Final pre-release pass: setup/service/config fixes + privacy & API-exposure docs#109
Merged
Merged
Conversation
Four correctness/robustness fixes found in a final pre-release pass:
- setup: on a no-rebuild re-run, compile_xmrig returned before cd-ing into
the build dir, so generate_xmrig_config wrote config.json into $WORKER_ROOT
instead of xmrig/build/ where the service reads it (--config=$BUILD_DIR/
config.json). Config edits then silently never took effect. cd into the
build dir on the skip path, matching the rebuild and `apply` paths.
- service: the cpupower governor ExecStartPre had no `-` prefix, so on VM/
cloud kernels with no active cpufreq driver (or distros without cpupower)
it aborted startup and, with Restart=always, wedged the miner in a restart
loop. Make it best-effort.
- setup: validate the pool host in the first-run prompt before writing, so a
host-less URL like ":3333" can't be persisted and then rejected by
parse_config — which left a broken config.json that suppressed the prompt
on the re-run. New regression case (':3333') added.
- config: chmod 600 the generated live config (pool/wallet + API token) so a
root jq redirect can't leave it world-readable. Asserted in the suite.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…e cadence - SECURITY.md: new "What RigForge exposes (and what it doesn't)" section — no telemetry, honest 1% (zeroable) dev fee, and the read-only/token-gated `:8080` stats API that binds the LAN by default, with the exact ufw commands to firewall it off when not running Pithead. - README.md: concise "Privacy & security" section linking to SECURITY.md. - config.advanced.example.json: autotune schedule is monthly, not "nightly" (matched the code default and every other doc). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
diff-cover flagged rigforge.sh:248 (the `[...]` IPv6 arm of ensure_config_exists'
host validation) as the one uncovered changed line. Add an invalid IPv6 literal
('[zz]:3333') to the first-run bad-URL cases so the arm is exercised and the
"writes no config" guarantee is asserted for it too.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A final pre-release review pass (docs-for-new-users, docs-match-code, no privacy/logical gaps). Findings + fixes below. Lint clean, 604/604 tests pass.
🔴 Exposure (documented, no behavior change)
The XMRig HTTP API binds
0.0.0.0:8080by default. It's read-only (restricted: true) and token-gated (token is never empty in practice), so the real leak is small — but "my miner listens on all interfaces" is the thing the r/MoneroMining audience reacts to, and solo/public-pool users (the majority) don't need it at all. Per decision, kept the bind (Pithead needs it) and documented it loudly instead:SECURITY.md→ new "What RigForge exposes (and what it doesn't)" section: no telemetry, honest 1% (zeroable) dev fee, and exactly what:8080serves — plus theufwcommands to firewall it off when not running Pithead.README.md→ concise "🔒 Privacy & security" section linking to it.🐛 Logic bugs (fixed)
setupre-run wrote the config to the wrong directory. On a no-rebuild re-run,compile_xmrigreturned beforecd-ing into the build dir, sogenerate_xmrig_configemittedconfig.jsoninto$WORKER_ROOTinstead ofxmrig/build/where the service reads it — config edits silently never applied. Fixed bycd-ing on the skip path (matches the rebuild andapplypaths).cpupowercould wedge the service in a restart loop. The governorExecStartPrehad no-prefix; on VM/cloud kernels with no cpufreq driver it aborted startup withRestart=alwayschurn. Now best-effort.:3333passed the port check, got written, thenparse_confighard-failed — leaving a brokenconfig.jsonthat suppressed the re-prompt. Now validates the host before writing (+ regression test).🔒 Hardening / UX
chmod 600the generated live config (holds pool/wallet + API token) so a rootjqredirect can't leave it world-readable. Asserted in the suite.user, since the minimal config credits hashes to the hostname and nothing (incl.doctor) flags it.📄 Docs ↔ code
config.advanced.example.jsonsaid the autotune schedule was "nightly" (twice) — it's monthly in code and every other doc. Fixed.tuneflags, config keys/defaults, ports (3333/8080), paths, benchmark numbers.✅ Verified clean
No telemetry/phone-home; honest 1% dev fee (= XMRig's default, → XMRig's address, zeroable); source pinned and commit-verified; no security mitigations disabled; GRUB backed up + reversible; systemd unit hardened.
🤖 Generated with Claude Code