diff -uNr a/gbw-signer/README b/gbw-signer/README --- a/gbw-signer/README 1141e9723b67e7ef8a409c889f9ccf2d308bfce9f9674fd68aa51ed5feb34904d5a31994a9682c9b55670d0c807d0d1ba92c57e62ccf417541f82a04ee022cb1 +++ b/gbw-signer/README a852363120bda90705cbe8f77cb52ef4d2480f19c1af1d2a6306256ba28feaa0616aca12c61c92c909b42547878ed8c6a9de54fa3efd80318a85e5a8b28b73bd @@ -3,7 +3,7 @@ This is gbw-signer, the offline signing component of Gales Bitcoin Wallet as described at http://fixpoint.welshcomputing.com/2019/gales-bitcoin-wallet-spec-and-battle-plan/ , written by Jacob Welsh for JWRD Computing. -It is written in Scheme with original implementations of the cryptographic primitives, and shell functions to simplify full wallet encryption using GPG. +It is written in Scheme, with original implementations of the cryptographic primitives, and provides shell functions to streamline full wallet encryption using GPG. Prerequisites ------------- @@ -13,16 +13,18 @@ Installation ------------ -This software sheds some historical Unix conventions in favor of Bernstein's /package scheme ( http://cr.yp.to/slashpackage.html ), which I find meshes fairly well with the ideas of V. If this is your first time using it, you may need to create the /package directory and add /command to your shell's PATH variable. +This software ignores some historical Unix conventions in favor of a simplified variant of Bernstein's /package scheme ( http://cr.yp.to/slashpackage.html ). Installation paths and command names are not configurable, which amounts to a global namespace claim, such that people and programs can count on finding components at known paths if they are to be found at all. User commands are symlinked into /usr/bin and will replace prior files in case of conflict; see "package/commands" for the list. -1. Press or otherwise install the tree at the path: +You will need root privileges to install. - /package/gbw-signer-1 +1. Create the top-level /package directory if necessary and place the tree at its fully version-qualified path: -The installation path is not configurable. This amounts to a claim on the global namespace, as command names always do. People and programs can count on finding components at known paths if they are to be found at all, as surely as with /bin/sh. This doesn't mean the files must physically exist under /package; for example, a symlink from there could ease working on the code as a non-root user. + mkdir -p /package + cp -r /YOUR/PATH/TO/gbw-signer /package/gbw-signer-2 -2. From the above directory, run (as root): +2. Run the install script from the above directory: + cd /package/gbw-signer-2 sh package/install ECC cache generation will take a noticeable time, depending on hardware, though hopefully not so much as to suggest preparing a beverage. @@ -33,6 +35,8 @@ Ensure there are no failures indicated. It should take about the same time. +To revert to this version after installing a different one, simply repeat step 2. + Operation --------- @@ -97,7 +101,7 @@ A strong entropy source is required in /dev/urandom. -Compromised inputs can drain your funds even without disclosure of private keys. The most obvious case would be sending to a valid but incorrect address. More subtle is that, because Bitcoin transactions do not explicitly specify fee and input values, an incorrect value field in "outputs" can result in excess input consumption and incorrect change computation, causing loss through exhorbitant transaction fee. +Compromised inputs can drain your funds even without disclosure of private keys. The most obvious case would be sending to a valid but unintended address. More subtle is that, because Bitcoin transactions do not explicitly specify fee and input values, an incorrect prior output value in the "outputs" table can drain funds in the form of an exhorbitant transaction fee. The cryptographic operations do not use constant-time algorithms, thus side channel attacks (timing, electromagnetic, sonic, power, thermal) are possible. Fixing this is in scope for future revisions; meanwhile, use appropriate precautions. diff -uNr a/gbw-signer/command/gbw-signer b/gbw-signer/command/gbw-signer --- a/gbw-signer/command/gbw-signer fe89e71c698ecc796962c1d0e98ee4b73002542510711f3f3a6143a882947cadfc58eae83f54a7e658aea2ce3beb9d336a6cd3c1f67a5bde3e4cb8753db10aec +++ b/gbw-signer/command/gbw-signer d87653cc6c0e54b028fd98b7039388d6a96a0bf59ac17dc06cf3d270fa57af7a73a2a574570f4915273350892dac81e00b3177b6ada9a8ef26e182a9a678246e @@ -1,2 +1,2 @@ #!/bin/sh -exec /command/gscm /package/gbw-signer-1/library/gbw-signer.scm "$@" +exec /usr/bin/gscm /package/gbw-signer-2/library/gbw-signer.scm "$@" diff -uNr a/gbw-signer/library/gbw-signer.scm b/gbw-signer/library/gbw-signer.scm --- a/gbw-signer/library/gbw-signer.scm fc9095bd85abbc5accaddce67e6c38a7b1618c190fe12b969591752940b4433fc85eee9c877a7f8df3f7f96c1d83db7ef6af33b7072f34e23ba92d10b3935349 +++ b/gbw-signer/library/gbw-signer.scm 4b5987fbe68471ad921cae3ddbd5905bae73c7a31fe1592ecd30e0d63828386281e83bbcb026c00664b9c3c1a5cfc92edddcf56fae0adca7e9924c399aa6cddf @@ -3,7 +3,7 @@ ;;; Knobs -(define *install-path* "/package/gbw-signer-1") +(define *install-path* "/package/gbw-signer-2") (define *rng-port* (delay (open-input-file "/dev/urandom"))) diff -uNr a/gbw-signer/manifest b/gbw-signer/manifest --- a/gbw-signer/manifest feff42d76c57ee2da71cdddf2323ce718f5ba272121cf31d45eabd009bacb8646e21005c9f6f2280c2446c5f9c8eba333ee4f67bf8fc310a17966504e38e436d +++ b/gbw-signer/manifest f831eb0f6a06a7497c504b8d961096daa03c68cdfc74ebb044e3636774639a91d5c27d56693b5401602798aa849066288d852501c6f2746c853ac94b1634aeb4 @@ -1 +1,2 @@ 711740 gbw-signer_subdir_genesis jfw Offline signer component of gbw, the Gales Bitcoin Wallet. Reissued to follow various conventions: top-level project subdir, lowercase manifest filename, README at project level. (File renaming only; pending content changes are to follow.) +711740 gbw-signer_usrbin jfw Change command symlink from /command/gbw-signer to /usr/bin/gbw-signer and likewise for the referenced gscm binary. Formalize the installed command list at package/commands. Update README and bump version to reflect the packaging changes. diff -uNr a/gbw-signer/package/check b/gbw-signer/package/check --- a/gbw-signer/package/check 2ea57e15e61200d162cf62b4bb9087abe2557bbbf541d777035fda3e8d7d5776975e618ec8a2664c84a5f42865a3c6cc0b907598bd26281fe721dd6b261d3561 +++ b/gbw-signer/package/check 1eb5af89535307dd9a15c0ea5364082c0b527c4ab1d29d11fb18b1ce196ab5074ffb1ac75f4a5b54ee80ae8e946e87eee54dcbf1d7b4e868c348aef89e769392 @@ -1,2 +1,2 @@ #!/bin/sh -/command/gbw-signer test +/usr/bin/gbw-signer test diff -uNr a/gbw-signer/package/commands b/gbw-signer/package/commands --- a/gbw-signer/package/commands false +++ b/gbw-signer/package/commands eaf54b03ea206957d02c31880aeeccb431852f60b9c10f6a05285001d6d3c4dfadc3d3a25cbb69404225bd77e9a96bcd8570c304bd963a92759b532fd2f7f8c1 @@ -0,0 +1 @@ +gbw-signer diff -uNr a/gbw-signer/package/install b/gbw-signer/package/install --- a/gbw-signer/package/install 6b78513286241c8837d66a6f1e10990e73fac0b154254b50bb2c930af89b7c697fa04b1f78b90cf2ad2dc2341ab5ed1dc84ae17fe969cb5d1b6c4d952c63f599 +++ b/gbw-signer/package/install 9cc58827e8d27d59c7ddddfc262a1237158b76ea90fbdbd1c36be90f3f38c293a884168f3fb71917072e2fc99a7a70df4329bc43601480acd9c01cce759cf5e6 @@ -1,28 +1,28 @@ #!/bin/sh set -e -V=1 -cd /package/gbw-signer-$V +P=gbw-signer +V=2 +cd /package/$P-$V # Versioned path duplicated in: -# package/README +# README # command/gbw-signer # library/gbw-signer.scm echo 'Generating public elliptic curve precomputation cache...' sh command/gbw-signer make-cache -echo "Creating symlink gbw-signer -> gbw-signer-$V..." -rm -f gbw-signer -ln -s gbw-signer-$V gbw-signer -mv -f gbw-signer /package +echo "Creating symlink $P -> $P-$V..." +rm -f $P +ln -s $P-$V $P +mv -f $P /package/ -echo 'Making executable links in /command...' -mkdir -p /command -cd command -for i in * ; do - chmod 755 $i - rm -f /command/$i'{new}' - ln -s ../package/gbw-signer/command/$i /command/$i'{new}' - mv -f /command/$i'{new}' /command/$i +echo 'Making command links in /usr/bin...' +mkdir -p /usr/bin +for i in `cat package/commands` ; do + chmod 755 command/$i + rm -f /usr/bin/$i'{new}' + ln -s /package/$P/command/$i /usr/bin/$i'{new}' + mv -f /usr/bin/$i'{new}' /usr/bin/$i done