wallet: allowing walletpassphrase timeout to be MAX_SLEEP_TIME if set to -1 #28454
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsNo conflicts as of last run. |
47c5212 to
a7c7e19
Compare
|
Concept NACK. I don't think this is a good idea for mainnet. |
Any specific reason why? A user can currently input a time larger than MAX_SLEEP_TIME and it would be set to it, we are just defaulting to it if no arg is added. Or are you more concerned that a user wouldn't notice the optional arg and unexpectedly have a command with a long timeout running? There was also the suggestion of 0 being used instead of omitting the arg to signal max timeout |
Yes |
54acb38 to
1cc6b1c
Compare
|
@kristapsk I modified the PR to 1cc6b1c which now keeps it as a non optional param but now if the user sets 0 then we will use the MAX_SLEEP_TIME |
|
Seems fine to do this. While |
There was a problem hiding this comment.
This looks good to me, though I think it could use some release notes. An alternative to this could be that if the timeout is set to 0, then the wallet never automatically locks. I've implemented this here (da409dc), if anyone is curious, but the approach implemented in this PR is simpler.
I wonder if there's an argument around a JSON-RPC batch that unlocks, runs some method, and re-locks... Probably wouldn't work today, but might be worth adding? |
|
Would be good to add test coverage and a release note.
That said, I think this breaks https://en.wikipedia.org/wiki/Principle_of_least_astonishment (should behave in a way that most users will expect it to behave), and in a less secure direction. |
Agree that this would be nice, but seems unrelated to this pull, or would the batch feature require this RPC? |
The same is used for the rpc client/server timeout, so I think it seems more consistent to map |
1cc6b1c to
7deb571
Compare
|
forced pushed to 7deb571 added release notes and changed tests in this commit to use timeout=0 |
I would be open to using a negative value eg(-1) since any negative value rn throws an error. But I do think if we're using 0 else where we should either continue doing the same or change it there aswell |
There was a problem hiding this comment.
What would be a use case for encrypting a wallet and then setting a 3-year timeout? Maybe I'm missing something, but it seems like doing so should be explicit (as it is currently). I would expect users to pass as short a value as possible, i.e. a few seconds or minutes.
7deb571 to
a7bc5db
Compare
Setting a high timeout allows the user to run a wallet operation (of unknown duration) and then immediately re-lock it after it finished, see #28454 (comment). For example, this can be done inside a python context: print("wallet is locked")
with unlocked_wallet() as w:
w.getnewaddress()
print("wallet is now locked again")Where |
|
@kevkevinpal I think the OP is out of date. @MarcoFalke Thanks for the reply. It still seems safer to keep it explicit, so an application developer or cli user doesn't shoot themselves in the foot. As mentioned in #28454 (comment), this change would violate behaving in a way that most users will expect it to behave, and in a less secure direction. So I'm quite hesitant here. |
Sorry not sure what you mean here |
|
@kevkevinpal |
Thanks, updated the PR description to match the commit message |
|
I think that it would also be fine to only implement this for testnet and regtest. The wallet locking too soon has been a frequently occurring problem with wallet tests. If this is required for the batch feature however, then that is another case. |
0d65b4c to
c4ce733
Compare
Added if block to check if non-mainnet (let me know if you want to exclude signet for any reason). |
c4ce733 to
4e4ff8d
Compare
4e4ff8d to
9be4f3e
Compare
|
On a second thought, I wonder if someone uses |
I can switch it from 0 to -1 since negative values are not being used currently for |
9be4f3e to
0fc8db0
Compare
|
Removed non mainnet if block and switched to using -1 instead of 0 to set time as |
0fc8db0 to
7969c6b
Compare
In this change we allow the timeout for walletpassphrase to be set to MAX_SLEEP_TIME, if set as -1 then we then use the MAX_SLEEP_TIME amount context from PR 28403 added release notes for RPC Wallet Also tests were modified to use the max timeout amount using timeout = -1
7969c6b to
76b1c4c
Compare
In this change we allow the timeout for walletpassphrase to be
set to MAX_SLEEP_TIME,
if set as -1 then we then use the MAX_SLEEP_TIME amount
context from PR 28403
added release notes for RPC Wallet
Also tests were modified to use the max timeout amount using timeout = -1