This document describes the mechanism to publish Fonero updates.
We use Codechain to secure our code against unwanted changes. The last signed source tree hash of the Codechain hashchain is published in the Fonero block headers.
- Use two different Codechain hashchains, one for the Fonero
mainnet and one for testnet (
.codechain_mainnetand.codechain_testnet). - The mainnet and testnet Codechains have different sets of signers. The security requirements for testnet are less strict.
fnochainis a Codechain wrapper that callscodechainfor mainnet and testnet.codechain publish -yis used internally to avoid reading the same patch twice.- Extend
wire.BlockHeaderwith aCodechainHead [32]bytefield to publish the current Codechain source tree hash used by the miner. MaybeExtraData [32]bytecould also be used for that. - Extend the
wireformat to distribute Codechain hashchain updates and patch files (details TBD):- Give me hashchain updates (between
XandY) - Give me entire hashchain
- Give me patch
- Similar methods for publishing (via
fnoupdate)?
- Give me hashchain updates (between
- Miners manually update to a newly published version. As soon as a miner mines a block with the new header it activates on the network. Miners always write the version they are running on into the header.
- Nodes either update automatically or manually. Automatic updates happen probabilistically (10% probability that a node updates in a given day, with manual override). This leads to a good code diversity in the network even in the case of automatic updates.
- It is important that not every node updates to the newest version
immediately, there should always be
Nversions of the code running on the network (withNbetween 3 and 5). fnodhas the correspondingCodechainhash compiled in and it verifies that it is a valid one and in the allowed window defined byN.fnoupdateis used to publish an update to the network via the extended thewireprotocol.
MsgVersion&MsgVerAck- Encode current code version in
MsgVersion.UserAgentor in separate field?