<bitcoin-git>
[bitcoin] hebasto opened pull request #34239: depends: Hash included makefiles in package checksums (master...260109-qt-details) https://github.com/bitcoin/bitcoin/pull/34239
jadi has joined #bitcoin-core-dev
l0rinc has quit [Quit: l0rinc]
jadi has quit [Ping timeout: 246 seconds]
<bitcoin-git>
[bitcoin] maflcko opened pull request #34240: ci: Run feature_unsupported_utxo_db.py on Windows (master...2601-ci-ancient-windows) https://github.com/bitcoin/bitcoin/pull/34240
mudsip has joined #bitcoin-core-dev
mudsip has quit [Client Quit]
vasild has quit [Remote host closed the connection]
vasild has joined #bitcoin-core-dev
szarka has joined #bitcoin-core-dev
<bitcoin-git>
[bitcoin] w0xlt closed pull request #34233: test: fix Windows CI failures in wallet_multiwallet and old binary tests (ancient wallets) (master...ascii-only-tmpdir) https://github.com/bitcoin/bitcoin/pull/34233
<bitcoin-git>
[bitcoin] maflcko opened pull request #34241: test: Check that interrupt results in EXIT_SUCCESS (master...2601-init-zero) https://github.com/bitcoin/bitcoin/pull/34241
memset has quit [Remote host closed the connection]
memset has joined #bitcoin-core-dev
aleggg has quit [Remote host closed the connection]
jadi has joined #bitcoin-core-dev
Cory7 has quit [Quit: Client closed]
Cory7 has joined #bitcoin-core-dev
dzxzg2 has quit []
aleggg has joined #bitcoin-core-dev
jadi has quit [Ping timeout: 246 seconds]
Cory81 has joined #bitcoin-core-dev
Cory7 has quit [Ping timeout: 272 seconds]
brunoerg has quit [Remote host closed the connection]
jonatack has quit [Ping timeout: 240 seconds]
brunoerg has joined #bitcoin-core-dev
Guest77 has joined #bitcoin-core-dev
Guest77 has quit [Client Quit]
jadi has joined #bitcoin-core-dev
brunoerg has quit [Ping timeout: 264 seconds]
l0rinc has joined #bitcoin-core-dev
___nick___ has quit [Read error: Connection reset by peer]
___nick___ has joined #bitcoin-core-dev
brunoerg has joined #bitcoin-core-dev
<bitcoin-git>
[bitcoin] pinheadmz opened pull request #34242: Prepare string and net utils for future HTTP operations (master...http-utils) https://github.com/bitcoin/bitcoin/pull/34242
brunoerg has quit [Ping timeout: 240 seconds]
brunoerg has joined #bitcoin-core-dev
WizJin_ has joined #bitcoin-core-dev
WizJin__ has quit [Ping timeout: 264 seconds]
brunoerg has quit [Ping timeout: 246 seconds]
PaperSword has joined #bitcoin-core-dev
dermoth_ has joined #bitcoin-core-dev
dermoth has quit [Remote host closed the connection]
jadi has quit [Ping timeout: 264 seconds]
dermoth_ is now known as dermoth
brunoerg has joined #bitcoin-core-dev
memset has quit [Remote host closed the connection]
<fanquake>
A v30.2 has been tagged, and bins should be up in the next day or so
<stevenroose>
Hmm, sure. Weird practice to remove released artifacts. Currently someone on mainline nixos trying to install the "bitcoin" or "bitcoind" package without using the official nixos build cache won't be able to, seems pretty annoying.
brunoerg has quit [Ping timeout: 260 seconds]
brunoerg has joined #bitcoin-core-dev
<achow101>
stevenroose: that's kind of the point, to prevent further people who might be affected by this bug from installing the unsafe versions
Guest87 has joined #bitcoin-core-dev
Guest87 has left #bitcoin-core-dev [#bitcoin-core-dev]
brunoerg has quit [Ping timeout: 240 seconds]
<l0rinc>
can we keep the old folders and add these instructions there?
<furszy>
sipa: he refers to keep the /bitcoin-core-30.1/ folder here https://bitcoincore.org/bin/ and add a readme inside saying "this release is no longer available.. etc"
brunoerg has quit [Ping timeout: 240 seconds]
<darosior>
The point was specifically to invalidate the links
<sipa>
furszy, l0rinc: i see - i don't think that would change much; it'd still need someone to go manually fiddle with the URL to discover what might be up
deadmanoz has quit [Ping timeout: 264 seconds]
<furszy>
np for me. At this point, I think the best course of action is to focus on releasing 30.2 and help users individually. We can then discuss process improvements and document the steps so we're all better aligned in the future.
brunoerg has joined #bitcoin-core-dev
brunoerg has quit [Ping timeout: 246 seconds]
tla_ has quit [Quit: Lost terminal]
brunoerg has joined #bitcoin-core-dev
memset has quit [Remote host closed the connection]
memset has joined #bitcoin-core-dev
tla_ has joined #bitcoin-core-dev
timbo_xyz has quit [Quit: WeeChat 4.8.1]
katsu has quit [Quit: disconnected]
katsu has joined #bitcoin-core-dev
durandal_ has quit [Ping timeout: 264 seconds]
TallTim_ is now known as TallTim
durandal_ has joined #bitcoin-core-dev
___nick___ has quit [Ping timeout: 240 seconds]
brunoerg_ has joined #bitcoin-core-dev
brunoerg has quit [Ping timeout: 264 seconds]
corebot has quit [Ping timeout: 246 seconds]
achow101 has quit [Ping timeout: 260 seconds]
brunoerg_ has quit [Remote host closed the connection]
<darosior>
TIL maintainers don't use subkeys for signing
<darosior>
Looks like verify-commits checks the commit signature against sedited's master key A8FC55F3B04BA3146F3492E79303B33A305224CB rather than his signing sub key F2CFC4ABD0B99D837EEBB7D09B79B45691DB4173
<bitcoin-git>
[gui] beati opened pull request #922: gui: fix transactions disable problem (master...gui-fix-transactions-disable-problem-2) https://github.com/bitcoin-core/gui/pull/922
<darosior>
So it's failing because of the git option that verify-commits.py set to use a custom shell script as the gpg program: `-c gpg.program=$PWD/contrib/verify-commits/gpg.sh`
achow101 has joined #bitcoin-core-dev
<darosior>
Setting BITCOIN_VERIFY_COMMITS_ALLOW_SHA1=1 will make `git verify-commit` pass
<achow101>
huh
<bitcoin-git>
[bitcoin] fjahr opened pull request #34244: test: Prevent loop from running out of utxos in bip68 test (master...2026-01-bip68-flaky) https://github.com/bitcoin/bitcoin/pull/34244
<sedited>
looks like one of my subkey bindings is using sha1
<achow101>
you should stop doing that
jonatack has joined #bitcoin-core-dev
<sedited>
actually, that is not quite correct, those were re-generate recently, so they use good algos, but when I generate the key in 2017 it seems like it signed the uid with sha1
<darosior>
I find it surprising that `git verify-commit` would verify the signature for your key in addition to that of the commit
<achow101>
that's odd
<achow101>
I think the actual sig is incorrect
<achow101>
or using the wrong hash algo
<darosior>
The actual sig is correct, as long as you don't use the option `-c gpg.program=$PWD/contrib/verify-commits/gpg.sh`
<darosior>
`git show HEAD --show-signature` will report it as valid. `git verify-commit HEAD` (the command used by our verify-commits.py script) will report it as valid, unless we use our custom shell script as gpg program
<darosior>
fg
* darosior
oops
<darosior>
So it indeed seems to be something with setting `--weak-digest sha1` in running gpg to verify the commits. How should we proceed? Temporarily set BITCOIN_VERIFY_COMMITS_ALLOW_SHA1=1 in ci?
brunoerg has joined #bitcoin-core-dev
<darosior>
Is verify-commits its own ci job, only ran on master? I'm pushing a temporary fix PR to avoid red ci on master
<bitcoin-git>
[bitcoin] darosior opened pull request #34245: verify-commits: temporarily allow sha1 signatures for merge commits (master...2601_fix_ci_sha1) https://github.com/bitcoin/bitcoin/pull/34245
<achow101>
darosior: it's part of lint and only run on master
<darosior>
So if it's indeed a signature *of the key*, sedited can push an updated sig and we can just revert this temporary fix without having to update the trusted root or whatnot
<sipa>
i think it'd be better to add an exception for this one commit, rather than allowing sha1 in general?
<pinheadmz>
Does the lint ci check every merge commit in history ?