DragonX/ObsidianDragon
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

fix(mining): harden xmrig updater per adversarial review

Browse Source 
Addresses confirmed findings from the multi-lens review of the updater:

- Cancelable + live progress (was: download uncancelable, progress stuck at 0%, closing
  the dialog mid-download blocked the UI thread on the worker join). Wire a libcurl
  CURLOPT_XFERINFOFUNCTION that publishes byte counts and returns abort when cancel() is
  requested; add a Cancel button. The dialog's destructor now aborts the transfer promptly,
  so closing mid-download no longer freezes the UI.
- Graceful "unavailable" instead of a red error on platforms with no published build
  (macOS / ARM): new terminal State::Unavailable rendered neutrally, not as a failure.
- Install-time running guard (TOCTOU): App::isPoolMinerRunning() re-checked in the dialog
  before each install, so a dialog opened before mining started can't replace a live binary.
- Size caps: CURLOPT_MAXFILESIZE on the download and a per-archive-member ceiling before
  decomphressing into memory, to bound an attacker-controlled archive.
- Distinguish a local read failure of the downloaded archive from a checksum mismatch
  (was reported misleadingly as "possible tampering").
- Reword the dialog's verification note to "checked against the release's published SHA-256
  checksum" (integrity, not authenticity — see the signing note below).

Not fixed here (needs your input): WinRing0x64.sys has no per-file hash published, but it is
covered by the verified archive checksum (it is inside the verified zip); and the release is
not cryptographically signed — checksums and binary share one trust root. Adding a pinned-key
ed25519/minisign signature is the real supply-chain hardening and needs an offline signing key
+ a release-process change.

Both variants build; suite passes; live worker re-verified end-to-end on linux-x64.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
DanS
2026-06-06 18:35:17 -05:00
parent 5c87bc6e87
commit 98e0cce8ec
4 changed files with 93 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/util/xmrig_updater.h
View File

@@ -77,6 +77,7 @@ public:
Checking,
UpToDate,
UpdateAvailable,
Unavailable, // no miner build is published for this platform (terminal, not an error)
Downloading,
Verifying,
Extracting,
@@ -117,7 +118,12 @@ public:
void cancel();
Progress getProgress() const;
bool isDone() const; // true when state is Done or Failed (worker finished)
bool isDone() const; // true once the worker reached a terminal state (Done/Failed/Unavailable)
// Internal: called by the libcurl progress callback. Publishes live download bytes and returns
// false to ask curl to abort (when cancel() was requested). Public only so the C callback in the
// .cpp can reach it without leaking curl types into this header.
bool onDownloadProgress(double downloadedBytes, double totalBytes);
private:
void runCheck(std::string installedTag);