zcash_client_sqlite crate #246
Conversation
str4d
force-pushed
the
zcash_client_sqlite
branch
from
898586d
to
27fbcea
Compare
Needed because SQLite internally stores BOOLEAN as INTEGER anyway, but this causes problems with newer versions of Room on Android.
This provides a way to expose a more fine grained measure of scan progress. For example, by scanning in batches of 100 blocks, rather than everything that is pending.
Fixes a bug where rewinding a block that contained a received note would cause a constraint violation.
str4d
force-pushed
the
zcash_client_sqlite
branch
from
27fbcea
to
131e00e
Compare
There was a problem hiding this comment.
Does this still have the commit to set activation heights for the Heartwood network upgrade? I'm not seeing that commit in the history. Nor do I see the related changes in this PR but it could be all this new-fangled github UI throwing me off.
Perhaps that needs to be (or has been) applied to the zcash_primitives crate as a separate PR?
str4d
force-pushed
the
zcash_client_sqlite
branch
7 times, most recently
from
edfa9c1
to
dbd3122
Compare
Requires bumping the MSRV to 1.40.0 because libsqlite3-sys uses features introduced in that version. remove_dir_all can similarly be unpinned.
Includes an example that exposes the API as a binary.
str4d
force-pushed
the
zcash_client_sqlite
branch
from
dbd3122
to
bbc3ec5
Compare
Codecov Report
@@ Coverage Diff @@
## master #246 +/- ##
==========================================
- Coverage 34.71% 34.45% -0.27%
==========================================
Files 95 97 +2
Lines 11457 11544 +87
==========================================
Hits 3977 3977
- Misses 7480 7567 +87
Continue to review full report at Codecov.
|
| /// let db_data = data_file.path(); | ||
| /// init_data_database(&db_data).unwrap(); | ||
| /// ``` | ||
| pub fn init_data_database<P: AsRef<Path>>(db_data: P) -> Result<(), Error> { |
There was a problem hiding this comment.
This should require specifying privacy-relevant policy such as whether ovks are stored (explicitly, with no defaults).
There was a problem hiding this comment.
Alternatively (or in addition), transact::create_to_address could require specifying a per-transaction policy; this is where the policy would be enforced.
There was a problem hiding this comment.
Specifically, here is where the current default policy is implemented: https://github.com/zcash/librustzcash/pull/246/files#diff-0db70545aba62e450ec1e1634b293f05R104
|
There should also be an API to delete data on transactions held by the wallet, e.g.
The use case here is that a wallet can have a button that someone might choose to use if they are about to go into a potentially coercive environment where data on their device could be seized (the assumption being that their backup seed is not available in the coercive environment). |
|
I agree with all of this, but we should be clear on which does what. I could easily see down stream devs confusing what does what. This might result in end users deleting history but not OVK and thinking they've erased a past sensitive purchase. Or that deleting OVK erases past purchases. Ideally there should be some policy switch with clear labels:
|
|
This all touches on a much larger issue of whether librustzcash should store any state. I would propose that we not bandaid key storage and instead take a thoughtful approach to implementing #142 which returns control of data storage to the wallet.
I strongly agree with that statement. We seem to be discussing features and decisions that probably should be made at the wallet level, rather than within librustzcash. The root issue seems to be that, with this PR, |
|
The discussion here relates to the "Hide Transaction" feature request on the wallet. |
This enables an SQLite light client to specify whether recipient history can be recovered from the block chain (and by what outgoing viewing key) with per-transaction granularity.
I've implemented an outgoing viewing key usage policy for
Let's implement this in a subsequent PR. |
| value INTEGER NOT NULL, | ||
| rcm BLOB NOT NULL, | ||
| nf BLOB NOT NULL UNIQUE, | ||
| is_change INTEGER NOT NULL, |
There was a problem hiding this comment.
https://www.sqlite.org/datatype3.html#boolean_datatype
SQLite does not have a separate Boolean storage class. Instead, Boolean values are stored as integers 0 (false) and 1 (true).
😢 (not a problem, but sigh).
| nf BLOB NOT NULL UNIQUE, | ||
| is_change INTEGER NOT NULL, | ||
| memo BLOB, | ||
| spent INTEGER, |
There was a problem hiding this comment.
Is this also supposed to be a boolean? Why no NOT NULL?
There was a problem hiding this comment.
No, this is a foreign key to the transactions database, pointing at the transaction this note is spent in. NULL represents the "not spent" case.
| } | ||
| } | ||
|
|
||
| /// Returns the memo for a received note, if it is known and a valid UTF-8 string. |
There was a problem hiding this comment.
Consider filing a ticket to add APIs that get the raw memo without checking that it is valid UTF-8.
There was a problem hiding this comment.
The way this crate is designed (specifically that db_data is read-only outside the crate), it's expected that the caller can query the database for that information themselves.
| // get re-marked as spent). | ||
| // | ||
| // Assumes that create_to_address() will never be called in parallel, which is a | ||
| // reasonable assumption for a light client such as a mobile phone. |
There was a problem hiding this comment.
This assumption should be documented in the function comment.
There was a problem hiding this comment.
It is:
Do not call this multiple times in parallel, or you will generate transactions that double-spend the same notes.
My
note-spending-v7branch is pretty stable at this point, and now being depended on more widely (after the ECC wallet was recently open-sourced). I rebased my branch on current master to fix merge conflicts (due to recent refactors), but it's otherwise unaltered.Closes #71.