Add ZeroMQ notifications

[str4d]

Cherry-picked from the following upstream PRs:

• Add ZeroMQ notifications bitcoin/bitcoin#6103
• depends: fix platform specific packages variable bitcoin/bitcoin#6684
• [travis] add zmq python module, re-enable zmq rpc tests bitcoin/bitcoin#6686
• Require ZMQ version 4.x and update/cleanup zmq docs bitcoin/bitcoin#6736
• Trivial: start the help texts with lowercase bitcoin/bitcoin#6739
• autotools: move checking for zmq library to common area in configure.ac bitcoin/bitcoin#6743
• zmq: update docs to reflect feature is compiled in automatically bitcoin/bitcoin#6768
• build: Make use of ZMQ_CFLAGS bitcoin/bitcoin#6779
• zmq: point API link to 4.0 as that is what we are conforming to bitcoin/bitcoin#6810
• Fix ZMQ Notification initialization and shutdown bitcoin/bitcoin#6927
• [Depends] Bump Boost, miniupnpc, ccache & zeromq bitcoin/bitcoin#6980 (only upgrading zeromq)
• use CBlockIndex* insted of uint256 for UpdatedBlockTip signal bitcoin/bitcoin#6680
• Fix ZMQ docs - Improve logging bitcoin/bitcoin#7058
• Fixes ZMQ startup with bad arguments. bitcoin/bitcoin#7621
• [qa] Fix pyton syntax in rpc tests bitcoin/bitcoin#7335 (only parts affecting zmq_test.py)
• [qa] py2: Unfiddle strings into bytes explicitly bitcoin/bitcoin#7853 (only parts affecting zmq_test.py)
• [ZMQ] append a message sequence number to every ZMQ notification bitcoin/bitcoin#7762
• [depends] Bump Freetype, ccache, ZeroMQ, miniupnpc, expat bitcoin/bitcoin#7993 (only upgrading zeromq)
• [WIP][depends] ZeroMQ 4.1.5 && ZMQ on Windows bitcoin/bitcoin#8238
• [copyright] add MIT License copyright header to zmq_sub.py bitcoin/bitcoin#8701
• fix rpc-tests.sh bitcoin/bitcoin#6685

Closes #2020.

[str4d]

Before merging this, Buildbot needs to be updated to pip install zmq before running the RPC tests, as that is now a dependency.

[daira]

contrib/debian/copyright needs an entry for depends/sources/zeromq-*.tar.gz.

[daira]

Files: depends/sources/zeromq-*.tar.gz
Copyright:
 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
 2007-2014 iMatix Corporation
 2009-2011 250bpm s.r.o.
 2010-2011 Miru Limited
 2011 VMware, Inc.
 2012 Spotify AB
 2013 Ericsson AB
 2014 AppDynamics Inc.
 2015-2016 Brocade Communications Systems Inc.
License: LGPL-with-ZeroMQ-exception

License: LGPL-with-ZeroMQ-exception
 GNU LESSER GENERAL PUBLIC LICENSE
 Version 3, 29 June 2007
 .
 On Debian systems the GNU Lesser General Public License (LGPL) is
 located in '/usr/share/common-licenses/LGPL'.
 .
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 --------------------------------------------------------------------------------
 SPECIAL EXCEPTION GRANTED BY COPYRIGHT HOLDERS
 .
 As a special exception, copyright holders give you permission to link this
 library with independent modules to produce an executable, regardless of
 the license terms of these independent modules, and to copy and distribute
 the resulting executable under terms of your choice, provided that you also
 meet, for each linked independent module, the terms and conditions of
 the license of that module. An independent module is a module which is not
 derived from or based on this library. If you modify this library, you must
 extend this exception to your version of the library.
  
 Note: this exception relieves you of any obligations under sections 4 and 5
 of this license, and section 6 of the GNU General Public License.
Comment:
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.

[daira]

... and add libzmq3-dev libzmq5-dev (see here) to Build-Depends in contrib/debian/control. [Edit: fixed link.]

Edit: I'm not sure this is necessary. If it is not, then remove the reference to libzmq*-dev from doc/zmq.md.

[daira]

The package.mk for libzmq builds it with the --without-libsodium --disable-curve options, which disables security and authentication features (I'm not sure of the exact details of what is disabled). Presumably this was intended by Bitcoin upstream because it's not the default, but is it what we want?

[daira]

libzmq has a new version 4.1.6. Its release notes since 4.1.5 are:

0MQ version 4.1.6 stable, released on 2016/11/01

• Fixed avoid asserting on getifaddrs failure zeromq/libzmq#2051 - getifaddrs can fail with ECONNREFUSED
• Fixed testutils won't compile when targeting windows xp zeromq/libzmq#2091 - testutil.hpp fails to build on Windows XP
• Fixed Problem: CMake build from dist tarball broken zeromq/libzmq#2096 - add tests/CMakeLists.in and version.rc.in to dist tar
• Fixed Problem: zmq_connect with IPv6 "source:port;dest:port" format is broken zeromq/libzmq#2107 - zmq_connect with IPv6 "source:port;dest:port" broken
• Fixed Problem: zmq_ctx_term asserts with connect-before-bind and sockets with identity over inproc transport zeromq/libzmq#2117 - ctx_term assert with inproc zmq_router connect-before-bind
• Fixed Socket monitor on TCP sockets uses internal Pair socket from multiple threads zeromq/libzmq#2158 - Socket monitor uses internal Pair from multiple threads
• Fixed Problem: messages dropped due to HWM race zeromq/libzmq#2161 - messages dropped due to HWM race
• Fixed Alignment issue with zmq_msg_t on SPARC CPU zeromq/libzmq#1325 - alignment issue with zmq_msg_t causes SIGBUS on SPARC and ARM

Some of these look like significant correctness and Denial of Service issues.

[daira]

zeromq/libzmq#2158 looks like undefined behaviour.

[daira]

Oh, the current libzmq version is actually 4.2.1 (release notes; see also the release notes for 4.2.0). In any case we should upgrade. I'm not sure whether there were any incompatible API changes between 4.1.x and 4.2.x. Edit: the release notes claim compatibility.

[str4d]

@daira wrote:

... and add libzmq3-dev libzmq5-dev (see here) to Build-Depends in contrib/debian/control.

The link doesn't make sense to me - could you elaborate?

Edit: I'm not sure this is necessary. If it is not, then remove the reference to libzmq*-dev from doc/zmq.md.

The impression I got from that section was that it was listed so if a downstream packager wants to use provided dependencies instead of the depends/ system, they know which package to use. So I'm +0 on removing the reference.

[str4d]

@daira wrote:

The package.mk for libzmq builds it with the --without-libsodium --disable-curve options, which disables security and authentication features (I'm not sure of the exact details of what is disabled). Presumably this was intended by Bitcoin upstream because it's not the default, but is it what we want?

--without-libsodium was added while upgrading from 4.0.7 to 4.1.4 (bitcoin/bitcoin#7993) to fix a build error.

--disable-curve was added while upgrading to 4.1.5 (bitcoin/bitcoin#8238). Upstream did not need it enabled because they don't have libsodium as a dependency, and thus before 4.2 could not use CURVE security. The default security is null (no security), and upstream didn't enable plain (password-based).

From 4.2.0 --without-libsodium is the default, as tweetnacl is used instead.

Now, we could enable CURVE security, but I expect it's not really necessary because the ZMQ interface is generally used from an internal network.

[daira]

ACK 4a8159343b0e1db2ff16dd138ab84271d2146774 and b418aa9027d3003a55089bdbcf2e6f55b46950f0.

[daira]

@str4d wrote:

@daira wrote:

... and add libzmq3-dev libzmq5-dev (see here) to Build-Depends in contrib/debian/control.

The link doesn't make sense to me - could you elaborate?

Sorry, cut-and-paste error. The intended link was http://zeromq.org/distro:debian .

I think we should update doc/zmq.md to say libzmq5-dev and to make it clearer that this is only needed when not using the depends system.

[daira]

@str4d wrote:

Now, we could enable CURVE security, but I expect it's not really necessary because the ZMQ interface is generally used from an internal network.

Hmm. Maybe we should just document (both in doc/zmq.md and doc/security-warnings.md) that ZMQ provides no authentication by default.

[bitcartel]

Upstream still on 4.1.5. Maybe they'll upgrade to 4.2.1. bitcoin/bitcoin#8639

[zkbot]

☔ The latest upstream changes (presumably #2072) made this pull request unmergeable. Please resolve the merge conflicts.

[str4d]

Rebased on master to fix merge conflict, and addressed @daira's comments.

Hmm. Maybe we should just document (both in doc/zmq.md and doc/security-warnings.md) that ZMQ provides no authentication by default.

This is already documented in doc/zmq.md by upstream (see here and here).

[bitcartel]

@zkbot try

[zkbot]

⌛ Trying commit edcec14 with merge 36df5a9...

[zkbot]

💔 Test failed - zcash

[bitcartel]

@str4d See above:
=== Running testscript --mineblock ===
./qa/pull-tester/rpc-tests.sh: line 77: /home/admin/bbs/zcash/build/qa/rpc-tests/--mineblock: No such file or directory
!!! FAIL: --mineblock !!!

[str4d]

@bitcartel there was an upstream PR I missed that fixed it.

@zkbot try

[zkbot]

⌛ Trying commit 9bbc220 with merge dd8b383...

[zkbot]

☀️ Test successful - zcash

[daira]

utACK

[bitcartel]

ACK

[bitcartel]

@zkbot r+

[zkbot]

📌 Commit 9bbc220 has been approved by bitcartel

[zkbot]

⌛ Testing commit 9bbc220 with merge 253c610...

[zkbot]

☀️ Test successful - zcash