Add ability to flush keypool and always flush when upgrading non-HD to HD #23093
Conversation
|
I would really prefer that we just add a new parameter rather overloading Instead of checking the versions and then calling IMO the automatic keypool flush should be optional behavior though. I think it would be better if that were an option to |
|
@achow101 Sure, do you think the option should default to flushing or not though? |
|
I would prefer to keep the existing behavior as default, so default to not flushing. Edit: Discussed briefly on IRC, flushing after upgrading to HD is fine. Flushing after every upgrade is not IMO. |
A thousand times. |
|
ACK 84fa19c |
Agree; only once, so that users upgrading can use the new address tyeps. Definitely not for every upgrade. |
👍 (note this is already the behaviour in this PR) |
Concept ACK then! |
| static RPCHelpMan newkeypool() | ||
| { | ||
| return RPCHelpMan{"newkeypool", | ||
| "\nEntirely clears and refills the keypool."+ |
There was a problem hiding this comment.
We might want to be precise in documenting what "clears" means. I understand the keys will not be dealed out anymore by getnewaddress. But what happens to the keys in the old keypool? Are they deleted from the wallet, or still considered for incoming transactions? (I guess the latter)
There was a problem hiding this comment.
what happens to the keys in the old keypool? Are they deleted from the wallet, or still considered for incoming transactions? (I guess the latter)
FWIW; if the keys in the pool, not extracted using getnewaddress, can be queried using some wallet software other than Core, then concept NACK to make it the default behavior (I think I've read that was going to be the topic of a different future PR).
OTOH, if they can't be queried, are somehow sealed and inaccessible, then why at all hold them (they are non-HD)?
There was a problem hiding this comment.
@laanwj they're marked as used and remain stored but won't be returned from getnewaddress. I'll try and improve the helptext.
@katesalazar I'm not sure what you mean about other software retrieving them - do you mean another piece of software that opens Core wallet.dat files? Otherwise no, without opening the wallet file there is no way an external program could "guess" what the addresses were going to be? Sorry if I'm misunderstanding your point but I don't see anything wrong.
There was a problem hiding this comment.
do you mean another piece of software that opens Core wallet.dat files?
yea
There was a problem hiding this comment.
@katesalazar Perhaps I'm not understanding you, because I don't see the relevance.
For context, Bitcoin Core wallets distinguish between the set of addresses/keys that are considered part of the wallet (i.e., transactions to them will be treated as incoming payments), and addresses that are given out as new addresses for receiving.
What this PR does is permit refreshing the new addresses that will be given out, but the old ones remain valid for incoming transactions. They can also be queried still by various RPCs that dump things; they just won't be given out by getnewaddress and related procedures.
There was a problem hiding this comment.
OK, I understand Samuel better now. Thanks.
There was a problem hiding this comment.
I think "consumes" is clearer than "clears".
|
I'd like coverage of change addresses being flushed and the rewording, otherwise looks correct to me |
|
Concept ACK |
|
Added new commit 6531599 to avoid invalidating previous ACKs. New commit adds test that |
|
Sorry for the late comment, but I'm curious about the impact of using the If there's a possible footgun here, it might be worth documenting it in the RPC help. |
…nd and wallet backups a2a9231 rpc: Add warning to user about newkeypool command (Samuel Dobson) Pull request description: This PR prevents `newkeypool` from being run on non-HD wallets, because this would require a new backup every time, so it isn't very safe. David Harding also suggested [here](bitcoin/bitcoin#23093 (comment)) that the RPC help text should include a warning to the users about the interaction between newkeypool. ACKs for top commit: achow101: ACK a2a9231 Tree-SHA512: 0aa497900f1d179764bce13ffce0bb081ba2ca354492bf2e04b21d0212e960b3ed13a386fbf65602b6b50461f4056a0285752ef707d312da28e82449cd8ea048
…allet backups a2a9231 rpc: Add warning to user about newkeypool command (Samuel Dobson) Pull request description: This PR prevents `newkeypool` from being run on non-HD wallets, because this would require a new backup every time, so it isn't very safe. David Harding also suggested [here](bitcoin#23093 (comment)) that the RPC help text should include a warning to the users about the interaction between newkeypool. ACKs for top commit: achow101: ACK a2a9231 Tree-SHA512: 0aa497900f1d179764bce13ffce0bb081ba2ca354492bf2e04b21d0212e960b3ed13a386fbf65602b6b50461f4056a0285752ef707d312da28e82449cd8ea048
7 participants
This PR makes two main changes:
newkeypoolwhich will entirely flush and refill the keypool.This PR is motivated by a number of users with old, pre-compressed-key wallets upgrading them and being confused about why they still can't generate p2sh-segwit or bech32 addresses -- this is due to uncompressed keys remaining in the keypool post-upgrade and being illegal in these newer address formats. There is currently no easy way to flush the keypool other than to call
getnewaddressa hundred/thousand times or an ugly hack of using asethdseedcall.