c0bdd51 Daemon should now exit on conflicting checkpoints (Thomas Winget)
f0b4138 various changes to runtime checkpoint updating (Thomas Winget)
7568f89 Fixed segfault with checkpoints loading (Thomas Winget)
b261d92 DNS checkpoint updating added, and daemon flag to enforce them (Thomas Winget)
30caebf reload checkpoints file every ~hr and print if any fail (Thomas Winget)
0e14491 updated DNSResolver/things that use it for DNSSEC (Thomas Winget)
6f2c2e1 Adding an identical existing checkpoint should not error (Thomas Winget)
If the "enforce DNS checkpoints" flag is not enabled, it should not exit
if DNS checkpoints conflict with the others, but should still print a
warning to the user.
json checkpoints will be checked every 10 minutes, dns every 60.
json checkpoints always enforced, dns still with flag.
conflicting checkpoints is hard fail, but soft if dns enforce flag not
set and dns checkpoints are wonky.
Bounds checking on blockchain_storage' m_blocks.size() when validating
against checkpoints. Also moved initial json & DNS checkpoints load to
after blockchain init.
The daemon should now check for updated checkpoints from
checkpoints.moneropulse.org as well as from the configured json file
every ~1hr (and on launch).
The daemon now has a flag to enable enforcing these checkpoints (rather
than just printing a warning when they fail).
TODO: an easily configurable list of DNS servers to check for
checkpoints as opposed to the hard-coded "checkpoints.moneropulse.org"
Note: DNSResolver does not yet *use* DNSSEC, but rather this commit is
preparation for including DNSSEC validation. The function in
src/wallet/wallet2.cpp that uses DNSResolver still needs its parameters
updated accordingly.
For checkpoints being read at runtime to work correctly, the checkpoint
add code needs to not return false if a checkpoint is added that already
exists. In this case, instead return false if the checkpoint is for a
height that already has a checkpoint and the hashes are different.
ldns dependency was only still around for constants defined in ldns/rr.h,
but those constants are RFC specified DNS constants, and to reduce deps
have been replicated in dns_utils.h instead of including ldns/rr.h.
Oran Juice