. This is to due to the 16 | limitation within Javascript where all integers are double floating point 17 | values. 18 | 19 | ## Transport Layers 20 | ### HTTP-REST 21 | When calling an API method, the client must use HTTP POST to a path with the 22 | method name. As an example, to invoke the `get_address_txs` method, the client 23 | sends a POST message to `/get_address_txs` where the body contains the JSON 24 | request object associated with that method name. If the requested method does 25 | not exist, a HTTP 404 "Not Found" error must be returned. If the request type 26 | is not POST, the server shall return a HTTP 405 "Method Not Allowed" error. If 27 | the server is unable to complete a request temporarily due to load, then the 28 | server shall return a HTTP 503 "Service Unavailable" error to indicate to the 29 | client that the request may be serviceable later. 30 | 31 | Servers must support the JSON encoding scheme. The client must send the HTTP 32 | field `Content-Type: application/json`; if the server is not provided that 33 | content type from the client then the server shall respond with a HTTP 415 34 | "Unsupported Media Type" error. 35 | 36 | This transport layer does not use HTTP authentication, and instead uses the 37 | `view_key` field for authorization. Documentation for a specific method will 38 | indicate whether `view_key` is required. When it is not necessary, anyone can 39 | invoke the method. 40 | 41 | ## Schema 42 | The ascii name of the field is used as a key in JSON encoding. If a field has 43 | a `*` indicator, that means the field is optional. If `*` is used next to the 44 | type, the value can be "null" or a value valid according to the type. 45 | 46 | ### Types 47 | **binary** 48 | 49 | A hex-ascii string in JSON. This is generally some irreducible cryptographic 50 | concept - a public key or hash. 51 | 52 | **base58-address** 53 | 54 | A standard Monero public address encoded as a string in JSON. 55 | 56 | **output** object 57 | 58 | Information needed to spend an output. 59 | 60 | | Field | Type | Description | 61 | |------------------|---------------------------|-------------------------------| 62 | | tx_id | `uint64` | Index of tx in blockchain | 63 | | amount | `uint64-string` | XMR value of output | 64 | | index | `uint16` | Index within vout vector | 65 | | global_index | `uint64-string` | Index within amount | 66 | | rct | `binary` | Bytes of ringct data | 67 | | tx_hash | `binary` | Bytes of tx hash | 68 | | tx_prefix_hash | `binary` | Bytes of tx prefix hash | 69 | | public_key | `binary` | Bytes of output public key | 70 | | tx_pub_key | `binary` | Bytes of the tx public key | 71 | | spend_key_images | array of `binary` objects | Bytes of key images | 72 | | timestamp | `timestamp` | Timestamp of containing block | 73 | | height | `uint64` | Containing block height | 74 | 75 | > `tx_id` is determined by the monero daemon. It is the offset that a 76 | > transaction appears in the blockchain from the genesis block. 77 | 78 | > `global_index` is determined by the monero daemon. It is the offset from the 79 | > first time the amount appeared in the blockchain. After ringct, this is the 80 | > order of outputs as they appear in the blockchain. 81 | 82 | > `tx_hash` and `tx_prefix_hash` are determined by how `monerod` computes the 83 | > hash. 84 | 85 | > `rct` is, for ringct outputs, a 96-byte blob containing the concatenation 86 | > of the public commitment, then the ringct mask value, and finally the 87 | > ringct amount value. For ringct coinbase outputs, the mask is always the 88 | > identity mask and the amount is zero; for non-coinbase ringct outputs, the 89 | > mask and amount are the respective raw encrypted values, which must be 90 | > decrypted by the client using the view secret key. For non-ringct outputs, 91 | > this field is nil. 92 | 93 | **rates** object 94 | 95 | | Field | Type | Description | 96 | |-------|-----------|-----------------------| 97 | | AUD * | `float32` | AUD/XMR exchange rate | 98 | | BRL * | `float32` | BRL/XMR exchange rate | 99 | | BTC * | `float32` | BTC/XMR exchange rate | 100 | | CAD * | `float32` | CAD/XMR exchange rate | 101 | | CHF * | `float32` | CHF/XMR exchange rate | 102 | | CNY * | `float32` | CNY/XMR exchange rate | 103 | | EUR * | `float32` | EUR/XMR exchange rate | 104 | | GBP * | `float32` | GBP/XMR exchange rate | 105 | | HKD * | `float32` | HKD/XMR exchange rate | 106 | | INR * | `float32` | INR/XMR exchange rate | 107 | | JPY * | `float32` | JPY/XMR exchange rate | 108 | | KRW * | `float32` | KRW/XMR exhcnage rate | 109 | | MXN * | `float32` | MXN/XMR exchange rate | 110 | | NOK * | `float32` | NOK/XMR exchange rate | 111 | | NZD * | `float32` | NZD/XMR exchange rate | 112 | | SEK * | `float32` | SEK/XMR exchange rate | 113 | | SGD * | `float32` | SGD/XMR exchange rate | 114 | | TRY * | `float32` | TRY/XMR exchange rate | 115 | | USD * | `float32` | USD/XMR exchange rate | 116 | | RUB * | `float32` | RUB/XMR exchange rate | 117 | | ZAR * | `float32` | ZAR/XMR exchange rate | 118 | 119 | > If an exchange rate is unavailable, the server field shall omit the field 120 | > from the JSON object. 121 | 122 | **spend** object 123 | 124 | | Field | Type | Description | 125 | |------------|-----------------|----------------------------| 126 | | amount | `uint64-string` | XMR possibly being spent | 127 | | key_image | `binary` | Bytes of the key image | 128 | | tx_pub_key | `binary` | Bytes of the tx public key | 129 | | out_index | `uint16` | Index of source output | 130 | | mixin | `uint32` | Mixin of the spend | 131 | 132 | > `out_index` is a zero-based offset from the original received output. The 133 | > variable within the monero codebase is the `vout` array, this is the index 134 | > within that. It is needed for correct computation of the `key_image`. 135 | 136 | > `mixin` does not include the real spend - this is the number of dummy inputs. 137 | 138 | **timestamp** 139 | 140 | A string in JSON. The string format is "YYYY-HH-MM-SS.0-00:00". Monero 141 | blockchain timestamps do not have sub-seconds. 142 | 143 | **transaction** object 144 | 145 | | Field | Type | Description | 146 | |----------------|--------------------------|---------------------------| 147 | | id | `uint64` | Index of tx in blockchain | 148 | | hash | `binary` | Bytes of tx hash | 149 | | timestamp * | `timestamp` | Timestamp of block | 150 | | total_received | `uint64-string` | Total XMR received | 151 | | total_sent | `uint64-string` | XMR possibly being spent | 152 | | unlock_time | `uint64` | Tx unlock time field | 153 | | height * | `uint64` | Block height | 154 | | spent_outputs | array of `spend` objects | List of possible spends | 155 | | payment_id * | `binary` | Bytes of tx payment id | 156 | | coinbase | `boolean` | True if tx is coinbase | 157 | | mempool | `boolean` | True if tx is in mempool | 158 | | mixin | `uint32` | Mixin of the receive | 159 | 160 | > `id` is determined by the monero daemon. It is the offset that a 161 | > transaction appears in the blockchain from the genesis block. 162 | 163 | > `timestamp` and `height` are not sent when `mempool` is true. 164 | 165 | > `hash` is determined by how the monero core computes the hash. 166 | 167 | > `spent_outputs` is the list of possible spends in _this_ transaction only. 168 | 169 | > `payment_id` is omitted if the transaction had none. It is decrypted when the 170 | > encrypted form is used. The decryption may be incorrect - if the transaction 171 | > was TO another address, then this will be random bytes. This happens 172 | > frequently with outgoing payment ids; the received XMR in the transaction is 173 | > change and the payment id is for the real recipient. 174 | 175 | > `mixin` does not include the real spend - this is the number of dummy inputs. 176 | 177 | **uint16** / **uint32** / **uint64** 178 | 179 | Sent as a standard decimal encoded number in JSON. The JSON decoder must reject 180 | number values that exceed the specified bit-width. 181 | 182 | **uint64-string** 183 | 184 | A uint64 encoded as a decimal string value in JSON. Used when a value may 185 | exceed 2^53 - all numbers are 64-bit floats in JavaScript. 186 | 187 | **random_output** object 188 | 189 | | Field | Type | Description | 190 | |--------------|-----------------|------------------------------------| 191 | | global_index | `uint64-string` | Index within amount | 192 | | public_key | `bytes` | Bytes of output public key | 193 | | rct | `bytes` | Bytes containing ringct commitment | 194 | 195 | > `global_index` is determined by the monero daemon. It is the offset from the 196 | > first time the amount appeared in the blockchain. After ringct, this is the 197 | > order of outputs as they appear in the blockchain. 198 | 199 | **random_outputs** object 200 | 201 | Randomly selected outputs for use in a ring signature. 202 | 203 | | Field | Type | Description | 204 | |-----------|----------------------------------|-------------------------| 205 | | amount | `uint64-string` | XMR amount, 0 if ringct | 206 | | outputs * | array of `random_output` objects | Selected outputs | 207 | 208 | > `outputs` is omitted by the server if the `amount` does not have enough 209 | > mixable outputs. 210 | 211 | ### Methods 212 | #### `get_address_info` 213 | Returns the minimal set of information needed to calculate a wallet balance. 214 | The server cannot calculate when a spend occurs without the spend key, so a 215 | list of candidate spends is returned. 216 | 217 | **Request** object 218 | 219 | | Field | Type | Description | 220 | |-----------|------------------|---------------------------------------| 221 | | address | `base58-address` | Address to retrieve | 222 | | view_key | `binary` | View key bytes for authorization | 223 | 224 | > If `address` is not authorized, the server must return a HTTP 403 225 | > "Forbidden" error. 226 | 227 | **Response** object 228 | 229 | | Field | Type | Description | 230 | |----------------------|--------------------------|---------------------------| 231 | | locked_funds | `uint64-string` | Sum of unspendable XMR | 232 | | total_received | `uint64-string` | Sum of received XMR | 233 | | total_sent | `uint64-string` | Sum of possibly spent XMR | 234 | | scanned_height | `uint64` | Current tx scan progress | 235 | | scanned_block_height | `uint64` | Current scan progress | 236 | | start_height | `uint64` | Start height of response | 237 | | transaction_height | `uint64` | Total txes sent in Monero | 238 | | blockchain_height | `uint64` | Current blockchain height | 239 | | spent_outputs | array of `spend` objects | Possible spend info | 240 | | rates * | `rates` | Current exchange rates | 241 | 242 | > `rates` is omitted if unavailable. 243 | 244 | #### `get_address_txs` 245 | Returns information needed to show transaction history. The server cannot 246 | calculate when a spend occurs without the spend key, so a list of candidate 247 | spends is returned. 248 | 249 | **Request** object 250 | 251 | | Field | Type | Description | 252 | |----------|------------------|---------------------------------------| 253 | | address | `base58-address` | Address to retrieve | 254 | | view_key | `binary` | View key bytes for authorization | 255 | 256 | > If `address` is not authorized, the server must return a HTTP 403 257 | > "Forbidden" error. 258 | 259 | **Response** object 260 | 261 | | Field | Type | Description | 262 | |----------------------|--------------------------------|---------------------------| 263 | | total_received | `uint64-string` | Sum of received outputs | 264 | | scanned_height | `uint64` | Current tx scan progress | 265 | | scanned_block_height | `uint64` | Current scan progress | 266 | | start_height | `uint64` | Start height of response | 267 | | blockchain_height | `uint64` | Current blockchain height | 268 | | transactions | array of `transaction` objects | Possible spend info | 269 | 270 | #### `get_random_outs` 271 | Selects random outputs to use in a ring signature of a new transaction. If the 272 | `amount` is `0` then the `monerod` RPC `get_output_distribution` should be used 273 | to locally select outputs using a gamma distribution as described in "An 274 | Empirical Analysis of Traceability in the Monero Blockchain". If the `amount` 275 | is not `0`, then the `monerod` RPC `get_output_histogram` should be used to 276 | locally select outputs using a triangular distribution 277 | (`uint64_t dummy_out = histogram.total * sqrt(float64(random_uint53) / float64(2^53))`). 278 | 279 | **Request** object 280 | 281 | | Field | Type | Description | 282 | |------------|----------------------------------|----------------------------------| 283 | | count | `uint32` | Mixin (name is historical) | 284 | | amounts | array of `uint64-string` objects | XMR amounts that need mixing | 285 | 286 | > Clients must use amount `0` when computing a ringct output. 287 | 288 | > If clients are creating multiple rings with the same amount, they must set 289 | > `count` to the mixin level and add the value to `amounts` multiple times. 290 | > Server must respond to each value in `amounts`, even if the value appears 291 | > multiple times. 292 | 293 | **Response** object 294 | 295 | | Field | Type | Description | 296 | |-------------|----------------------------------|----------------------------------| 297 | | amount_outs | array of `random_output` objects | Dummy outputs for each `amounts` | 298 | 299 | > If there are not enough outputs to mix for a specific amount, the server 300 | > shall omit the `outputs` field in `amount_outs`. 301 | 302 | #### `get_unspent_outs` 303 | Returns a list of received outputs. The client must determine when the output 304 | was actually spent. 305 | 306 | **Request** object 307 | 308 | | Field | Type | Description | 309 | |------------------|------------------|----------------------------------| 310 | | address | `base58-address` | Address to create/probe | 311 | | view_key | `binary` | View key bytes | 312 | | amount | `uint64-string` | XMR send amount | 313 | | mixin | `uint32` | Minimum mixin for source output | 314 | | use_dust | `boolean` | Return all available outputs | 315 | | dust_threshold * | `uint64-string` | Ignore outputs below this amount | 316 | 317 | > If the total received outputs for the address is less than `amount`, the 318 | > server shall return a HTTP 400 "Bad Request" error code. 319 | 320 | **Response** object 321 | 322 | | Field | Type | Description | 323 | |--------------|---------------------------|-----------------------------------------| 324 | | per_byte_fee | `uint64-string` | Estimated network fee | 325 | | fee_mask | `uint64-string` | Fee quantization mask | 326 | | amount | `uint64-string` | The total value in outputs | 327 | | outputs | array of `output` objects | Outputs possibly available for spending | 328 | 329 | #### `import_request` 330 | Request an account scan from the genesis block. 331 | 332 | **Request** object 333 | 334 | | Field | Type | Description | 335 | |----------|------------------|-------------------------| 336 | | address | `base58-address` | Address to create/probe | 337 | | view_key | `binary` | View key bytes | 338 | 339 | **Response** object 340 | 341 | | Field | Type | Description | 342 | |--------------------|------------------|----------------------------------| 343 | | payment_address * | `base58-address` | Payment location | 344 | | payment_id * | `binary` | Bytes for payment_id tx field | 345 | | import_fee * | `uint64-string` | Fee required to complete request | 346 | | new_request | `boolean` | New or existing request | 347 | | request_fulfilled | `boolean` | Indicates success | 348 | | status | `string` | Custom message | 349 | 350 | > `payment_id`, `import_fee`, and `payment_address` may be omitted if the 351 | > client does not need to send XMR to complete the request. 352 | 353 | #### `login` 354 | Check for the existence of an account or create a new one. 355 | 356 | **Request** object 357 | 358 | | Field | Type | Description | 359 | |-------------------|------------------|----------------------------------| 360 | | address | `base58-address` | Address to create/probe | 361 | | view_key | `binary` | View key bytes | 362 | | create_account | `boolean` | Try to create new account | 363 | | generated_locally | `boolean` | Indicate that the address is new | 364 | 365 | > The view key bytes are required even if an account is not being created, to 366 | > prevent metadata leakage. 367 | 368 | > If the server does not allow account creations, HTTP 501 "Not Implemented" 369 | > error must be returned. 370 | 371 | > If approval process is manual, a successful HTTP 200 OK and response object 372 | > must be returned. Subsequent requests shall be HTTP 403 "Forbidden" until 373 | > account is approved. 374 | 375 | **Response** object 376 | 377 | | Field | Type | Description | 378 | |---------------------|-----------|------------------------------------| 379 | | new_address | `boolean` | Whether account was just created | 380 | | generated_locally * | `boolean` | Flag from initial account creation | 381 | | start_height * | `uint64` | Account scanning start block | 382 | 383 | #### `submit_raw_tx` 384 | Submit raw transaction to be relayed to monero network. 385 | 386 | **Request** object 387 | 388 | | Field | Type | Description | 389 | |-------|----------|-----------------------------------------------------------| 390 | | tx | `binary` | Raw transaction bytes, in format used by daemon p2p comms | 391 | 392 | > This format is tricky unfortunately, it is custom to the monero daemon. The 393 | > internal code of `monerod` must be read to determine this format currently. 394 | 395 | **Response** object 396 | 397 | | Field | Type | Description | 398 | |--------|----------|-----------------| 399 | | status | `string` | Status of relay | 400 | 401 | > `status` is typically the response by the monero daemon attempting to relay 402 | > the transaction. 403 | -------------------------------------------------------------------------------- /bitcointalk/original-post: -------------------------------------------------------------------------------- 1 | [center] 2 | [size=14pt][b][size=20pt]›››[/size] [url=http://downloads.getmonero.org/win64]Windows 64-bit[/url] • [url=http://downloads.getmonero.org/mac]OS X[/url] • [url=http://downloads.getmonero.org/linux]Linux[/url] • [url=http://downloads.getmonero.org/freebsd]FreeBSD[/url] •  [url=https://github.com/monero-project/bitmonero]Source code[/url] [size=20pt]‹‹‹[/size][/b][/size] 3 | 4 | [center][size=12pt]We are [url=https://plus.google.com/+DavidLatapie/posts/9PxC9Xb5uzg]moving away from Bitcointalk[/url]. For latest information, check out [url=https://forum.getmonero.org/1/news-announcements-and-editorials]News, announcements and editorials[/url] on the [url=https://forum.getmonero.org/]official forum[/url][/size][/center] 5 | 6 | [IMG]http://i59.tinypic.com/59u1yg.png[/img] 7 | [url=http://www.getmonero.org/][b]Website: getmonero.org[/b][/url] 8 | [url=https://forum.getmonero.org]Official Forum: forum.getmonero.org[/url] 9 | 10 | [url=https://bitcointalk.org/index.php?topic=597878]Monero Economy[/url]  •  [url=https://bitcointalk.org/index.php?topic=652305]Monero Support[/url]* •  [url=https://bitcointalk.org/index.php?topic=653467]Monero Mining[/url]  •  [url=https://bitcointalk.org/index.php?topic=753252]Monero Speculation[/url]*  •  [url=https://bitcointalk.org/index.php?topic=696620]Monero Dev[/url]*  •  [url=https://bitcointalk.org/index.php?topic=716331]Monero large OTC[/url] 11 | [i]* self-moderated[/i] 12 | 13 | #monero  •  #monero-dev  •  #monero-otc  •  #monero-markets  •  #monero-pools  •  QQ Group: 272729907 14 | [i](Freenode)[/i] 15 | 16 | [url=https://twitter.com/monerocurrency][img]http://i.imgur.com/YEDcjbV.png[/img][/url] [url=http://www.reddit.com/r/monero][img]http://i.imgur.com/xVEG9un.png[/img][/url] [url=https://www.facebook.com/monerocurrency][img]http://i.imgur.com/6Y4lJbg.png[/img][/url] [url=https://plus.google.com/101861896996947433029/posts][img]http://i.imgur.com/VY867Q0.png[/img][/url] 17 | [/center] 18 | 19 | Monero (XMR) is a privacy-focused cryptocurrency that is not based on Bitcoin's code. 20 | 21 | Monero aims to be a fungible and untraceable digital medium of exchange. It intrinsically has a higher degree of privacy than Bitcoin or any of its various forks. It was launched on April 18, 2014 (preannounced and no premine/ICO/etc.). 22 | 23 | The official core team members are (in no particular order) - Riccardo "fluffypony" Spagni, luigi1111, NoodleDoodle, smooth, tacotime, Franciso "ArticMine" Cabañas, othe 24 | 25 | [size=12pt][b]Announcements[/b][/size] 26 | Please visit [url=https://forum.getmonero.org/1/news-announcements-and-editorials]News, announcements and editorials[/url] on the Monero Forum for the latest news. 27 | Visit our [url=http://monero.stackexchange.com/]StackExchange[/url] site, where you can ask, answer, and view technical questions! 28 | 29 | [size=12pt][b]Features[/b][/size] 30 | 31 | [list] 32 | [li]Untraceable payments[/li] 33 | [li]Unlinkable transactions[/li] 34 | [li]Blockchain analysis resistance[/li] 35 | [li]Adaptive parameters[/li] 36 | [/list] 37 | 38 | [size=12pt][b]Academic and Theory[/b][/size] 39 | 40 | Monero's functionality is backed up by academic research and cryptographically proven schemes. Much of this research is done by the Monero Research Lab. Since Monero was initially based on the CryptoNote protocol, the CryptoNote whitepaper is also an invaluable reference for validating Monero's unlinkability and untraceability claims. 41 | 42 | [list] 43 | [li][url=https://cryptonote.org/whitepaper.pdf]The CryptoNote Whitepaper[/url][/li] 44 | [li][url=http://downloads.getmonero.org/whitepaper_review.pdf]Initial Review of the CryptoNote Whitepaper[/url][/li] 45 | [li][url=https://lab.getmonero.org/pubs/MRL-0001.pdf]MRL-0001: A Note on Chain Reactions in Traceability in CryptoNote 2.0[/url][/li] 46 | [li][url=https://lab.getmonero.org/pubs/MRL-0002.pdf]MRL-0002: Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol[/url][/li] 47 | [li][url=https://lab.getmonero.org/pubs/MRL-0003.pdf]MRL-0003: Monero is Not That Mysterious[/url][/li] 48 | [li][url=https://lab.getmonero.org/pubs/MRL-0004.pdf]MRL-0004: Improving Obfuscation in the CryptoNote Protocol[/url][/li] 49 | [li][url=https://lab.getmonero.org/pubs/MRL-0005.pdf]MRL-0005: Ring Signature Confidential Transactions[/url][/li] 50 | [/list] 51 | 52 | [size=12pt][b]Specifications[/b][/size] 53 | 54 | [list] 55 | [li]PoW algorithm: CryptoNight [size=7pt][1][/size][/li] 56 | [li]Max supply: Infinite (see note below) [size=7pt][2][/size][/li] 57 | [li]Block reward: Smoothly varying [size=7pt][3][/size][/li] 58 | [li]Block time: 120 seconds[/li] 59 | [li]Difficulty: Retargets at every block[/li] 60 | [/list] 61 | 62 | [size=7pt][1][/size] CPU + GPU mining (about 1:1 performance for now). Memory-bound by design using AES encryption and several SHA-3 candidates. 63 | [size=7pt][2][/size] Initial number of atomic units is M = 2[sup]64[/sup] - 1. However, once the block reward reaches 0.3 XMR per minute (sometime in 2022) that is treated as the minimum subsidy, which means that Monero's total emission will forever increase by ~157680 XMR annually. 64 | [size=7pt][3][/size] Uses a recurrence relation. Block reward = (M - A) * 2[sup]-20[/sup] * 10[sup]-12[/sup], where A = current circulation. Roughly 86% mined in 4 years (see [url=http://i.imgur.com/lDqIdyd.png]graph[/url]). 65 | 66 | 67 | [size=14pt][b]Official downloads and links[/b][/size] 68 | 69 | [url=http://getmonero.org/getting-started][size=12pt][b]Getting Started[/b][/url] - Follow the guide to set up the software and start mining. 70 | 71 | [url=https://forum.getmonero.org]Official forum[/url] 72 | 73 | [size=12pt][b]Source and binaries[/b][/size] 74 | [i]Also see below for optional GUI.[/i] 75 | 76 | Latest release: 0.10.1.0 [i]Wolfram Warptangent[i] 77 | 78 | [list] 79 | [li][url=https://github.com/monero-project/monero][b]Source code[/b][/url][/li] 80 | [li][url=http://downloads.getmonero.org/win64]Windows, 64-bit (downloads.getmonero.org/win64)[/url] - SHA256: 727a53dd154b61fd653f81da27788077fdf519301c81d3c1eb033c1ff2bf97c6[/li] 81 | [li][url=http://downloads.getmonero.org/win64]Windows, 32-bit (downloads.getmonero.org/win32)[/url] - SHA256: ce77137b33bcaeb59273cb73b86e426e35e6209fb52a7e74fd9432a5a3018041[/li] 82 | [li][url=http://downloads.getmonero.org/mac]OS X, 64-bit (downloads.getmonero.org/mac64)[/url] - SHA256: 447cebae257864b3706a8622f495bfd9fae780a6b277e1e31ac83bef7bc855c6[/li] 83 | [li][url=http://downloads.getmonero.org/linux]Linux, 64-bit (downloads.getmonero.org/linux64)[/url] - SHA256: bf09eea27c957e7e2bdd62dac250888b301d4d25abe18d4a5b930fa7477708c7[/li] 84 | [li][url=http://downloads.getmonero.org/linux]Linux, 32-bit (downloads.getmonero.org/linux32)[/url] - SHA256: 9a18d274970df85d6bc926dc99407959c680c36f19017996be9c758f6c02cf06[/li] 85 | [li][url=http://downloads.getmonero.org/arm]ARMv7 (downloads.getmonero.org/arm)[/url] - SHA256: 57221605997a3cd815f2a9689486abbdb124263fff047ca61068900eb7cb1839[/li] 86 | [li][url=http://downloads.getmonero.org/arm]FreeBSD 64-bit (downloads.getmonero.org/freebsd64)[/url] - SHA256: 3858d4786b65a37e981b142e9c0f256ac66662314794d05f595c4c30cb5b6ddb[/li] 87 | [/list] 88 | 89 | [size=12pt][b]Donations for general development[/b][/size] 90 | 91 | [b]XMR:[/b] [code] 92 | address (OpenAlias) donate.getmonero.org 93 | address (full) 44AFFq5kSiGBoZ4NMDwYtN18obc8AemS33DBLWs3H7otXft3XjrpDtQGv7SqSsaBYBb98uNbr2VBBEt7f2wfn3RVGQBEP3A 94 | viewkey: f359631075708155cc3d92a32b75a7d02a5dcf27756707b47a2b31b21c389501[/code] 95 | 96 | [b]BTC:[/b] [code]1KTexdemPdxSBcG55heUuTjDRYqbC5ZL8H[/code] 97 | 98 | [url=https://bitcointalk.org/index.php?topic=700400]Monero Community Hall of Fame[/url] 99 | 100 | [size=12pt][b]Alternative Clients[/b][/size] 101 | 102 | Please visit: [url=http://getmonero.org/getting-started/choose]How to choose a Monero client[/url] 103 | 104 | [size=12pt][b]Miners[/b][/size] 105 | [list] 106 | [li]CPU, open source - [url=https://bitcointalk.org/index.php?topic=632724]Wolf`'s CPU miner[/url].[/li] 107 | [li]CPU, closed source - [url=https://mega.co.nz/#F!h0tkXSxZ!f62uoUXogkxQmP2xO8Ib-g]yvg1900 - Yam M8a Miner[/url] [i] New version - use at your own risk. [/i][/li] 108 | [li]GPU, open source - [url=https://bitcointalk.org/index.php?topic=656841.msg7487737#msg7487737]Tsiv Nvidia GPU Miner (based on ccminer)[/url] [i]Early in development - Thanks Tsiv![/i][/li] 109 | [li]GPU, closed source - [url=https://bitcointalk.org/index.php?topic=638915.0]Claymore AMD GPU miner[/url] - [i]Early in development - use at your own risk.[/i][/li] 110 | [/list] 111 | 112 | [size=12pt][b]Blockchain explorer[/b][/size] 113 | 114 | [list] 115 | [li][url=http://moneroblocks.info/]moneroblocks.info[/url][/li] 116 | [li][url=http://chainradar.com/xmr/blocks]chainradar[/url][/li] 117 | [/list] 118 | 119 | [size=12pt][b]Exchanges, Services, and Related Projects[/b][/size] 120 | 121 | Please visit [url=https://getmonero.org/getting-started/merchants]Merchants and services directory[/url] 122 | 123 | [size=12pt][b]Pools[/b][/size] 124 | 125 | For an up-to-date list of pools, go to [url=http://moneropools.com]http://moneropools.com[/url] 126 | 127 | [size=12pt][b]FAQ[/b][/size] 128 | For a longer FAQ, check [url=https://bitcointalk.org/index.php?topic=721045]Community FAQ[/url] 129 | 130 | [b]What is CryptoNote?[/b] 131 | CryptoNote is the technology that allows creation of privacy-centric cryptocurrencies. You can visit their website here. The level of anonymity provided by CryptoNote isn't possible with Bitcoin code base by design. Bytecoin (BCN) was the CryptoNote reference implementation, and XMR is based on BCN's code. 132 | 133 | Two of the main features of CryptoNote are ring signatures that mask sender identities by mixing and one-time keys that make transactions unlinkable. Their combined effect gives a high degree of anonymity without any extra effort on the part of the user. 134 | 135 | Unlike Bitcoin, your funds are not held in the address you give out to others. Instead, every time you receive a payment it goes to an unlinkable address generated with random numbers. When you decide to spend the funds in that one-time address, the amount will be broken down and the components will be indistinguishable from identical outputs in the blockchain. 136 | 137 | For example if 556.44 XMR are sent, the protocol will break it down into 500 + 50 + 6 + 0.4 + 0.04 and a ring signature will be performed with other 500's, 50's, 6's, 0.4's, and 0.04's in the blockchain. Unlike the "CoinJoin" mixing method, CryptoNote mixes outputs not transactions. This means no other senders need to be participating with you at the same time or with the same amounts. Any arbitrary amount sent at any time can always be rendered fundamentally indistinguishable (a mathematical proof is given in the white paper). 138 | 139 | The degree of anonymity is also a choice rather than decided by the protocol: do you want to be hidden as one among five or one among fifty? The size of the signature grows linearly as O(n+1) with the ambiguity so greater anonymity is paid for with higher fees to miners. 140 | 141 | Ring signatures are explained below. Reproduced from CryptoNote: 142 | 143 | A normal signature looks like this. There's only one participant, which allows one-to-one mapping. 144 | 145 | [img]http://i.imgur.com/dcbDq05.png[/img] 146 | 147 | A ring signature obscures identities because it only proves that a signer belongs to a group. 148 | 149 | [img]http://i.imgur.com/avTQPnT.png[/img] 150 | 151 | This allows a high level of anonymity in cryptocurrency transactions. You can think of it as decentralized and trustless mixing. 152 | 153 | [img]http://i.imgur.com/ioewLSY.png[/img] 154 | 155 | [b]How does this compare to other anonymous solutions?[/b] 156 | Ring signatures originate from the work of Rivest et al. in 2001 and the implementation in CryptoNote relies in particular on Fujisaki and Suzuki's work on traceable ring signatures. There are two other anonymity implementations currently available or in development. One is ZeroCoin/ZeroCash's use of zero-knowledge proofs. The others are based on gmaxwell's CoinJoin idea (such as mixing services for Bitcoin or the altcoin Darkcoin). 157 | 158 | [b]1. Comparison with ZeroCoin and ZKP-based approaches:[/b] 159 | You can read about ZeroCoin and zero-knowledge proofs (ZKP) here. The ZK environment allows an anonymity set that includes everyone in the network because the validity of an output can be proven without knowing the corresponding public key until it is spent. The largest risk is that this is recent research-level cryptography that hasn't been subjected to years of cryptanalysis, so exploits may emerge down the road. Ring signatures are much simpler and more mature, with many peer-reviewed papers published over more than a decade. 160 | 161 | Other issues with ZKP include the RSA private key used to initiate the accumulator, which must be trusted to be destroyed by the generating party. It also obscures the entire economy, not just sender/receiver identities. If the ZK system is compromised, then an attacker can continuously spend coins that don't exist using false proofs. This damage is hidden from everybody due to total blinding and consequently at any given time it's not possible to know if the network has already been compromised. There is a tradeoff between these inherent risks and the maximal anonymity set provided by ZKP. CryptoNote aims for a different balance through the dual layers of privacy provided by one-time keys and ring signatures. 162 | 163 | [b]2. Comparison with CoinJoin-based approaches:[/b] 164 | XMR is more qualitatively similar to mixing implementations like CoinJoin. The differences arise in the departure from the Bitcoin protocol, which allows XMR to use new cryptography to provide decentralized and trustless mixing of superior quality. The critical problem with mixing services is the need to trust the operators. As an example, blockchain.info's mixer gives the following disclaimer: "However if the server was compromised or under subpoena it could be force to keep logs. If this were to happen although you haven't gained any privacy you haven't lost any either." 165 | 166 | The CoinJoin-inspired Darkcoin performs mixing with selected "masternodes" since it still uses ordinary signatures that can be mapped one-to-one. The motivation is that a randomly selected node is less likely than a single service to exhibit bad faith (such as keeping logs) . In practice, a few VPS companies host the vast majority of nodes and this approach relies on the integrity and good behavior of these nodes. XMR's more fundamental cryptographic approach doesn't have these vulnerabilities and the quality of anonymity is much higher. 167 | 168 | XMR's ring signatures are also far more secure and convenient than CoinJoin because they mix outputs not transactions. This means a transaction doesn't involve waiting around for other senders to mix with. Nor is a user restricted to mixing only if others are sending the same amount. Arbitrary amounts can be sent at any time without anyone else's participation. This feature makes a timing analysis of the blockchain useless. 169 | 170 | [b]Overview of a transaction[/b] 171 | Bob decides to spend an output, which was sent to the one-time public key. He needs Extra [b](1)[/b], TxOutNumber [b](2)[/b], and his Account private key [b](3)[/b] to recover his one-time private key [b](4)[/b]. 172 | 173 | When sending a transaction to Carol, Bob generates its Extra value by random [b](5)[/b]. He uses Extra [b](6)[/b], TxOutNumber [b](7)[/b] and Carol's Account public key [b](8[/b][b])[/b] to get her Output public key [b](9)[/b]. 174 | 175 | In the input Bob hides the link to his output among the foreign keys [b](10)[/b]. To prevent double-spending he also packs the Key image, derived from his One-time private key [b](11)[/b]. 176 | 177 | Finally, Bob signs the transaction, using his One-time private key [b](12)[/b], all the public keys [b](13)[/b] and Key Image [b](14)[/b]. He appends the resulting Ring Signature to the end of the transaction [b](15)[/b]. 178 | 179 | [img]http://i.imgur.com/QFMVqRI.png[/img] 180 | 181 | [b]Translations[/b] 182 | 183 | [img]http://i.imgur.com/W5Dsaee.png[/img]   [url=https://bitcointalk.org/index.php?topic=604293][b][size=16pt]中文[/size][/b][/url]  (QQ Group: 272729907) 184 | 185 | [img]http://i.imgur.com/Ke1m6xC.png[/img]   [url=https://bitcointalk.org/index.php?topic=597225][b][size=12pt]Русский[/size][/b][/url] 186 | 187 | [img]http://i.imgur.com/jrOaucg.png[/img]   [url=https://bitcointalk.org/index.php?topic=563927][b][size=12pt]Português[/size][/b][/url] 188 | 189 | [img]http://i.imgur.com/JBYHU64.png[/img]   [url=https://bitcointalk.org/index.php?topic=583145][b][size=12pt]Français[/size][/b][/url] 190 | 191 | [img]http://i.imgur.com/zsveCPn.png[/img]   [url=https://bitcointalk.org/index.php?topic=622678][b][size=12pt]Español[/size][/b][/url] 192 | -------------------------------------------------------------------------------- /buildbot/master/commands/coveralls.py: -------------------------------------------------------------------------------- 1 | import re 2 | from buildbot.steps.shell import ShellCommand 3 | 4 | class CoverallsCommand(ShellCommand): 5 | command = ["coveralls", "-E", "'/usr/.*'", "-E", "'./CMakeFiles/.*'", "-e", "deps", "-e", "tests"] 6 | 7 | def createSummary(self, log): 8 | match = re.search(r"https://coveralls.io/jobs/([0-9]+)", log.getText(), re.MULTILINE) 9 | if match: 10 | self.addURL("coverage", match.group()) 11 | 12 | -------------------------------------------------------------------------------- /buildbot/master/master.cfg: -------------------------------------------------------------------------------- 1 | # -*- python -*- 2 | # ex: set syntax=python: 3 | 4 | import json 5 | from buildbot.changes.filter import ChangeFilter 6 | from buildbot.plugins import * 7 | 8 | c = BuildmasterConfig = {} 9 | 10 | # BUILDSLAVES 11 | 12 | secrets = json.load(open('secrets.json')) 13 | 14 | c['slaves'] = [ 15 | buildslave.BuildSlave('linux-amd64', secrets['linux-amd64'], 16 | max_builds=1, 17 | properties={'platform': 'linux-amd64'}), 18 | buildslave.BuildSlave('linux-i386', secrets['linux-i386'], 19 | max_builds=1, 20 | properties={'platform': 'linux-i686'}), 21 | buildslave.BuildSlave('freebsd64', secrets['freebsd64'], 22 | max_builds=1, 23 | properties={'platform': 'freebsd-amd64'}), 24 | buildslave.BuildSlave('arm7', secrets['arm7'], 25 | max_builds=1, 26 | properties={'platform': 'linux-armv7'}), 27 | buildslave.BuildSlave('arm8', secrets['arm8'], 28 | max_builds=1, 29 | properties={'platform': 'linux-armv8'}), 30 | buildslave.BuildSlave('win32', secrets['win32'], 31 | max_builds=1, 32 | properties={'platform': 'win32'}), 33 | buildslave.BuildSlave('win64', secrets['win64'], 34 | max_builds=1, 35 | properties={'platform': 'win64'}), 36 | buildslave.BuildSlave('osx-10.10', secrets['osx-10.10'], 37 | max_builds=1, 38 | properties={'platform': 'osx-10.10'}), 39 | buildslave.BuildSlave('osx-10.11', secrets['osx-10.11'], 40 | max_builds=1, 41 | properties={'platform': 'osx-10.11'}), 42 | buildslave.BuildSlave('osx-10.12', secrets['osx-10.12'], 43 | max_builds=1, 44 | properties={'platform': 'osx-10.12'}), 45 | buildslave.BuildSlave('dragonfly-4.6', secrets['dragonfly-4.6'], 46 | max_builds=1, 47 | properties={'platform': 'dragonfly-4.6'}), 48 | 49 | ] 50 | 51 | c['protocols'] = {'pb': {'port': 9989}} 52 | 53 | # CHANGESOURCES 54 | 55 | c['change_source'] = [] 56 | c['change_source'].append(changes.GitPoller( 57 | 'https://github.com/monero-project/monero.git', 58 | workdir='gitpoller-workdir', branch='master', 59 | pollinterval=400)) 60 | 61 | c['change_source'].append(changes.GitPoller( 62 | 'https://github.com/monero-project/monero-gui.git', 63 | workdir='gitpoller-workdir', branch='master', 64 | pollinterval=600)) 65 | 66 | c['change_source'].append(changes.GitPoller( 67 | 'https://github.com/monero-project/kovri.git', 68 | workdir='gitpoller-workdir', branch='master', 69 | pollinterval=400)) 70 | 71 | # 72 | 73 | def startCompile(change): 74 | '''Determine whether we want to start a compile pass based on the files that 75 | have changed. Only skip compile if ALL changes are in the ignore criteria. 76 | ''' 77 | compile = True 78 | for fn in change.files: 79 | # ignore all changes to gpg keys and markdown and text files 80 | if fn.endswith('.asc') or fn.endswith('.md') or fn.endswith('.txt') or fn.endswith('.conf'): 81 | compile = False 82 | # don't ignore changes to CMakeLists.txt files 83 | if re.match('CMakeLists.txt', fn): 84 | compile = True 85 | else: 86 | return True 87 | return compile 88 | 89 | ####### SCHEDULERS 90 | 91 | # Configure the Schedulers, which decide how to react to incoming changes. 92 | 93 | c['schedulers'] = [] 94 | from buildbot.plugins import schedulers 95 | 96 | c['schedulers'].append(schedulers.ForceScheduler( 97 | name='force', 98 | builderNames=['kovri-static-openbsd-amd64', 'kovri-all-openbsd-amd64', 'kovri-static-dragonflybsd-amd64', 'kovri-all-dragonflybsd-amd64', 'monero-snap','monero-core-android-armv7','monero-static-dragonflybsd-amd64','monero-static-netbsd-amd64','monero-static-openbsd-amd64','monero-android-armv7','kovri-static-win32','kovri-static-win64','kovri-static-freebsd64','kovri-static-osx','kovri-static-ubuntu-amd64','kovri-static-ubuntu-i686','kovri-static-ubuntu-arm7','kovri-static-debian-arm8','pigeons-testing','monero-tests-ubuntu-16.04-i686','monero-tests-windows-10-i686','monero-tests-freebsd-10.3-amd64','monero-tests-ubuntu-16.04-amd64','monero-tests-osx-10.11','monero-tests-osx-10.10','monero-tests-osx-10.12','monero-tests-ubuntu-16.04-armv7','monero-tests-debian-armv8','monero-tests-windows-10-amd64','monero-core-win32','monero-core-win64','monero-core-freebsd','monero-core-ubuntu-arm7','monero-core-debian-armv8','kovri-all-freebsd64','kovri-all-osx-10.12','kovri-all-osx-10.10','kovri-all-osx-10.11','kovri-all-ubuntu-arm7','kovri-all-ubuntu-i686','kovri-all-win32','kovri-all-win64','kovri-all-debian-arm8','kovri-all-ubuntu-amd64','monero-core-osx-10.12','monero-core-osx-10.11','monero-core-ubuntu-amd64','monero-core-ubuntu-i686','monero-static-osx-10.10','monero-static-osx-10.11','monero-static-win32','monero-static-win64','monero-static-ubuntu-amd64','monero-static-freebsd64','monero-static-ubuntu-arm7','monero-static-debian-armv8','monero-static-ubuntu-i686','monero-static-osx-10.12'])) 99 | 100 | c['schedulers'].append(schedulers.SingleBranchScheduler( 101 | name='monero PR builder', 102 | builderNames=['monero-static-dragonflybsd-amd64','monero-static-win32','monero-static-win64','monero-static-osx-10.10','monero-static-osx-10.11','monero-static-osx-10.12','monero-static-freebsd64','monero-static-debian-armv8','monero-static-ubuntu-arm7','monero-static-ubuntu-amd64','monero-static-ubuntu-i686'], 103 | change_filter=util.ChangeFilter(repository='https://github.com/monero-project/monero.git') 104 | )) 105 | 106 | c['schedulers'].append(schedulers.SingleBranchScheduler( 107 | name='monero-core PR builder', 108 | builderNames=['monero-core-freebsd','monero-core-osx-10.12','monero-core-osx-10.11','monero-core-ubuntu-i686','monero-core-ubuntu-amd64','monero-core-win32','monero-core-win64','monero-core-ubuntu-arm7','monero-core-debian-armv8'], 109 | change_filter=util.ChangeFilter(repository='https://github.com/monero-project/monero-gui.git') 110 | )) 111 | 112 | c['schedulers'].append(schedulers.SingleBranchScheduler( 113 | name='kovri PR builder', 114 | fileIsImportant=startCompile, 115 | builderNames=['kovri-all-dragonflybsd-amd64', 'kovri-all-win32','kovri-all-win64','kovri-all-freebsd64','kovri-all-osx-10.12','kovri-all-osx-10.10','kovri-all-osx-10.11','kovri-all-ubuntu-amd64','kovri-all-ubuntu-i686','kovri-all-ubuntu-arm7','kovri-all-debian-arm8'], 116 | change_filter=util.ChangeFilter(repository='https://github.com/monero-project/kovri.git') 117 | )) 118 | 119 | c['schedulers'].append(schedulers.Nightly( 120 | name='Kovri Nightly', 121 | branch='master', 122 | builderNames=['kovri-static-dragonflybsd-amd64','kovri-static-win32','kovri-static-win64','kovri-static-freebsd64','kovri-static-osx','kovri-static-ubuntu-amd64','kovri-static-ubuntu-i686','kovri-static-ubuntu-arm7','kovri-static-debian-arm8'], 123 | hour=6, 124 | minute=0, 125 | change_filter=util.ChangeFilter(repository='https://github.com/monero-project/kovri.git'), 126 | onlyIfChanged=False)) 127 | 128 | c['schedulers'].append(schedulers.Nightly( 129 | name='Tests', 130 | branch='master', 131 | builderNames=['monero-tests-ubuntu-16.04-i686','monero-tests-windows-10-amd64','monero-tests-ubuntu-16.04-armv7','monero-tests-windows-10-i686','monero-tests-freebsd-10.3-amd64','monero-tests-ubuntu-16.04-amd64','monero-tests-osx-10.11','monero-tests-osx-10.10','monero-tests-osx-10.12'], 132 | hour=5, 133 | minute=0, 134 | change_filter=util.ChangeFilter(repository='https://github.com/monero-project/monero.git'), 135 | onlyIfChanged=True)) 136 | 137 | c['schedulers'].append(schedulers.Nightly( 138 | name='Kovri Nightly', 139 | branch='master', 140 | builderNames=['kovri-static-dragonflybsd-amd64','kovri-static-win32','kovri-static-win64','kovri-static-freebsd64','kovri-static-osx','kovri-static-ubuntu-amd64','kovri-static-ubuntu-i686','kovri-static-ubuntu-arm7','kovri-static-debian-arm8'], 141 | hour=6, 142 | minute=0, 143 | change_filter=util.ChangeFilter(repository='https://github.com/monero-project/kovri.git'), 144 | onlyIfChanged=False)) 145 | 146 | c['schedulers'].append(schedulers.Nightly( 147 | name='Monero Nightly', 148 | branch='master', 149 | builderNames=['monero-static-dragonflybsd-amd64','monero-static-win32','monero-static-win64','monero-static-osx-10.10','monero-static-osx-10.11','monero-static-osx-10.12','monero-static-freebsd64','monero-static-debian-armv8','monero-static-ubuntu-arm7','monero-static-ubuntu-amd64','monero-static-ubuntu-i686'], 150 | hour=7, 151 | minute=0, 152 | change_filter=util.ChangeFilter(repository='https://github.com/monero-project/monero.git'), 153 | onlyIfChanged=False)) 154 | 155 | 156 | # thanks m-labs https://github.com/m-labs/buildbot-config/blob/master/master.cfg 157 | def addCoverallsUploadSteps(factory, repo_token): 158 | factory.addStep( 159 | CoverallsCommand( 160 | name = 'coveralls', 161 | description = 'uploading', 162 | descriptionDone = 'upload', 163 | descriptionSuffix = 'coveralls', 164 | flunkOnFailure = False, 165 | warnOnFailure = True, 166 | env = { 'COVERALLS_REPO_TOKEN': repo_token }, 167 | # Don't dump env variables potentially containing secret tokens 168 | logEnviron = False 169 | )) 170 | 171 | import re 172 | from commands import CoverallsCommand 173 | from buildbot.steps.shell import ShellCommand 174 | from buildbot.process.properties import WithProperties 175 | from buildbot.status.results import FAILURE, SUCCESS 176 | 177 | # BUILD FACTORIES 178 | 179 | noTestsFactory = util.BuildFactory() 180 | noTestsFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 181 | noTestsFactory.addStep(steps.Compile(command = ['make', 'release-static'])) 182 | 183 | noCoretestsFactory = util.BuildFactory() 184 | noCoretestsFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 185 | noCoretestsFactory.addStep(steps.Compile(command = ['make', 'release-static'])) 186 | noCoretestsFactory.addStep(steps.Test(command = ['make', 'release-test'], timeout=None, env={'ARGS': " -E 'core_tests|libwallet_api_tests' "}, logfiles={'LastTest': 'build/release/Testing/Temporary/LastTest.log','CTestCostData.txt': 'build/release/Testing/Temporary/CTestCostData.txt'})) 187 | noCoretestsFactory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 188 | noCoretestsFactory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 189 | noCoretestsFactory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"))) 190 | 191 | ispHijackedFactory = util.BuildFactory() 192 | ispHijackedFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 193 | ispHijackedFactory.addStep(steps.Compile(command = ['make', 'release-static'])) 194 | ispHijackedFactory.addStep(steps.Test(command = ['make', 'release-test'], timeout=None, env={'ARGS': " -E 'core_tests|libwallet_api_tests' ", 'GTEST_FILTER': '-DNSResolver.*:AddressFromURL.*'}, logfiles={'LastTest': 'build/release/Testing/Temporary/LastTest.log','CTestCostData.txt': 'build/release/Testing/Temporary/CTestCostData.txt'})) 195 | ispHijackedFactory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 196 | ispHijackedFactory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 197 | ispHijackedFactory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"))) 198 | 199 | osxTestsFactory = util.BuildFactory() 200 | osxTestsFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='incremental', submodules=True)) 201 | osxTestsFactory.addStep(steps.Test(command = ['make', 'release-test'], timeout=None, logfiles={'LastTest.log': 'build/debug/Testing/Temporary/LastTest.log','CTestCostData.txt': 'build/debug/Testing/Temporary/CTestCostData.txt','coretests.log': 'build/debug/tests/core_tests/coretests.log'})) 202 | 203 | armv8Factory = util.BuildFactory() 204 | armv8Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 205 | armv8Factory.addStep(steps.Compile(command = ['make', 'release-static-armv8'])) 206 | armv8Factory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 207 | armv8Factory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 208 | armv8Factory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"))) 209 | 210 | armv7Factory = util.BuildFactory() 211 | armv7Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='incremental', submodules=True)) 212 | armv7Factory.addStep(steps.Compile(command = ['ccache', 'make', 'release-static-armv7'], timeout=None)) 213 | armv7Factory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 214 | armv7Factory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 215 | armv7Factory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"))) 216 | 217 | static32Factory = util.BuildFactory() 218 | static32Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 219 | static32Factory.addStep(steps.Compile(command = ['make', 'release-static-32'])) 220 | static32Factory.addStep(steps.Test(command = ['make', 'release-test'], timeout=None, env={'ARGS': " -E 'core_tests|libwallet_api_tests' "}, logfiles={"LastTest": "build/release/Testing/Temporary/LastTest.log","CTestCostData.txt": "build/release/Testing/Temporary/CTestCostData.txt"})) 221 | static32Factory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 222 | static32Factory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 223 | static32Factory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"))) 224 | 225 | win32ReleaseFactory = util.BuildFactory() 226 | win32ReleaseFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 227 | win32ReleaseFactory.addStep(steps.Compile(command = ["make", "release-static-win32"])) 228 | win32ReleaseFactory.addStep(steps.Test(command = ["make", "release-test"], env={'ARGS': " -E 'core_tests|libwallet_api_tests' "}, logfiles={"LastTest": "build/release/Testing/Temporary/LastTest.log","CTestCostData.txt": "build/release/Testing/Temporary/CTestCostData.txt"})) 229 | 230 | win64ReleaseFactory = util.BuildFactory() 231 | win64ReleaseFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 232 | win64ReleaseFactory.addStep(steps.Compile(command = ["make", "release-static-win64"])) 233 | win64ReleaseFactory.addStep(steps.Test(command = ["make", "release-test"], env={'ARGS': " -E 'core_tests|libwallet_api_tests' "}, logfiles={"LastTest": "build/release/Testing/Temporary/LastTest.log","CTestCostData.txt": "build/release/Testing/Temporary/CTestCostData.txt"})) 234 | win64ReleaseFactory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 235 | win64ReleaseFactory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 236 | win64ReleaseFactory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"))) 237 | 238 | dragonflyFactory = util.BuildFactory() 239 | dragonflyFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', submodules=True)) 240 | dragonflyFactory.addStep(steps.Compile(command = ['gmake', 'release-static'], env={'LDVER': 'ld.bfd'})) 241 | dragonflyFactory.addStep(steps.Test(command = ['gmake', 'release-test'], timeout=None, env={'LDVER': 'ld.bfd', 'ARGS': " -E 'core_tests|libwallet_api_tests' "}, logfiles={'LastTest': 'build/release/Testing/Temporary/LastTest.log','CTestCostData.txt': 'build/release/Testing/Temporary/CTestCostData.txt'})) 242 | dragonflyFactory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 243 | dragonflyFactory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 244 | dragonflyFactory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-%(gitversion)s-%(platform)s.tar.gz"))) 245 | 246 | coreFactory = util.BuildFactory() 247 | coreFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero-gui.git', mode='full', submodules=True)) 248 | coreFactory.addStep(steps.Compile(command = ["bash", "-ex", "build.sh"], timeout=None)) 249 | 250 | coreOsxFactory = util.BuildFactory() 251 | coreOsxFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero-gui.git', mode='full', submodules=True)) 252 | coreOsxFactory.addStep(steps.Compile(command = ["bash", "-ex", "./build.sh"], env={'PATH': '/opt/qt/Qt5.7.0/5.7/clang_64/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin'})) 253 | coreOsxFactory.addStep(steps.ShellCommand(command=['make', 'deploy'], name='deploy', description='deploying', workdir='build/build', env={'PATH': '/opt/qt/Qt5.7.0/5.7/clang_64/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin'})) 254 | coreOsxFactory.addStep(steps.ShellCommand(name='copy boost', command=['cp', '/usr/local/opt/boost/lib/libboost_system-mt.dylib', 'build/release/bin/monero-wallet-gui.app/Contents/Frameworks/'])) 255 | coreOsxFactory.addStep(steps.ShellCommand(name='copy Qt', command=['cp', '-rv', '/opt/qt/Qt5.7.0/5.7/clang_64/qml/Qt', 'build/release/bin/monero-wallet-gui.app/Contents/MacOS/'])) 256 | coreOsxFactory.addStep(steps.ShellCommand(name='copy QtQuick', command=['cp', '-Rv', '/opt/qt/Qt5.7.0/5.7/clang_64/qml/QtQuick', 'build/release/bin/monero-wallet-gui.app/Contents/MacOS/'])) 257 | coreOsxFactory.addStep(steps.ShellCommand(name='copy QtGraphicalEffects', command=['cp', '-rv', '/opt/qt/Qt5.7.0/5.7/clang_64/qml/QtGraphicalEffects', 'build/release/bin/monero-wallet-gui.app/Contents/MacOS/'])) 258 | coreOsxFactory.addStep(steps.ShellCommand(name='copy deps', command=['cp', '-rv', '/opt/qt/Qt5.7.0/5.7/clang_64/lib/QtXmlPatterns.framework', 'build/release/bin/monero-wallet-gui.app/Contents/Frameworks'])) 259 | coreOsxFactory.addStep(steps.ShellCommand(name='link', command=['install_name_tool', '-change', '/usr/local/Cellar/openssl/1.0.2j/lib/libcrypto.1.0.0.dylib', '@executable_path/../Frameworks/libcrypto.1.0.0.dylib', 'build/release/bin/monero-wallet-gui.app/Contents/Frameworks/libssl.1.0.0.dylib'])) 260 | coreOsxFactory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 261 | coreOsxFactory.addStep(steps.ShellCommand(name = "zip", command = ["zip", "-r", "-X", WithProperties("monero-wallet-gui-%(gitversion)s-%(platform)s.zip"), "build/release/bin/monero-wallet-gui.app"] )) 262 | coreOsxFactory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-wallet-gui-%(gitversion)s-%(platform)s.zip"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-wallet-gui-%(gitversion)s-%(platform)s.zip"), url=WithProperties("https://build.getmonero.org/downloads/monero-wallet-gui-%(gitversion)s-%(platform)s.zip"))) 263 | 264 | coreFreebsdFactory = util.BuildFactory() 265 | coreFreebsdFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero-gui.git', mode='incremental', submodules=True)) 266 | coreFreebsdFactory.addStep(steps.Compile(command = ["bash", "-ex", "build.sh"],env={'SHELL': '/usr/local/bin/bash', 'PATH': '/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/home/vagrant/bin:/usr/local/lib/qt5/bin'})) 267 | 268 | coreMingw32Factory = util.BuildFactory() 269 | coreMingw32Factory.addStep(steps.RemoveDirectory(dir='monero')) 270 | coreMingw32Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero-gui.git', mode='full', method='clobber', submodules=True)) 271 | coreMingw32Factory.addStep(steps.Compile(command = ['/msys32/usr/bin/bash.exe', '-ex', './build.sh'],env={'MSYSTEM': 'MINGW32', 'PATH': '/c/Windows/system32;/c/Windows;/c/Windows/System32/WindowsPowerShell/v1.0;/c/Qt/Qt5.7.0/Tools/mingw530_32/bin;/c/Qt/Qt5.7.0/Tools/mingw530_32/boost/lib;/c/Qt/Qt5.7.0/5.7/mingw53_32/bin;/c/python27/lib/site-packages/pywin32_system32;/c/msys32/mingw32/bin;/c/msys32/usr/bin'})) 272 | coreMingw32Factory.addStep(steps.Compile(name='deploy', description='deploying', descriptionDone='deploy', command = ['make', 'deploy'], workdir='build/build', env={'MSYSTEM': 'MINGW32', 'PATH': '/c/Python27;/c/Python27/Scripts;/c/Windows/system32;/c/Windows;/c/Qt/Qt5.7.0/Tools/mingw530_32/bin;/c/Qt/Qt5.7.0/Tools/mingw530_32/boost/lib;/c/Qt/Qt5.7.0/5.7/mingw53_32/bin;/c/python27/lib/site-packages/pywin32_system32;/c/msys32/mingw32/bin;/msys32/usr/bin'})) 273 | coreMingw32Factory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 274 | coreMingw32Factory.addStep(steps.ShellCommand(name = "zip", command = ["zip", "-r", WithProperties("monero-core-%(gitversion)s-%(platform)s.zip"), "build/release/bin"] )) 275 | coreMingw32Factory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-core-%(gitversion)s-%(platform)s.zip"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-core-%(gitversion)s-%(platform)s.zip"), url=WithProperties("https://build.getmonero.org/downloads/monero-core-%(gitversion)s-%(platform)s.zip"))) 276 | 277 | coreMingw64Factory = util.BuildFactory() 278 | coreMingw64Factory.addStep(steps.RemoveDirectory(dir='build/build')) 279 | coreMingw64Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero-gui.git', mode='full', submodules=True)) 280 | coreMingw64Factory.addStep(steps.Compile(command = ["/msys64/usr/bin/bash.exe","-ex","./build.sh"],env={'MSYSTEM': 'MINGW64', 'PATH': '/c/Qt/qt-everywhere-opensource-src-5.7.0/qtbase/bin;/c/msys64/usr/bin;/c/Windows/system32;/c/Windows;/c/msys64/mingw64/bin'})) 281 | coreMingw64Factory.addStep(steps.Compile(name='deploy', description='deploying', descriptionDone='deploy', command = ['make', 'deploy'], workdir='build/build', env={'MSYSTEM_PREFIX': '/mingw64', 'MSYSTEM': 'MINGW64', 'PATH': ["c:\Qt\qt-everywhere-opensource-src-5.7.0\qtbase\\bin", "${PATH}"]})) 282 | coreMingw64Factory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 283 | coreMingw64Factory.addStep(steps.ShellCommand(name = "zip", command = ["zip", "-r", WithProperties("monero-core-%(gitversion)s-%(platform)s.zip"), "build/release/bin"] )) 284 | coreMingw64Factory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-core-%(gitversion)s-%(platform)s.zip"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-core-%(gitversion)s-%(platform)s.zip"), url=WithProperties("https://build.getmonero.org/downloads/monero-core-%(gitversion)s-%(platform)s.zip"))) 285 | 286 | kovriAllFactory = util.BuildFactory() 287 | kovriAllFactory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 288 | kovriAllFactory.addStep(steps.Compile(command=["make", "all-options"])) 289 | kovriAllFactory.addStep(steps.Compile(name="compile tests", command=["make", "tests"])) 290 | kovriAllFactory.addStep(steps.Test(command=["./build/kovri-tests"])) 291 | 292 | kovriArmFactory = util.BuildFactory() 293 | kovriArmFactory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 294 | kovriArmFactory.addStep(steps.Compile(command=["make", "all-options"], env={'CC': 'clang35', 'CXX': 'clang++35'})) 295 | kovriArmFactory.addStep(steps.Compile(name="compile tests", command=["make", "tests"], env={'CC': 'clang35', 'CXX': 'clang++35'})) 296 | kovriArmFactory.addStep(steps.Test(command=["./build/kovri-tests"])) 297 | 298 | kovriUbuntu64Factory = util.BuildFactory() 299 | kovriUbuntu64Factory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 300 | kovriUbuntu64Factory.addStep(steps.Compile(command=["make", "coverage"])) 301 | kovriUbuntu64Factory.addStep(steps.Compile(name="compile tests", command=["make", "coverage-tests"])) 302 | kovriUbuntu64Factory.addStep(steps.Test(command=["./build/kovri-tests"])) 303 | addCoverallsUploadSteps(kovriUbuntu64Factory,repo_token=secrets['coveralls_token']) 304 | 305 | kovriFreebsdFactory = util.BuildFactory() 306 | kovriFreebsdFactory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 307 | kovriFreebsdFactory.addStep(steps.Compile(command=["gmake", "all-options"], env={'CC': 'clang36', 'CXX': 'clang++36'})) 308 | kovriFreebsdFactory.addStep(steps.Compile(name="compile tests", command=["gmake", "tests"], env={'CC': 'clang36', 'CXX': 'clang++36'})) 309 | kovriFreebsdFactory.addStep(steps.Test(command=["./build/kovri-tests"])) 310 | 311 | kovriMingw32Factory = util.BuildFactory() 312 | kovriMingw32Factory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 313 | kovriMingw32Factory.addStep(steps.Compile(command=["/msys32/usr/bin/bash.exe","-c", "make", "all-options"],env={'MSYSTEM': "MINGW32"})) 314 | kovriMingw32Factory.addStep(steps.Compile(name="compile tests", command=["make", "tests"])) 315 | kovriMingw32Factory.addStep(steps.Test(command=["kovri-tests.exe"], workdir="build/build")) 316 | 317 | kovriMingw64Factory = util.BuildFactory() 318 | kovriMingw64Factory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 319 | kovriMingw64Factory.addStep(steps.Compile(command=["make", "all-options"],env={'MSYSTEM': "MINGW64"})) 320 | kovriMingw64Factory.addStep(steps.Compile(name="compile tests", command=["make", "tests"])) 321 | kovriMingw64Factory.addStep(steps.Test(command=["kovri-tests.exe"], workdir="build/build")) 322 | 323 | kovriDragonflyFactory = util.BuildFactory() 324 | kovriDragonflyFactory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 325 | kovriDragonflyFactory.addStep(steps.Compile(command=["gmake", "all-options"])) 326 | kovriDragonflyFactory.addStep(steps.Compile(name="compile tests", command=["gmake", "tests"])) 327 | kovriDragonflyFactory.addStep(steps.Test(command=["./build/kovri-tests"])) 328 | kovriDragonflyFactory.addStep(steps.Test(name="benchmark", command=["./build/kovri-benchmarks"])) 329 | 330 | kovriStaticFactory = util.BuildFactory() 331 | kovriStaticFactory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 332 | kovriStaticFactory.addStep(steps.Compile(command=["make", "release-static"])) 333 | kovriStaticFactory.addStep(steps.Compile(name='make documentation', command=["make", "doxygen"])) 334 | kovriStaticFactory.addStep(steps.ShellCommand(name='package', description='packaging', descriptionDone='package', command = ['bash', '-x', './pkg/installers/kovri-install.sh', '-p', '-c', '-f', util.Interpolate('kovri-latest-%(prop:platform)s.tar.bz2')])) 335 | kovriStaticFactory.addStep(steps.FileUpload(slavesrc=WithProperties("kovri-latest-%(platform)s.tar.bz2"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.tar.bz2"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.tar.bz2"))) 336 | kovriStaticFactory.addStep(steps.FileUpload(name="upload hashes", slavesrc=WithProperties("kovri-latest-%(platform)s.tar.bz2.sha256sum.txt"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.tar.bz2.sha256sum.txt"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.tar.bz2.sha256sum.txt"))) 337 | 338 | kovriStaticBsdFactory = util.BuildFactory() 339 | kovriStaticBsdFactory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 340 | kovriStaticBsdFactory.addStep(steps.Compile(command=["gmake", "release-static"])) 341 | kovriStaticBsdFactory.addStep(steps.ShellCommand(name='package', description='packaging', descriptionDone='packaged', command = ['bash', '-x', './pkg/installers/kovri-install.sh', '-p', '-c', '-f', util.Interpolate('kovri-latest-%(prop:platform)s.tar.bz2')])) 342 | kovriStaticBsdFactory.addStep(steps.FileUpload(slavesrc=WithProperties("kovri-latest-%(platform)s.tar.bz2"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.tar.bz2"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.tar.bz2"))) 343 | kovriStaticBsdFactory.addStep(steps.FileUpload(name="upload hashes", slavesrc=WithProperties("kovri-latest-%(platform)s.tar.bz2.sha256sum.txt"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.tar.bz2.sha256sum.txt"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.tar.bz2.sha256sum.txt"))) 344 | kovriStaticBsdFactory.addStep(steps.RemoveDirectory(dir='build/build', hideStepIf=True)) 345 | 346 | kovriStaticWin32Factory = util.BuildFactory() 347 | kovriStaticWin32Factory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 348 | kovriStaticWin32Factory.addStep(steps.Compile(command=["make", "release-static"],env={'MSYSTEM': "MINGW32"})) 349 | kovriStaticWin32Factory.addStep(steps.ShellCommand(name='package', description='packaging', descriptionDone='packaged', env={'PATH': ["C:\msys32\usr\\bin\\core_perl", "${PATH}"]}, command = ['bash', '-x', './pkg/installers/kovri-install.sh', '-p', '-c', '-f', util.Interpolate('kovri-latest-%(prop:platform)s.exe')])) 350 | kovriStaticWin32Factory.addStep(steps.FileUpload(slavesrc=WithProperties("kovri-latest-%(platform)s.exe"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.exe"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.exe"))) 351 | kovriStaticWin32Factory.addStep(steps.FileUpload(name="upload hashes", slavesrc=WithProperties("kovri-latest-%(platform)s.exe.sha256sum.txt"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.exe.sha256sum.txt"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.exe.sha256sum.txt"))) 352 | 353 | kovriStaticWin64Factory = util.BuildFactory() 354 | kovriStaticWin64Factory.addStep(steps.Git(repourl='https://github.com/monero-project/kovri.git', mode='full', submodules=True)) 355 | kovriStaticWin64Factory.addStep(steps.Compile(command=["make", "release-static"],env={'MSYSTEM': "MINGW64"})) 356 | kovriStaticWin64Factory.addStep(steps.ShellCommand(name='package', description='packaging', descriptionDone='packaged', env={'PATH': ["C:\msys64\usr\\bin\\core_perl", "${PATH}"]}, command = ['bash', '-x', './pkg/installers/kovri-install.sh', '-p', '-c', '-f', util.Interpolate('kovri-latest-%(prop:platform)s.exe')])) 357 | kovriStaticWin64Factory.addStep(steps.FileUpload(slavesrc=WithProperties("kovri-latest-%(platform)s.exe"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.exe"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.exe"))) 358 | kovriStaticWin64Factory.addStep(steps.FileUpload(name="upload hashes", slavesrc=WithProperties("kovri-latest-%(platform)s.exe.sha256sum.txt"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/kovri-latest-%(platform)s.exe.sha256sum.txt"), url=WithProperties("https://build.getmonero.org/downloads/kovri-latest-%(platform)s.exe.sha256sum.txt"))) 359 | 360 | 361 | coreUbuntu64Factory = util.BuildFactory() 362 | coreUbuntu64Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero-gui.git', mode='full', submodules=True)) 363 | coreUbuntu64Factory.addStep(steps.Compile(command = ["bash", "-ex", "./build.sh"], env={'PATH': '/opt/Qt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'})) 364 | coreUbuntu64Factory.addStep(steps.Compile(name='deploy', description='deploying', descriptionDone='deploy', command = ['make', 'deploy'],workdir='build/build')) 365 | coreUbuntu64Factory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 366 | coreUbuntu64Factory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-core-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 367 | coreUbuntu64Factory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-core-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-core-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-core-%(gitversion)s-%(platform)s.tar.gz"))) 368 | 369 | coreDebianFactory = util.BuildFactory() 370 | coreDebianFactory.addStep(steps.RemoveDirectory(dir='build/build')) 371 | coreDebianFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero-gui.git', mode='full', submodules=True)) 372 | coreDebianFactory.addStep(steps.Compile(command = ["bash", "-ex", "./build.sh"])) 373 | coreDebianFactory.addStep(steps.Compile(name='deploy', description='deploying', descriptionDone='deploy', command = ['make', 'deploy'],workdir='build/build')) 374 | coreDebianFactory.addStep(steps.SetPropertyFromCommand(name = "set version", command = ["git", "rev-parse", "--short", "HEAD"], property = 'gitversion')) 375 | coreDebianFactory.addStep(steps.ShellCommand(name = "zip", command = ["tar", "-zcvf", WithProperties("monero-core-%(gitversion)s-%(platform)s.tar.gz"), "build/release/bin"] )) 376 | coreDebianFactory.addStep(steps.FileUpload(slavesrc=WithProperties("monero-core-%(gitversion)s-%(platform)s.tar.gz"), masterdest=WithProperties("/home/buildbot/master/public_html/downloads/monero-core-%(gitversion)s-%(platform)s.tar.gz"), url=WithProperties("https://build.getmonero.org/downloads/monero-core-%(gitversion)s-%(platform)s.tar.gz"))) 377 | 378 | testsFactory = util.BuildFactory() 379 | testsFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='incremental', submodules=True)) 380 | testsFactory.addStep(steps.Compile(command = ["make", "debug"])) 381 | testsFactory.addStep(steps.Test(command = ["make", "debug-test"], timeout=None, logfiles={"LastTest.log": "build/debug/Testing/Temporary/LastTest.log","CTestCostData.txt": "build/debug/Testing/Temporary/CTestCostData.txt","coretests.log": "build/debug/tests/core_tests/coretests.log"})) 382 | 383 | testsFreebsdFactory = util.BuildFactory() 384 | testsFreebsdFactory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', method="clobber", submodules=True)) 385 | testsFreebsdFactory.addStep(steps.Compile(command = ["make", "release-static"])) 386 | testsFreebsdFactory.addStep(steps.Test(command = ["make", "release-test"], timeout=None, logfiles={"LastTest.log": "build/release/Testing/Temporary/LastTest.log","CTestCostData.txt": "build/release/Testing/Temporary/CTestCostData.txt","coretests.log": "build/release/tests/core_tests/coretests.log"})) 387 | 388 | testsWin32Factory = util.BuildFactory() 389 | testsWin32Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', method="clobber", submodules=True)) 390 | testsWin32Factory.addStep(steps.Compile(command = ["make", "release-static-win32"])) 391 | testsWin32Factory.addStep(steps.Test(command = ["make", "release-test"], timeout=None, logfiles={"LastTest.log": "build/release/Testing/Temporary/LastTest.log","CTestCostData.txt": "build/release/Testing/Temporary/CTestCostData.txt"})) 392 | 393 | testsWin64Factory = util.BuildFactory() 394 | testsWin64Factory.addStep(steps.Git(repourl='https://github.com/monero-project/monero.git', mode='full', method="clobber", submodules=True)) 395 | testsWin64Factory.addStep(steps.Compile(command = ["make", "release-static-win64"])) 396 | testsWin64Factory.addStep(steps.Test(command = ["make", "release-test"], timeout=None, logfiles={"LastTest.log": "build/release/Testing/Temporary/LastTest.log","CTestCostData.txt": "build/release/Testing/Temporary/CTestCostData.txt"})) 397 | 398 | # BUILDERS 399 | c['builders'] = [] 400 | 401 | c['builders'].append( 402 | util.BuilderConfig(name="monero-tests-windows-10-i686", 403 | slavenames=["win32"], 404 | factory=testsWin32Factory)) 405 | 406 | c['builders'].append( 407 | util.BuilderConfig(name="monero-tests-osx-10.12", 408 | slavenames=["osx-10.12"], 409 | factory=osxTestsFactory)) 410 | 411 | c['builders'].append( 412 | util.BuilderConfig(name="monero-tests-osx-10.10", 413 | slavenames=["osx-10.10"], 414 | factory=testsFactory)) 415 | 416 | c['builders'].append( 417 | util.BuilderConfig(name="monero-tests-osx-10.11", 418 | slavenames=["osx-10.11"], 419 | factory=testsFactory)) 420 | 421 | c['builders'].append( 422 | util.BuilderConfig(name="monero-static-debian-armv8", 423 | slavenames=["arm8"], 424 | factory=armv8Factory, 425 | mergeRequests=True, 426 | properties={ 427 | "github_repo_owner": "monero-project", 428 | "github_repo_name": "monero", 429 | })) 430 | 431 | c['builders'].append( 432 | util.BuilderConfig(name="monero-static-ubuntu-amd64", 433 | slavenames=["linux-amd64"], 434 | factory=noCoretestsFactory, 435 | properties={ 436 | "github_repo_owner": "monero-project", 437 | "github_repo_name": "monero", 438 | })) 439 | 440 | c['builders'].append( 441 | util.BuilderConfig(name="monero-static-ubuntu-i686", 442 | slavenames=["linux-i386"], 443 | factory=static32Factory, 444 | properties={ 445 | "github_repo_owner": "monero-project", 446 | "github_repo_name": "monero", 447 | })) 448 | 449 | c['builders'].append( 450 | util.BuilderConfig(name="monero-static-ubuntu-arm7", 451 | slavenames=["arm7"], 452 | factory=armv7Factory, 453 | mergeRequests=True, 454 | properties={ 455 | "github_repo_owner": "monero-project", 456 | "github_repo_name": "monero", 457 | })) 458 | 459 | c['builders'].append( 460 | util.BuilderConfig(name="monero-static-freebsd64", 461 | slavenames=["freebsd64"], 462 | factory=noCoretestsFactory, 463 | properties={ 464 | "github_repo_owner": "monero-project", 465 | "github_repo_name": "monero", 466 | })) 467 | 468 | c['builders'].append( 469 | util.BuilderConfig(name="monero-static-dragonflybsd-amd64", 470 | slavenames=["dragonfly-4.6"], 471 | factory=dragonflyFactory, 472 | properties={ 473 | "github_repo_owner": "monero-project", 474 | "github_repo_name": "monero", 475 | })) 476 | 477 | c['builders'].append( 478 | util.BuilderConfig(name="monero-static-osx-10.12", 479 | slavenames=["osx-10.12"], 480 | factory=ispHijackedFactory, 481 | properties={ 482 | "github_repo_owner": "monero-project", 483 | "github_repo_name": "monero", 484 | })) 485 | 486 | c['builders'].append( 487 | util.BuilderConfig(name="monero-static-osx-10.10", 488 | slavenames=["osx-10.10"], 489 | factory=noCoretestsFactory, 490 | properties={ 491 | "github_repo_owner": "monero-project", 492 | "github_repo_name": "monero", 493 | })) 494 | 495 | c['builders'].append( 496 | util.BuilderConfig(name="monero-static-osx-10.11", 497 | slavenames=["osx-10.11"], 498 | factory=ispHijackedFactory, 499 | properties={ 500 | "github_repo_owner": "monero-project", 501 | "github_repo_name": "monero", 502 | })) 503 | 504 | c['builders'].append( 505 | util.BuilderConfig(name="monero-static-win32", 506 | slavenames=["win32"], 507 | factory=win32ReleaseFactory, 508 | properties={ 509 | "github_repo_owner": "monero-project", 510 | "github_repo_name": "monero", 511 | })) 512 | 513 | c['builders'].append( 514 | util.BuilderConfig(name="monero-static-win64", 515 | slavenames=["win64"], 516 | factory=win64ReleaseFactory, 517 | properties={ 518 | "github_repo_owner": "monero-project", 519 | "github_repo_name": "monero", 520 | })) 521 | 522 | c['builders'].append( 523 | util.BuilderConfig(name="monero-core-win32", 524 | slavenames=["win32"], 525 | factory=coreMingw32Factory, 526 | properties={ 527 | "github_repo_owner": "monero-project", 528 | "github_repo_name": "monero-core", 529 | })) 530 | 531 | c['builders'].append( 532 | util.BuilderConfig(name="monero-core-win64", 533 | slavenames=["win64"], 534 | factory=coreMingw64Factory, 535 | properties={ 536 | "github_repo_owner": "monero-project", 537 | "github_repo_name": "monero-core", 538 | })) 539 | 540 | c['builders'].append( 541 | util.BuilderConfig(name="monero-core-freebsd", 542 | slavenames=["freebsd64"], 543 | factory=coreFreebsdFactory)) 544 | 545 | c['builders'].append( 546 | util.BuilderConfig(name="monero-core-ubuntu-arm7", 547 | slavenames=["arm7"], 548 | factory=coreFactory, 549 | properties={ 550 | "github_repo_owner": "monero-project", 551 | "github_repo_name": "monero-core", 552 | })) 553 | 554 | c['builders'].append( 555 | util.BuilderConfig(name="monero-core-debian-armv8", 556 | slavenames=["arm8"], 557 | factory=coreFactory)) 558 | 559 | c['builders'].append( 560 | util.BuilderConfig(name="monero-core-ubuntu-amd64", 561 | slavenames=["linux-amd64"], 562 | factory=coreUbuntu64Factory, 563 | properties={ 564 | "github_repo_owner": "monero-project", 565 | "github_repo_name": "monero-core", 566 | })) 567 | 568 | c['builders'].append( 569 | util.BuilderConfig(name="monero-core-ubuntu-i686", 570 | slavenames=["linux-i386"], 571 | factory=coreDebianFactory, 572 | properties={ 573 | "github_repo_owner": "monero-project", 574 | "github_repo_name": "monero-core", 575 | })) 576 | 577 | c['builders'].append( 578 | util.BuilderConfig(name="monero-core-osx-10.12", 579 | slavenames=["osx-10.12"], 580 | factory=coreOsxFactory, 581 | properties={ 582 | "github_repo_owner": "monero-project", 583 | "github_repo_name": "monero-core", 584 | })) 585 | 586 | c['builders'].append( 587 | util.BuilderConfig(name="monero-core-osx-10.11", 588 | slavenames=["osx-10.11"], 589 | factory=coreOsxFactory, 590 | properties={ 591 | "github_repo_owner": "monero-project", 592 | "github_repo_name": "monero-core", 593 | })) 594 | 595 | c['builders'].append( 596 | util.BuilderConfig(name="kovri-all-ubuntu-i686", 597 | slavenames=["linux-i386"], 598 | factory=kovriAllFactory, 599 | properties={ 600 | "github_repo_owner": "monero-project", 601 | "github_repo_name": "kovri", 602 | })) 603 | 604 | c['builders'].append( 605 | util.BuilderConfig(name="kovri-all-osx-10.12", 606 | slavenames=["osx-10.12"], 607 | factory=kovriAllFactory, 608 | properties={ 609 | "github_repo_owner": "monero-project", 610 | "github_repo_name": "kovri", 611 | })) 612 | 613 | c['builders'].append( 614 | util.BuilderConfig(name="kovri-all-osx-10.10", 615 | slavenames=["osx-10.10"], 616 | factory=kovriAllFactory, 617 | properties={ 618 | "github_repo_owner": "monero-project", 619 | "github_repo_name": "kovri", 620 | })) 621 | 622 | c['builders'].append( 623 | util.BuilderConfig(name="kovri-all-osx-10.11", 624 | slavenames=["osx-10.11"], 625 | factory=kovriAllFactory, 626 | properties={ 627 | "github_repo_owner": "monero-project", 628 | "github_repo_name": "kovri", 629 | })) 630 | 631 | c['builders'].append( 632 | util.BuilderConfig(name="kovri-all-ubuntu-amd64", 633 | slavenames=["linux-amd64"], 634 | factory=kovriUbuntu64Factory, 635 | properties={ 636 | "github_repo_owner": "monero-project", 637 | "github_repo_name": "kovri", 638 | })) 639 | 640 | c['builders'].append( 641 | util.BuilderConfig(name="kovri-all-ubuntu-arm7", 642 | slavenames=["arm7"], 643 | factory=kovriAllFactory, 644 | properties={ 645 | "github_repo_owner": "monero-project", 646 | "github_repo_name": "kovri", 647 | })) 648 | 649 | c['builders'].append( 650 | util.BuilderConfig(name="kovri-all-debian-arm8", 651 | slavenames=["arm8"], 652 | factory=kovriAllFactory, 653 | properties={ 654 | "github_repo_owner": "monero-project", 655 | "github_repo_name": "kovri", 656 | })) 657 | 658 | c['builders'].append( 659 | util.BuilderConfig(name="kovri-all-freebsd64", 660 | slavenames=["freebsd64"], 661 | factory=kovriFreebsdFactory, 662 | properties={ 663 | "github_repo_owner": "monero-project", 664 | "github_repo_name": "kovri", 665 | })) 666 | 667 | c['builders'].append( 668 | util.BuilderConfig(name="kovri-all-dragonflybsd-amd64", 669 | slavenames=["dragonfly-4.6"], 670 | factory=kovriDragonflyFactory, 671 | properties={ 672 | "github_repo_owner": "monero-project", 673 | "github_repo_name": "kovri", 674 | })) 675 | 676 | c['builders'].append( 677 | util.BuilderConfig(name="kovri-all-win32", 678 | slavenames=["win32"], 679 | factory=kovriMingw32Factory, 680 | properties={ 681 | "github_repo_owner": "monero-project", 682 | "github_repo_name": "kovri", 683 | })) 684 | 685 | c['builders'].append( 686 | util.BuilderConfig(name="kovri-all-win64", 687 | slavenames=["win64"], 688 | factory=kovriMingw64Factory, 689 | properties={ 690 | "github_repo_owner": "monero-project", 691 | "github_repo_name": "kovri", 692 | })) 693 | 694 | c['builders'].append( 695 | util.BuilderConfig(name="kovri-static-dragonflybsd-amd64", 696 | slavenames=["dragonfly-4.6"], 697 | factory=kovriStaticDragonflyFactory)) 698 | 699 | c['builders'].append( 700 | util.BuilderConfig(name="monero-tests-ubuntu-16.04-i686", 701 | slavenames=["linux-i386"], 702 | factory=testsFactory)) 703 | 704 | c['builders'].append( 705 | util.BuilderConfig(name="monero-tests-ubuntu-16.04-amd64", 706 | slavenames=["linux-amd64"], 707 | factory=testsFactory)) 708 | 709 | c['builders'].append( 710 | util.BuilderConfig(name="monero-tests-windows-10-amd64", 711 | slavenames=["win64"], 712 | factory=testsWin64Factory)) 713 | 714 | c['builders'].append( 715 | util.BuilderConfig(name="monero-tests-freebsd-10.3-amd64", 716 | slavenames=["freebsd64"], 717 | factory=testsFactory)) 718 | 719 | c['builders'].append( 720 | util.BuilderConfig(name="monero-tests-ubuntu-16.04-armv7", 721 | slavenames=["arm7"], 722 | factory=testsFactory)) 723 | 724 | c['builders'].append( 725 | util.BuilderConfig(name="monero-tests-debian-armv8", 726 | slavenames=["arm8"], 727 | factory=testsFactory)) 728 | 729 | c['builders'].append( 730 | util.BuilderConfig(name="kovri-static-ubuntu-i686", 731 | slavenames=["linux-i386"], 732 | factory=kovriStaticFactory)) 733 | 734 | c['builders'].append( 735 | util.BuilderConfig(name="kovri-static-osx", 736 | slavenames=["osx-10.10"], 737 | factory=kovriStaticFactory)) 738 | 739 | c['builders'].append( 740 | util.BuilderConfig(name="kovri-static-ubuntu-amd64", 741 | slavenames=["linux-amd64"], 742 | factory=kovriStaticFactory)) 743 | 744 | c['builders'].append( 745 | util.BuilderConfig(name="kovri-static-ubuntu-arm7", 746 | slavenames=["arm7"], 747 | factory=kovriStaticFactory)) 748 | 749 | c['builders'].append( 750 | util.BuilderConfig(name="kovri-static-debian-arm8", 751 | slavenames=["arm8"], 752 | factory=kovriStaticFactory)) 753 | 754 | c['builders'].append( 755 | util.BuilderConfig(name="kovri-static-dragonflybsd-amd64", 756 | slavenames=["dragonfly-4.6"], 757 | factory=kovriStaticBsdFactory)) 758 | 759 | c['builders'].append( 760 | util.BuilderConfig(name="kovri-static-freebsd64", 761 | slavenames=["freebsd64"], env={'CC': 'clang36', 'CXX': 'clang++36'}, 762 | factory=kovriStaticBsdFactory)) 763 | 764 | c['builders'].append( 765 | util.BuilderConfig(name="kovri-static-openbsd-amd64", 766 | slavenames=["openbsd"], env={'CC': 'egcc', 'CXX': 'eg++'}, 767 | factory=kovriStaticBsdFactory)) 768 | 769 | c['builders'].append( 770 | util.BuilderConfig(name="kovri-static-win32", 771 | slavenames=["win32"], 772 | factory=kovriStaticWin32Factory)) 773 | 774 | c['builders'].append( 775 | util.BuilderConfig(name="kovri-static-win64", 776 | slavenames=["win64"], 777 | factory=kovriStaticWin64Factory)) 778 | 779 | # STATUS TARGETS 780 | 781 | # 'status' is a list of Status Targets. The results of each build will be 782 | # pushed to these targets. buildbot/status/*.py has a variety to choose from, 783 | # including web pages, email senders, and IRC bots. 784 | 785 | c['status'] = [] 786 | 787 | from buildbot.status import html 788 | from buildbot.status.web import authz, auth 789 | secrets = json.load(open('secrets.json')) 790 | 791 | authz_cfg=authz.Authz( 792 | gracefulShutdown = 'auth', 793 | forceBuild = 'auth', 794 | forceAllBuilds = 'auth', 795 | pingBuilder = 'auth', 796 | stopBuild = 'auth', 797 | stopAllBuilds = 'auth', 798 | cancelPendingBuild = 'auth', 799 | pauseSlave = 'auth', 800 | cancelAllPendingBuilds = 'auth', 801 | ) 802 | c['status'].append(html.WebStatus(http_port=8010,authz=authz_cfg, 803 | change_hook_dialects={ 804 | 'github':{ 805 | 'secret': secrets['gh_change_hook'], 806 | 'strict': True 807 | } 808 | 809 | })) 810 | 811 | from buildbot.plugins import status 812 | 813 | irc = status.IRC('irc.freenode.org', 'xmr_buildbot', 814 | useColors=True, 815 | channels=[{"channel": "#monero-bots"} 816 | ], 817 | allowForce=True, 818 | notify_events={ 819 | 'started': 0, 820 | 'finished': 0, 821 | 'failure': 1, 822 | 'success': 1, 823 | 'exception': 1, 824 | 'successToFailure': 1, 825 | 'failureToSuccess': 1 826 | }) 827 | 828 | c['status'].append(irc) 829 | 830 | # Github status reporter 831 | from buildbot.plugins import status, util 832 | 833 | repoOwner = util.Interpolate("%(prop:github_repo_owner)s") 834 | repoName = util.Interpolate("%(prop:github_repo_name)s") 835 | sha = util.Interpolate("%(src::revision)s") 836 | context = util.Interpolate("buildbot/%(prop:buildername)s") 837 | gs = status.GitHubStatus(token=secrets['github_token'], 838 | repoOwner=repoOwner, 839 | repoName=repoName, 840 | sha=sha, 841 | context=context, 842 | startDescription='Build started.', 843 | endDescription='Build done.') 844 | c['status'].append(gs) 845 | 846 | # PROJECT IDENTITY 847 | 848 | # the 'title' string will appear at the top of this buildbot 849 | # installation's html.WebStatus home page (linked to the 850 | # 'titleURL') and is embedded in the title of the waterfall HTML page. 851 | 852 | c['title'] = 'Monero Project' 853 | c['titleURL'] = 'https://getmonero.org/' 854 | 855 | c['buildbotURL'] = 'https://build.getmonero.org/' 856 | 857 | # DB URL 858 | 859 | c['db'] = { 860 | 'db_url':'sqlite:///state.sqlite', 861 | } 862 | --------------------------------------------------------------------------------