Topic: Problem starting Armory (Read 1707 times)

You're trying to convert a missionary here, I'm also inclined toward LibreSSL after the problems with OpenSSL (and well done for putting it together incidentally, it must have been challenging whichever way you approached it).

But not for this one purpose, it's part of the consensus driven code base. With crypto-driven consensus, correctness is not important if there's a practical reason to stick with incorrectness in respect of long-term development goals (like the Core developed in-house libsecp256k1 library mentioned by knightdk, that's been several years in the making now and only just about to see a release)

Yes, I've found that library on github and actually have done a little playing with an experimental PHP module that links against it.

Moving to that library is the right thing to do IMHO.

Bitcoin Core is moving off of OpenSSL when 0.12 is released in a few weeks. Instead they will be using their own libsecp256k1 library for all EC operations which will be faster than using OpenSSL. That may also fix your problems.

With OpenSSL heartbleed wasn't what prompted the fork to LibreSSL, it was the final straw.

There were undisputed bugs in OpenSSL for years, in their bug-tracking system, with patches submitted to fix them, that were ignored by the OpenSSL developers while the OpenSSL developers continued to add new (sometimes dangerous) features, including heartbeat.

That's what prompted the fork.

OpenSSL post fork has cleaned up a bit, in response to the fork, but I still don't trust their development process. If that means a little patience is required before I can run armory (and I'm not sure that is actually the issue yet) then I will just have a little more patience. Not a biggie.

Well I would rather keep using bitcoin-qt than ditch LibreSSL.

I am very committed to LibreSSL and am very annoyed at the OpenSSL development process, which seems to be more about getting money from the FIPS consulting than anything else these days.

If bitcoin-qt didn't work with LibreSSL (as it didn't until recently) then I would have no choice, but since bitcoin-qt does work with LibreSSL then I have a choice, and that choice is to ditch OpenSSL wherever possible.

That's why I run a CentOS 7 yum repository based on LibreSSL with lots of different software rebuilt against LibreSSL. I don't trust the OpenSSL library to be secure.

Not sure if I was clear enough, that's what I meant (but not your bug, the core developers state that the ECDSA code specifically exhibits differing behaviour between OpenSSL versions). Definitely ditch LibreSSL IMO.

I did build Armory from source.

I created the src.rpm and I run the yum repository that it will eventually be in.

Here's the src.rpm

http://awel.domblogger.net/7/libre/src/repoview/bitcoin-armory.html

No binary RPMs yet because it isn't working (but does build).

Here's the bitcoin core src.rpm

http://awel.domblogger.net/7/libre/src/repoview/bitcoin.html

(I do have binary for it too) - it is based on the RingingLiberty repo src.rpm but modified to build against LibreSSL

It's a good suggestion and I'm wondering why we using GET instead of POST now. I'll look into it. It's not that the change is difficult or anything, it's more an issue of logistics (I don't have access to the server, have to explain the why and how of that change to the other devs, make a ticket, document the process, all that stuff).


Are you saying you didn't build Armory from source? Let me make this clear: we do not officially support CentOS. You will not find any packages we signed for that OS. And for what it's worth, I have no idea who built the Armory on the repo you are using.


Is OpenSSL used in any way by the P2P layer in Core? I thought it was only for crypto. Did you consider the libsecpk1 branches? Anyways, I'd check permissions and security settings first, and I'd also make sure Python twisted works properly.

The OpenSSL must have EC support OpenSSL in CentOS 7 does not but I know how to build an OpenSSL that works for building bitcoin-core that installs in parallel, I just prefer LibreSSL over OpenSSL in general.

Not only does the openssl with proper support install in parallel, but in the mock build system it's devel files would be the only openssl devel files installed so it would be impossible for bitcoin-core to accidentally link against the wrong one.

However I prefer LibreSSL - I think the OpenSSL project is bloated and buggy.

-=-

The current bitcoin-core builds against LibreSSL but you have to use a switch specifying --with-libressl

With that switch, it compiles successfully. Without that switch, it exist during configure. The qt client is able to validate blocks and create transactions that are accepted by other nodes. The bitcoind daemon is able to validate blocks, but I have not tried creating transactions with it yet.

However it is possible there is a bug with bitcoind accepting connections from other processes (such as armory) when built against LibreSSL, that is what I need to figure out.

EDIT

It should be noted that LibreSSL is API compatible with OpenSSL 1.0.1 - but there are sometimes bugs in software that uses that API that don't show up when building against OpenSSL. That's what may be going on here, a bug in bitcoin-core socket handling that doesn't show up when using OpenSSL but does show up when using LibreSSL.

Using the specific OpenSSL release prescribed by the Bitcoin developers is imperative apparently. I think the best case would be that the test node might reject signatures created by the regular clients using OpenSSL 1.0.1k, the worst might be the build failing (fairly sure there was a check put into the build file for 0.11, but maybe you're not using that). I'd definitely eliminate guaranteed problems like that first.

I would like to apologize.

I believe I was making a mountain out of a molehill.

-=-

For the Armory RPM I am packaging for my LibreLAMP project - I will be doing the following :


As it is in a yum repository, updating through yum will be the right way to do it anyway, and so turning off the announce check makes sense both from that perspective and from the privacy perspective.

I would still prefer the data be sent by post. But I think I was too aggressive in my stance.

-=-

Armory is still broken on CentOS 7 but the problem may actually be related to my build of bitcoind - the problem is a socket error, and I'm building bitcoind against LibreSSL.

So I want to test it built using OpenSSL to see if there's a difference.

It is.


I'll look into changing it to POST for the next version.

GET variables are part of the requested URI and therefore logging them is standard. It is very unusual for them NOT to be in the typical access / error log. POST - I suppose it technically is possible for them to be logged, you can log anything, but I have never seen a server put POST data in the standard access / error logs. GET - I've never seen a server that doesn't.

The log files thus because a source of information, and often times when a remote log server is used, access to log files can be achieved without rooting the specific server handling the requests.

Log files are also often viewed by a multitude of different system administrators and sometimes even third party contractors, especially with support requests.

As such, data that can be considered sensitive should never be used in GET variables.

What distribution of what OS a user is running certainly counts.

How so? I think it is fairly trivial to log all the details of both GET and POST requests.

I believe this was the post with the solution: https://bitcointalksearch.org/topic/m.8299712

No it is not. GET variables end up in the server log files, POST data submissions do not.

The GET vs POST distinction is irrelevant with SSL


We already do that. The calling back home part is a story on its own. There is a thread about this, what it used to do, and what it has changed to after the community complained about the type of content being sent to our servers. You should dig that up. I don't remember what the conclusion was (it was over a year ago), but I believe the community was satisfied with the changes.

What you should really be asking for is a dialogue showing up at Armory's startup with a warning that it wants to phone home and an option to change the setting with all the warnings, caveats, DNAA and all that stuff.

Instead of putting the OS variant etc. into a GET variable, why not just have the server respond with a generic XML file that has the current version for each OS?

Then the client can look through the XML file (or whatever) to see what the current version is. If it is newer than what is running, the user gets an alert that they may want to upgrade.

No information about the running environment is leaked that way.

We make a point of not logging the IPs, but that boils down to a trust relationship. If you choose not to trust that, turn off the feature. There are also options to run specifically through Tor if you want to hide your IP. You should evaluate settings in Armory against Bitcoin's own network model. Anyone controlling and/or monitoring a lot of nodes has a good chance to figure out your IP.

The counterpart to this "phoning home" feature is that we get an channel to push critical announcements to our users (something both Core and Armory need and have used in the past). We piggy back on Core for our networking purposes. We won't abide by a network policy Core doesn't respect, that would make no sense.

Again if you dislike this feature, you can turn it off. If you want to change your settings before letting Armory connect to anything, you should first start it in offline mode.

------------------------

Going back to your problem, Armory is trying to start bitcoind and failing. That's a default "easy mode" feature that you should probably turn off since we do not officially support CentOS. To do this, start Armory in offline mode and go to File -> Settings. Uncheck the first check box. Then start BitcoinQt manually and restart Armory.

Well it means anyone who gets access to the server logs now has a list of IP addresses corresponding with operating system and OS version of people who use bitcoin.

That should never have happened.

AFAIK calling home has been a function in armory for a while so that you can get announcements and updates. It shouldn't break anything or cause problems since offline mode can't get the announcements. I think there is some other problem here, but I haven't had the time to look at your logs.

Can you also post the armorycpplog file?