TRB Keccak regrind - test results and notes
I had originally intended this to be a better version of the build instructions I mirrored from the foundation website, but decided to wait for the regrind before making a post, since the foundation planned on updating everything anyway. A few days later mod6 published a blog post detailing the steps he took to update the trb vtree from SHA512 to Keccak vpatches, so that is what will be covered in this post. What I did was, I went through all the similar steps just as in mod6's post, and I created my own keccak trb vtree, just as mod6 did. I then was able to confirm that my keccak trb vtree and his keccak trb tree are a mechanical match. I also did a diff of my keccak trb vtree against the original SHA512 vpatches, and we can see that only difference is the removal of the UTF8 character from genesis.vpatch.
You will need all of the dependencies listed on the bitcoin foundation website in the "how-to" section. A modified version of mod6's `v.pl` (that produces Keccak hashes) and a few other tools are also needed: these can be obtained from diana_coman's website. I no longer use nor support any other flavor of Linux besides Gentoo for any projects discussed on this site , so users of other distros will be required to do their own research to make all this work. I am using a Cuntoo chroot here, and for the sake of thoroughness, here is a list of the exact versions of the dependencies I used:
* sys-devel/bc 1.06.95-r2 * sys-devel/gcc 4.9.4 * app-crypt/gnupg 1.4.10 * net-misc/wget 1.19.5 * net-misc/curl 7.61.1 * dev-lang/perl 5.24.3-r1 * sys-devel/patch 2.7.6-r2 * net-misc/rsync 3.1.3 * sys-apps/coreutils 8.29-r1 * app-arch/unzip 6.0_p21-r2 * app-arch/bzip2 1.0.6-r10 * app-arch/cpio 2.12-r1
A working Ada setup is required to build vk.pl and the tools from diana-coman's starter pack. mod6 also wrote a handy and very detailed guide to doing this here. Since I am using a clean chroot to perform all these steps, I needed to install a new copy of Adacore, so I proceeded to grab a copy of the gnat-gpl-2016-x86_64 version from the AdaCore website here, though for some reason the page 404'd at the time I was doing these tests. Fortunately diana_coman also has this preserved on her website here for those that might need it in the future.
Once that was installed, I checked to ensure it was, in fact, the proper version:
Perfect! Building the starter pack is very painless and took less than a minute for me.
Now I moved on to the actual regrind by setting up the suggested sandbox and moving down the list of steps in mod6's blog post. This also went quite painlessly, my only snafu being I forgot to add back a hyphen "-" for the utf-8 char removed from line 118 of util.h, which caused a byte mismatch later in the process. Once that was done, I had no other problems with the process and was ready to test using mod6's experimental patchset and seals which he handily provides here, along with the signature for same. This part requires one follow the `OFFLINE` build steps from the foundation website, so it will be necessary to download the dependencies from deedbot if you don't have a copy stored somewhere already. I put all the links inside a bash script, intentionally leaving off the -sSL flags so I could observe their download progress.
cd deps/ cat >eu.sh<<EOF curl http://deedbot.org/deed-430460-2.txt > rotor.tar.gz.asc curl http://deedbot.org/deed-430460-1.txt > rotor-db-configure-fix.patch.asc curl http://deedbot.org/deed-422651-1.txt > boost_1_52_0.tar.bz2.asc curl http://deedbot.org/deed-422651-2.txt > buildroot-2015.05.tar.gz.asc curl http://deedbot.org/deed-422651-3.txt > db-4.8.30.tar.gz.asc curl http://deedbot.org/deed-422651-4.txt > openssl-1.0.1g.tar.gz.asc curl http://deedbot.org/deed-427443-1.txt > binutils-2.24.tar.bz2.asc curl http://deedbot.org/deed-427443-2.txt > busybox-1.23.2.tar.bz2.asc curl http://deedbot.org/deed-427443-3.txt > expat-2.1.0.tar.gz.asc curl http://deedbot.org/deed-427443-4.txt > fakeroot_1.18.4.orig.tar.bz2.asc curl http://deedbot.org/deed-427443-5.txt > gcc-4.9.2.tar.bz2.asc curl http://deedbot.org/deed-427443-6.txt > gdb-7.8.2.tar.xz.asc curl http://deedbot.org/deed-427443-7.txt > gmp-6.0.0a.tar.xz.asc curl http://deedbot.org/deed-427443-8.txt > linux-3.18.14.tar.xz.asc curl http://deedbot.org/deed-427443-9.txt > m4-1.4.17.tar.xz.asc curl http://deedbot.org/deed-427443-10.txt> mpc-1.0.3.tar.gz.asc curl http://deedbot.org/deed-427443-11.txt> mpfr-3.1.2.tar.xz.asc curl http://deedbot.org/deed-427443-12.txt> musl-1.1.8.tar.gz.asc curl http://deedbot.org/deed-427443-13.txt> ncurses-5.9.tar.gz.asc curl http://deedbot.org/deed-427443-14.txt> pkgconf-0.8.9.tar.bz2.asc EOF chmod +x deps.sh ./deps.sh
After enjoying un cafecito, the dependencies were finished downloading, so I deleted the script and changed back to the bitcoin directory. A simple `make` completes the process. I encountered no hiccups, and roughly a half hour or so later had a nice shiny bitcoind produced using vk.pl and the keccak patchset only.
In the interests of science, and to ensure repeatable results I went a step further and redid all the regrind steps in a fresh sandbox, and signed a copy of all the patches with my gpg key. Before performing a press I put mod6's copy of the patches in a directory `a` and mine in a directory `b` and ran `diff -uNr a b` against them to ensure they matched, which they did. This build also went fine with no errors, and output a 4.7M to bin/. Now let's test it:
In conclusion, this work represents an outstanding effort on the part of mod6 to ensure trb remains unmolested in the future. I have uploaded my copies of the resulting patches and the corresponding seals here for those that wish to compare them with their own during testing.