I wrote this in the github editor, so no promises that it compiles, but this should avoid several extra heap allocations and moves while fetching the mempool, and, more importantly, get electrs out of an infinite loop of fetching the full mempool forever when there exist RBF transactions.
This adds more informtion about cookie deprecation, especially
motivation, so the users won't be frustrated because of unexplained
change. It also removes a warning that's no longer applicable.
This adds `auth` option and deprecates `cookie` which has a confusing
name. It's effectively renaming but we pretend it is not to avoid people
blindly changing the name without second thought.
Closes#349 (a new tracking issue will be created)
* `arc_swap` and `smallvec` fix security vulnerabilities
* `configure_me` and `configure_me_codegen` update toml dependency
leading to deduplication and shorter compile times
* `log` upgrades dependency on `cfg-if` bringing us closer to
deduplicating it.
Closes#354
This change takes several steps towards avoiding footguns when
configuring `electrs`:
* Moves config_spec.toml out of sight of non-developers
* Provides a configuration example
* Mentions the example in the docs
According to `cargo audit` crates `rust-crypto`, `dirs` and `failure`
are unmaintained/deprecated. This change replaces former two.
Unfortunately `failure` can't be replaced because it's a transitive
dependency of `rocksdb`, which is pinned. Fortunately it's in build
script only, which should have no noticable effect on the quality of
`electrs` itself.
As a nice side effect this should remove a bunch of useless code since
we pull only specifically `sha2` without bundling other cryptography.
The older version of `prometheus` depended on an old version of `spin`
which had a vulnerability related to locking. The new version of
prometheus doesn't use `spin` anymore so that the vulnerability is
fixed. Note that the vulnerability was unlikely on `x86_64` machines but
likely on ARM. `electrs` seems to be quite popular on various SBCs such
as Raspberry Pi, so fixing this is important.
More information: https://rustsec.org/advisories/RUSTSEC-2019-0013
Thankfully, `electrs` compiles with new `prometheus` without changes
despite it being semver breaking.
The old version of `lru` uses `std::mem::uninitialized()` which is UB
and actually panicks in the tests when compiled with Rust 1.48. (1.48
intentionally turned this UB to panicking.)
While 0.6.1 is breaking change according to semver rules it turns out no
code change was needed, just version bump.
This adds four GitHub issue templates with these properties:
* Nudge people to read the docs
* Nudge inexperienced people to use automation
* Nudge people to provide important information (env, logs...)
* Assign myself (Kixunil) in case of build and config issues
* The mentioned Debian repository is now considered beta, make the
wording much less scary.
* Documented how to link rocksdb dynamically and what are the pros/cons
* Documented how to cross compile
* Added `--locked` parameter to `cargo build` to prevent `cargo` from
updating lock file
* Use `./target/release/electrs` instead of `cargo run` to avoid
rebuilding footguns
* Added a link to in-depth explanation of cookie security
