Merge remote-tracking branch 'origin/master' into docs

This commit is contained in:
reaction.la 2024-04-09 10:58:24 +10:00
commit da4a550684
No known key found for this signature in database
GPG Key ID: 99914792148C8388
17 changed files with 495 additions and 363 deletions

View File

@ -6,8 +6,8 @@
whitespace = fix whitespace = fix
ignoreWhitespace = no ignoreWhitespace = no
[alias] [alias]
lg = log --max-count=6 --pretty=format:'%C(auto)%h %d %Creset %p %C("#60A0FF")%cr %Cgreen %cn %G? %GT trust%Creset%n %<(78,trunc)%s%n' lg = log --pretty=format:'%C(auto)%h %d %Creset %p %C("#60A0FF")%cr %Cgreen %G? %GS %Creset%n %<(78,trunc)%s%n'
graph = log --graph --pretty=format:'%C(auto)%h %<(78,trunc)%s %Cgreen(%cr) %C(bold blue)%cn %G?%Creset' --abbrev-commit graph = log --graph --pretty=format:'%C(auto)%h %<(78,trunc)%s %Cgreen(%cr) %C(bold blue)%G? %GS%Creset' --abbrev-commit
alias = !git config --get-regexp ^alias\\. | sed -e s/^alias\\.// -e s/\\ /\\ =\\ / | grep -v ^'alias ' | sort alias = !git config --get-regexp ^alias\\. | sed -e s/^alias\\.// -e s/\\ /\\ =\\ / | grep -v ^'alias ' | sort
utcmt = !git commit --date=\"$(date --utc +%Y-%m-%dT%H:%M:%Sz)\" utcmt = !git commit --date=\"$(date --utc +%Y-%m-%dT%H:%M:%Sz)\"
[commit] [commit]
@ -22,3 +22,7 @@
active = * active = *
[diff] [diff]
submodule = log submodule = log
[gpg "ssh"]
allowedSignersFile = .gitsigners
[gpg]
format = ssh

2
.gitsigners Normal file
View File

@ -0,0 +1,2 @@
reaction.la ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFEB4TdL4+tuLd/RwVmbqoo7hxg6AZ+PFWoOJz4ZThy
cheng ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKE35k1rf+sanxLTbjNVqTJyq3aRQbcYT2dlt5y2yL8t

154
docs/gpg_subkeys.md Normal file
View File

@ -0,0 +1,154 @@
---
title:
Gpg subkeys
sidebar: true
...
# To set up a system with gpg subkeys but without the master key
This is horribly painful, and we need to create a better system and eat our
own dogfood.
We ignore the Gpg Web of Trust model and instead use the Zooko identity model.
We use Gpg signatures to verify that remote repository code is coming from an unchanging entity, not for Gpg Web of Trust. Web of Trust is too complicated and too user hostile to be workable or safe.
Never --sign any Gpg key. --lsign it.
Never use any public gpg key repository.
Never use any email address on a gpg key unless it is only used for messages relating to a single group and a single purpose, or a fake email.
Gpg fundamentally lacks the concept of one entity acting for and on behalf
of another. A subkey should be identified by the name of the master key
followed by a subname intelligible to humans, and a sequence of grant of
authority values intelligible to computers, represented by either a variable
precision integer representing a bit string, each bit corresponding to a an
authority value, which bitstring may contain a flag saying that further
authorities are represented by a null terminated Dewey decimal sequence rather
than by one bits in a sparse bitstring.
But for the moment:
```bash
gpg --expert --full-gen-key
```
Select 9 ECC and ECC, then select curve25519, then 0, key does not expire.
(This is going to be the rarely used master key, whose secret will be kept in
a safe place and seldom used)
Much open source cryptography has been backdoored. I have no reason to
suppose that gpg is backdoored, other than that there is a great deal of
backdooring going around, but I have positive reason to suppose that
curve25519 has *not* been backdoored in gpg, and even if I did not, the
fewer cryptographic algorithms we use, the smaller the attack surface.
Gitlab strongly recommends using only ED25519 ssh keys to interact with
git repositories, and I strongly recommend using only ED25519 ssh keys
to interact with repositories and only 25519 gpg keys to authenticate
commits and identify committers. I mention Gitlab not because I regard
them as a highly authoritative source, but to show I am not the only one
around who is paranoid about broken and corrupted cryptographic code.
Everyone should use the same algorithm to reduce the attack surface.
Name `«master key»>` (use a fake email address) Gpg was designed to
make email secure, but email is not secure. We will be using this as the
root of identities in Git, rather than to authenticate email. Use this root of
identity only for project related matters, only for the authentication of code
and design documents. Don't use this identity for other purposes, as this
will increase the risk that pressure or unpleasant consequences will be
applied to you through those other activities. Don't link this identity to
your broader identity and broader activities, as pressure is likely to applied
to introduce hostile code and strange design decisions that facilitate other
people's hostile code. This happens all the time in projects attempting to
implement cryptography. They get one funny feature after another whose
only utility is facilitating backdoors.
gpg will ask you for a passphrase. If your keyfile falls into enemy hands,
your secret key is subject to offline dictionary attack, against which only a
very strong passphrase, with about 128 bits of entropy, can protect it.
Which is a problem that crypto wallets address, and gpg fails to address.
Either use a strong non human memorable passphrase or else use a trivial
passphrase or no passphrase, and instead export and hide the secret key
file and delete it from gpg when you are done. A human cannot remember
a strong passphrase. Write it down, in pencil, and hide it somewhere.
(Pencil does not fade, but some inks fade) If you can remember the
passphrase, and someone gets at your keyfile, it is unlikely to protect you
keyfile. A strong passphrase looks like a wallet master secret.
Gpg's passphrases are merely a nuisance. They fail to serve a useful
purpose if used in the manner intended. Wallets came under real attack,
and now do things correctly. One of our objectives is to replace gpg for git
and gpg for secure messaging with something that actually works, with a
wallet, but for the moment, we use what we have.
Now create another similar subkey. This time give it an expiry date in the
near future
```bash
gpg --expert --edit-key «master key»
addkey
```
Rather than protecting your primary keys with a useless password, you
should export them to a safe place, such as a pair of thumbdrives, and then
delete them, to be re-imported when you need them to add a new subkey
when your subkey expires.
```bash
save
gpg --list-keys --with-subkey-fingerprints --with-keygrip «master key»
gpg -a --export «master key»
gpg -a --export-secret-keys «master key»
```
Then look in at the secret keys listed by keygrip in
`$HOME/.gnupg/private-keys-v1.d/KEYGRIP.key` and delete any
secret keys of the master key other than short lived subkey you just
added.
```bash
gpg --list-keys --with-subkey-fingerprints --with-keygrip «master key»
# secret keys that have already been deleted will be marked with a #
```
You should make sure that any secret keys with no expiration or an
expiration in the distant future are marked with that sign, and if they are
not, delete them.
On non airgapped machines, you will delete the primary key, or not
import it in the first place.
After all this complicated, easy to get wrong, and confusing rigmarole,
you should, upon importing and trusting, have a copy of gpg that can sign
commits with your short lived subkey as an agent for your long lived
master key.
Git can now still sign with the non expiring master key, because it still has
a subkey that will expire in the near future.
[sovereign corporations]:social_networking.html#many-sovereign-corporations-on-the-blockchain
We need to replace this with our own system and make life a whole lot
simpler for someone with a shortlived subkey on a cloud computer and a
master key offline or on an airgapped computer.
Making life simpler for ourselves is a step towards making life
simpler for someone who is likely to give us money.
This an important eat-your-own-dogfood job. But doing it right, rather
than a user hostile patch on a patch, is likely to be hard, because rewriting
Git to use our keys and our identities is likely to be an enormous job. Git
also needs fixing, not only because it uses the domain name identity model
rather than secret key but because it uses an insecure hash.
Obviously we need to eventually replace all this complicated rigmarole
with a system whereby one identity on one wallet can send a message to
another identity on another wallet granting it an identity with authority to
act as agent for the first identity. The primary use case for such a system is
not signing code, though that will be our first use of it, but to enable
[sovereign corporations] to act through remote employees and safely use
servers in the cloud. Information wants to be free, but programmers want
to be paid.

View File

@ -633,11 +633,13 @@ means you can incorporate unlimited amounts of stuff, and Git only has to
check the particular module that you are actually working on. check the particular module that you are actually working on.
Maybe subtrees would work better if one was working on a project where Maybe subtrees would work better if one was working on a project where
several parts wer e being developed at once, thus a project small enough several parts were being developed at once, thus a project small enough
that scaling is not an issue. But such projects, if successful, grow into that scaling is not an issue. But such projects, if successful, grow into
projects where scaling is an issue. And if you are a pure consumer of a projects where scaling is an issue. And if you are a pure consumer of a
library, you don't care that you are breaking the git model, because you are library, you don't care that you are breaking the git model, because you are
seldom making synchronized changes in module and submodule. seldom making synchronized changes in module and submodule, exept to absorb
updates written by the upstream party or adjust build parameters that they
thave made
The submodule model works fine, provided the divisions between one The submodule model works fine, provided the divisions between one
submodule and the next are such that one is only likely to make changes in submodule and the next are such that one is only likely to make changes in
@ -1003,6 +1005,16 @@ approval, thus solving the identity problem and eating my own dogfood.
Choco packages would be very handy to automatically install my build environment. Choco packages would be very handy to automatically install my build environment.
### Cmake ### Cmake
It is now apparent that CMake is the new standard. Unix makefiles
(`.configure && make && make install`) have become unworkable, are dying
under bitrot, and no one is maintaining them any more.
Every ide has its own replacement for makefiles, most of them also broken
to a greater or lesser extent, and now ides are moving to CMake. If a folder has
a CMakeLists.txt file in its root, or the CMake build file, it is a project, and
the existing project files in the existing format are now obsolete, even though
they will continue to be used for a very long time.
`cmake` has a pipeline for building choco files. `cmake` has a pipeline for building choco files.
[wxWidgets has instructions for building with Cmake]:https://docs.wxwidgets.org/trunk/overview_cmake.html [wxWidgets has instructions for building with Cmake]:https://docs.wxwidgets.org/trunk/overview_cmake.html
@ -1019,7 +1031,14 @@ the documentation for these commands, which documentation
`Cmake` runs on both Windows and Linux, and is a replacement for autotools, that runs only on Linux. `Cmake` runs on both Windows and Linux, and is a replacement for autotools, that runs only on Linux.
Going with `cmake` means you have a defined standard cross platform development environment, `vscode` which is wholly open source, and a defined standard cross platform packaging system, or rather four somewhat equivalent standard packaging systems, two for each platform. Going with `cmake` means you have a defined standard cross platform development environment,
vscode` which is wholly open source, and a defined standard cross platform packaging system,
or rather four somewhat equivalent standard packaging systems, two for each platform.
`vscode` has the worlds worst build system, but is now, like every ide, moving to cmake.
It is the build system that is the most important part of an ide --
or it used to be, but now it is, or soon will be, the quality of its integration with cmake.
Instead of Instead of
@ -1079,19 +1098,7 @@ specific language.
# Library Package managers # Library Package managers
Lately, however, library package managers have appeared: Conan and [vcPkg](https://blog.kitware.com/vcpkg-a-tool-to-build-open-source-libraries-on-windows/). Conan lacks wxWidgets, and has far fewer packages than [vcpkg](https://libraries.io/github/Microsoft/vcpkg). Cmake is the new source code package manager, obsoleting all others.
I have attempted to use package managers, and not found them very useful. It
is easier to deal with each package as its own unique special case. The
uniform abstraction that a package manager attempts to provide invariably
leaks badly, while piling cruft on top of the library. Rather than
simplifying library use, piles its own idiosyncratic complexification on top
of the complexities of the library, often inducing multiplicative complexity,
as one attempts to deal with the irregularities and particulars of a
particular library though a package manager that is unaware of and incapable
of dealing with the particularity of that particular package, and is
unshakeably convinced that the library is organized in way that is different
from the way it is in fact organized.
# Multiprecision Arithmetic # Multiprecision Arithmetic

View File

@ -79,73 +79,16 @@ update in pushes, pulls, checkouts, and switches.
"Contributor Code of Conduct" "Contributor Code of Conduct"
{target="_blank"} {target="_blank"}
It will, however, also implement signed commits, insist that you have `gpg` on your path, and that you have cohfigured a signing key in your local config, and will refuse to pull updates that are signed by a gpg key that you have not locally trusted. It will, however, also implement signed commits, and insist you have set up a key pair as
because [cryptographic software is under attack] from NSA explained in the contributor code of conduct because [cryptographic software is under attack] from NSA
entryists and shills, who seek to introduce backdoors. entryists and shills, who seek to introduce backdoors.
[has its own trust model based on *ssh* and gpg keys]:https://git-scm.com/docs/git-config `.gitconfig` also adds several git aliases:
{target="_blank"}
Note that this has been obsoleted and needs to be rewritten 1. `git lg` to display the git log with committer name from `.gitsigners` that corresponds to the public key
since git now [has its own trust model based on *ssh* and gpg keys] 1. `git graph` to graph the commit tree with the committer name from `.gitsigners` that corresponds to the public key
and the file `gpg.ssh.allowedSignersFile`,
which should be in a repository that only allows signed commits.
Git now has a bunch of hooks that are accessed through config entries
starting with `gpg.` that potentially allow us to supply zooko names
for git signed commits.You can sign a file or a commit, and
`https://github.com/USERNAME.keys` is a central name authority.
This may be inconvenient if you do not have `gpg` installed and set up.
It also means that subsequent pulls and merges will require you to have `gpg `trust the key `public_key.gpg`, and if you submit a pull request, the puller will need to trust your `gpg` public key.
`.gitconfig` adds several git aliases:
1. `git lg` to display the gpg trust information for the last few commits.
For this to be useful you need to import the repository public key
`public_key.gpg` into gpg, and locally sign that key.
1. `git graph` to graph the commit tree with signing status
1. `git alias` to display the git aliases. 1. `git alias` to display the git aliases.
1. `git utcmt` to make a commit without revealing your time zone.
```bash
# To verify that the signature on future pulls is
# unchanged.
gpg --import public_key.gpg
gpg --lsign 096EAE16FB8D62E75D243199BC4482E49673711C
```
We ignore the Gpg Web of Trust model and instead use the Zooko
identity model.
We use Gpg signatures to verify that remote repository code
is coming from an unchanging entity, not for Gpg Web of Trust. Web
of Trust is too complicated and too user hostile to be workable or safe.
Never --sign any Gpg key related to this project. --lsign it.
`gitconfig` disallows merges unless you have told `gpg` to trust the
public key corresponding to the private key that signed the tip of
the root. So part of the pull request process is getting the puller to
trust your public key, and you will not be able to pull updates
unless you tell `gpg` to trust the key that is in the root directory as
`public_key.gpg`.
Never check any Gpg key related to this project against a public
gpg key repository. It should not be there.
`gitconfig` disallows merges unless you have told `gpg` to trust the public
key corresponding to the private key that signed the tip of the root. So part
of the pull request process is getting the puller to trust your public key, and
you will not be able to pull updates unless you tell `gpg` to trust the key that
is in the root directory as `public_key.gpg`.
Never use any email address on a gpg key related to this project
unless it is only used for project purposes, or a fake email, or the
email of an enemy. We don't want Gpg used to link different email
addresses as owned by the same entity, and we don't want email
addresses used to link people to the project, because those
identities would then come under state and quasi state pressure.
[Pre alpha release](./RELEASE_NOTES.html), which means it does not yet work even well [Pre alpha release](./RELEASE_NOTES.html), which means it does not yet work even well
enough for it to be apparent what it would do if it did work. enough for it to be apparent what it would do if it did work.

View File

@ -66,25 +66,31 @@ security are likely to result in code that lacks security. They come under
pressure to introduce an odd architecture for inexplicable reasons. We see pressure to introduce an odd architecture for inexplicable reasons. We see
this happening all the time in cryptographic products. this happening all the time in cryptographic products.
# Code will be cryptographically signed # Code will be cryptographically and pseudonymously signed
[has its own trust model based on *ssh* and gpg keys]:https://git-scm.com/docs/git-config Everyone participating in the project should have a username unrelated to the name
{target="_blank"} and identity that they use for other purposes, and an ssh key that they use signing
commits to this project, and for no other purpose, separate from any key used for
signing in to remote machines, and located in the `.git` directory of their local repository
(not their `.ssh` directory, for public keys in the `.ssh` directory get exposed to
too many machines, revealing a relationship between nym and network address)
with the public key also located in the `.gitsigners` file, where it is shared with
everyone through the upstream repository
Note that this has been obsoleted and needs to be rewritten Note that the file is called `.gitsigners`, not `.gitallowedsigners`,
since git now [has its own trust model based on *ssh* and gpg keys] `gittrustedsigners` nor `.gitapprovedsigners`. Everyone should sign every commit,
and the file `gpg.ssh.allowedSignersFile`, everyone who submits a pull request or otherwise makes their commits available to others
which should be in a repository that only allows signed commits. should add themselves to the `.gitsigners` file and if their commits are good,
eventually other people will trust them.
Git now has a bunch of hooks that are accessed through config entries When we are truly eating our own dogfood, will not need a `.gitsigners` file, because we will have
starting with `gpg.` that potentially allow us to supply zooko names a public ever growing data structure creating a unique append only mapping between
for git signed commits. public keys and arbitrary data.
Of necessity, we will rest our developer identities on GPG keys, until we Of necessity, we will rest our developer identities on ssh keys, until we
can eat our own dogfood and use our own system's cryptographic keys. can eat our own dogfood and use our own system's cryptographic keys.
Login identities shall have no password reset, because that is a security Login identities shall have no password reset, because that is a security
hole. If people forget their password, they should just create a new login hole. People should rely on ssh for login.
that uses the same GPG key.
Every pull request should be made using `git request-pull`, (rather than Every pull request should be made using `git request-pull`, (rather than
some web UI, for the web UI is apt to identify people through the domain some web UI, for the web UI is apt to identify people through the domain
@ -105,6 +111,34 @@ the (possibly quite lengthy) merge message.
Thus all changes should be made, explained, and approved by persons Thus all changes should be made, explained, and approved by persons
identified cryptographically, rather than through the domain name system. identified cryptographically, rather than through the domain name system.
## setting up automatic git signing of commits
Suppose you choose the nym "`gandalf`".
(First make sure that no one else is using your nym by glancing at the
`.gitsigners` file, which should be in sorted order, and if it is not,
run the linux sort command on it)
then at the root of your repository
```bash
ssh-keygen -t ed25519 -f .git/gandalf #to create your key pair
git config user.signingkey .git/gandalf.pub #tell git to use this key pair
git config user.name gandalf #will be ignored
git config user.email gandalf@ #fake email will be ignored
git config include.path ../.gitconfig #sets various defaults, ssh signing among them
```
Then add\
`gandalf ssh-ed25519 «your-public-key-as-in-gandalf.pub»`\
to the .gitsigners file to publish your public key to anyone
who wants to make sure that commits are from the nym that they
claim to be -- at least claim to be when their commits are
displayed by the git aliases of `.gitconfig`
The nym in `.gitsigners` is the one that matters, though `user.email`
and `user.name` should be the same or sufficiently similar to
show you are not up to anything funny.
# No race, sex, religion, nationality, or sexual preference # No race, sex, religion, nationality, or sexual preference
![On the internet nobody knows you are a dog](../images/nobody_know_you_are_a_dog.webp) ![On the internet nobody knows you are a dog](../images/nobody_know_you_are_a_dog.webp)

View File

@ -3220,155 +3220,6 @@ lived subkeys.
Will sign with subkey, because MasterKey should not be available on the server Will sign with subkey, because MasterKey should not be available on the server
### To set up a system with gpg subkeys but without the master key
This is horribly painful, and we need to create a better system and eat our
own dogfood.
We ignore the Gpg Web of Trust model and instead use the Zooko identity model.
We use Gpg signatures to verify that remote repository code is coming from an unchanging entity, not for Gpg Web of Trust. Web of Trust is too complicated and too user hostile to be workable or safe.
Never --sign any Gpg key. --lsign it.
Never use any public gpg key repository.
Never use any email address on a gpg key unless it is only used for messages relating to a single group and a single purpose, or a fake email.
Gpg fundamentally lacks the concept of one entity acting for and on behalf
of another. A subkey should be identified by the name of the master key
followed by a subname intelligible to humans, and a sequence of grant of
authority values intelligible to computers, represented by either a variable
precision integer representing a bit string, each bit corresponding to a an
authority value, which bitstring may contain a flag saying that further
authorities are represented by a null terminated Dewey decimal sequence rather
than by one bits in a sparse bitstring.
But for the moment:
```bash
gpg --expert --full-gen-key
```
Select 9 ECC and ECC, then select curve25519, then 0, key does not expire.
(This is going to be the rarely used master key, whose secret will be kept in
a safe place and seldom used)
Much open source cryptography has been backdoored. I have no reason to
suppose that gpg is backdoored, other than that there is a great deal of
backdooring going around, but I have positive reason to suppose that
curve25519 has *not* been backdoored in gpg, and even if I did not, the
fewer cryptographic algorithms we use, the smaller the attack surface.
Gitlab strongly recommends using only ED25519 ssh keys to interact with
git repositories, and I strongly recommend using only ED25519 ssh keys
to interact with repositories and only 25519 gpg keys to authenticate
commits and identify committers. I mention Gitlab not because I regard
them as a highly authoritative source, but to show I am not the only one
around who is paranoid about broken and corrupted cryptographic code.
Everyone should use the same algorithm to reduce the attack surface.
Name `«master key»>` (use a fake email address) Gpg was designed to
make email secure, but email is not secure. We will be using this as the
root of identities in Git, rather than to authenticate email. Use this root of
identity only for project related matters, only for the authentication of code
and design documents. Don't use this identity for other purposes, as this
will increase the risk that pressure or unpleasant consequences will be
applied to you through those other activities. Don't link this identity to
your broader identity and broader activities, as pressure is likely to applied
to introduce hostile code and strange design decisions that facilitate other
people's hostile code. This happens all the time in projects attempting to
implement cryptography. They get one funny feature after another whose
only utility is facilitating backdoors.
gpg will ask you for a passphrase. If your keyfile falls into enemy hands,
your secret key is subject to offline dictionary attack, against which only a
very strong passphrase, with about 128 bits of entropy, can protect it.
Which is a problem that crypto wallets address, and gpg fails to address.
Either use a strong non human memorable passphrase or else use a trivial
passphrase or no passphrase, and instead export and hide the secret key
file and delete it from gpg when you are done. A human cannot remember
a strong passphrase. Write it down, in pencil, and hide it somewhere.
(Pencil does not fade, but some inks fade) If you can remember the
passphrase, and someone gets at your keyfile, it is unlikely to protect you
keyfile. A strong passphrase looks like a wallet master secret.
Gpg's passphrases are merely a nuisance. They fail to serve a useful
purpose if used in the manner intended. Wallets came under real attack,
and now do things correctly. One of our objectives is to replace gpg for git
and gpg for secure messaging with something that actually works, with a
wallet, but for the moment, we use what we have.
Now create another similar subkey. This time give it an expiry date in the
near future
```bash
gpg --expert --edit-key «master key»
addkey
```
Rather than protecting your primary keys with a useless password, you
should export them to a safe place, such as a pair of thumbdrives, and then
delete them, to be re-imported when you need them to add a new subkey
when your subkey expires.
```bash
save
gpg --list-keys --with-subkey-fingerprints --with-keygrip «master key»
gpg -a --export «master key»
gpg -a --export-secret-keys «master key»
```
Then look in at the secret keys listed by keygrip in
`$HOME/.gnupg/private-keys-v1.d/KEYGRIP.key` and delete any
secret keys of the master key other than short lived subkey you just
added.
```bash
gpg --list-keys --with-subkey-fingerprints --with-keygrip «master key»
# secret keys that have already been deleted will be marked with a #
```
You should make sure that any secret keys with no expiration or an
expiration in the distant future are marked with that sign, and if they are
not, delete them.
On non airgapped machines, you will delete the primary key, or not
import it in the first place.
After all this complicated, easy to get wrong, and confusing rigmarole,
you should, upon importing and trusting, have a copy of gpg that can sign
commits with your short lived subkey as an agent for your long lived
master key.
Git can now still sign with the non expiring master key, because it still has
a subkey that will expire in the near future.
[sovereign corporations]:social_networking.html#many-sovereign-corporations-on-the-blockchain
We need to replace this with our own system and make life a whole lot
simpler for someone with a shortlived subkey on a cloud computer and a
master key offline or on an airgapped computer.
Making life simpler for ourselves is a step towards making life
simpler for someone who is likely to give us money.
This an important eat-your-own-dogfood job. But doing it right, rather
than a user hostile patch on a patch, is likely to be hard, because rewriting
Git to use our keys and our identities is likely to be an enormous job. Git
also needs fixing, not only because it uses the domain name identity model
rather than secret key but because it uses an insecure hash.
Obviously we need to eventually replace all this complicated rigmarole
with a system whereby one identity on one wallet can send a message to
another identity on another wallet granting it an identity with authority to
act as agent for the first identity. The primary use case for such a system is
not signing code, though that will be our first use of it, but to enable
[sovereign corporations] to act through remote employees and safely use
servers in the cloud. Information wants to be free, but programmers want
to be paid.
### Phabricator ### Phabricator
Too fat, and not exactly open source. Too fat, and not exactly open source.

View File

@ -43,7 +43,7 @@
<PropertyGroup Label="UserMacros" /> <PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental> <LinkIncremental>true</LinkIncremental>
<IncludePath>..\wxWidgets\include\msvc;..\wxWidgets\include;..\libsodium\src\libsodium\include;..\mpir;$(IncludePath)</IncludePath> <IncludePath>..\wxWidgets\include\msvc;..\wxWidgets\include;..\libsodium\src\libsodium\include;..\mpir;..\src;$(IncludePath)</IncludePath>
<LibraryPath>..\wxWidgets\lib\vc_x64_lib\;..\libsodium\bin\x64\Debug\v143\static;..\mpir\lib\x64\Debug;$(LibraryPath)</LibraryPath> <LibraryPath>..\wxWidgets\lib\vc_x64_lib\;..\libsodium\bin\x64\Debug\v143\static;..\mpir\lib\x64\Debug;$(LibraryPath)</LibraryPath>
<CustomBuildAfterTargets /> <CustomBuildAfterTargets />
<IntDir>..\build\$(Configuration)\</IntDir> <IntDir>..\build\$(Configuration)\</IntDir>

View File

@ -29,22 +29,6 @@ IF %ERRORLEVEL% NEQ 0 (
GOTO:EOF GOTO:EOF
) )
echo on echo on
call msbuild.bat gc lib x64 Debug test
echo off
IF %ERRORLEVEL% NEQ 0 (
cd ..
PAUSE
GOTO:EOF
)
echo on
call msbuild.bat gc lib x64 Debug tune
echo off
IF %ERRORLEVEL% NEQ 0 (
cd ..
PAUSE
GOTO:EOF
)
echo on
call msbuild.bat gc lib x64 Release call msbuild.bat gc lib x64 Release
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
@ -53,48 +37,36 @@ IF %ERRORLEVEL% NEQ 0 (
GOTO:EOF GOTO:EOF
) )
echo on echo on
call msbuild.bat gc lib x64 Release test
echo off
IF %ERRORLEVEL% NEQ 0 (
cd ..
PAUSE
GOTO:EOF
)
echo on
call msbuild.bat gc lib x64 Release tune
echo off
IF %ERRORLEVEL% NEQ 0 (
cd ..
PAUSE
GOTO:EOF
)
echo on
call msbuild.bat gc lib x64 Debug
echo off
IF %ERRORLEVEL% NEQ 0 (
cd ..
PAUSE
GOTO:EOF
)
echo on
cd ..\..\.. cd ..\..\..
cd wxWidgets\build\msw cd wxWidgets
msbuild wx_vc17.sln -m -p:Configuration=Release;Platform=x64;PlatformToolset=v143;WindowsTargetPlatformVersion=10.0 cmake . -Bbuild\msw\vc_x64_mswu
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
PAUSE echo Failed during cmake create build directory
GOTO:EOF PAUSE
GOTO:EOF
) )
echo on echo on
msbuild wx_vc17.sln -m -p:Configuration=Debug;Platform=x64;PlatformToolset=v143;WindowsTargetPlatformVersion=10.0 cd build\msw\vc_x64_mswu
cmake --build . --config Release
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
PAUSE echo Failed during cmake --build . --config Release
GOTO:EOF PAUSE
GOTO:EOF
) )
echo on echo on
cmake --build . --config Debug
IF %ERRORLEVEL% NEQ 0 (
echo Failed during cmake --build . --config Debug
PAUSE
GOTO:EOF
)
echo on
xcopy /E /F /Y lib ..\..\..\lib
cd ..\..\.. cd ..\..\..
cd ..
echo on
msbuild msvc/wallet.sln -p:Configuration=Debug;Platform=x64 -m msbuild msvc/wallet.sln -p:Configuration=Debug;Platform=x64 -m
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (

View File

@ -3,35 +3,40 @@ echo exists to make sure no other libraries are around
echo off echo off
call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat
call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat" call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
del /Q build
del /Q libsodium\obj echo on
del /Q libsodium\bin rmdir /Q /S build
del /Q libsodium\src\libsodium\include\sodium\version.h rmdir /Q /S msvc\.vs
cd mpir cd libsodium
rmdir /Q /S bin
rmdir /Q /S obj
del src\libsodium\include\sodium\version.h
cd ..\mpir
rmdir /Q /S lib
del config.h del config.h
del gmp-mparam.h del gmp-mparam.h
del gmp.h del gmp.h
del /Q lib
del longlong.h del longlong.h
del mpir.h del mpir.h
del msvc\output_params.bat del msvc\output_params.bat
del msvc\tmp.h rmdir /Q /S msvc\vs22\lib_mpir_cxx\x64
del /Q msvc\vs22\lib_mpir_cxx\x64 rmdir /Q /S msvc\vs22\lib_mpir_gc\x64
del /Q msvc\vs22\lib_mpir_gc\x64
del msvc\vs22\test-config.props del msvc\vs22\test-config.props
cd ..\wxWidgets cd ..
del /Q build\msw\vc_x64_mswu cd wxWidgets
del /Q build\msw\vc_x64_mswud rmdir /Q /S build\msw\vc_x64_mswu
del /Q lib\vc_x64_lib rmdir /Q /S build\msw\vc_x64_mswud
rmdir /Q /S lib\vc_x64_lib
cd .. cd ..
echo check to see that everything is cleaned echo check to see that everything is cleaned
echo off rem echo off
git submodule foreach --recursive "git clean -xnf" git clean -xdn
git clean -xnf git submodule foreach git clean -xdn
PAUSE PAUSE
echo on echo on
cd libsodium/builds/msvc/vs2022 echo on
cd libsodium\builds\msvc\vs2022
msbuild libsodium.sln -p:Configuration=StaticDebug;Platform=x64 -m msbuild libsodium.sln -p:Configuration=StaticDebug;Platform=x64 -m
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (

View File

@ -3,34 +3,40 @@ echo exists to make sure no other libraries are around
echo off echo off
call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat
call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat" call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
del /Q build
del /Q libsodium\obj echo on
del /Q libsodium\bin rmdir /Q /S build
del /Q libsodium\src\libsodium\include\sodium\version.h rmdir /Q /S msvc\.vs
cd mpir cd libsodium
rmdir /Q /S bin
rmdir /Q /S obj
del src\libsodium\include\sodium\version.h
cd ..\mpir
rmdir /Q /S lib
del config.h del config.h
del gmp-mparam.h del gmp-mparam.h
del gmp.h del gmp.h
del /Q lib
del longlong.h del longlong.h
del mpir.h del mpir.h
del msvc\output_params.bat del msvc\output_params.bat
del msvc\tmp.h rmdir /Q /S msvc\vs22\lib_mpir_cxx\x64
del /Q msvc\vs22\lib_mpir_cxx\x64 rmdir /Q /S msvc\vs22\lib_mpir_gc\x64
del /Q msvc\vs22\lib_mpir_gc\x64
del msvc\vs22\test-config.props del msvc\vs22\test-config.props
cd ..\wxWidgets cd ..
del /Q build\msw\vc_x64_mswu cd wxWidgets
del /Q build\msw\vc_x64_mswud rmdir /Q /S build\msw\vc_x64_mswu
del /Q lib\vc_x64_lib rmdir /Q /S build\msw\vc_x64_mswud
rmdir /Q /S lib\vc_x64_lib
cd .. cd ..
echo check to see that everything is cleaned echo check to see that everything is cleaned
echo off rem echo off
git submodule foreach --recursive "git clean -xnf" git clean -xdn
git clean -xnf git submodule foreach git clean -xdn
PAUSE PAUSE
echo on echo on
cd libsodium/builds/msvc/vs2022
echo on
cd libsodium\builds\msvc\vs2022
msbuild libsodium.sln -p:Configuration=StaticRelease;Platform=x64 -m msbuild libsodium.sln -p:Configuration=StaticRelease;Platform=x64 -m
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
@ -49,22 +55,7 @@ IF %ERRORLEVEL% NEQ 0 (
PAUSE PAUSE
GOTO:EOF GOTO:EOF
) )
echo on
call msbuild.bat gc lib x64 Release test
echo off
IF %ERRORLEVEL% NEQ 0 (
cd ..
PAUSE
GOTO:EOF
)
echo on
call msbuild.bat gc lib x64 Release tune
echo off
IF %ERRORLEVEL% NEQ 0 (
cd ..
PAUSE
GOTO:EOF
)
echo on echo on
cd ..\..\.. cd ..\..\..
cd wxWidgets\build\msw cd wxWidgets\build\msw

View File

@ -2,44 +2,49 @@ echo on
call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat
call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat" call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
echo on echo on
cd wxWidgets\build\msw cd wxWidgets
msbuild wx_vc17.sln -m -p:Configuration=Release;Platform=x64;PlatformToolset=v143;WindowsTargetPlatformVersion=10.0 cmake . -Bbuild\msw\vc_x64_mswu
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
PAUSE echo Failed during cmake create build directory
GOTO:EOF PAUSE
GOTO:EOF
) )
echo on echo on
msbuild wx_vc17.sln -m -p:Configuration=Debug;Platform=x64;PlatformToolset=v143;WindowsTargetPlatformVersion=10.0 cd build\msw\vc_x64_mswu
cmake --build . --config Release
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
PAUSE echo Failed during cmake --build . --config Release
GOTO:EOF PAUSE
GOTO:EOF
) )
echo on echo on
cmake --build . --config Debug
IF %ERRORLEVEL% NEQ 0 (
echo Failed during cmake --build . --config Debug
PAUSE
GOTO:EOF
)
echo on
xcopy /E /F /Y lib ..\..\..\lib
cd ..\..\.. cd ..\..\..
msbuild wallet.sln -p:Configuration=Debug;Platform=x64 -m cd ..
msbuild msvc/wallet.sln -p:Configuration=Debug;Platform=x64 -m
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
PAUSE PAUSE
GOTO:EOF GOTO:EOF
) )
echo on echo on
msbuild wallet.sln -p:Configuration=Release;Platform=x64 -m msbuild msvc/wallet.sln -p:Configuration=Release;Platform=x64 -m
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
PAUSE PAUSE
GOTO:EOF GOTO:EOF
) )
echo on echo on
.\build\Debug\wallet.exe --complete --test
echo off
IF %ERRORLEVEL% NEQ 0 (
echo failed unit test on debug build
) ELSE (
echo passed unit test on debug build)
echo on
.\build\Release\wallet.exe --complete --test .\build\Release\wallet.exe --complete --test
echo off echo off
IF %ERRORLEVEL% NEQ 0 ( IF %ERRORLEVEL% NEQ 0 (
@ -47,3 +52,11 @@ IF %ERRORLEVEL% NEQ 0 (
) ELSE ( ) ELSE (
echo passed unit test on release build echo passed unit test on release build
) )
echo on
.\build\Debug\wallet.exe --complete --test
echo off
IF %ERRORLEVEL% NEQ 0 (
echo failed unit test on debug build
) ELSE (
echo passed unit test on debug build
)

55
msvc/wx_cmake_Debug.bat Normal file
View File

@ -0,0 +1,55 @@
echo off
call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat
call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
echo on
rmdir /Q /S build
rmdir /Q /S msvc\.vs
cd wxWidgets
del lib\wxWidgetsConfig.cmake
del lib\wxWidgetsConfigVersion.cmake
rmdir /Q /S build\msw\vc_x64_mswu
rmdir /Q /S lib\vc_x64_lib
cd ..
rem echo check to see that everything is cleaned
rem git clean -xdn
rem cd wxWidgets
rem git clean -xdn
rem cd ..
rem PAUSE
cd wxWidgets
cmake . -Bbuild\msw\vc_x64_mswu
echo off
IF %ERRORLEVEL% NEQ 0 (
echo Failed during cmake create build directory
PAUSE
GOTO:EOF
)
echo on
cd build\msw\vc_x64_mswu
cmake --build . --config Debug
IF %ERRORLEVEL% NEQ 0 (
echo Failed during cmake --build .
PAUSE
GOTO:EOF
)
echo on
xcopy /E /F /Y lib ..\..\..\lib
cd ..\..\..
cd ..
msbuild msvc/wallet.sln -p:Configuration=Debug;Platform=x64 -m
echo off
IF %ERRORLEVEL% NEQ 0 (
PAUSE
GOTO:EOF
)
echo on
.\build\Debug\wallet.exe --complete --test
echo off
IF %ERRORLEVEL% NEQ 0 (
echo failed unit test on debug build
) ELSE (
echo passed unit test on debug build
)

57
msvc/wx_cmake_Release.bat Normal file
View File

@ -0,0 +1,57 @@
echo off
call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat
call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
echo on
rmdir /Q /S build
rmdir /Q /S msvc\.vs
cd wxWidgets
del lib\wxWidgetsConfig.cmake
del lib\wxWidgetsConfigVersion.cmake
rmdir /Q /S build\msw\vc_x64_mswu
rmdir /Q /S build\msw\vc_x64_mswud
rmdir /Q /S lib\vc_x64_lib
cd ..
rem echo check to see that everything is cleaned
rem git clean -xdn
rem cd wxWidgets
rem git clean -xdn
rem cd ..
rem PAUSE
cd wxWidgets
cmake . -Bbuild\msw\vc_x64_mswu
echo off
IF %ERRORLEVEL% NEQ 0 (
echo Failed during cmake create build directory
PAUSE
GOTO:EOF
)
echo on
cd build\msw\vc_x64_mswu
cmake --build . --config Release
echo off
IF %ERRORLEVEL% NEQ 0 (
echo Failed during cmake --build .
PAUSE
GOTO:EOF
)
echo on
xcopy /E /F /Y lib ..\..\..\lib
cd ..\..\..
cd ..
msbuild msvc/wallet.sln -p:Configuration=Release;Platform=x64 -m
echo off
IF %ERRORLEVEL% NEQ 0 (
PAUSE
GOTO:EOF
)
echo on
.\build\Release\wallet.exe --complete --test
echo off
IF %ERRORLEVEL% NEQ 0 (
echo failed unit test on release build
) ELSE (
echo passed unit test on release build
)

44
msvc/wx_msvc_Debug.bat Normal file
View File

@ -0,0 +1,44 @@
echo off
call C:\"Program Files (x86)"\"Microsoft Visual Studio"\2022\BuildTools\VC\Auxiliary\Build\vcvarsamd64_x86.bat
call C:\"Program Files"\"Microsoft Visual Studio"\2022\Community\VC\Auxiliary\Build\vcvars64.bat"
echo on
rmdir /Q /S build
rmdir /Q /S msvc\.vs
cd wxWidgets
rmdir /Q /S build\msw\vc_x64_mswu
rmdir /Q /S build\msw\vc_x64_mswud
rmdir /Q /S lib\vc_x64_lib
cd ..
echo check to see that everything is cleaned
git clean -xdn
cd wxWidgets
git clean -xdn
cd ..
PAUSE
echo on
cd wxWidgets\build\msw
msbuild wx_vc17.sln -m -p:Configuration=Debug;Platform=x64;PlatformToolset=v143;WindowsTargetPlatformVersion=10.0
echo off
IF %ERRORLEVEL% NEQ 0 (
PAUSE
GOTO:EOF
)
echo on
cd ..\..\..
msbuild msvc/wallet.sln -p:Configuration=Debug;Platform=x64 -m
echo off
IF %ERRORLEVEL% NEQ 0 (
PAUSE
GOTO:EOF
)
echo on
.\build\Debug\wallet.exe --complete --test
echo off
IF %ERRORLEVEL% NEQ 0 (
echo failed unit test on debug build
) ELSE (
echo passed unit test on debug build
)

View File

@ -66,10 +66,10 @@ R"(In fully utf environment, (wallet.manifest plus
static_assert(wxUSE_IPV6 == 1, "IP6 unavailable in wxWidgets"); static_assert(wxUSE_IPV6 == 1, "IP6 unavailable in wxWidgets");
static_assert(WXWIN_COMPATIBILITY_3_0 == 0, "wxWidgets api out of date"); static_assert(WXWIN_COMPATIBILITY_3_0 == 0, "wxWidgets api out of date");
static_assert(wxUSE_COMPILER_TLS == (b_WINDOWS ? 2 : 1), "out of date workarounds in wxWidgets for windows bugs"); static_assert(wxUSE_COMPILER_TLS == (b_WINDOWS ? 2 : 1), "out of date workarounds in wxWidgets for windows bugs");
static_assert(wxUSE_STD_CONTAINERS_COMPATIBLY == 1, "interoperability between stl and wxWidgets broken"); static_assert(wxUSE_STD_CONTAINERS_COMPATIBLY == 1, "wxUSE_STD_CONTAINERS_COMPATIBLY != 1 interoperability between stl and wxWidgets broken");
static_assert(wxUSE_STD_CONTAINERS == 1, "wxWidgets api out of date"); static_assert(wxUSE_STD_CONTAINERS == 1, "wxUSE_STD_CONTAINERS != 1 wxWidgets api out of date");
//static_assert(wxUSE_THREADS == 1, "want threads"); //static_assert(wxUSE_THREADS == 1, "want threads");
static_assert(wxUSE_STD_STRING_CONV_IN_WXSTRING == 1, "want wxString to conform to std::string"); static_assert(wxUSE_STD_STRING_CONV_IN_WXSTRING == 1, "wxUSE_STD_STRING_CONV_IN_WXSTRING != 1 want wxString to conform to std::string");
static_assert(wxUSE_SECRETSTORE >0, "need wxSecretStore to actually work"); static_assert(wxUSE_SECRETSTORE >0, "need wxSecretStore to actually work");
// The api may be there, but will always return false if wxUSE_SECRETSTORE is zero // The api may be there, but will always return false if wxUSE_SECRETSTORE is zero
//static_assert(wxUSE_STD_DEFAULT == 1 && wxUSE_STL==1); //static_assert(wxUSE_STD_DEFAULT == 1 && wxUSE_STL==1);

@ -1 +1 @@
Subproject commit 5fd97439acaa39c443fe9a852d5806f5cb435a55 Subproject commit 68fc65fb74fee05725d7acc10dd2df1d03bc89e2