diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index 41418528..02a8e25f 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -43,7 +43,7 @@ jobs: shell: alpine.sh {0} run: | cd external/src/curl - cmake . -DCMAKE_C_FLAGS="-Os -flto=auto ${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_FLAGS="-Os -flto=auto ${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j$(nproc) cd lib && mkdir .libs && cp libcurl.a .libs @@ -193,7 +193,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -DCMAKE_C_FLAGS="-Os -flto=auto ${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_FLAGS="-Os -flto=auto ${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j$(nproc) cd lib && mkdir .libs && cp libcurl.a .libs @@ -256,7 +256,7 @@ jobs: matrix: config: - {os: ubuntu-20.04, flags: "-fuse-linker-plugin -ffunction-sections -mfix-cortex-a53-835769 -mfix-cortex-a53-843419"} - - {os: ubuntu-22.04, flags: "-fuse-linker-plugin -ffunction-sections -mfix-cortex-a53-835769 -mfix-cortex-a53-843419"} + - {os: ubuntu-22.04, flags: "-fuse-linker-plugin -ffunction-sections -mfix-cortex-a53-835769 -mfix-cortex-a53-843419 -Wno-inline"} steps: - name: Install dependencies @@ -272,7 +272,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -DCMAKE_TOOLCHAIN_FILE=../../../cmake/aarch64_toolchain.cmake -DCMAKE_C_FLAGS="-Os -flto=auto ${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_TOOLCHAIN_FILE=../../../cmake/aarch64_toolchain.cmake -DCMAKE_C_FLAGS="-Os -flto=auto ${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j$(nproc) cd lib && mkdir .libs && cp libcurl.a .libs @@ -361,7 +361,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -G "Unix Makefiles" -DCMAKE_C_COMPILER=${{ matrix.config.c }} -DCMAKE_C_FLAGS="-Os ${{ matrix.config.flags }}" -DCURL_TARGET_WINDOWS_VERSION=0x0600 -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -G "Unix Makefiles" -DCMAKE_C_COMPILER=${{ matrix.config.c }} -DCMAKE_C_FLAGS="-Os ${{ matrix.config.flags }}" -DCURL_TARGET_WINDOWS_VERSION=0x0600 -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j$(nproc) cd lib && mkdir .libs && cp libcurl.a .libs @@ -502,7 +502,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -DCMAKE_C_COMPILER="$(brew --prefix llvm@15)/bin/clang" -DCMAKE_AR="$(brew --prefix llvm@15)/bin/llvm-ar" -DCMAKE_RANLIB="$(brew --prefix llvm@15)/bin/llvm-ranlib" -DCMAKE_C_FLAGS="-Os -flto -target x86_64-apple-macos10.13 -Wno-overriding-t-option" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_COMPILER="$(brew --prefix llvm@15)/bin/clang" -DCMAKE_AR="$(brew --prefix llvm@15)/bin/llvm-ar" -DCMAKE_RANLIB="$(brew --prefix llvm@15)/bin/llvm-ranlib" -DCMAKE_C_FLAGS="-Os -flto -target x86_64-apple-macos10.13 -Wno-overriding-t-option" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j4 cd lib && mkdir .libs && cp libcurl.a .libs @@ -570,7 +570,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -DCMAKE_C_COMPILER="$(brew --prefix llvm@15)/bin/clang" -DCMAKE_AR="$(brew --prefix llvm@15)/bin/llvm-ar" -DCMAKE_RANLIB="$(brew --prefix llvm@15)/bin/llvm-ranlib" -DCMAKE_C_FLAGS="-Os -target arm64-apple-macos-11" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_COMPILER="$(brew --prefix llvm@15)/bin/clang" -DCMAKE_AR="$(brew --prefix llvm@15)/bin/llvm-ar" -DCMAKE_RANLIB="$(brew --prefix llvm@15)/bin/llvm-ranlib" -DCMAKE_C_FLAGS="-Os -target arm64-apple-macos-11" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j3 cd lib && mkdir .libs && cp libcurl.a .libs @@ -660,7 +660,7 @@ jobs: run: | sudo pkg install -y cmake cd external/src/curl - cmake . -DCMAKE_C_FLAGS="-Os -flto" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_FLAGS="-Os -flto" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j4 cd lib && mkdir .libs && cp libcurl.a .libs cd ../../libuv diff --git a/.github/workflows/test-sync.yml b/.github/workflows/test-sync.yml index fc0b3dad..6cb27d9b 100644 --- a/.github/workflows/test-sync.yml +++ b/.github/workflows/test-sync.yml @@ -33,7 +33,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -DCMAKE_C_COMPILER=gcc-12 -DCMAKE_C_FLAGS='-fsanitize=thread -Og -fno-omit-frame-pointer -g' -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_COMPILER=gcc-12 -DCMAKE_C_FLAGS='-fsanitize=thread -Og -fno-omit-frame-pointer -g' -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j$(nproc) cd lib && mkdir .libs && cp libcurl.a .libs @@ -119,7 +119,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -DCMAKE_C_COMPILER=clang-19 -DCMAKE_C_FLAGS='-fsanitize=memory -fsanitize-recover -fsanitize-memory-track-origins -Og -fno-omit-frame-pointer -g' -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_COMPILER=clang-19 -DCMAKE_C_FLAGS='-fsanitize=memory -fsanitize-recover -fsanitize-memory-track-origins -Og -fno-omit-frame-pointer -g' -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j$(nproc) cd lib && mkdir .libs && cp libcurl.a .libs @@ -283,7 +283,7 @@ jobs: - name: Build libcurl run: | cd external/src/curl - cmake . -DCMAKE_C_COMPILER="$(brew --prefix llvm@15)/bin/clang" -DCMAKE_AR="$(brew --prefix llvm@15)/bin/llvm-ar" -DCMAKE_RANLIB="$(brew --prefix llvm@15)/bin/llvm-ranlib" -DCMAKE_C_FLAGS="${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF + cmake . -DCMAKE_C_COMPILER="$(brew --prefix llvm@15)/bin/clang" -DCMAKE_AR="$(brew --prefix llvm@15)/bin/llvm-ar" -DCMAKE_RANLIB="$(brew --prefix llvm@15)/bin/llvm-ranlib" -DCMAKE_C_FLAGS="${{ matrix.config.flags }}" -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_INSTALL=ON -DCURL_ENABLE_EXPORT_TARGET=OFF -DCURL_DISABLE_HEADERS_API=ON -DCURL_DISABLE_BINDLOCAL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF -DCURL_ZLIB=OFF -DCURL_DISABLE_ALTSVC=ON -DCURL_DISABLE_COOKIES=ON -DCURL_DISABLE_DOH=ON -DCURL_DISABLE_GETOPTIONS=ON -DCURL_DISABLE_HSTS=ON -DCURL_DISABLE_LIBCURL_OPTION=ON -DCURL_DISABLE_MIME=ON -DCURL_DISABLE_NETRC=ON -DCURL_DISABLE_NTLM=ON -DCURL_DISABLE_PARSEDATE=ON -DCURL_DISABLE_PROGRESS_METER=ON -DCURL_DISABLE_SHUFFLE_DNS=ON -DCURL_DISABLE_SOCKETPAIR=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DHTTP_ONLY=ON -DCURL_ENABLE_SSL=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_DISABLE_TESTS=ON -DUSE_NGHTTP2=OFF -DBUILD_EXAMPLES=OFF -DP2POOL_BORINGSSL=ON -DOPENSSL_INCLUDE_DIR=../grpc/third_party/boringssl-with-bazel/src/include make -j4 cd lib && mkdir .libs && cp libcurl.a .libs diff --git a/CMakeLists.txt b/CMakeLists.txt index 64fff973..7747499d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -238,8 +238,13 @@ if (CMAKE_CXX_COMPILER_ID MATCHES MSVC) find_library(ZMQ_LIBRARY NAMES libzmq-v142-mt-s-4_3_6 PATHS "external/lib/libzmq/Release") find_library(UV_LIBRARY_DEBUG NAMES libuv PATHS "external/lib/libuv/Debug") find_library(UV_LIBRARY NAMES libuv PATHS "external/lib/libuv/Release") - find_library(CURL_LIBRARY_DEBUG NAMES libcurl-d PATHS "external/lib/libcurl/Debug") - find_library(CURL_LIBRARY NAMES libcurl PATHS "external/lib/libcurl/Release") + if (WITH_TLS) + find_library(CURL_LIBRARY_DEBUG NAMES libcurl-d PATHS "external/lib/libcurl_tls/Debug") + find_library(CURL_LIBRARY NAMES libcurl PATHS "external/lib/libcurl_tls/Release") + else() + find_library(CURL_LIBRARY_DEBUG NAMES libcurl-d PATHS "external/lib/libcurl/Debug") + find_library(CURL_LIBRARY NAMES libcurl PATHS "external/lib/libcurl/Release") + endif() add_definitions(-D_DISABLE_VECTOR_ANNOTATION) add_definitions(-D_DISABLE_STRING_ANNOTATION) elseif (CMAKE_CXX_COMPILER_ID MATCHES GNU OR CMAKE_CXX_COMPILER_ID MATCHES Clang) diff --git a/docs/COMMAND_LINE.MD b/docs/COMMAND_LINE.MD index 4f2104c3..885cf98c 100644 --- a/docs/COMMAND_LINE.MD +++ b/docs/COMMAND_LINE.MD @@ -1,41 +1,43 @@ ### P2Pool command line options ``` ---wallet Wallet address to mine to. Subaddresses and integrated addresses are not supported! ---host IP address of your Monero node, default is 127.0.0.1 ---rpc-port monerod RPC API port number, default is 18081 ---zmq-port monerod ZMQ pub port number, default is 18083 (same port as in monerod's "--zmq-pub" command line parameter) ---stratum Comma-separated list of IP:port for stratum server to listen on ---p2p Comma-separated list of IP:port for p2p server to listen on ---addpeers Comma-separated list of IP:port of other p2pool nodes to connect to ---light-mode Don't allocate RandomX dataset, saves 2GB of RAM ---loglevel Verbosity of the log, integer number between 0 and 6 ---data-dir Path to store general p2pool files (log, cache, peer data, etc.), default is current directory ---config Deprecated, will be removed in the next version. Use --sidechain-config instead ---sidechain-config Name of the p2pool sidechain parameters file (only use it if you run your own sidechain) ---data-api Path to the p2pool JSON data (use it in tandem with an external web-server). Not affected by --data-dir setting! ---local-api Enable /local/ path in api path for Stratum Server and built-in miner statistics ---stratum-api An alias for --local-api ---no-cache Disable p2pool.cache ---no-color Disable colors in console output ---no-randomx Disable internal RandomX hasher: p2pool will use RPC calls to monerod to check PoW hashes ---out-peers N Maximum number of outgoing connections for p2p server (any value between 10 and 450) ---in-peers N Maximum number of incoming connections for p2p server (any value between 10 and 450) ---start-mining N Start built-in miner using N threads (any value between 1 and 64) ---mini Connect to p2pool-mini sidechain. Note that it will also change default p2p port from 37889 to 37888 ---no-autodiff Disable automatic difficulty adjustment for miners connected to stratum (WARNING: incompatible with Nicehash and MRR) ---rpc-login Specify username[:password] required for Monero RPC server ---socks5 Specify IP:port of a SOCKS5 proxy to use for outgoing connections ---no-dns Disable DNS queries, use only IP addresses to connect to peers (seed node DNS will be unavailable too) ---p2p-external-port Port number that your router uses for mapping to your local p2p port. Use it if you are behind a NAT and still want to accept incoming connections ---no-upnp Disable UPnP port forwarding ---no-igd An alias for --no-upnp ---upnp-stratum Port forward Stratum port (it's not forwarded by default) ---merge-mine IP:port and wallet address for another blockchain to merge mine with ---version Print p2pool's version and build details ---tls-cert file Load TLS certificate chain from "file" in the PEM format ---tls-cert-key file Load TLS certificate private key from "file" in the PEM format ---no-stratum-http Disable HTTP on Stratum ports +--wallet Wallet address to mine to. Subaddresses and integrated addresses are not supported! +--host IP address of your Monero node, default is 127.0.0.1 +--rpc-port monerod RPC API port number, default is 18081 +--zmq-port monerod ZMQ pub port number, default is 18083 (same port as in monerod's "--zmq-pub" command line parameter) +--stratum Comma-separated list of IP:port for stratum server to listen on +--p2p Comma-separated list of IP:port for p2p server to listen on +--addpeers Comma-separated list of IP:port of other p2pool nodes to connect to +--light-mode Don't allocate RandomX dataset, saves 2GB of RAM +--loglevel Verbosity of the log, integer number between 0 and 6 +--data-dir Path to store general p2pool files (log, cache, peer data, etc.), default is current directory +--config Deprecated, will be removed in the next version. Use --sidechain-config instead +--sidechain-config Name of the p2pool sidechain parameters file (only use it if you run your own sidechain) +--data-api Path to the p2pool JSON data (use it in tandem with an external web-server). Not affected by --data-dir setting! +--local-api Enable /local/ path in api path for Stratum Server and built-in miner statistics +--stratum-api An alias for --local-api +--no-cache Disable p2pool.cache +--no-color Disable colors in console output +--no-randomx Disable internal RandomX hasher: p2pool will use RPC calls to monerod to check PoW hashes +--out-peers N Maximum number of outgoing connections for p2p server (any value between 10 and 450) +--in-peers N Maximum number of incoming connections for p2p server (any value between 10 and 450) +--start-mining N Start built-in miner using N threads (any value between 1 and 64) +--mini Connect to p2pool-mini sidechain. Note that it will also change default p2p port from 37889 to 37888 +--no-autodiff Disable automatic difficulty adjustment for miners connected to stratum (WARNING: incompatible with Nicehash and MRR) +--rpc-login Specify username[:password] required for Monero RPC server +--socks5 Specify IP:port of a SOCKS5 proxy to use for outgoing connections +--no-dns Disable DNS queries, use only IP addresses to connect to peers (seed node DNS will be unavailable too) +--p2p-external-port Port number that your router uses for mapping to your local p2p port. Use it if you are behind a NAT and still want to accept incoming connections +--no-upnp Disable UPnP port forwarding +--no-igd An alias for --no-upnp +--upnp-stratum Port forward Stratum port (it's not forwarded by default) +--merge-mine IP:port and wallet address for another blockchain to merge mine with +--version Print p2pool's version and build details +--tls-cert file Load TLS certificate chain from "file" in the PEM format +--tls-cert-key file Load TLS certificate private key from "file" in the PEM format +--rpc-ssl Enable SSL on RPC connections to the Monero node +--rpc-ssl-fingerprint base64-encoded fingerprint of the Monero node's certificate (optional, use it for certificate pinning) +--no-stratum-http Disable HTTP on Stratum ports ``` ### Example command line @@ -48,9 +50,9 @@ p2pool.exe --host 127.0.0.1 --rpc-port 18081 --zmq-port 18083 --wallet YOUR_WALL You can have multiple hosts in command line. If P2Pool detects that the host it's currently using is down or stuck, it will cycle through hosts until it finds a working one. It will not switch back as long as the current host it found is working. -Each new host uses RPC and zmq-pub port numbers from the previous host (or default 18081/18083 if none were specified). Note that `--rpc-login` is not copied from the previous host, you must specify it for each host that has username/password. +Each new host uses RPC and zmq-pub port numbers from the previous host (or default 18081/18083 if none were specified). Note that `--rpc-login`, `--rpc-ssl` and `--rpc-ssl-fingerprint` are not copied from the previous host, you must specify it for each host that has username/password or RPC-SSL enabled. -In this example, you have local Monero host running on ports 18081/18083 (RPC/zmq-pub), and several backup hosts running on ports 18089/18084. +In the following example, you have local Monero host running on ports 18081/18083 (RPC/zmq-pub), and several backup hosts running on ports 18089/18084. ``` @@ -89,3 +91,15 @@ If you want to use your own certificate, please refer to your certificate provid Note that you need to use certificate files and `--tls...` parameters to be able to use certificate pinning in XMRig miners that connect to your P2Pool instance. `--tls-cert` and `--tls-cert-key` parameters must always be used together. + +### RPC-SSL + +Starting from v4.4, P2Pool supports RPC-SSL connections to Monero nodes. You need to add `--rpc-ssl=enabled` to monerod command line to enable it on Monero side, and `--rpc-ssl` on P2Pool side. + +P2Pool supports certificate pinning on RPC-SSL connections. To get your node certificate's fingerprint, run + +``` +openssl x509 -in rpc_ssl.crt -pubkey -noout -inform pem | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 +``` + +where `rpc_ssl.crt` can be found in Monero data directory. By default, it's `/home/username/.bitmonero/rpc_ssl.crt` on Linux and `C:\ProgramData\bitmonero\rpc_ssl.crt` on Windows. \ No newline at end of file diff --git a/external/lib/libcurl_tls/Debug/libcurl-d.lib b/external/lib/libcurl_tls/Debug/libcurl-d.lib new file mode 100644 index 00000000..69433efe Binary files /dev/null and b/external/lib/libcurl_tls/Debug/libcurl-d.lib differ diff --git a/external/lib/libcurl_tls/Debug/libcurl_object.pdb b/external/lib/libcurl_tls/Debug/libcurl_object.pdb new file mode 100644 index 00000000..619c5165 Binary files /dev/null and b/external/lib/libcurl_tls/Debug/libcurl_object.pdb differ diff --git a/external/lib/libcurl_tls/Release/libcurl.lib b/external/lib/libcurl_tls/Release/libcurl.lib new file mode 100644 index 00000000..0e5a6203 Binary files /dev/null and b/external/lib/libcurl_tls/Release/libcurl.lib differ diff --git a/external/lib/libcurl_tls/Release/libcurl_object.pdb b/external/lib/libcurl_tls/Release/libcurl_object.pdb new file mode 100644 index 00000000..1f210d39 Binary files /dev/null and b/external/lib/libcurl_tls/Release/libcurl_object.pdb differ diff --git a/external/src/curl b/external/src/curl index 75a2079d..a4e3b1c1 160000 --- a/external/src/curl +++ b/external/src/curl @@ -1 +1 @@ -Subproject commit 75a2079d5c28debb2eaa848ca9430f1fe0d7844c +Subproject commit a4e3b1c1ee3f49dcc9f2ad492735c0c649eac94e diff --git a/src/json_rpc_request.cpp b/src/json_rpc_request.cpp index 7bf6bfca..d7caf4bf 100644 --- a/src/json_rpc_request.cpp +++ b/src/json_rpc_request.cpp @@ -27,7 +27,7 @@ namespace JSONRPCRequest { struct CurlContext { - CurlContext(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop); + CurlContext(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, bool ssl, const std::string& ssl_fingerprint, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop); ~CurlContext(); static int socket_func(CURL* easy, curl_socket_t s, int action, void* userp, void* socketp) @@ -82,7 +82,7 @@ struct CurlContext uint64_t m_connectedTime; }; -CurlContext::CurlContext(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop) +CurlContext::CurlContext(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, bool ssl, const std::string& ssl_fingerprint, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop) : m_callback(cb) , m_closeCallback(close_cb) , m_loop(loop) @@ -100,8 +100,19 @@ CurlContext::CurlContext(const std::string& address, int port, const std::string char buf[log::Stream::BUF_SIZE + 1]; buf[0] = '\0'; + const char* protocol = "http://"; + +#ifdef WITH_TLS + if (ssl) { + protocol = "https://"; + } +#else + (void)ssl; + (void)ssl_fingerprint; +#endif + log::Stream s(buf); - s << "http://" << address << ':' << port; + s << protocol << address << ':' << port; if (!m_req.empty() && (m_req.front() == '/')) { s << m_req.c_str() << '\0'; @@ -200,9 +211,23 @@ CurlContext::CurlContext(const std::string& address, int port, const std::string } } +#ifdef WITH_TLS + curl_easy_setopt_checked(m_handle, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt_checked(m_handle, CURLOPT_SSL_VERIFYHOST, 0L); + + if (!ssl_fingerprint.empty()) { + char buf[64] = {}; + + log::Stream s(buf); + s << "sha256//" << ssl_fingerprint; + + curl_easy_setopt_checked(m_handle, CURLOPT_PINNEDPUBLICKEY, buf); + } +#endif + CURLMcode curl_err = curl_multi_add_handle(m_multiHandle, m_handle); if (curl_err != CURLM_OK) { - LOGERR(1, "curl_multi_add_handle failed, error " << curl_multi_strerror(curl_err)); + LOGERR(1, "curl_multi_add_handle failed: " << curl_multi_strerror(curl_err)); curl_easy_cleanup(m_handle); curl_multi_cleanup(m_multiHandle); uv_close(reinterpret_cast(&m_timer), nullptr); @@ -336,7 +361,7 @@ void CurlContext::on_timeout(uv_handle_t* req) int running_handles = 0; const CURLMcode err = curl_multi_socket_action(ctx->m_multiHandle, CURL_SOCKET_TIMEOUT, 0, &running_handles); if (err != CURLM_OK) { - LOGERR(1, "curl_multi_socket_action failed, error " << curl_multi_strerror(err)); + LOGERR(1, "curl_multi_socket_action failed: " << curl_multi_strerror(err)); } ctx->check_multi_info(); @@ -382,7 +407,7 @@ void CurlContext::curl_perform(uv_poll_t* req, int status, int events) if (it != ctx->m_pollHandles.end()) { const CURLMcode err = curl_multi_socket_action(ctx->m_multiHandle, it->first, flags, &running_handles); if (err != CURLM_OK) { - LOGERR(1, "curl_multi_socket_action failed, error " << curl_multi_strerror(err)); + LOGERR(1, "curl_multi_socket_action failed: " << curl_multi_strerror(err)); } } @@ -449,7 +474,7 @@ void CurlContext::shutdown() } } -void Call(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop) +void Call(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, bool ssl, const std::string& ssl_fingerprint, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop) { if (!loop) { loop = uv_default_loop(); @@ -459,7 +484,7 @@ void Call(const std::string& address, int port, const std::string& req, const st [=]() { try { - new CurlContext(address, port, req, auth, proxy, cb, close_cb, loop); + new CurlContext(address, port, req, auth, proxy, ssl, ssl_fingerprint, cb, close_cb, loop); } catch (const std::exception& e) { const char* msg = e.what(); diff --git a/src/json_rpc_request.h b/src/json_rpc_request.h index 64aa5c7a..70fbb2a2 100644 --- a/src/json_rpc_request.h +++ b/src/json_rpc_request.h @@ -22,15 +22,15 @@ namespace JSONRPCRequest { typedef Callback::Base CallbackBase; -void Call(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop); +void Call(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, bool ssl, const std::string& ssl_fingerprint, CallbackBase* cb, CallbackBase* close_cb, uv_loop_t* loop); template -FORCEINLINE void call(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, T&& cb, U&& close_cb, uv_loop_t* loop = nullptr) +FORCEINLINE void call(const std::string& address, int port, const std::string& req, const std::string& auth, const std::string& proxy, bool ssl, const std::string& ssl_fingerprint, T&& cb, U&& close_cb, uv_loop_t* loop = nullptr) { typedef Callback::Derived CallbackT; typedef Callback::Derived CallbackU; - Call(address, port, req, auth, proxy, new CallbackT(std::move(cb)), new CallbackU(std::move(close_cb)), loop); + Call(address, port, req, auth, proxy, ssl, ssl_fingerprint, new CallbackT(std::move(cb)), new CallbackU(std::move(close_cb)), loop); } } // namespace JSONRPCRequest diff --git a/src/main.cpp b/src/main.cpp index c2e82dd4..54d974ca 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -39,45 +39,47 @@ void p2pool_usage() { printf("P2Pool %s\n" "\nUsage:\n\n" \ - "--wallet Wallet address to mine to. Subaddresses and integrated addresses are not supported!\n" - "--host IP address of your Monero node, default is 127.0.0.1\n" - "--rpc-port monerod RPC API port number, default is 18081\n" - "--zmq-port monerod ZMQ pub port number, default is 18083 (same port as in monerod's \"--zmq-pub\" command line parameter)\n" - "--stratum Comma-separated list of IP:port for stratum server to listen on\n" - "--p2p Comma-separated list of IP:port for p2p server to listen on\n" - "--addpeers Comma-separated list of IP:port of other p2pool nodes to connect to\n" - "--light-mode Don't allocate RandomX dataset, saves 2GB of RAM\n" - "--loglevel Verbosity of the log, integer number between 0 and %d\n" - "--data-dir Path to store general p2pool files (log, cache, peer data, etc.), default is current directory\n" - "--config Deprecated, will be removed in the next version. Use --sidechain-config instead\n" - "--sidechain-config Name of the p2pool sidechain parameters file (only use it if you run your own sidechain)\n" - "--data-api Path to the p2pool JSON data (use it in tandem with an external web-server). Not affected by --data-dir setting!\n" - "--local-api Enable /local/ path in api path for Stratum Server and built-in miner statistics\n" - "--stratum-api An alias for --local-api\n" - "--no-cache Disable p2pool.cache\n" - "--no-color Disable colors in console output\n" + "--wallet Wallet address to mine to. Subaddresses and integrated addresses are not supported!\n" + "--host IP address of your Monero node, default is 127.0.0.1\n" + "--rpc-port monerod RPC API port number, default is 18081\n" + "--zmq-port monerod ZMQ pub port number, default is 18083 (same port as in monerod's \"--zmq-pub\" command line parameter)\n" + "--stratum Comma-separated list of IP:port for stratum server to listen on\n" + "--p2p Comma-separated list of IP:port for p2p server to listen on\n" + "--addpeers Comma-separated list of IP:port of other p2pool nodes to connect to\n" + "--light-mode Don't allocate RandomX dataset, saves 2GB of RAM\n" + "--loglevel Verbosity of the log, integer number between 0 and %d\n" + "--data-dir Path to store general p2pool files (log, cache, peer data, etc.), default is current directory\n" + "--config Deprecated, will be removed in the next version. Use --sidechain-config instead\n" + "--sidechain-config Name of the p2pool sidechain parameters file (only use it if you run your own sidechain)\n" + "--data-api Path to the p2pool JSON data (use it in tandem with an external web-server). Not affected by --data-dir setting!\n" + "--local-api Enable /local/ path in api path for Stratum Server and built-in miner statistics\n" + "--stratum-api An alias for --local-api\n" + "--no-cache Disable p2pool.cache\n" + "--no-color Disable colors in console output\n" #ifdef WITH_RANDOMX - "--no-randomx Disable internal RandomX hasher: p2pool will use RPC calls to monerod to check PoW hashes\n" + "--no-randomx Disable internal RandomX hasher: p2pool will use RPC calls to monerod to check PoW hashes\n" #endif - "--out-peers N Maximum number of outgoing connections for p2p server (any value between 10 and 450)\n" - "--in-peers N Maximum number of incoming connections for p2p server (any value between 10 and 450)\n" - "--start-mining N Start built-in miner using N threads (any value between 1 and 64)\n" - "--mini Connect to p2pool-mini sidechain. Note that it will also change default p2p port from %d to %d\n" - "--no-autodiff Disable automatic difficulty adjustment for miners connected to stratum (WARNING: incompatible with Nicehash and MRR)\n" - "--rpc-login Specify username[:password] required for Monero RPC server\n" - "--socks5 Specify IP:port of a SOCKS5 proxy to use for outgoing connections\n" - "--no-dns Disable DNS queries, use only IP addresses to connect to peers (seed node DNS will be unavailable too)\n" - "--p2p-external-port Port number that your router uses for mapping to your local p2p port. Use it if you are behind a NAT and still want to accept incoming connections\n" + "--out-peers N Maximum number of outgoing connections for p2p server (any value between 10 and 450)\n" + "--in-peers N Maximum number of incoming connections for p2p server (any value between 10 and 450)\n" + "--start-mining N Start built-in miner using N threads (any value between 1 and 64)\n" + "--mini Connect to p2pool-mini sidechain. Note that it will also change default p2p port from %d to %d\n" + "--no-autodiff Disable automatic difficulty adjustment for miners connected to stratum (WARNING: incompatible with Nicehash and MRR)\n" + "--rpc-login Specify username[:password] required for Monero RPC server\n" + "--socks5 Specify IP:port of a SOCKS5 proxy to use for outgoing connections\n" + "--no-dns Disable DNS queries, use only IP addresses to connect to peers (seed node DNS will be unavailable too)\n" + "--p2p-external-port Port number that your router uses for mapping to your local p2p port. Use it if you are behind a NAT and still want to accept incoming connections\n" #ifdef WITH_UPNP - "--no-upnp Disable UPnP port forwarding\n" - "--no-igd An alias for --no-upnp\n" - "--upnp-stratum Port forward Stratum port (it's not forwarded by default)\n" + "--no-upnp Disable UPnP port forwarding\n" + "--no-igd An alias for --no-upnp\n" + "--upnp-stratum Port forward Stratum port (it's not forwarded by default)\n" #endif - "--merge-mine IP:port and wallet address for another blockchain to merge mine with\n" - "--version Print p2pool's version and build details\n" + "--merge-mine IP:port and wallet address for another blockchain to merge mine with\n" + "--version Print p2pool's version and build details\n" #ifdef WITH_TLS - "--tls-cert file Load TLS certificate chain from \"file\" in the PEM format\n" - "--tls-cert-key file Load TLS certificate private key from \"file\" in the PEM format\n" + "--tls-cert file Load TLS certificate chain from \"file\" in the PEM format\n" + "--tls-cert-key file Load TLS certificate private key from \"file\" in the PEM format\n" + "--rpc-ssl Enable SSL on RPC connections to the Monero node\n" + "--rpc-ssl-fingerprint base64-encoded fingerprint of the Monero node's certificate (optional, use it for certificate pinning)\n" #endif "--no-stratum-http Disable HTTP on Stratum ports\n" "--help Show this help message\n\n" diff --git a/src/merge_mining_client_json_rpc.cpp b/src/merge_mining_client_json_rpc.cpp index 7baf1a68..219cbf8c 100644 --- a/src/merge_mining_client_json_rpc.cpp +++ b/src/merge_mining_client_json_rpc.cpp @@ -112,7 +112,7 @@ void MergeMiningClientJSON_RPC::merge_mining_get_chain_id() { const std::string req = "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"merge_mining_get_chain_id\"}"; - JSONRPCRequest::call(m_host, m_port, req, std::string(), m_pool->params().m_socks5Proxy, + JSONRPCRequest::call(m_host, m_port, req, std::string(), m_pool->params().m_socks5Proxy, false, std::string(), [this](const char* data, size_t size, double ping) { WriteLock lock(m_lock); @@ -201,7 +201,7 @@ void MergeMiningClientJSON_RPC::merge_mining_get_aux_block(uint64_t height, cons << ",\"prev_id\":\"" << prev_id << '"' << "}}"; - JSONRPCRequest::call(m_host, m_port, std::string(buf, s.m_pos), std::string(), m_pool->params().m_socks5Proxy, + JSONRPCRequest::call(m_host, m_port, std::string(buf, s.m_pos), std::string(), m_pool->params().m_socks5Proxy, false, std::string(), [this](const char* data, size_t size, double) { bool changed = false; hash chain_id; @@ -310,7 +310,7 @@ void MergeMiningClientJSON_RPC::submit_solution(const BlockTemplate* /*block_tpl s << "],\"path\":" << merkle_proof_path << ",\"seed_hash\":\"" << seed_hash << "\"}}"; - JSONRPCRequest::call(m_host, m_port, std::string(buf.data(), s.m_pos), std::string(), m_pool->params().m_socks5Proxy, + JSONRPCRequest::call(m_host, m_port, std::string(buf.data(), s.m_pos), std::string(), m_pool->params().m_socks5Proxy, false, std::string(), [this](const char* data, size_t size, double) { parse_merge_mining_submit_solution(data, size); }, diff --git a/src/p2p_server.cpp b/src/p2p_server.cpp index 57fddeb8..3ee3841d 100644 --- a/src/p2p_server.cpp +++ b/src/p2p_server.cpp @@ -638,7 +638,7 @@ void P2PServer::load_monerod_peer_list() { const Params::Host& host = m_pool->current_host(); - JSONRPCRequest::call(host.m_address, host.m_rpcPort, "/get_peer_list", host.m_rpcLogin, m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, "/get_peer_list", host.m_rpcLogin, m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this](const char* data, size_t size, double) { #define ERR_STR "/get_peer_list RPC request returned invalid JSON " diff --git a/src/p2pool.cpp b/src/p2pool.cpp index 9399790d..bc817129 100644 --- a/src/p2pool.cpp +++ b/src/p2pool.cpp @@ -470,7 +470,7 @@ void p2pool::handle_miner_data(MinerData& data) log::Stream s(buf); s << "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_block_header_by_height\",\"params\":{\"height\":" << h << "}}\0"; - JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this, h](const char* data, size_t size, double) { ChainMain block; @@ -874,7 +874,7 @@ void p2pool::submit_block() const const Params::Host& host = current_host(); - JSONRPCRequest::call(host.m_address, host.m_rpcPort, request, host.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, request, host.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [height, diff, template_id, nonce, extra_nonce, merge_mining_root, is_external](const char* data, size_t size, double) { rapidjson::Document doc; @@ -993,7 +993,7 @@ void p2pool::download_block_headers(uint64_t current_height) s.m_pos = 0; s << "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_block_header_by_height\",\"params\":{\"height\":" << height << "}}\0"; - JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this, prev_seed_height, height](const char* data, size_t size, double) { ChainMain block; @@ -1022,7 +1022,7 @@ void p2pool::download_block_headers(uint64_t current_height) s.m_pos = 0; s << "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_block_headers_range\",\"params\":{\"start_height\":" << start_height << ",\"end_height\":" << current_height - 1 << "}}\0"; - JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this, start_height, current_height, host](const char* data, size_t size, double) { if (parse_block_headers_range(data, size) == current_height - start_height) { @@ -1055,7 +1055,7 @@ void p2pool::download_block_headers(uint64_t current_height) for (const Params::Host& h : m_params->m_hosts) { const std::string& name = h.m_displayName; if (name != host.m_displayName) { - JSONRPCRequest::call(h.m_address, h.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_version\"}", h.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(h.m_address, h.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_version\"}", h.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this, name](const char*, size_t, double tcp_ping) { update_host_ping(name, tcp_ping); }, [](const char*, size_t, double) {}); } @@ -1164,7 +1164,7 @@ void p2pool::get_info() { const Params::Host& host = current_host(); - JSONRPCRequest::call(host.m_address, host.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_info\"}", host.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_info\"}", host.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this](const char* data, size_t size, double) { parse_get_info_rpc(data, size); @@ -1172,7 +1172,7 @@ void p2pool::get_info() [this, host](const char* data, size_t size, double) { if (size > 0) { - LOGWARN(1, "get_info RPC request to host " << host.m_displayName << " failed: error " << log::const_buf(data, size) << ", trying again in 1 second"); + LOGWARN(1, "get_info RPC request to host " << host.m_displayName << " failed: " << log::const_buf(data, size) << ", trying again in 1 second"); if (!m_stopped) { std::this_thread::sleep_for(std::chrono::milliseconds(1000)); switch_host(); @@ -1280,7 +1280,7 @@ void p2pool::get_version() { const Params::Host& host = current_host(); - JSONRPCRequest::call(host.m_address, host.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_version\"}", host.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_version\"}", host.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this](const char* data, size_t size, double) { parse_get_version_rpc(data, size); @@ -1288,7 +1288,7 @@ void p2pool::get_version() [this](const char* data, size_t size, double) { if (size > 0) { - LOGWARN(1, "get_version RPC request failed: error " << log::const_buf(data, size) << ", trying again in 1 second"); + LOGWARN(1, "get_version RPC request failed: " << log::const_buf(data, size) << ", trying again in 1 second"); if (!m_stopped) { std::this_thread::sleep_for(std::chrono::milliseconds(1000)); get_version(); @@ -1357,7 +1357,7 @@ void p2pool::get_miner_data(bool retry) const Params::Host& host = current_host(); - JSONRPCRequest::call(host.m_address, host.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_miner_data\"}", host.m_rpcLogin, m_params->m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, "{\"jsonrpc\":\"2.0\",\"id\":\"0\",\"method\":\"get_miner_data\"}", host.m_rpcLogin, m_params->m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [this, host](const char* data, size_t size, double tcp_ping) { parse_get_miner_data_rpc(data, size); @@ -1366,7 +1366,7 @@ void p2pool::get_miner_data(bool retry) [this, host, retry](const char* data, size_t size, double) { if (size > 0) { - LOGWARN(1, "get_miner_data RPC request to host " << host.m_displayName << " failed: error " << log::const_buf(data, size) << (retry ? ", trying again in 1 second" : "")); + LOGWARN(1, "get_miner_data RPC request to host " << host.m_displayName << " failed: " << log::const_buf(data, size) << (retry ? ", trying again in 1 second" : "")); if (!m_stopped && retry) { std::this_thread::sleep_for(std::chrono::milliseconds(1000)); m_getMinerDataPending = false; diff --git a/src/params.cpp b/src/params.cpp index c6b6791b..e355dc96 100644 --- a/src/params.cpp +++ b/src/params.cpp @@ -173,6 +173,26 @@ Params::Params(int argc, char* const argv[]) ok = true; } +#ifdef WITH_TLS + if (strcmp(argv[i], "--rpc-ssl") == 0) { + if (m_hosts.empty()) { + m_hosts.emplace_back(Host()); + } + + m_hosts.back().m_rpcSSL = true; + ok = true; + } + + if ((strcmp(argv[i], "--rpc-ssl-fingerprint") == 0) && (i + 1 < argc)) { + if (m_hosts.empty()) { + m_hosts.emplace_back(Host()); + } + + m_hosts.back().m_rpcSSL_Fingerprint = argv[++i]; + ok = true; + } +#endif + if ((strcmp(argv[i], "--socks5") == 0) && (i + 1 < argc)) { m_socks5Proxy = argv[++i]; ok = true; @@ -301,7 +321,7 @@ bool Params::Host::init_display_name(const Params& p) buf[0] = '\0'; log::Stream s(buf); - s << m_displayName << ':' << m_rpcPort << ":ZMQ:" << m_zmqPort; + s << m_displayName << (m_rpcSSL ? ":RPC-SSL " : ":RPC ") << m_rpcPort << ":ZMQ " << m_zmqPort; if (m_address != m_displayName) { s << " (" << m_address << ')'; } diff --git a/src/params.h b/src/params.h index 2d8c6a7e..698520ed 100644 --- a/src/params.h +++ b/src/params.h @@ -29,13 +29,14 @@ struct Params struct Host { - Host() : m_address("127.0.0.1"), m_rpcPort(18081), m_zmqPort(18083) {} + Host() : m_address("127.0.0.1"), m_rpcPort(18081), m_zmqPort(18083), m_rpcSSL(false) {} Host(const char* address, uint32_t rpcPort, uint32_t zmqPort, const char* rpcLogin) : m_address(address) , m_rpcPort(rpcPort) , m_zmqPort(zmqPort) , m_rpcLogin(rpcLogin) + , m_rpcSSL(false) {} bool valid() const { return !m_address.empty() && m_rpcPort && m_zmqPort && (m_rpcPort != m_zmqPort); } @@ -48,6 +49,9 @@ struct Params std::string m_rpcLogin; + bool m_rpcSSL; + std::string m_rpcSSL_Fingerprint; + std::string m_displayName; }; diff --git a/src/pow_hash.cpp b/src/pow_hash.cpp index 79907823..f8293828 100644 --- a/src/pow_hash.cpp +++ b/src/pow_hash.cpp @@ -461,7 +461,7 @@ bool RandomX_Hasher_RPC::calculate(const void* data_ptr, size_t size, uint64_t h const Params& params = m_pool->params(); const Params::Host& host = m_pool->current_host(); - JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, params.m_socks5Proxy, + JSONRPCRequest::call(host.m_address, host.m_rpcPort, buf, host.m_rpcLogin, params.m_socks5Proxy, host.m_rpcSSL, host.m_rpcSSL_Fingerprint, [&result, &h](const char* data, size_t size, double) { rapidjson::Document doc; diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 2d04ebe6..9039874c 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -22,6 +22,10 @@ add_subdirectory(../external/src/RandomX RandomX) set(LIBS ${LIBS} randomx) add_definitions(-DWITH_RANDOMX) +add_subdirectory(cmake/ssl) +include_directories(../external/src/grpc/third_party/boringssl-with-bazel/src/include) +add_definitions(-DWITH_TLS) + add_definitions(-DP2POOL_UNIT_TESTS) add_definitions(-DP2POOL_SIDECHAIN_EXTRA_1=1) @@ -69,6 +73,7 @@ set(SOURCES ../src/side_chain.cpp ../src/stratum_server.cpp ../src/tcp_server.cpp + ../src/tls.cpp ../src/util.cpp ../src/wallet.cpp ../src/zmq_reader.cpp @@ -136,8 +141,8 @@ else() find_library(ZMQ_LIBRARY NAMES libzmq-v142-mt-s-4_3_6 PATHS "../external/lib/libzmq/Release") find_library(UV_LIBRARY_DEBUG NAMES libuv PATHS "../external/lib/libuv/Debug") find_library(UV_LIBRARY NAMES libuv PATHS "../external/lib/libuv/Release") - find_library(CURL_LIBRARY_DEBUG NAMES libcurl-d PATHS "../external/lib/libcurl/Debug") - find_library(CURL_LIBRARY NAMES libcurl PATHS "../external/lib/libcurl/Release") + find_library(CURL_LIBRARY_DEBUG NAMES libcurl-d PATHS "../external/lib/libcurl_tls/Debug") + find_library(CURL_LIBRARY NAMES libcurl PATHS "../external/lib/libcurl_tls/Release") add_definitions(-D_DISABLE_VECTOR_ANNOTATION) add_definitions(-D_DISABLE_STRING_ANNOTATION) elseif (CMAKE_CXX_COMPILER_ID MATCHES GNU OR CMAKE_CXX_COMPILER_ID MATCHES Clang) @@ -178,6 +183,8 @@ if(APPLE) set(LIBS ${LIBS} ${FOUNDATION_LIB} ${CORE_FOUNDATION_LIB} ${SYSTEM_CONFIGURATION_LIB}) endif() +set(LIBS ${LIBS} ssl crypto) + add_definitions(/DZMQ_STATIC /DP2POOL_LOG_DISABLE) include(CheckCXXSourceCompiles) diff --git a/tests/cmake/ssl/CMakeLists.txt b/tests/cmake/ssl/CMakeLists.txt new file mode 100644 index 00000000..4ca6c0e9 --- /dev/null +++ b/tests/cmake/ssl/CMakeLists.txt @@ -0,0 +1,31 @@ +cmake_minimum_required(VERSION 3.12) + +project(P2Pool_SSL LANGUAGES C CXX) + +if (CMAKE_CXX_COMPILER_ID MATCHES MSVC) + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /W0 /Zi /Od /Ob0 /MP /MTd") + set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} /W0 /Zi /Od /Ob0 /MP /MTd") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /W0 /O1 /Ob2 /Oi /Os /Oy /MP /MT") + set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} /W0 /O1 /Ob2 /Oi /Os /Oy /MP /MT") + set(CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO} /W0 /Ob1 /Ot /Zi /MP /MT") + set(CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO} /W0 /Ob1 /Ot /Zi /MP /MT") +else() + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Os -w") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Os -w") +endif() + +if(CMAKE_GENERATOR MATCHES "Visual Studio") + if(CMAKE_VERSION VERSION_LESS 3.13) + message(WARNING "Disabling SSL assembly support because CMake version ${CMAKE_VERSION} is too old (less than 3.13)") + set(OPENSSL_NO_ASM ON) + else() + include(CheckLanguage) + check_language(ASM_NASM) + if(NOT CMAKE_ASM_NASM_COMPILER) + message(WARNING "Disabling SSL assembly support because NASM could not be found") + set(OPENSSL_NO_ASM ON) + endif() + endif() +endif() + +add_subdirectory(../../../external/src/grpc/third_party/boringssl-with-bazel BoringSSL)