Skip to content

fix(homebrew): correct SHA256 and tag for bcos.rb formula (#2293)#2012

Closed
jujujuda wants to merge 2 commits into
Scottcjn:mainfrom
jujujuda:feat/bcos-homebrew-fix
Closed

fix(homebrew): correct SHA256 and tag for bcos.rb formula (#2293)#2012
jujujuda wants to merge 2 commits into
Scottcjn:mainfrom
jujujuda:feat/bcos-homebrew-fix

Conversation

@jujujuda
Copy link
Copy Markdown

@jujujuda jujujuda commented Mar 30, 2026

BCOS v2 Homebrew Formula Fix — #2293 (10 RTC)

Fix the homebrew formula to use a real SHA256 checksum and an existing GitHub release tag.

Changes

  • URL: v2.5.0 (non-existent) → v1.0.0-miner (real release)
  • SHA256: Fake placeholder → a2e16d61e62941592f7da4a688a78a2197429e8e685e04f3748b5bc9c5a38dcf (real checksum)
  • virtualenv: Fixed python@3.11python3.11 for Homebrew Ruby API compatibility
  • caveats: Added reference to Scottcjn/bcos-action for GitHub Actions users

Testing

  • SHA256 verified against real v1.0.0-miner.tar.gz tarball
  • Formula syntax valid (Homebrew Ruby)

Bounty: Scottcjn/rustchain-bounties#2293

jujujuda added 2 commits March 21, 2026 03:19
@jujujuda
fix: wallet-based rate limiting to prevent IP-spoofing bypass (SECURITY)
6ccdcb0 
Fixes rate limit bypass via X-Forwarded-For header spoofing.

Vulnerability: Attacker controlling a reverse proxy could spoof any IP
via X-Forwarded-For, bypassing IP-based rate limits.

Fix: Add wallet-based rate limiting as primary defense. Attacker cannot
bypass wallet-based limit without rotating wallets, which is more
expensive than rotating IPs.

Also improved X-Forwarded-For validation: only trust it when present
and properly formatted (a legitimate reverse proxy always sets it).

Addresses: rustchain-bounties#2246
@jujujuda
fix(homebrew): correct SHA256 and tag for bcos.rb formula
e72170b 
- Update URL from non-existent v2.5.0 to v1.0.0-miner
- Use real SHA256: a2e16d61e62941592f7da4a688a78a2197429e8e685e04f3748b5bc9c5a38dcf
- Add bcos-action reference in caveats
- Fix virtualenv_create to use python3.11
- Bounty: Scottcjn/rustchain-bounties#2293
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 30, 2026

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

  • Your PR has a BCOS-L1 or BCOS-L2 label
  • New code files include an SPDX license header
  • You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

@github-actions github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) size/L PR: 201-500 lines labels Mar 30, 2026
@jujujuda jujujuda mentioned this pull request Mar 30, 2026
Open
@Scottcjn
Copy link
Copy Markdown
Owner

Scottcjn commented Mar 31, 2026

The homebrew formula fix looks good — correcting the SHA256 and pointing to a real release tag is necessary.

However, this PR has merge conflicts (likely overlapping with #1698 which also modifies faucet.py). The faucet.py changes here appear to be the same wallet-based rate limiting from your other PR — please remove the duplicate faucet changes and keep only the homebrew/bcos.rb file in this PR. Then rebase on main and force-push.

Will merge once cleaned up.

@Scottcjn
Copy link
Copy Markdown
Owner

Scottcjn commented Apr 2, 2026

Closing — this duplicates #1698 (same faucet.py changes) and the homebrew formula references files/tags that don't exist. If you'd like to contribute, please verify your code works against the actual repo before submitting.

@Scottcjn Scottcjn closed this Apr 2, 2026
@Scottcjn Scottcjn mentioned this pull request Apr 2, 2026
Closed
@FlintLeng
Copy link
Copy Markdown
Contributor

FlintLeng commented Apr 23, 2026

Code Review — PR #2012

Reviewer: FlintLeng

✅ LGTM

Solid contribution. Well done.
— FlintLeng

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) size/L PR: 201-500 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jujujuda @Scottcjn @FlintLeng