SomberNight
d951a3d2f4
To limit attack surface. Context: - both in daemon mode and in GUI mode, we start an RPC server - the RPC server uses HTTP basic auth, with a random password that is saved in the config file - read access to the config file implies access to the RPC server - the traffic is unencrypted - by default the server listens - on Windows, on localhost TCP - all other platform, via unix domain sockets - if an attacker can listen to localhost TCP traffic, and there was traffic - they could see the plaintext RPC password and issue their own commands - e.g. if wireshark was already installed on the system, this might not require root access - the "ping" and "gui" commands are used by everyday operations that affect most users: - "ping" is used when trying to launch a second instance of electrum, to contact the first instance and enforce "singleton" behaviour - "gui" is used for URI handling (`$ xdg-open bitcoin:asdasd`) - many other sensitive commands, that operate on wallets, require *also* the wallet password - but note that wallet.unlock can be used by the user to bypass this and store the wallet password in memory (exposed in GUI) I propose locking down the RPC server when running in GUI mode: - we still start it, as it is used for "ping" and "gui" RPCs, however we disable all other RPCs - we could opt-in enable it, using a config var, except that ofc would not help against an attacker that has filesystem write access to the config file - so I think it's even safer to just "hardcode" disable it: however the functionality is useful for development - I propose we branch based on `constants.net.TESTNET` - an alternative we could branch on that is hard to fake is `is_git_clone` in run_electrum
Electrum - Lightweight Bitcoin client
Licence: MIT Licence
Author: Thomas Voegtlin
Language: Python (>= 3.10)
Homepage: https://electrum.org/
Getting started
(If you've come here looking to simply run Electrum, you may download it here.)
Electrum itself is pure Python, and so are most of the required dependencies, but not everything. The following sections describe how to run from source, but here is a TL;DR:
$ sudo apt-get install libsecp256k1-dev
$ ELECTRUM_ECC_DONT_COMPILE=1 python3 -m pip install --user ".[gui,crypto]"
Not pure-python dependencies
Qt GUI
If you want to use the Qt interface, install the Qt dependencies:
$ sudo apt-get install python3-pyqt6
libsecp256k1
For elliptic curve operations, libsecp256k1 is a required dependency.
If you "pip install" Electrum, by default libsecp will get compiled locally,
as part of the electrum-ecc dependency. This can be opted-out of,
by setting the ELECTRUM_ECC_DONT_COMPILE=1 environment variable.
For the compilation to work, besides a C compiler, you need at least:
$ sudo apt-get install automake libtool
If you opt out of the compilation, you need to provide libsecp in another way, e.g.:
$ sudo apt-get install libsecp256k1-dev
cryptography
Due to the need for fast symmetric ciphers, cryptography is required. Install from your package manager (or from pip):
$ sudo apt-get install python3-cryptography
hardware-wallet support
If you would like hardware wallet support, see this.
Running from tar.gz
If you downloaded the official package (tar.gz), you can run Electrum from its root directory without installing it on your system; all the pure python dependencies are included in the 'packages' directory. To run Electrum from its root directory, just do:
$ ./run_electrum
You can also install Electrum on your system, by running this command:
$ sudo apt-get install python3-setuptools python3-pip
$ python3 -m pip install --user .
This will download and install the Python dependencies used by
Electrum instead of using the 'packages' directory.
It will also place an executable named electrum in ~/.local/bin,
so make sure that is on your PATH variable.
Development version (git clone)
(For OS-specific instructions, see here for Windows, and for macOS)
Check out the code from GitHub:
$ git clone https://github.com/spesmilo/electrum.git
$ cd electrum
$ git submodule update --init
Run install (this should install dependencies):
$ python3 -m pip install --user -e .
Create translations (optional):
$ sudo apt-get install gettext
$ ./contrib/locale/build_locale.sh electrum/locale/locale electrum/locale/locale
Finally, to start Electrum:
$ ./run_electrum
Run tests
Run unit tests with pytest:
$ pytest tests -v
(can be parallelized with -n auto option, using pytest-xdist plugin)
To run a single file, specify it directly like this:
$ pytest tests/test_bitcoin.py -v
Creating Binaries
Contributing
Any help testing the software, reporting or fixing bugs, reviewing pull requests and recent changes, writing tests, or helping with outstanding issues is very welcome. Implementing new features, or improving/refactoring the codebase, is of course also welcome, but to avoid wasted effort, especially for larger changes, we encourage discussing these on the issue tracker or IRC first.
Besides GitHub,
most communication about Electrum development happens on IRC, in the
#electrum channel on Libera Chat. The easiest way to participate on IRC is
with the web client, web.libera.chat.
Please improve translations on Crowdin.