Merge fort-nix/nix-bitcoin#368: joinmarket: 0.8.2 -> 0.8.3

881a3aa004 joinmarket: use preStart, postStart (Erik Arvstedt) e2c6eb6681 joinmarket: create bitcoind wallet (nixbitcoin) 6258d64cb6 joinmarket: run with group 'bitcoin' (nixbitcoin) ed480a35af joinmarket: 0.8.2 -> 0.8.3 (nixbitcoin) Pull request description: ACKs for top commit: erikarvstedt: ACK 881a3aa004 Tree-SHA512: 7ed7571d1aac5bbe9cb8c4092f3e6cd66f6ac299d7ed0631124ff10ad05adc3d026700ded130d3ff86048d3cd397915ec55ba4730949b478a02d5d0e10f85e04
2021-08-10 12:19:20 +00:00 · 2021-08-10 12:19:20 +00:00 · fb456f8847
parent aea0afabc8 881a3aa004
commit fb456f8847
6 changed files with 57 additions and 40 deletions
--- a/examples/configuration.nix
+++ b/examples/configuration.nix
@ -245,6 +245,6 @@
  # The nix-bitcoin release version that your config is compatible with.
  # When upgrading to a backwards-incompatible release, nix-bitcoin will display an
  # an error and provide hints for migrating your config to the new release.
-  nix-bitcoin.configVersion = "0.0.41";
+  nix-bitcoin.configVersion = "0.0.49";

 }
--- a/modules/joinmarket-ob-watcher.nix
+++ b/modules/joinmarket-ob-watcher.nix
@ -11,7 +11,7 @@ let
    blockchain_source = no-blockchain

    [MESSAGING:server1]
-    host = darksci3bfoka7tw.onion
+    host = darkirc6tqgpnwd3blln3yfv5ckl47eg7llfxkmtovrv7c7iwohhb6ad.onion
    channel = joinmarket-pit
    port = 6697
    usessl = true
--- a/modules/joinmarket.nix
+++ b/modules/joinmarket.nix
@ -27,10 +27,10 @@ let
    rpc_port = ${toString bitcoind.rpc.port}
    rpc_user = ${bitcoind.rpc.users.privileged.name}
    @@RPC_PASSWORD@@
-    ${optionalString (cfg.rpcWalletFile != null) "rpc_wallet_file=${cfg.rpcWalletFile}"}
+    ${optionalString (cfg.rpcWalletFile != null) "rpc_wallet_file = ${cfg.rpcWalletFile}"}

    [MESSAGING:server1]
-    host = darksci3bfoka7tw.onion
+    host = darkirc6tqgpnwd3blln3yfv5ckl47eg7llfxkmtovrv7c7iwohhb6ad.onion
    channel = joinmarket-pit
    port = 6697
    usessl = true
@ -129,7 +129,7 @@ in {
    };
    rpcWalletFile = mkOption {
      type = types.nullOr types.str;
-      default = null;
+      default = "jm_wallet";
      description = ''
        Name of the watch-only bitcoind wallet the JoinMarket addresses are imported to.
      '';
@ -231,32 +231,35 @@ in {
      wantedBy = [ "multi-user.target" ];
      requires = [ "bitcoind.service" ];
      after = [ "bitcoind.service" ];
-      serviceConfig = nbLib.defaultHardening // {
-        ExecStartPre = nbLib.privileged "joinmarket-create-config" ''
-          install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
+      preStart = ''
+        install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
          sed -i \
-             "s|@@RPC_PASSWORD@@|rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)|" \
-             '${cfg.dataDir}/joinmarket.cfg'
+            "s|@@RPC_PASSWORD@@|rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)|" \
+            '${cfg.dataDir}/joinmarket.cfg'
        '';
-        # Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
-        ExecStartPost = mkIf (bitcoind.network == "mainnet")
-          (nbLib.script "joinmarket-create-wallet" ''
-            walletname=wallet.jmdat
-            wallet=${cfg.dataDir}/wallets/$walletname
-            if [[ ! -f $wallet ]]; then
-              echo "Create wallet"
-              pw=$(cat "${secretsDir}"/jm-wallet-password)
-              cd ${cfg.dataDir}
-              if ! ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
-                     | grep 'recovery_seed' \
-                     | cut -d ':' -f2 \
-                     | (umask u=r,go=; cat > jm-wallet-seed); then
-                echo "wallet creation failed"
-                rm -f "$wallet" jm-wallet-seed
-                exit 1
-              fi
-            fi
-          '');
+      # Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
+      postStart = mkIf (bitcoind.network == "mainnet") ''
+        walletname=wallet.jmdat
+        wallet=${cfg.dataDir}/wallets/$walletname
+        if [[ ! -f $wallet ]]; then
+          ${optionalString (cfg.rpcWalletFile != null) ''
+            echo "Create watch-only wallet ${cfg.rpcWalletFile}"
+            ${bitcoind.cli}/bin/bitcoin-cli -named createwallet \
+              wallet_name="${cfg.rpcWalletFile}" disable_private_keys=true
+          ''}
+          pw=$(cat "${secretsDir}"/jm-wallet-password)
+          cd ${cfg.dataDir}
+          if ! ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
+                 | grep 'recovery_seed' \
+                 | cut -d ':' -f2 \
+                 | (umask u=r,go=; cat > jm-wallet-seed); then
+            echo "wallet creation failed"
+            rm -f "$wallet" jm-wallet-seed
+            exit 1
+          fi
+        fi
+      '';
+      serviceConfig = nbLib.defaultHardening // {
        ExecStart = "${nbPkgs.joinmarket}/bin/joinmarketd";
        WorkingDirectory = cfg.dataDir; # The service creates 'commitmentlist' in the working dir
        User = cfg.user;
@ -270,7 +273,7 @@ in {
      group = cfg.group;
      home = cfg.dataDir;
      # Allow access to the tor control socket, needed for payjoin onion service creation
-      extraGroups = [ "tor" ];
+      extraGroups = [ "tor" "bitcoin" ];
    };
    users.groups.${cfg.group} = {};
    nix-bitcoin.operator = {
--- a/modules/versioning.nix
+++ b/modules/versioning.nix
@ -91,6 +91,22 @@ let
          rm -f "${secretsDir}"/{lnd-seed-mnemonic,jm-wallet-seed}
      '';
    }
+    {
+      version = "0.0.49";
+      condition = config.services.joinmarket.enable;
+      message = ''
+        Starting with 0.21.0, bitcoind no longer automatically creates and loads a
+        default wallet named `wallet.dat` [1].
+        The joinmarket service now automatically creates a watch-only bitcoind wallet
+        (named by option `services.joinmarket.rpcWalletFile`) when creating a joinmarket wallet.
+
+        If you've used JoinMarket before, add the following to your configuration to
+        continue using the default `wallet.dat` wallet:
+        services.joinmarket.rpcWalletFile = null;
+
+        [1] https://github.com/bitcoin/bitcoin/pull/15454
+      '';
+    }
  ];

  incompatibleChanges = optionals
--- a/pkgs/joinmarket/default.nix
+++ b/pkgs/joinmarket/default.nix
@ -1,10 +1,10 @@
 { stdenv, lib, fetchurl, python3, nbPython3Packages, pkgs }:

 let
-  version = "0.8.2";
+  version = "0.8.3";
  src = fetchurl {
    url = "https://github.com/JoinMarket-Org/joinmarket-clientserver/archive/v${version}.tar.gz";
-    sha256 = "0bi1d49kn57b0775cd8gzsc13dbiivvnhrc61d1xb4z1cr3ih8q2";
+    sha256 = "0kcgp8lsgnbaxfv13lrg6x7vcbdi5yj526lq9vmvbbidyw4km3r2";
  };

  runtimePackages = with nbPython3Packages; [
--- a/pkgs/python-packages/coincurve/default.nix
+++ b/pkgs/python-packages/coincurve/default.nix
@ -1,20 +1,18 @@
-{ lib, buildPythonPackage, fetchPypi, asn1crypto, cffi, pkg-config, libtool, libffi, requests, gmp }:
+{ lib, stdenv, buildPythonPackage, fetchPypi, asn1crypto, cffi, pkg-config,
+autoconf, automake, libtool, libffi, requests }:

 buildPythonPackage rec {
  pname = "coincurve";
-  version = "13.0.0";
+  version = "15.0.0";

  src = fetchPypi {
    inherit pname version;
-    sha256 = "1x8dpbq6bwswfyi1g4r421hnswp904l435rf7n6fj7y8q1yn51cr";
+    sha256 = "0ras7qb4ib9sik703fcb9f3jrgq7nx5wvdgx9k1pshmrxl8lnlh6";
  };

-  nativeBuildInputs = [ pkg-config libtool libffi gmp ];
-
-  propagatedBuildInputs = [ asn1crypto cffi requests ];
-
-  # enable when https://github.com/ofek/coincurve/issues/47 is resolved
  doCheck = false;
+  nativeBuildInputs = [ autoconf automake libtool pkg-config ];
+  propagatedBuildInputs = [ asn1crypto cffi libffi requests ];

  meta = with lib; {
    description = "Cross-platform Python CFFI bindings for libsecp256k1";