New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zcash_client_sqlite crate #246
Conversation
898586d
to
27fbcea
Compare
Needed because SQLite internally stores BOOLEAN as INTEGER anyway, but this causes problems with newer versions of Room on Android.
This provides a way to expose a more fine grained measure of scan progress. For example, by scanning in batches of 100 blocks, rather than everything that is pending.
Fixes a bug where rewinding a block that contained a received note would cause a constraint violation.
27fbcea
to
131e00e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this still have the commit to set activation heights for the Heartwood network upgrade? I'm not seeing that commit in the history. Nor do I see the related changes in this PR but it could be all this new-fangled github UI throwing me off.
Perhaps that needs to be (or has been) applied to the zcash_primitives
crate as a separate PR?
edfa9c1
to
dbd3122
Compare
Requires bumping the MSRV to 1.40.0 because libsqlite3-sys uses features introduced in that version. remove_dir_all can similarly be unpinned.
Includes an example that exposes the API as a binary.
dbd3122
to
bbc3ec5
Compare
Codecov Report
@@ Coverage Diff @@
## master #246 +/- ##
==========================================
- Coverage 34.71% 34.45% -0.27%
==========================================
Files 95 97 +2
Lines 11457 11544 +87
==========================================
Hits 3977 3977
- Misses 7480 7567 +87
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested ACK
/// let db_data = data_file.path(); | ||
/// init_data_database(&db_data).unwrap(); | ||
/// ``` | ||
pub fn init_data_database<P: AsRef<Path>>(db_data: P) -> Result<(), Error> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should require specifying privacy-relevant policy such as whether ovk
s are stored (explicitly, with no defaults).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternatively (or in addition), transact::create_to_address
could require specifying a per-transaction policy; this is where the policy would be enforced.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Specifically, here is where the current default policy is implemented: https://github.com/zcash/librustzcash/pull/246/files#diff-0db70545aba62e450ec1e1634b293f05R104
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking request to require specifying whether ovk
s are stored when opening the database. This will require a version bump according to semver. I haven't reviewed the rest of the PR.
There should also be an API to delete data on transactions held by the wallet, e.g.
The use case here is that a wallet can have a button that someone might choose to use if they are about to go into a potentially coercive environment where data on their device could be seized (the assumption being that their backup seed is not available in the coercive environment). |
I agree with all of this, but we should be clear on which does what. I could easily see down stream devs confusing what does what. This might result in end users deleting history but not OVK and thinking they've erased a past sensitive purchase. Or that deleting OVK erases past purchases. Ideally there should be some policy switch with clear labels:
|
This all touches on a much larger issue of whether librustzcash should store any state. I would propose that we not bandaid key storage and instead take a thoughtful approach to implementing #142 which returns control of data storage to the wallet.
I strongly agree with that statement. We seem to be discussing features and decisions that probably should be made at the wallet level, rather than within librustzcash. The root issue seems to be that, with this PR, |
The discussion here relates to the "Hide Transaction" feature request on the wallet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested. Ok!
This enables an SQLite light client to specify whether recipient history can be recovered from the block chain (and by what outgoing viewing key) with per-transaction granularity.
I've implemented an outgoing viewing key usage policy for
Let's implement this in a subsequent PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utACK (with particular attention to 8188fae, but I also reviewed the rest of the PR lightly).
value INTEGER NOT NULL, | ||
rcm BLOB NOT NULL, | ||
nf BLOB NOT NULL UNIQUE, | ||
is_change INTEGER NOT NULL, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://www.sqlite.org/datatype3.html#boolean_datatype
SQLite does not have a separate Boolean storage class. Instead, Boolean values are stored as integers 0 (false) and 1 (true).
😢 (not a problem, but sigh).
nf BLOB NOT NULL UNIQUE, | ||
is_change INTEGER NOT NULL, | ||
memo BLOB, | ||
spent INTEGER, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this also supposed to be a boolean? Why no NOT NULL
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this is a foreign key to the transactions
database, pointing at the transaction this note is spent in. NULL
represents the "not spent" case.
} | ||
} | ||
|
||
/// Returns the memo for a received note, if it is known and a valid UTF-8 string. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider filing a ticket to add APIs that get the raw memo without checking that it is valid UTF-8.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The way this crate is designed (specifically that db_data
is read-only outside the crate), it's expected that the caller can query the database for that information themselves.
// get re-marked as spent). | ||
// | ||
// Assumes that create_to_address() will never be called in parallel, which is a | ||
// reasonable assumption for a light client such as a mobile phone. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This assumption should be documented in the function comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is:
Do not call this multiple times in parallel, or you will generate transactions that double-spend the same notes.
My
note-spending-v7
branch is pretty stable at this point, and now being depended on more widely (after the ECC wallet was recently open-sourced). I rebased my branch on current master to fix merge conflicts (due to recent refactors), but it's otherwise unaltered.Closes #71.