Skip to content

Instantly share code, notes, and snippets.

@satsie

satsie/bitcoin-core-pr-25900-notes.txt

Last active September 28, 2022 02:17
Show Gist options
  • Save satsie/a73fe711954dc4bca8b43030bbd4fb2d to your computer and use it in GitHub Desktop.
Save satsie/a73fe711954dc4bca8b43030bbd4fb2d to your computer and use it in GitHub Desktop.
Download ZIP
PR 25900 Notes
Raw
bitcoin-core-pr-25900-notes.txt
========================================================================
ESTABLISH A BASELINE AND TEST THE MASTER BRANCH AS-IS
========================================================================
1. Do a fresh clone of the bitcoin repo and make sure you are on the master branch
2. Set up a watcher for file ownership/permission changes:
auditctl -w <path to your bitcoin directory>/bitcoin/ -pwarx -k ci
3. Run the ci container:
./ci/test_run_all.sh
4. Once finished, look at what files have had ownership/permission changes:
ausearch -ts today -k ci
or
ausearch -ts yesterday -k ci
5. Pipe the ausearch results to a file
ausearch -ts today -k ci > ~/Desktop/auditresults.txt
6. grep for all changes made to files in the bitcoin directory. My result was 25806.
grep "name=".*<path to your bitcoin directory>\/bitcoin.*"" ~/Desktop/auditresults.txt | wc -l
7. Visually confirm this by spot checking some directories:
bitcoin/depends$ ls -la
total 196
drwxrwxr-x 12 stacie stacie 4096 Sep 26 22:22 .
drwxrwxr-x 15 stacie stacie 4096 Sep 26 22:01 ..
drwxrwxr-x 2 stacie stacie 4096 Sep 26 21:49 builders
drwxr-xr-x 3 root root 4096 Sep 26 22:12 built
-rwxrwxr-x 1 stacie stacie 49548 Sep 26 21:49 config.guess
-rw-rw-r-- 1 stacie stacie 3631 Sep 26 21:49 config.site.in
-rwxrwxr-x 1 stacie stacie 34582 Sep 26 21:49 config.sub
-rw-rw-r-- 1 stacie stacie 2536 Sep 26 21:49 description.md
-rw-rw-r-- 1 stacie stacie 13675 Sep 26 21:49 funcs.mk
-rwxrwxr-x 1 stacie stacie 2691 Sep 26 21:49 gen_id
-rw-rw-r-- 1 stacie stacie 108 Sep 26 21:49 .gitignore
drwxrwxr-x 2 stacie stacie 4096 Sep 26 21:49 hosts
-rw-rw-r-- 1 stacie stacie 11499 Sep 26 21:49 Makefile
drwxrwxr-x 2 stacie stacie 4096 Sep 26 21:49 packages
-rw-rw-r-- 1 stacie stacie 7219 Sep 26 21:49 packages.md
drwxrwxr-x 9 stacie stacie 4096 Sep 26 21:49 patches
-rw-rw-r-- 1 stacie stacie 6050 Sep 26 21:49 README.md
drwxr-xr-x 2 root root 4096 Sep 26 22:12 SDKs
drwxr-xr-x 2 root root 4096 Sep 26 22:12 sdk-sources
drwxr-xr-x 3 root root 4096 Sep 26 22:21 sources
drwxr-xr-x 5 root root 4096 Sep 26 22:13 work
drwxr-xr-x 10 root root 4096 Sep 26 22:22 x86_64-pc-linux-gnu
bitcoin/depends/x86_64-pc-linux-gnu$ ls -la
total 52
drwxr-xr-x 10 root root 4096 Sep 26 22:22 .
drwxrwxr-x 12 stacie stacie 4096 Sep 26 22:22 ..
drwxr-xr-x 2 root root 4096 Sep 26 22:13 bin
drwxr-xr-x 3 root root 4096 Sep 26 22:13 etc
drwxr-xr-x 30 root root 4096 Sep 26 22:31 include
drwxr-xr-x 5 root root 4096 Sep 26 22:22 lib
drwxr-xr-x 3 root root 4096 Sep 26 22:21 native
drwxr-xr-x 5 root root 4096 Sep 26 22:20 plugins
drwxr-xr-x 7 root root 4096 Sep 26 22:31 share
-rw-r--r-- 1 root root 0 Sep 26 22:22 .stamp_5bc5d5a1a67
-rw-r--r-- 1 root root 0 Sep 26 22:22 .stamp_postprocessed
drwxr-xr-x 2 root root 16384 Sep 26 22:20 translations
bitcoin/ci/scratch/.ccache$ ls -la
total 76
drwxrwxr-x 18 stacie stacie 4096 Sep 26 22:23 .
drwxrwxr-x 3 stacie stacie 4096 Sep 26 22:01 ..
drwxr-xr-x 18 root root 4096 Sep 26 22:31 0
drwxr-xr-x 18 root root 4096 Sep 26 22:31 1
drwxr-xr-x 18 root root 4096 Sep 26 22:31 2
drwxr-xr-x 18 root root 4096 Sep 26 22:31 3
drwxr-xr-x 18 root root 4096 Sep 26 22:31 4
drwxr-xr-x 18 root root 4096 Sep 26 22:31 5
drwxr-xr-x 18 root root 4096 Sep 26 22:31 6
drwxr-xr-x 18 root root 4096 Sep 26 22:31 7
drwxr-xr-x 18 root root 4096 Sep 26 22:31 8
drwxr-xr-x 18 root root 4096 Sep 26 22:31 9
drwxr-xr-x 18 root root 4096 Sep 26 22:31 a
drwxr-xr-x 18 root root 4096 Sep 26 22:31 b
drwxr-xr-x 18 root root 4096 Sep 26 22:31 c
-rw-r--r-- 1 root root 16 Sep 26 22:22 ccache.conf
drwxr-xr-x 18 root root 4096 Sep 26 22:31 d
drwxr-xr-x 18 root root 4096 Sep 26 22:31 e
drwxr-xr-x 18 root root 4096 Sep 26 22:31 f
Optional: clean up the audit rule (see link in appendix at the bottom)
========================================================================
TEST PR-25900
========================================================================
1. Make a separate directory and do a fresh clone of the bitcoin repo. Checkout the PR-25900 branch.
2. Set up a new watcher for file ownership/permission changes:
auditctl -w <path to your bitcoin directory>/bitcoin/ -pwarx -k cifixed
3. Run the ci container:
./ci/test_run_all.sh
4. Once finished, look at what files have had ownership/permission changes:
ausearch -ts today -k cifixed
5. Pipe the ausearch results to a file
ausearch -ts today -k cifixed > ~/Desktop/auditresultsfixed.txt
6. grep for all changes made to files in the bitcoin directory. My result was 41.
grep "name=".*<path to your bitcoin directory>\/bitcoin.*"" ~/Desktop/auditresultsfixed.txt | wc -l
7. Visually confirm this by spot checking some directories:
bitcoin/depends$ ls -la
total 196
drwxrwxr-x 12 stacie stacie 4096 Sep 27 15:30 .
drwxrwxr-x 15 stacie stacie 4096 Sep 27 15:19 ..
drwxrwxr-x 2 stacie stacie 4096 Sep 27 12:59 builders
drwxr-xr-x 3 stacie stacie 4096 Sep 27 15:20 built
-rwxrwxr-x 1 stacie stacie 49548 Sep 27 12:59 config.guess
-rw-rw-r-- 1 stacie stacie 3631 Sep 27 12:59 config.site.in
-rwxrwxr-x 1 stacie stacie 34582 Sep 27 12:59 config.sub
-rw-rw-r-- 1 stacie stacie 2536 Sep 27 12:59 description.md
-rw-rw-r-- 1 stacie stacie 13675 Sep 27 12:59 funcs.mk
-rwxrwxr-x 1 stacie stacie 2691 Sep 27 12:59 gen_id
-rw-rw-r-- 1 stacie stacie 108 Sep 27 12:59 .gitignore
drwxrwxr-x 2 stacie stacie 4096 Sep 27 12:59 hosts
-rw-rw-r-- 1 stacie stacie 11499 Sep 27 12:59 Makefile
drwxrwxr-x 2 stacie stacie 4096 Sep 27 15:18 packages
-rw-rw-r-- 1 stacie stacie 7219 Sep 27 12:59 packages.md
drwxrwxr-x 9 stacie stacie 4096 Sep 27 12:59 patches
-rw-rw-r-- 1 stacie stacie 6050 Sep 27 12:59 README.md
drwxr-xr-x 2 stacie stacie 4096 Sep 27 15:20 SDKs
drwxr-xr-x 2 stacie stacie 4096 Sep 27 15:20 sdk-sources
drwxr-xr-x 3 stacie stacie 4096 Sep 27 15:29 sources
drwxr-xr-x 5 stacie stacie 4096 Sep 27 15:21 work
drwxr-xr-x 10 stacie stacie 4096 Sep 27 15:30 x86_64-pc-linux-gnu
bitcoin/depends/x86_64-pc-linux-gnu$ ls -la
total 52
drwxr-xr-x 10 stacie stacie 4096 Sep 27 15:30 .
drwxrwxr-x 12 stacie stacie 4096 Sep 27 15:30 ..
drwxr-xr-x 2 stacie stacie 4096 Sep 27 15:21 bin
drwxr-xr-x 3 stacie stacie 4096 Sep 27 15:21 etc
drwxr-xr-x 30 stacie stacie 4096 Sep 27 15:38 include
drwxr-xr-x 5 stacie stacie 4096 Sep 27 15:30 lib
drwxr-xr-x 3 stacie stacie 4096 Sep 27 15:28 native
drwxr-xr-x 5 stacie stacie 4096 Sep 27 15:28 plugins
drwxr-xr-x 7 stacie stacie 4096 Sep 27 15:38 share
-rw-r--r-- 1 stacie stacie 0 Sep 27 15:30 .stamp_f0abf353189
-rw-r--r-- 1 stacie stacie 0 Sep 27 15:30 .stamp_postprocessed
drwxr-xr-x 2 stacie stacie 16384 Sep 27 15:28 translations
bitcoin/ci/scratch/.ccache$ ls -la
total 76
drwxrwxr-x 18 stacie stacie 4096 Sep 27 15:30 .
drwxrwxr-x 3 stacie stacie 4096 Sep 27 15:19 ..
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 0
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 1
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 2
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 3
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 4
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 5
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 6
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 7
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 8
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 9
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 a
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 b
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 c
-rw-r--r-- 1 stacie stacie 16 Sep 27 15:30 ccache.conf
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 d
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 e
drwxr-xr-x 18 stacie stacie 4096 Sep 27 15:38 f
Optional: clean up the audit rule (see link in appendix at the bottom)
====================================
APPENDIX
====================================
Guide where I got the idea to use auditctl:
https://serverfault.com/questions/619722/how-do-i-detect-what-is-changing-file-ownership-on-linux
To clean up the auditctl rule: https://daviseford.com/blog/2015/05/28/removing-auditctl-rules-and-watches.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment