dash/contrib/devtools
Wladimir J. van der Laan 33c473a8e3
Merge #18796: scripts: security-check.py refactors
eacedfb0230978748cbcfb13817fed7e7c756ba7 scripts: add additional type annotations to security-check.py (fanquake)
83d063e9541cc9ea41ea86919eb9435c73efb14e scripts: add run_command to security-check.py (fanquake)
13f606b4f940e5820ff21ea62fc27a5a91774b05 scripts: remove NONFATAL from security-check.py (fanquake)
061acf62a15ad3dbb9f055b7c2569b9832ed623a scripts: no-longer check for 32 bit windows in security-check.py (fanquake)

Pull request description:

  * Remove 32-bit Windows checks.
  * Remove NONFATAL checking. Added in #8249, however unused since #13764.
  * Add `run_command` to de-duplicate all of the subprocess calls. Mentioned in #18713.
  * Add additional type annotations.
  * Print stderr when there is an issue running a command.

ACKs for top commit:
  laanwj:
    ACK eacedfb0230978748cbcfb13817fed7e7c756ba7

Tree-SHA512: 69a7ccfdf346ee202b3e8f940634c5daed1d2b5a5d15ac9800252866ba3284ec66e391a66a0b341f5a4e5e8482fe1b614d4671e8e766112ff059405081184a85
2022-06-18 22:14:03 -07:00
..
circular-dependencies.py perf: enable more multi-threading and caching in linters (#4807) 2022-04-27 21:14:40 +03:00
clang-format-diff.py Merge #14903: tests: Handle ImportError explicitly, improve comparisons against None 2021-10-08 19:13:52 +05:30
copyright_header.py chore: bump copyrights (#4873) 2022-06-08 02:36:46 +03:00
gen-manpages.sh Merge #17691: doc: Add missed copyright headers 2022-04-02 09:19:20 +05:30
github-merge.py Merge #16223: devtools: Fetch and display ACKs at sign-off time in github-merge 2021-09-12 14:15:11 -04:00
optimize-pngs.py Merge #14128: lint: Make sure we read the command line inputs using utf-8 decoding in python 2021-07-07 12:04:53 -04:00
README.md Merge #17787: scripts: add MACHO PIE check to security-check.py 2022-06-08 12:36:52 +07:00
security-check.py Merge #18796: scripts: security-check.py refactors 2022-06-18 22:14:03 -07:00
split-debug.sh.in Merge #15549: gitian: Improve error handling 2021-07-10 12:10:51 -05:00
symbol-check.py partial bitcoin#22244: Add xkb version to symbol-check 2022-04-26 20:37:20 +05:30
test_deterministic_coverage.sh Merge #18010: test: rename test suite name "tx_validationcache_tests" to match filename 2021-07-15 11:07:36 -05:00
test-security-check.py Merge #18629: scripts: add PE .reloc section check to security-check.py 2022-06-18 22:14:03 -07:00
update-css-files.py qt: Generalized css files, simple design changes, added scripts to keep track of color usage (#3508) 2020-06-26 20:48:20 +03:00
update-translations.py Merge #14903: tests: Handle ImportError explicitly, improve comparisons against None 2021-10-08 19:13:52 +05:30
utxo_snapshot.sh merge bitcoin#16899: UTXO snapshot creation (dumptxoutset) 2022-05-23 10:38:33 +05:30

Contents

This directory contains tools for developers working on this repository.

clang-format-diff.py

A script to format unified git diffs according to .clang-format.

Requires clang-format, installed e.g. via brew install clang-format on macOS, or sudo apt install clang-format on Debian/Ubuntu.

For instance, to format the last commit with 0 lines of context, the script should be called from the git root folder as follows.

git diff -U0 HEAD~1.. | ./contrib/devtools/clang-format-diff.py -p1 -i -v

copyright_header.py

Provides utilities for managing copyright headers of The Dash Core developers in repository source files. It has three subcommands:

$ ./copyright_header.py report <base_directory> [verbose]
$ ./copyright_header.py update <base_directory>
$ ./copyright_header.py insert <file>

Running these subcommands without arguments displays a usage string.

Produces a report of all copyright header notices found inside the source files of a repository. Useful to quickly visualize the state of the headers. Specifying verbose will list the full filenames of files of each category.

Updates all the copyright headers of The Dash Core developers which were changed in a year more recent than is listed. For example:

// Copyright (c) <firstYear>-<lastYear> The Dash Core developers

will be updated to:

// Copyright (c) <firstYear>-<lastModifiedYear> The Dash Core developers

where <lastModifiedYear> is obtained from the git log history.

This subcommand also handles copyright headers that have only a single year. In those cases:

// Copyright (c) <year> The Dash Core developers

will be updated to:

// Copyright (c) <year>-<lastModifiedYear> The Dash Core developers

where the update is appropriate.

Inserts a copyright header for The Dash Core developers at the top of the file in either Python or C++ style as determined by the file extension. If the file is a Python file and it has #! starting the first line, the header is inserted in the line below it.

The copyright dates will be set to be <year_introduced>-<current_year> where <year_introduced> is according to the git log history. If <year_introduced> is equal to <current_year>, it will be set as a single year rather than two hyphenated years.

If the file already has a copyright for The Dash Core developers, the script will exit.

gen-manpages.sh

A small script to automatically create manpages in ../../doc/man by running the release binaries with the -help option. This requires help2man which can be found at: https://www.gnu.org/software/help2man/

With in-tree builds this tool can be run from any directory within the repostitory. To use this tool with out-of-tree builds set BUILDDIR. For example:

BUILDDIR=$PWD/build contrib/devtools/gen-manpages.sh

github-merge.py

A small script to automate merging pull-requests securely and sign them with GPG.

For example:

./github-merge.py 3077

(in any git repository) will help you merge pull request #3077 for the dashpay/dash repository.

What it does:

  • Fetch master and the pull request.
  • Locally construct a merge commit.
  • Show the diff that merge results in.
  • Ask you to verify the resulting source tree (so you can do a make check or whatever).
  • Ask you whether to GPG sign the merge commit.
  • Ask you whether to push the result upstream.

This means that there are no potential race conditions (where a pullreq gets updated while you're reviewing it, but before you click merge), and when using GPG signatures, that even a compromised GitHub couldn't mess with the sources.

Setup

Configuring the github-merge tool for the Dash Core repository is done in the following way:

git config githubmerge.repository dashpay/dash
git config githubmerge.testcmd "make -j4 check" (adapt to whatever you want to use for testing)
git config --global user.signingkey mykeyid

Authentication (optional)

The API request limit for unauthenticated requests is quite low, but the limit for authenticated requests is much higher. If you start running into rate limiting errors it can be useful to set an authentication token so that the script can authenticate requests.

  • First, go to Personal access tokens.
  • Click 'Generate new token'.
  • Fill in an arbitrary token description. No further privileges are needed.
  • Click the Generate token button at the bottom of the form.
  • Copy the generated token (should be a hexadecimal string)

Then do:

git config --global user.ghtoken "pasted token"

Create and verify timestamps of merge commits

To create or verify timestamps on the merge commits, install the OpenTimestamps client via pip3 install opentimestamps-client. Then, download the gpg wrapper ots-git-gpg-wrapper.sh and set it as git's gpg.program. See the ots git integration documentation for further details.

optimize-pngs.py

A script to optimize png files in the dash repository (requires pngcrush).

security-check.py and test-security-check.py

Perform basic security checks on a series of executables.

symbol-check.py

A script to check that the (Linux) executables produced by Gitian only contain allowed gcc, glibc and libstdc++ version symbols. This makes sure they are still compatible with the minimum supported Linux distribution versions.

Example usage after a Gitian build:

find ../gitian-builder/build -type f -executable | xargs python3 contrib/devtools/symbol-check.py

If only supported symbols are used the return value will be 0 and the output will be empty.

If there are 'unsupported' symbols, the return value will be 1 a list like this will be printed:

.../64/test_dash: symbol memcpy from unsupported version GLIBC_2.14
.../64/test_dash: symbol __fdelt_chk from unsupported version GLIBC_2.15
.../64/test_dash: symbol std::out_of_range::~out_of_range() from unsupported version GLIBCXX_3.4.15
.../64/test_dash: symbol _ZNSt8__detail15_List_nod from unsupported version GLIBCXX_3.4.15

update-translations.py

Run this script from the root of the repository to update all translations from transifex. It will do the following automatically:

  • fetch all translations
  • post-process them into valid and committable format
  • add missing translations to the build system (TODO)

See doc/translation-process.md for more information.

circular-dependencies.py

Run this script from the root of the source tree (src/) to find circular dependencies in the source code. This looks only at which files include other files, treating the .cpp and .h file as one unit.

Example usage:

cd .../src
../contrib/devtools/circular-dependencies.py {*,*/*,*/*/*}.{h,cpp}