From Fedora Project Wiki

Line 12: Line 12:
** There should be a separate user homedir SELinux policy for bitcoind and bitcoin-qt operated in this manner, with a context like <code>user_bitcoin_t</code>.
** There should be a separate user homedir SELinux policy for bitcoind and bitcoin-qt operated in this manner, with a context like <code>user_bitcoin_t</code>.
** Note: Arbitrary other services may need to be granted both UNIX filesystem and SELinux permission to read the autotoken file from the user's ~/.bitcoin directory.
** Note: Arbitrary other services may need to be granted both UNIX filesystem and SELinux permission to read the autotoken file from the user's ~/.bitcoin directory.
== Safety Requirements ==
* Wait for Bitcoin Core 0.12 for libsecp256k1.
== Security Requirements ==
* Build Determinism/Reproducible Builds: Given identical inputs of source code and N-V-R's of dependencies in the buildroot, the binary output packaged must be identical when built by anyone.
** In this way anyone can verify that the binaries built on the Fedora buildsystem are not different from what should have been built from that source code.  This allows for improved assurance that the build is not compromised.
* Stretch goal: Also modify the .spec's of library dependencies to make their builds reproducible.

Revision as of 03:21, 30 October 2015

RPM Package and SELinux

There probably should be two separate SELinux policy modules for the two different ways Bitcoin Core is used.

  • System Service bitcoind
    • Should have its datadir somewhere like %{_datadir}bitcoinsys/ which expands to /var/lib/bitcoinsys/
    • Config file %config(noreplace) %{_datadir}/bitcoinsys/bitcoin.conf with wallet disabled by default, but they could enable it with wallet=1 if they really want it.
    • With system username like: bitcoinsys
    • Wrapper should launch bitcoind in a context named like: bitcoinsys_t
    • %doc README-FEDORA-BITCOIN-SERVICE should probably explain how the service is meant to be configured, used and controlled with bitcoin-cli or RPC/REST interfaces as the non-default datadir does not match upstream documentation and it thus may be non-obvious to users.
  • User service bitcoind and graphical bitcoin-qt
    • The most common way in which Bitcoin Core users run their own bitcoind or bitcoin-qt with is as a non-root user with datadir ~/.bitcoin/.
    • There should be a separate user homedir SELinux policy for bitcoind and bitcoin-qt operated in this manner, with a context like user_bitcoin_t.
    • Note: Arbitrary other services may need to be granted both UNIX filesystem and SELinux permission to read the autotoken file from the user's ~/.bitcoin directory.

Safety Requirements

  • Wait for Bitcoin Core 0.12 for libsecp256k1.

Security Requirements

  • Build Determinism/Reproducible Builds: Given identical inputs of source code and N-V-R's of dependencies in the buildroot, the binary output packaged must be identical when built by anyone.
    • In this way anyone can verify that the binaries built on the Fedora buildsystem are not different from what should have been built from that source code. This allows for improved assurance that the build is not compromised.
  • Stretch goal: Also modify the .spec's of library dependencies to make their builds reproducible.