diff --git a/README.md b/README.md index 9a00405f..189c88cf 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Recommended OS version: Ubuntu 18.04 LTS. [*GUI version*] - sudo apt-get install -y build-essential g++ python-dev autotools-dev libicu-dev libbz2-dev cmake git screen mesa-common-dev libglu1-mesa-dev` + sudo apt-get install -y build-essential g++ python-dev autotools-dev libicu-dev libbz2-dev cmake git screen mesa-common-dev libglu1-mesa-dev 2. Download and build Boost @@ -85,6 +85,8 @@ For instance, by adding the following lines to `~/.bashrc` make -j1 daemon simplewallet **NOTICE**: If you are building on a machine with a relatively high amount of RAM or with the proper setting of virtual memory, then you can use `-j2` or `-j` option to speed up the building process. Use with caution. + + **NOTICE 2**: If you'd like to build binaries for the testnet, use `cmake -D TESTNET=TRUE ..` instead of `cmake ..` . 1. Building GUI: diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 3f36b1d5..807d2a16 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -199,6 +199,7 @@ if(BUILD_GUI) if(APPLE) target_link_libraries(Zano ${COCOA_LIBRARY}) + set_property(TARGET Zano PROPERTY XCODE_ATTRIBUTE_ENABLE_HARDENED_RUNTIME YES) endif() if(MSVC) target_link_libraries(Zano shlwapi.lib) diff --git a/src/common/pre_download.h b/src/common/pre_download.h index 6ea723b0..e119d505 100644 --- a/src/common/pre_download.h +++ b/src/common/pre_download.h @@ -21,8 +21,8 @@ namespace tools }; #ifndef TESTNET - static constexpr pre_download_entry c_pre_download_mdbx = { "http://95.217.43.225/pre-download/zano_mdbx_95_1000000.pak", "6b0bbba85bc420eaae5ec68373e528f70bffaa17fb111c796e951d06ad71e4fe", 1104150892, 2147450880 }; - static constexpr pre_download_entry c_pre_download_lmdb = { "http://95.217.43.225/pre-download/zano_lmdb_95_1000000.pak", "b4d45c727dbf1b92671f9fd1a9624e79019e890bd3d33cb71e011ab4bcb0d21e", 1450748151, 2114449408 }; + static constexpr pre_download_entry c_pre_download_mdbx = { "http://95.217.42.247/pre-download/zano_mdbx_95_1161000.pak", "26660ffcdaf80a43a586e64a1a6da042dcb9ff3b58e14ce1ec9a775b995dc146", 1330022593, 2684313600 }; + static constexpr pre_download_entry c_pre_download_lmdb = { "http://95.217.42.247/pre-download/zano_lmdb_95_1161000.pak", "9dd03f08dea396fe32e6483a8221b292be35fa41c29748f119f11c3275956cdc", 1787475468, 2600247296 }; #else static constexpr pre_download_entry c_pre_download_mdbx = { "", "", 0, 0 }; static constexpr pre_download_entry c_pre_download_lmdb = { "", "", 0, 0 }; diff --git a/src/crypto/crypto-sugar.h b/src/crypto/crypto-sugar.h index 1c1b1b9a..600fe914 100644 --- a/src/crypto/crypto-sugar.h +++ b/src/crypto/crypto-sugar.h @@ -433,6 +433,17 @@ namespace crypto }; // struct scalar_t + // + // Global constants + // + + extern const scalar_t c_scalar_1; + extern const scalar_t c_scalar_L; + extern const scalar_t c_scalar_Lm1; + extern const scalar_t c_scalar_P; + extern const scalar_t c_scalar_Pm1; + extern const scalar_t c_scalar_256m1; + extern const scalar_t c_scalar_1div8; // // @@ -486,6 +497,7 @@ namespace crypto zero(); } + // as we're using additive notation, zero means identity group element here and after void zero() { ge_p3_0(&m_p3); @@ -497,6 +509,11 @@ namespace crypto return fe_isnonzero(m_p3.X) * fe_cmp(m_p3.Y, m_p3.Z) == 0; } + bool is_in_main_subgroup() const + { + return (c_scalar_L * *this).is_zero(); + } + bool from_public_key(const crypto::public_key& pk) { return ge_frombytes_vartime(&m_p3, reinterpret_cast(&pk)) == 0; @@ -862,14 +879,6 @@ namespace crypto // extern const point_g_t c_point_G; - - extern const scalar_t c_scalar_1; - extern const scalar_t c_scalar_L; - extern const scalar_t c_scalar_Lm1; - extern const scalar_t c_scalar_P; - extern const scalar_t c_scalar_Pm1; - extern const scalar_t c_scalar_256m1; - extern const scalar_t c_scalar_1div8; extern const point_t c_point_H; extern const point_t c_point_0; diff --git a/src/currency_core/checkpoints_create.h b/src/currency_core/checkpoints_create.h index ea87d78c..059d190e 100644 --- a/src/currency_core/checkpoints_create.h +++ b/src/currency_core/checkpoints_create.h @@ -17,13 +17,14 @@ namespace currency inline bool create_checkpoints(currency::checkpoints& checkpoints) { #ifdef TESTNET - //ADD_CHECKPOINT(50000, "492ef71f5d722a8a182d65eb0ff731b740e023a2d64881f43db9af7b39ba7988"); + #else // MAINNET - ADD_CHECKPOINT(425000, "46a6c36d5dec2d484d5e4845a8525ca322aafc06915ed9c8da2a241b51b7d1e8"); - ADD_CHECKPOINT(525000, "8c1ac57e67448130207a224b2d6e33ccdc64d6dd1c59dbcf9ad2361dc0d07d51"); - ADD_CHECKPOINT(600000, "d9fe316086e1aaea07d94082973ec764eff5fc5a05ed6e1eca273cee59daeeb4"); - ADD_CHECKPOINT(900000, "2205b73cd79d4937b087b02a8b001171b73c34464bc4a952834eaf7c2bd63e86"); + ADD_CHECKPOINT(425000, "46a6c36d5dec2d484d5e4845a8525ca322aafc06915ed9c8da2a241b51b7d1e8"); + ADD_CHECKPOINT(525000, "8c1ac57e67448130207a224b2d6e33ccdc64d6dd1c59dbcf9ad2361dc0d07d51"); + ADD_CHECKPOINT(600000, "d9fe316086e1aaea07d94082973ec764eff5fc5a05ed6e1eca273cee59daeeb4"); + ADD_CHECKPOINT(900000, "2205b73cd79d4937b087b02a8b001171b73c34464bc4a952834eaf7c2bd63e86"); + ADD_CHECKPOINT(1161000, "96990d851b484e30190678756ba2a4d3a2f92b987e2470728ac1e38b2bf35908"); #endif return true; diff --git a/src/version.h.in b/src/version.h.in index ba7e8f4c..65a5944d 100644 --- a/src/version.h.in +++ b/src/version.h.in @@ -8,6 +8,6 @@ #define PROJECT_REVISION "0" #define PROJECT_VERSION PROJECT_MAJOR_VERSION "." PROJECT_MINOR_VERSION "." PROJECT_REVISION -#define PROJECT_VERSION_BUILD_NO 121 +#define PROJECT_VERSION_BUILD_NO 123 #define PROJECT_VERSION_BUILD_NO_STR STRINGIFY_EXPAND(PROJECT_VERSION_BUILD_NO) #define PROJECT_VERSION_LONG PROJECT_VERSION "." PROJECT_VERSION_BUILD_NO_STR "[" BUILD_COMMIT_ID "]" diff --git a/tests/functional_tests/crypto_tests.cpp b/tests/functional_tests/crypto_tests.cpp index f5ea3a8e..86d00401 100644 --- a/tests/functional_tests/crypto_tests.cpp +++ b/tests/functional_tests/crypto_tests.cpp @@ -1097,6 +1097,52 @@ TEST(crypto, point_basics) return true; } +TEST(crypto, neg_identity) +{ + point_t z = c_point_0; // 0 group element (identity) + public_key z_pk = z.to_public_key(); // pub key, corresponding to 0 ge (pub key is not zero bitwise) + public_key z_neg_pk = z_pk; + ((unsigned char*)&z_neg_pk)[31] = 0x80; // set sign bit manually + std::cout << "-Identity = " << z_pk << ENDL; + point_t z_neg; + ASSERT_FALSE(z_neg.from_public_key(z_neg_pk)); // negative identity should not be loaded + + key_image z_ki; + memset(&z_ki, 0, sizeof(z_ki)); + ((unsigned char*)&z_ki)[00] = 0x01; // y = 1 + + ASSERT_TRUE(validate_key_image(z_ki)); + + key_image z_neg_ki = z_ki; + ((unsigned char*)&z_neg_ki)[31] = 0x80; // set sign bit manually + + ASSERT_FALSE(validate_key_image(z_neg_ki)); // negative identity should not be loaded + + + // also do zero-byte pub key / key image checks + + public_key zzz_pk; + memset(&zzz_pk, 0, sizeof public_key); + + ASSERT_TRUE(check_key(zzz_pk)); + + point_t zzz; + ASSERT_TRUE(zzz.from_public_key(zzz_pk)); + ASSERT_FALSE(zzz.is_in_main_subgroup()); + + key_image zzz_ki; + memset(&zzz_ki, 0, sizeof key_image); + + ASSERT_FALSE(validate_key_image(zzz_ki)); + + point_t zzz2; + ASSERT_TRUE(zzz2.from_key_image(zzz_ki)); + ASSERT_FALSE(zzz2.is_in_main_subgroup()); + ASSERT_EQ(zzz, zzz2); + + return true; +} + TEST(crypto, scalar_reciprocal) { int64_t test_nums[] = { 1, 2, 10 }; diff --git a/utils/build_script_mac_osx.sh b/utils/build_script_mac_osx.sh index b9b989db..bb70d5fc 100755 --- a/utils/build_script_mac_osx.sh +++ b/utils/build_script_mac_osx.sh @@ -1,4 +1,5 @@ -set -x #echo on +set -x # echo on +set +e # switch off exit on error curr_path=${BASH_SOURCE%/*} # check that all the required environment vars are set @@ -21,6 +22,11 @@ if [ "$testnet" == true ]; then ARCHIVE_NAME_PREFIX=${ARCHIVE_NAME_PREFIX}testnet- fi +######### DEBUG ########## +#cd "$ZANO_BUILD_DIR/release/src" +#rm *.dmg +#if false; then +##### end of DEBUG ###### rm -rf $ZANO_BUILD_DIR; mkdir -p "$ZANO_BUILD_DIR/release"; cd "$ZANO_BUILD_DIR/release" @@ -101,12 +107,13 @@ if [ $? -ne 0 ]; then exit 1 fi -codesign -s "Zano" --deep -vv -f Zano.app +codesign -s "Developer ID Application: Zano Limited" --timestamp --options runtime -f --entitlements ../../../utils/macos_entitlements.plist --deep ./Zano.app if [ $? -ne 0 ]; then - echo "Failed to sign application" + echo "Failed to sign Zano.app" exit 1 fi + read version_str <<< $(DYLD_LIBRARY_PATH=$ZANO_BOOST_LIBS_PATH ./connectivity_tool --version | awk '/^Zano/ { print $2 }') version_str=${version_str} echo $version_str @@ -125,6 +132,8 @@ if [ $? -ne 0 ]; then exit 1 fi +#fi + package_filename=${ARCHIVE_NAME_PREFIX}${version_str}.dmg source ../../../utils/macosx_dmg_builder.sh @@ -134,12 +143,11 @@ if [ $? -ne 0 ]; then exit 1 fi -cd ../../.. echo "Build success" echo "############### Uploading... ################" -package_filepath=$ZANO_BUILD_DIR/release/src/$package_filename +package_filepath=$package_filename scp $package_filepath zano_build_server:/var/www/html/builds/ if [ $? -ne 0 ]; then @@ -157,3 +165,58 @@ sha256: $checksum" echo "$mail_msg" echo "$mail_msg" | mail -s "Zano macOS-x64 ${build_prefix_label}${testnet_label}build $version_str" ${emails} + + +###################### +# notarization +###################### + +cd package_folder + +echo "Notarizing..." + +# creating archive for notarizing +echo "Creating archive for notarizing" +rm -f Zano.zip +/usr/bin/ditto -c -k --keepParent ./Zano.app ./Zano.zip + +tmpfile="tmptmptmp" +xcrun altool --notarize-app --primary-bundle-id "org.zano.desktop" -u "andrey@zano.org" -p "@keychain:Developer-altool" --file ./Zano.zip > $tmpfile 2>&1 +NOTARIZE_RES=$? +NOTARIZE_OUTPUT=$( cat $tmpfile ) +rm $tmpfile +echo "NOTARIZE_OUTPUT=$NOTARIZE_OUTPUT" +if [ $NOTARIZE_RES -ne 0 ]; then + echo "Notarization failed" + exit 1 +fi + +GUID=$(echo "$NOTARIZE_OUTPUT" | egrep -Ewo '[[:xdigit:]]{8}(-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}') +if [ ${#GUID} -ne 36 ]; then + echo "Couldn't get correct GUID from the response, got only \"$GUID\"" + exit 1 +fi + + +success=0 + +# check notarization status +for i in {1..10}; do + xcrun altool --notarization-info $GUID -u "andrey@zano.org" -p "@keychain:Developer-altool" > $tmpfile 2>&1 + NOTARIZE_OUTPUT=$( cat $tmpfile ) + rm $tmpfile + NOTARIZATION_LOG_URL=$(echo "$NOTARIZE_OUTPUT" | sed -n "s/.*LogFileURL\: \([[:graph:]]*\).*/\1/p") + if [ ${#NOTARIZATION_LOG_URL} -ge 30 ]; then + success=1 + curl -L $NOTARIZATION_LOG_URL + break + fi + sleep 60 +done + +if [ $success -ne 1 ]; then + echo "Build notarization failed" + exit 1 +fi + +echo "Notarization done" diff --git a/utils/build_script_windows.bat b/utils/build_script_windows.bat index d1adaf8e..a224b843 100644 --- a/utils/build_script_windows.bat +++ b/utils/build_script_windows.bat @@ -170,11 +170,11 @@ set installer_path=%BUILDS_PATH%\builds\%installer_file% @echo " SIGNING ...." -:: %ZANO_SIGN_CMD% %installer_path% -:: IF %ERRORLEVEL% NEQ 0 ( -:: @echo "failed to sign installer" -:: goto error -:: ) +%ZANO_SIGN_CMD% %installer_path% +IF %ERRORLEVEL% NEQ 0 ( + @echo "failed to sign installer" + goto error +) @echo " UPLOADING TO SERVER ...." diff --git a/utils/macos_entitlements.plist b/utils/macos_entitlements.plist new file mode 100644 index 00000000..68015469 --- /dev/null +++ b/utils/macos_entitlements.plist @@ -0,0 +1,8 @@ + + + + + com.apple.security.cs.disable-executable-page-protection + + + diff --git a/utils/macosx_dmg_builder.sh b/utils/macosx_dmg_builder.sh index 7defc9cc..4fb211f8 100644 --- a/utils/macosx_dmg_builder.sh +++ b/utils/macosx_dmg_builder.sh @@ -19,6 +19,7 @@ function build_fancy_dmg() # $1 - path to package folder, $2 - dmg output filena --icon Zano.app 112 115 \ --hide-extension Zano.app \ --app-drop-link 365 115 \ + --no-internet-enable \ $2 \ $1