wallet: Move salvagewallet into wallettool #18918
Conversation
| @@ -404,8 +404,6 @@ def run_test(self): | |||
| '-reindex', | |||
| '-zapwallettxes=1', | |||
| '-zapwallettxes=2', | |||
| # disabled until issue is fixed: https://github.com/bitcoin/bitcoin/issues/7463 | |||
| # '-salvagewallet', | |||
There was a problem hiding this comment.
Would be nice to keep this test or at least document that salvagewallet will throw away your keys: #7379
There was a problem hiding this comment.
In commit "wallet: remove -salvagewallet" (8ef1b45)
Would be nice to keep this test or at least document that salvagewallet will throw away your keys: #7379
@MarcoFalke could you describe the test or comment you would add? It sounds there is a good suggestion here, but I don't understand it's asking for
There was a problem hiding this comment.
@MarcoFalke could you describe the test or comment you would add? It sounds there is a good suggestion here, but I don't understand it's asking for
The new functionality has zero tests. I was hoping we could call wallet-tool salvage instead of bitcoind -salvagewallet here. Just because the test is commented out, doesn't mean it should be removed.
If the test still fails occasionally with the wallet-tool, then it can be commented out again.
There was a problem hiding this comment.
The behavior of salvage shouldn't be any different, so it will probably still fail as the previous -salvagewallet did.
It's also not clear to me what a salvage test should even look like.
There was a problem hiding this comment.
I've added a placeholder test with a todo that mentions the issue in tool_wallet.py.
|
Concept ACK |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
a7274c4 to
d099709
Compare
|
Concept ACK. Agree that this belongs in the wallet tool, not bitcoind. |
d099709 to
67e30b2
Compare
There was a problem hiding this comment.
Started reviewing 67e30b2 but finding it difficult to compare old and new behavior with all the code moving and changing at the same time. Also wondering if the ReadKeyValue code duplication can be avoided, because it seems likely to doom this feature to obsolescence if updates to that function need to be mirrored here. It makes me wonder what the plan for salvage wallet is. Is the plan to wall it off, deprecate it, and remove it? It seems like -salvagewallet was implemented in a really convoluted way, but if we did want to implement in a sustainable way, we would still implement it as a load option and not as a standalone copy of loading code. (It could still be exposed through wallet tool either way.)
But overall this seems promising, and great to get rid of some of the convoluted callback & enum status code. I will spend more time with this and maybe try to come up with a MOVEONLY version that could be easier to review.
| @@ -404,8 +404,6 @@ def run_test(self): | |||
| '-reindex', | |||
| '-zapwallettxes=1', | |||
| '-zapwallettxes=2', | |||
| # disabled until issue is fixed: https://github.com/bitcoin/bitcoin/issues/7463 | |||
| # '-salvagewallet', | |||
There was a problem hiding this comment.
In commit "wallet: remove -salvagewallet" (8ef1b45)
Would be nice to keep this test or at least document that salvagewallet will throw away your keys: #7379
@MarcoFalke could you describe the test or comment you would add? It sounds there is a good suggestion here, but I don't understand it's asking for
src/wallet/wallettool.cpp
Outdated
| static const char *HEADER_END = "HEADER=END"; | ||
| /* End of key/value data */ | ||
| static const char *DATA_END = "DATA=END"; | ||
|
|
||
| static bool SalvageWallet(fs::path path) |
There was a problem hiding this comment.
In commit "walletool: Move salvage wallet implementation into wallettool" (67e30b2)
Would be nice to move this to src/wallet/salvage.{h,cpp} so wallet tool file does not become monolithic and so salvage functionality can be more easily tested and improved and perhaps accessible to future RPC or GUI recovery features
There was a problem hiding this comment.
I've added a salvage.{cpp/h} and put the salvage stuff in there.
67e30b2 to
7360e74
Compare
|
I've changed the final refactor commit into several smaller moves and changes. The final approach for salvage is also slightly different. Instead of having all of the salvage logic |
7360e74 to
2dc91a8
Compare
| @@ -924,7 +924,7 @@ bool WalletBatch::VerifyEnvironment(const fs::path& wallet_path, bilingual_str& | |||
|
|
|||
| bool WalletBatch::VerifyDatabaseFile(const fs::path& wallet_path, std::vector<bilingual_str>& warnings, bilingual_str& errorStr) | |||
| { | |||
| return BerkeleyBatch::VerifyDatabaseFile(wallet_path, warnings, errorStr, WalletBatch::Recover); | |||
There was a problem hiding this comment.
Concept ACK. Needs a release note.
Travis is unhappy (as is my local build):
In file included from ./wallet/scriptpubkeyman.h:16:
3519./wallet/walletdb.h:314:112: error: member access into incomplete type 'CWallet'
3520 CWalletScanState &wss, std::string& strType, std::string& strErr) EXCLUSIVE_LOCKS_REQUIRED(pwallet->cs_wallet);
#10540 makes the case for running in aggressive mode by default and having an option to run in aggressive mode. So maybe drop b816866?
The test problem described in #7463 (comment) seems to be specific to aggressive mode (cc @jnewbery). Perhaps we can at least add a test for non-aggressive mode? The original test wasn't very interesting. Is there a way to programatically damage a wallet, or can we add a wallet payload that needs salvaging to the test suite? That's useful for review as well.
|
Concept ACK |
31c3f68 to
e3fe339
Compare
We need this exposed for BerkeleyBatch::Recover to be moved out.
…andalone Instead of having these be class static functions, just make them be standalone. Also removes WalletBatch::Recover which just passed through to BerkeleyBatch::Recover.
9454105 to
84ae057
Compare
Fixed. Turns out we still have to go through the whole Also added a basic functional test to check that salvage on a new wallet does not have issues. It does not check whether salvaged actually worked or did anything useful. |
|
Thanks -- at 84ae057 the bitcoin-wallet salvage command now runs and exits. Yay! but it doesn't leave any feedback. A message that the wallet was successfully salvaged might be reassuring? |
| error_string = Untranslated(strprintf("Error loading wallet. %s", fsbridge::get_filesystem_error_message(e))); | ||
| } | ||
| if (!error_string.original.empty()) { | ||
| tfm::format(std::cerr, "Failed to open wallet for salvage :%s\n", error_string.original); |
There was a problem hiding this comment.
Tests for the different exceptions would be great. Not sure on this, or on the need for an EOL \n in line 117 just above.
| tfm::format(std::cerr, "Failed to open wallet for salvage :%s\n", error_string.original); | |
| tfm::format(std::cerr, "Failed to open wallet for salvage: %s\n", error_string.original); |
There was a problem hiding this comment.
Will fix if I have to push another change.
|
re-ACK 84ae057 🏉 Show signature and timestampSignature: Timestamp of file with hash |
|
Concept ACK: thanks for doing this! :) |
|
Code Review ACK 84ae057 |
There was a problem hiding this comment.
Code review ACK 84ae057. Lot of small changes since previous review: added verify step before salvage, added basic test in new commit, removed unused scanstate variable and warnings parameter, tweaked various comments and strings, moved fsuccess variable declaration
84ae057 Add release notes about salvage changes (Andrew Chow) ea337f2 Move RecoverKeysOnlyFilter into RecoverDataBaseFile (Andrew Chow) 9ea2d25 Move RecoverDatabaseFile and RecoverKeysOnlyFilter into salvage.{cpp/h} (Andrew Chow) b426c77 Make BerkeleyBatch::Recover and WalletBatch::RecoverKeysOnlyFilter standalone (Andrew Chow) 2741774 Expose a version of ReadKeyValue and use it in RecoverKeysOnlyFilter (Andrew Chow) ced95d0 Move BerkeleyEnvironment::Salvage into BerkeleyBatch::Recover (Andrew Chow) 07250b8 walletdb: remove fAggressive from Salvage (Andrew Chow) 8ebcbc8 walletdb: don't automatically salvage when corruption is detected (Andrew Chow) d321046 wallet: remove -salvagewallet (Andrew Chow) cdd955e Add basic test for bitcoin-wallet salvage (Andrew Chow) c877709 wallettool: Add a salvage command (Andrew Chow) Pull request description: Removes the `-salvagewallet` startup option and adds a `salvage` command to the `bitcoin-wallet` tool. As such, `-salvagewallet` is removed. Additionally, the automatic salvage that is done if the wallet file fails to load is removed. Lastly the salvage code entirely is moved out entirely into `bitcoin-wallet` from `walletdb.{cpp/h}` and `db.{cpp/h}`. ACKs for top commit: jonatack: ACK 84ae057 feedback taken, and compared to my previous review, the bitcoin-wallet salvage command now seems to run and it exits without raising. The new test passes at both 9454105 and 84ae057 so as a sanity check I'd agree there is room for improvement, if possible. MarcoFalke: re-ACK 84ae057 🏉 Empact: Code Review ACK bitcoin@84ae057 ryanofsky: Code review ACK 84ae057. Lot of small changes since previous review: added verify step before salvage, added basic test in new commit, removed unused scanstate variable and warnings parameter, tweaked various comments and strings, moved fsuccess variable declaration meshcollider: Concept / light code review ACK 84ae057 Tree-SHA512: 05be116b56ecade1c58faca1728c8fe4b78f0a082dbc2544a3f7507dd155f1f4f39070bd1fe90053444384337bc48b97149df5c1010230d78f8ecc08e69d93af
Summary: Partial backport (1/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@c877709 Test Plan: ninja all check-all bitcoin-wallet --help | grep -C1 salvage Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8588
Summary: Partial backport (2/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@cdd955e Depends on D8588. Test Plan: ninja check-functional Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8589
Summary: Partial backport (3/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@d321046 Depends on D8589. Test Plan: ninja all check-functional Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8590
Summary: Partial (4/11) backport of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@8ebcbc8 Depends on D8590. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8591
Summary: ``` The only call to Salvage set fAggressive = true so remove that parameter and always use DB_AGGRESSIVE ``` Partial backport (5/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@07250b8 Depends on D8591. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8592
Summary: Partial backport (6/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@ced95d0 Depends on D8592. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8593
Summary: ``` We need this exposed for BerkeleyBatch::Recover to be moved out. ``` Partial backport (7/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@2741774 Depends on D8593. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8594
…andalone Summary: ``` Instead of having these be class static functions, just make them be standalone. Also removes WalletBatch::Recover which just passed through to BerkeleyBatch::Recover. ``` Partial backport (8/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@b426c77 Depends on D8594. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8595
Summary: Partial backport (9/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@9ea2d25 Depends on D8595. The DBKeys declaration are added to the `walletdb.h` file to make them available for `salvage.cpp`, see D7020. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8596
Summary: Partial backport (10/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@ea337f2 Depends on D8596. Test Plan: ninja all check-all Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8597
Summary: Completes backport (11/11) of core [[bitcoin/bitcoin#18918 | PR18918]]: bitcoin/bitcoin@84ae057 Depends on D8597. Test Plan: Read it. Reviewers: #bitcoin_abc, majcosta Reviewed By: #bitcoin_abc, majcosta Differential Revision: https://reviews.bitcoinabc.org/D8598
Removes the
-salvagewalletstartup option and adds asalvagecommand to thebitcoin-wallettool. As such,-salvagewalletis removed. Additionally, the automatic salvage that is done if the wallet file fails to load is removed.Lastly the salvage code entirely is moved out entirely into
bitcoin-walletfromwalletdb.{cpp/h}anddb.{cpp/h}.