Call for testing: bitcoin

Hello,

For a couple of weeks we have been figuring out how to confine bitcoin. This is one of the most important use cases of the snap security because you don’t want any program messing with your digital wallet. And when there’s a vulnerability in the code, all the clients should be updated as fast as possible to keep the network sane. With snaps, just push a fixed version and see everybody update without any work from their side.

We now need help testing the snap before making it public:

$ sudo snap install bitcoin --candidate

Then launch it from the dash or running the bitcoin.qt command.

This was built from the tag of the latest released bitcoin and pushed to the store, all automatically by travis. But, be warned, you will be the first users so we might still find unforeseen problems. Use your bitcoins with caution during the candidate phase, or just test without any of your money.

Here are the sources for the snap and CI scripts, in case you want to verify them or build it yourself:

Another interesting detail is that most of the cryptocurrencies out there are forks of the bitcoin source code, so they will all need a similar snapcraft.yaml. The other one we pushed is bitcoin-unlimited, which is promoting a hard fork of the bitcoin network to remove the block size limit. You can have both snaps installed to give them a try and choose the network you want to support, because both will be fully confined and independent:

$ sudo snap install bitcoin-unlimited --candidate

Of course, this would require twice the time and space to download both blockchains.

Thanks to Gal Buki (torusJKL) for his help.

Expect more options in the store soon.

pura vida

*This message was originally sent to the mailing list.

3 Likes

luca@luca-ThinkPad-X220:~$ sudo snap install bitcoin --candidate
bitcoin (candidate) v0.14.1 from ‘torusjkl’ installed

luca@luca-ThinkPad-X220:~$ bitcoin.qt
Gtk-Message: Failed to load module “overlay-scrollbar”
Gtk-Message: Failed to load module “gail”
Gtk-Message: Failed to load module “atk-bridge”
Gtk-Message: Failed to load module “unity-gtk-module”
Gtk-Message: Failed to load module “canberra-gtk-module”

122 GB of data will be stored. Too much for my sistem!!

Is this built with gitian? If not why should I trust it?

How does a snap protect the wallet from the rest of the system? Isn’t the security model completely backwards for this use case?

there’s no way to define a default data dir in bitcoin-qt

-datadir

@ali1234 it’s not using gitian. That would be a nice thing to support in snapcraft, though.

You can trace the daily uploads in travis, and inspect the logs there to see that we are just cloning master and building it without any changes. That’s uploaded to the store automatically by travis, and the download you get is signed by the store and uses https. We are also working on recording your build so it can be audited and reproduced later.

But ultimately, the publisher is in control of the channel. This means that you have to trust the publisher, in this case, me. If you don’t, you have to build your own package.

How does a snap protect the wallet from the rest of the system?

Your wallet is stored in a path that’s not readable by other snaps.

Isn’t the security model completely backwards for this use case?

I don’t understand this question. Can you tell us more about what do you mean here?

-datadir

That’s not available for all the binaries. And leaves you with the option to select the default when the window is opened the first time, which is wrong because it’s a path not writable by the snap.

But ultimately, the publisher is in control of the channel. This means that you have to trust the publisher, in this case, me. If you don’t, you have to build your own package.

This is the exact problem gitian was invented to address. (alternatively, just build the snap from the released upstream binaries).

Isn’t the security model completely backwards for this use case?

Meaning how do you protect the wallet from software which is not running inside a snap container?

Yes, gitian would be a nice addition. But you still have to either trust the publishers, or audit all the code and build yourself on every update.

We have been discussing about multiple signatures for uploads with zcash, which is also in the roadmap.

And there is no solution to protect files from unconfined applications. Just don’t install software from untrusted sources.

1 Like

Yes, gitian would be a nice addition. But you still have to either trust the publishers, or audit all the code and build yourself on every update.

Gitian is a distributed reproducible build system. Anybody can run the build themselves and get an identical output. You do not have to trust any single entity under this scheme. You only have to trust that every single person who builds using gitian is not involved in a conspiracy against you - which would be impractical at the very least. This is a completely separate problem from auditing the source code. This is about proving that the binaries match the source code.

As I mentioned, we are adding stuff to prove that the snaps match the source code and that snapcraft should support projects that use gitian. Those things will come.

1 Like

This is very much needed. I’m very concern about the security and do continuously learn a lot about Bitcoin Wallet. Although i find many people crying that their bitcoins got hacked, so thing like this would be very much appreciated !

bitcoin v0.15.0 is now in the candidate channel.

Please help us testing it. To update from stable:

sudo snap refresh bitcoin --candidate

Backup your wallets!

BTC is going again mainstream now

This thread aged too well :grin:

Omg the difference of BTC from my last reply to today :upside_down_face: