Call for testing: bitcoin

elopio · March 30, 2017, 3:25pm

Hello,

For a couple of weeks we have been figuring out how to confine bitcoin. This is one of the most important use cases of the snap security because you don’t want any program messing with your digital wallet. And when there’s a vulnerability in the code, all the clients should be updated as fast as possible to keep the network sane. With snaps, just push a fixed version and see everybody update without any work from their side.

We now need help testing the snap before making it public:

$ sudo snap install bitcoin --candidate

Then launch it from the dash or running the bitcoin.qt command.

This was built from the tag of the latest released bitcoin and pushed to the store, all automatically by travis. But, be warned, you will be the first users so we might still find unforeseen problems. Use your bitcoins with caution during the candidate phase, or just test without any of your money.

Here are the sources for the snap and CI scripts, in case you want to verify them or build it yourself:

github.com

elopio/blockchain-snaps/blob/master/bitcoin/snap/snapcraft.yaml

name: bitcoin
version: master
summary:   peer-to-peer network based digital currency
description: |
  Bitcoin is a free open source peer-to-peer electronic cash system that
  is completely decentralized, without the need for a central server or
  trusted parties.  Users hold the crypto keys to their own money and
  transact directly with each other, with the help of a P2P network to
  check for double-spending.

grade: devel
confinement: strict

apps:
  daemon:
    command: bitcoind
    plugs: [network, network-bind]
    environment:
      XDG_DATA_DIRS: $SNAP_USER_DATA:$SNAP/usr/share:$XDG_DATA_DIRS
  qt:

This file has been truncated. show original

Another interesting detail is that most of the cryptocurrencies out there are forks of the bitcoin source code, so they will all need a similar snapcraft.yaml. The other one we pushed is bitcoin-unlimited, which is promoting a hard fork of the bitcoin network to remove the block size limit. You can have both snaps installed to give them a try and choose the network you want to support, because both will be fully confined and independent:

$ sudo snap install bitcoin-unlimited --candidate

Of course, this would require twice the time and space to download both blockchains.

Thanks to Gal Buki (torusJKL) for his help.

Expect more options in the store soon.

pura vida

*This message was originally sent to the mailing list.

Fil · May 9, 2017, 9:44pm

luca@luca-ThinkPad-X220:~$ sudo snap install bitcoin --candidate
bitcoin (candidate) v0.14.1 from ‘torusjkl’ installed

luca@luca-ThinkPad-X220:~$ bitcoin.qt
Gtk-Message: Failed to load module “overlay-scrollbar”
Gtk-Message: Failed to load module “gail”
Gtk-Message: Failed to load module “atk-bridge”
Gtk-Message: Failed to load module “unity-gtk-module”
Gtk-Message: Failed to load module “canberra-gtk-module”

122 GB of data will be stored. Too much for my sistem!!

ali1234 · May 10, 2017, 7:56am

Is this built with gitian? If not why should I trust it?

How does a snap protect the wallet from the rest of the system? Isn’t the security model completely backwards for this use case?

there’s no way to define a default data dir in bitcoin-qt

-datadir

elopio · May 10, 2017, 3:34pm

@ali1234 it’s not using gitian. That would be a nice thing to support in snapcraft, though.

You can trace the daily uploads in travis, and inspect the logs there to see that we are just cloning master and building it without any changes. That’s uploaded to the store automatically by travis, and the download you get is signed by the store and uses https. We are also working on recording your build so it can be audited and reproduced later.

But ultimately, the publisher is in control of the channel. This means that you have to trust the publisher, in this case, me. If you don’t, you have to build your own package.

How does a snap protect the wallet from the rest of the system?

Your wallet is stored in a path that’s not readable by other snaps.

Isn’t the security model completely backwards for this use case?

I don’t understand this question. Can you tell us more about what do you mean here?

-datadir

That’s not available for all the binaries. And leaves you with the option to select the default when the window is opened the first time, which is wrong because it’s a path not writable by the snap.

ali1234 · May 10, 2017, 5:36pm

But ultimately, the publisher is in control of the channel. This means that you have to trust the publisher, in this case, me. If you don’t, you have to build your own package.

This is the exact problem gitian was invented to address. (alternatively, just build the snap from the released upstream binaries).

Isn’t the security model completely backwards for this use case?

Meaning how do you protect the wallet from software which is not running inside a snap container?

elopio · May 10, 2017, 6:04pm

Yes, gitian would be a nice addition. But you still have to either trust the publishers, or audit all the code and build yourself on every update.

We have been discussing about multiple signatures for uploads with zcash, which is also in the roadmap.

And there is no solution to protect files from unconfined applications. Just don’t install software from untrusted sources.

ali1234 · May 10, 2017, 6:26pm

Yes, gitian would be a nice addition. But you still have to either trust the publishers, or audit all the code and build yourself on every update.

Gitian is a distributed reproducible build system. Anybody can run the build themselves and get an identical output. You do not have to trust any single entity under this scheme. You only have to trust that every single person who builds using gitian is not involved in a conspiracy against you - which would be impractical at the very least. This is a completely separate problem from auditing the source code. This is about proving that the binaries match the source code.

elopio · May 10, 2017, 6:54pm

As I mentioned, we are adding stuff to prove that the snaps match the source code and that snapcraft should support projects that use gitian. Those things will come.

rowan · August 28, 2017, 12:53pm

elopio:

For a couple of weeks we have been figuring out how to confine bitcoin. This is one of the most important use cases of the snap security because you don’t want any program messing with your digital wallet. And when there’s a vulnerability in the code, all the clients should be updated as fast as possible to keep the network sane. With snaps, just push a fixed version and see everybody update without any work from their side.

We now need help testing the snap before making it public:

$ sudo snap install bitcoin --candidate

Then launch it from the dash or running the bitcoin.qt command.

This was built from the tag of the latest released bitcoin and pushed to the store, all automatically by travis. But, be warned, you will be the first users so we might still find unforeseen problems. Use your bitcoins with caution during the candidate phase, or just test without any of your money.

This is very much needed. I’m very concern about the security and do continuously learn a lot about Bitcoin Wallet. Although i find many people crying that their bitcoins got hacked, so thing like this would be very much appreciated !

elopio · September 14, 2017, 4:09pm

bitcoin v0.15.0 is now in the candidate channel.

Please help us testing it. To update from stable:

sudo snap refresh bitcoin --candidate

Backup your wallets!

DianaAllan · April 30, 2021, 1:45pm

BTC is going again mainstream now

Riley · March 24, 2022, 2:09pm

This thread aged too well

Riley · April 29, 2022, 10:39pm

Omg the difference of BTC from my last reply to today