DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
a9b1b4085fe7ba7e9832c0f8629f9ebc9d1b805d
dragonx/util/sign-bootstrap.md
DanS 1673cfb6dc IBD/sync speedups: parallel RandomX pre-verify, adaptive dbcache, P2P download fixes 
- Parallel RandomX PoW pre-verification pool (CCheckQueue) run ahead of the serial
  connect; consensus-neutral (inline CheckRandomXSolution fallback still verifies
  anything not pre-verified). New -randomxverifythreads (default = -par).
- Adaptive dbcache: default sizes the UTXO/coins cache to most of RAM and shrinks
  under memory pressure, always leaving a reserve free; -dbcache pins a fixed value.
- P2P block download: bounded socket recv-drain loop (tlsmanager); frontier-block
  reassignment to break head-of-line stalls (-blockreassigntimeout); ProcessGetData
  serves a bounded batch of blocks per pass instead of one (fixes the serve-side
  one-block-per-tick throttle that caps download network-wide).
- assumeutxo: dumptxoutset RPC + LoadSnapshot machinery + AssumeutxoData chainparams.
- Signed bootstrap verification (util/bootstrap-dragonx.sh, util/sign-bootstrap.md).
- gtest: RandomX pre-verify consensus-equivalence test + UTXO-snapshot round-trip;
  revived the gtest harness (Makefile.am include fix, Makefile.gtest.include).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 12:30:10 -05:00

2.1 KiB
Raw Blame History

Signing the DragonX bootstrap archive

util/bootstrap-dragonx.sh verifies a detached signature of DRAGONX.zip against a public key embedded in the script (BOOTSTRAP_PUBKEY). Because the key ships in the repo/binary and is not downloaded from the bootstrap server, a compromised bootstrap host cannot forge a valid signature — unlike the .md5/.sha256 files, which are served from the same host and only detect corruption.

Until a real key is embedded, BOOTSTRAP_PUBKEY is the placeholder and the script skips signature enforcement (with a warning), so existing users are unaffected. Once a real key is pasted in, an unsigned or invalid bootstrap is refused.

One-time: create the signing keypair (offline)

Keep the private key OFFLINE (air-gapped if possible). Ed25519 or RSA-4096 both work with the openssl dgst -sha256 -verify check the script uses; RSA-4096 maximizes compatibility:

# Private key — keep secret, never publish
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out dragonx-bootstrap.key
# Public key — paste into bootstrap-dragonx.sh
openssl pkey -in dragonx-bootstrap.key -pubout -out dragonx-bootstrap.pub
cat dragonx-bootstrap.pub

Paste the full PEM (including the -----BEGIN/END PUBLIC KEY----- lines) into BOOTSTRAP_PUBKEY in util/bootstrap-dragonx.sh, e.g.:

BOOTSTRAP_PUBKEY="$(cat <<'PEM'
-----BEGIN PUBLIC KEY-----
... base64 ...
-----END PUBLIC KEY-----
PEM
)"

Each release: sign the archive and publish the signature

openssl dgst -sha256 -sign dragonx-bootstrap.key -out DRAGONX.zip.sig DRAGONX.zip

Upload DRAGONX.zip.sig next to DRAGONX.zip (and its .md5/.sha256) on every bootstrap host (bootstrap.dragonx.is, bootstrap2.dragonx.is). Verify locally first:

openssl dgst -sha256 -verify dragonx-bootstrap.pub -signature DRAGONX.zip.sig DRAGONX.zip
# -> "Verified OK"

Rotating the key

Embed the new public key in the script, sign future archives with the new private key, and release a new client version. Old clients keep trusting the old key; coordinate the cutover with a release so users upgrade before the old key is retired.

Reference in New Issue View Git Blame Copy Permalink