Merge branch 'develop' of https://github.com/dashpay/dash into develop

Author: PastaPastaPasta

.github/workflows/build-depends.yml

@@ -11,6 +11,10 @@ on:
         description: "Path to built container at registry"
         required: true
         type: string
+      base-image-digest:
+        description: "Short hash of the CI base image manifest for cache busting"
+        required: true
+        type: string
       runs-on:
         description: "Runner label to use (e.g., ubuntu-24.04 or ubuntu-24.04-arm)"
         required: true
@@ -33,6 +37,7 @@ jobs:
     outputs:
       cache-hit: ${{ steps.cache-check.outputs.cache-hit }}
       cache-key: ${{ steps.setup.outputs.cache-key }}
+      cache-key-prefix: ${{ steps.setup.outputs.cache-key-prefix }}
       host: ${{ steps.setup.outputs.HOST }}
       dep-opts: ${{ steps.setup.outputs.DEP_OPTS }}
     steps:
@@ -62,7 +67,9 @@ jobs:
           echo "DEP_HASH=${DEP_HASH}" >> "${GITHUB_OUTPUT}"
           DOCKERFILE_HASH="${{ hashFiles('contrib/containers/ci/ci.Dockerfile', 'contrib/containers/ci/ci-slim.Dockerfile') }}"
           PACKAGES_HASH="${{ hashFiles('depends/packages/*', 'depends/Makefile') }}"
-          CACHE_KEY="depends-${DOCKERFILE_HASH}-${{ inputs.runs-on }}-${{ inputs.build-target }}-${DEP_HASH}-${PACKAGES_HASH}"
+          CACHE_KEY_PREFIX="depends-${DOCKERFILE_HASH}-${{ inputs.base-image-digest }}-${{ inputs.runs-on }}-${{ inputs.build-target }}"
+          CACHE_KEY="${CACHE_KEY_PREFIX}-${DEP_HASH}-${PACKAGES_HASH}"
+          echo "cache-key-prefix=${CACHE_KEY_PREFIX}" >> "${GITHUB_OUTPUT}"
           echo "cache-key=${CACHE_KEY}" >> "${GITHUB_OUTPUT}"
           echo "Cache key: ${CACHE_KEY}"
         shell: bash
@@ -124,7 +131,7 @@ jobs:
           path: depends/built/${{ needs.check-cache.outputs.host }}
           key: ${{ needs.check-cache.outputs.cache-key }}
           restore-keys: |
-            depends-${{ hashFiles('contrib/containers/ci/ci.Dockerfile', 'contrib/containers/ci/ci-slim.Dockerfile') }}-${{ inputs.build-target }}-
+            ${{ needs.check-cache.outputs.cache-key-prefix }}-
 
       - name: Build depends
         run: |

.github/workflows/build.yml

@@ -21,14 +21,16 @@ concurrency:
 jobs:
   check-skip:
     name: Check skip conditions
-    runs-on: ${{ vars.RUNNER_AMD64 || 'ubuntu-24.04' }}
+    # Keep the bootstrap job cheap; RUNNER_CHECK_SKIP can point to a small Blacksmith ARM runner.
+    runs-on: ${{ vars.RUNNER_CHECK_SKIP || 'ubuntu-24.04-arm' }}
     outputs:
       skip: ${{ steps.skip-check.outputs.skip }}
       runner-amd64: ${{ steps.select-runner.outputs.runner_amd64 }}
       runner-arm64: ${{ steps.select-runner.outputs.runner_arm64 }}
       use-blacksmith: ${{ steps.select-runner.outputs.use_blacksmith }}
       backlog-count: ${{ steps.select-runner.outputs.backlog_count }}
       decision-reason: ${{ steps.select-runner.outputs.decision_reason }}
+      base-image-digest: ${{ steps.base-image.outputs.digest }}
     steps:
       - name: Check skip environment variables
         id: skip-check
@@ -58,6 +60,26 @@ jobs:
         run: |
           python3 .github/workflows/select_dynamic_runner.py
 
+      - name: Get base image digest
+        id: base-image
+        if: ${{ steps.skip-check.outputs.skip == 'false' }}
+        run: |
+          # Fetch the canonical manifest digest for ubuntu:noble so the
+          # depends cache key changes when Canonical pushes base image
+          # updates (which may bump compiler versions).
+          # Falls back to "unknown" on failure so CI is not blocked.
+          TOKEN="$(curl -fsSL --max-time 10 \
+            'https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/ubuntu:pull' \
+            | jq -r '.token')" || true
+          if [ -n "$TOKEN" ] && [ "$TOKEN" != "null" ]; then
+            DIGEST="$(curl -fsSL --max-time 10 \
+              -H "Authorization: Bearer $TOKEN" \
+              -H 'Accept: application/vnd.docker.distribution.manifest.list.v2+json' \
+              'https://registry-1.docker.io/v2/library/ubuntu/manifests/noble' \
+              -o /dev/null -D - | grep -i docker-content-digest | awk '{print $2}' | tr -d '\r' | sed 's/^sha256://')" || true
+          fi
+          echo "digest=${DIGEST:-unknown}" >> "$GITHUB_OUTPUT"
+
   cache-sources:
     name: Cache depends sources
     needs: [check-skip]
@@ -98,6 +120,7 @@ jobs:
     with:
       build-target: aarch64-linux
       container-path: ${{ needs.container.outputs.path }}
+      base-image-digest: ${{ needs.check-skip.outputs.base-image-digest }}
       runs-on: ${{ needs.check-skip.outputs['runner-amd64'] }}
 
   depends-linux64:
@@ -112,6 +135,7 @@ jobs:
     with:
       build-target: linux64
       container-path: ${{ needs.container.outputs.path }}
+      base-image-digest: ${{ needs.check-skip.outputs.base-image-digest }}
       runs-on: ${{ needs.check-skip.outputs['runner-amd64'] }}
 
   depends-linux64_multiprocess:
@@ -124,6 +148,7 @@ jobs:
     with:
       build-target: linux64_multiprocess
       container-path: ${{ needs.container.outputs.path }}
+      base-image-digest: ${{ needs.check-skip.outputs.base-image-digest }}
       runs-on: ${{ needs.check-skip.outputs['runner-arm64'] }}
 
   depends-linux64_nowallet:
@@ -134,6 +159,7 @@ jobs:
     with:
       build-target: linux64_nowallet
       container-path: ${{ needs.container.outputs.path }}
+      base-image-digest: ${{ needs.check-skip.outputs.base-image-digest }}
       runs-on: ${{ needs.check-skip.outputs['runner-amd64'] }}
 
   depends-mac:
@@ -144,6 +170,7 @@ jobs:
     with:
       build-target: mac
       container-path: ${{ needs.container.outputs.path }}
+      base-image-digest: ${{ needs.check-skip.outputs.base-image-digest }}
       runs-on: ${{ needs.check-skip.outputs['runner-amd64'] }}
 
   depends-win64:
@@ -154,6 +181,7 @@ jobs:
     with:
       build-target: win64
       container-path: ${{ needs.container.outputs.path }}
+      base-image-digest: ${{ needs.check-skip.outputs.base-image-digest }}
       runs-on: ${{ needs.check-skip.outputs['runner-amd64'] }}
 
   lint:

doc/policy/packages.md

@@ -68,24 +68,37 @@ test accepts):
 If any transactions in the package are already in the mempool, they are not submitted again
 ("deduplicated") and are thus excluded from this calculation.
 
-To meet the two feerate requirements of a mempool, i.e., the pre-configured minimum relay feerate
-(`minRelayTxFee`) and the dynamic mempool minimum feerate, the total package feerate is used instead
-of the individual feerate. The individual transactions are allowed to be below the feerate
-requirements if the package meets the feerate requirements. For example, the parent(s) in the
-package can pay no fees but be paid for by the child.
-
-*Rationale*: This can be thought of as "CPFP within a package," solving the issue of a parent not
-meeting minimum fees on its own. This would allow contracting applications to adjust their fees at
-broadcast time instead of overshooting or risking becoming stuck or pinned.
-
-*Rationale*: It would be incorrect to use the fees of transactions that are already in the mempool, as
-we do not want a transaction's fees to be double-counted.
+To meet the dynamic mempool minimum feerate, i.e., the feerate determined by the transactions
+evicted when the mempool reaches capacity (not the static minimum relay feerate), the total package
+feerate instead of individual feerate can be used. For example, if the mempool minimum feerate is
+5sat/vB and a 1sat/vB parent transaction has a high-feerate child, it may be accepted if
+submitted as a package.
+
+*Rationale*: This can be thought of as "CPFP within a package," solving the issue of a presigned
+transaction (i.e. in which a replacement transaction with a higher fee cannot be signed) being
+rejected from the mempool when transaction volume is high and the mempool minimum feerate rises.
+
+Note: Package feerate cannot be used to meet the minimum relay feerate (`-minrelaytxfee`)
+requirement. For example, if the mempool minimum feerate is 5sat/vB and the minimum relay feerate is
+set to 5satvB, a 1sat/vB parent transaction with a high-feerate child will not be accepted, even if
+submitted as a package.
+
+*Rationale*: Avoid situations in which the mempool contains non-bumped transactions below min relay
+feerate (which we consider to have pay 0 fees and thus receiving free relay). While package
+submission would ensure these transactions are bumped at the time of entry, it is not guaranteed
+that the transaction will always be bumped. For example, a later transaction could replace the
+fee-bumping child without still bumping the parent. These no-longer-bumped transactions should be
+removed during a replacement, but we do not have a DoS-resistant way of removing them or enforcing a
+limit on their quantity. Instead, prevent their entry into the mempool.
 
 Implementation Note: Transactions within a package are always validated individually first, and
 package validation is used for the transactions that failed. Since package feerate is only
 calculated using transactions that are not in the mempool, this implementation detail affects the
 outcome of package validation.
 
+*Rationale*: It would be incorrect to use the fees of transactions that are already in the mempool, as
+we do not want a transaction's fees to be double-counted.
+
 *Rationale*: We must not allow a low-feerate child to prevent its parent from being accepted; fees
 of children should not negatively impact their parents, since they are not necessary for the parents
 to be mined. More generally, if transaction B is not needed in order for transaction A to be mined,

doc/release-notes-26076.md

@@ -0,0 +1,13 @@
+RPC
+---
+
+- The `listdescriptors`, `decodepsbt` and similar RPC methods now show `h` rather than apostrophe (`'`) to indicate
+  hardened derivation. This does not apply when using the `private` parameter, which
+  matches the marker used when descriptor was generated or imported. Newly created
+  wallets use `h`. This change makes it easier to handle descriptor strings manually.
+  E.g. the `importdescriptors` RPC call is easiest to use `h` as the marker: `'["desc": ".../0h/..."]'`.
+  With this change `listdescriptors` will use `h`, so you can copy-paste the result,
+  without having to add escape characters or switch `'` to 'h' manually.
+  Note that this changes the descriptor checksum.
+  For legacy wallets the `hdkeypath` field in `getaddressinfo` is unchanged,
+  nor is the serialization format of wallet dumps. (#26076)

doc/release-process.md

@@ -36,6 +36,8 @@ Before every major release:
     `nBlocks` of 4096 (28 days) and a `bestblockhash` of RPC `getbestblockhash`; see
     [this pull request](https://github.com/dashpay/dash/pull/5692) for an example. Reviewers can verify the results by running
     `getchaintxstats <window_block_count> <window_final_block_hash>` with the `window_block_count` and `window_final_block_hash` from your output.
+* [ ] Prune inputs from the qa-assets repo (See [pruning
+  inputs](https://github.com/bitcoin-core/qa-assets#pruning-inputs)).
 
 ### First time / New builders
 

src/Makefile.am

@@ -270,6 +270,7 @@ BITCOIN_CORE_H = \
   instantsend/lock.h \
   instantsend/net_instantsend.h \
   instantsend/signing.h \
+  kernel/blockmanager_opts.h \
   kernel/coinstats.h \
   key.h \
   key_io.h \

src/Makefile.test.include

@@ -375,6 +375,7 @@ test_fuzz_fuzz_SOURCES = \
  test/fuzz/tx_pool.cpp \
  test/fuzz/txorphan.cpp \
  test/fuzz/utxo_snapshot.cpp \
+ test/fuzz/utxo_total_supply.cpp \
  test/fuzz/validation_load_mempool.cpp \
  test/fuzz/versionbits.cpp
 endif # ENABLE_FUZZ_BINARY

src/bench/block_assemble.cpp

@@ -32,7 +32,7 @@ static void AssembleBlock(benchmark::Bench& bench)
     std::array<CTransactionRef, NUM_BLOCKS - COINBASE_MATURITY + 1> txs;
     for (size_t b{0}; b < NUM_BLOCKS; ++b) {
         CMutableTransaction tx;
-        tx.vin.push_back(MineBlock(test_setup->m_node, SCRIPT_PUB));
+        tx.vin.emplace_back(MineBlock(test_setup->m_node, SCRIPT_PUB));
         tx.vin.back().scriptSig = scriptSig;
         tx.vout.emplace_back(1337, SCRIPT_PUB);
         if (NUM_BLOCKS - b >= COINBASE_MATURITY)

src/bench/coin_selection.cpp

@@ -5,6 +5,7 @@
 #include <bench/bench.h>
 #include <interfaces/chain.h>
 #include <node/context.h>
+#include <policy/policy.h>
 #include <wallet/coinselection.h>
 #include <wallet/spend.h>
 #include <wallet/wallet.h>
@@ -111,7 +112,7 @@ static void BnBExhaustion(benchmark::Bench& bench)
     bench.run([&] {
         // Benchmark
         CAmount target = make_hard_case(17, utxo_pool);
-        SelectCoinsBnB(utxo_pool, target, 0); // Should exhaust
+        SelectCoinsBnB(utxo_pool, target, 0, MAX_STANDARD_TX_SIZE); // Should exhaust
 
         // Cleanup
         utxo_pool.clear();

src/kernel/blockmanager_opts.h

@@ -0,0 +1,22 @@
+// Copyright (c) 2022 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_KERNEL_BLOCKMANAGER_OPTS_H
+#define BITCOIN_KERNEL_BLOCKMANAGER_OPTS_H
+
+class CChainParams;
+
+namespace kernel {
+
+/**
+ * An options struct for `BlockManager`, more ergonomically referred to as
+ * `BlockManager::Options` due to the using-declaration in `BlockManager`.
+ */
+struct BlockManagerOpts {
+    const CChainParams& chainparams;
+};
+
+} // namespace kernel
+
+#endif // BITCOIN_KERNEL_BLOCKMANAGER_OPTS_H