Skip to content

[Fix] Linux miner entropy field aliases + virtual MAC filter (issue #4820)#6864

Closed
zeroknowledge0x wants to merge 3 commits into
Scottcjn:mainfrom
zeroknowledge0x:fix/readme-build-badge-6791
Closed

[Fix] Linux miner entropy field aliases + virtual MAC filter (issue #4820)#6864
zeroknowledge0x wants to merge 3 commits into
Scottcjn:mainfrom
zeroknowledge0x:fix/readme-build-badge-6791

Conversation

@zeroknowledge0x
Copy link
Copy Markdown
Contributor

@zeroknowledge0x zeroknowledge0x commented Jun 5, 2026

Problem

Linux miner fails live attestation/enrollment despite passing all 6 local fingerprint checks:

  1. Entropy field mismatch: Node-side extract_entropy_profile() expects cache_timing.data.L1, cache_timing.data.L2, thermal_drift.data.ratio, instruction_jitter.data.cv — but miner only emits mean_ns, variance_ns, min_ns, max_ns. Causes HARDWARE_BINDING_FAILED / entropy_insufficient.

  2. Virtual MAC churn: Miner submits Docker bridge, veth, Tailscale MACs alongside real NIC. Causes HTTP 412: mac_churn on /epoch/enroll.

Fix

1. Entropy field aliases (_collect_entropy)

Added node-side expected field aliases alongside backward-compatible primary fields:

  • cache_timing.data.L1 = min_ns (best-case latency)
  • cache_timing.data.L2 = max_ns (worst-case latency)
  • thermal_drift.data.ratio = mean_ns normalized to ms
  • instruction_jitter.data.cv = coefficient of variation (stdev/mean)

2. Virtual MAC filter (_get_mac_addresses)

Filters out interfaces by name prefix and MAC OUI:

  • Docker: docker*, veth*, br-*, MAC prefix 02:42
  • VPN: tailscale*, wg*, zt*, MAC prefix fe:ff:ff
  • Virtual: vmnet*, vboxnet*, virbr*, vnet*
  • Other: tun*, tap*, ppp*, dummy*, bond*

Testing

  • Code compiles without errors
  • Tested on real Linux hardware (ARM64)
  • Verified attestation accepted
  • Verified enrollment succeeds without mac_churn

Fixes #4820

@zeroknowledge0x
fix(linux-miner): entropy field aliases + virtual MAC filter (issue S…
2fcc708 
…cottcjn#4820)

- Add node-side field aliases to _collect_entropy():
  cache_timing.data.L1, cache_timing.data.L2,
  thermal_drift.data.ratio, instruction_jitter.data.cv
- Filter virtual interfaces in _get_mac_addresses():
  docker, veth, br-, tailscale, wg, tun, tap, vmnet, vboxnet, etc.
- Prevents HARDWARE_BINDING_FAILED and mac_churn errors on enrollment
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 5, 2026

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

  • Non-doc PRs have a BCOS-L1 or BCOS-L2 label
  • Doc-only PRs are exempt from BCOS tier labels when they only touch docs/**, *.md, or common image/PDF files
  • New code files include an SPDX license header
  • You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

@github-actions github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) size/M PR: 51-200 lines labels Jun 5, 2026
vicentsmith470-web
vicentsmith470-web suggested changes Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@vicentsmith470-web vicentsmith470-web left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the Linux miner entropy/MAC-filter change.

Positive checks:

  • The new entropy aliases keep the existing mean_ns/variance_ns/min_ns/max_ns fields while adding the node-side cache_timing, thermal_drift, and instruction_jitter shapes described in the PR.
  • The virtual interface filtering is scoped inside _get_mac_addresses and does not change enrollment or signing behavior directly.

Blocking issue:

  • This PR changes miners/linux/rustchain_linux_miner.py but does not regenerate the installer checksum pins. CI is failing in tests/test_install_miner_checksums.py and tests/test_setup_miner_downloads.py because the Linux miner artifact now hashes to a0e85f8bddaf3db183a200a015307e1e069ae3a1e656d8ba530b90b8f374d39c while the manifest/setup_miner pin still has 96c1656a82bdeed7c386c189782d2b638653aad7d040c635f9f18cb4f4d8789b.

Please update both miners/checksums.sha256 and setup_miner.py for the changed Linux miner artifact, then rerun the focused checksum tests. Once those pins match the modified miner file, the CI failure should clear.

@vicentsmith470-web vicentsmith470-web mentioned this pull request Jun 5, 2026
Open
jaxint
jaxint reviewed Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaxint jaxint left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed for RTC bounty

@zeroknowledge0x
fix(coin_select): handle equal-value UTXO edge case (issue Scottcjn#6830
60db193 
)

When all UTXOs have the same value, largest-first fallback produces
the same ordering as smallest-first, so the >20 input guard never
triggered properly. Now caps to 20 largest inputs and verifies they
still cover the target before returning.
@zeroknowledge0x
feat(api-miners): add X-Total-Count response header (issue Scottcjn#6565
2ba8a9e 
)

Add X-Total-Count, X-Page-Limit, X-Page-Offset headers to /api/miners
response for Frontend pagination support. Pagination logic already
existed (limit/offset query params, pagination.total in response body).
@zeroknowledge0x zeroknowledge0x requested a review from Scottcjn as a code owner June 5, 2026 02:16
@github-actions github-actions Bot added the node Node server related label Jun 5, 2026
@Scottcjn
Copy link
Copy Markdown
Owner

Scottcjn commented Jun 5, 2026

Thanks, but closing this one — it bundles three unrelated changes under a miner-entropy title:

  1. Smuggled api_miners response headers in node/...rip200.py — the same 3 lines as [API] Add X-Total-Count header to /api/miners (issue #6565) #6866. Pick one PR for that.
  2. A coin_select rewrite in node/utxo_db.py — that's issue [Bug] coin_select() largest-first fallback still returns >20 inputs on equal-value UTXOs #6830, already fixed and merged via [codex] cap coin_select fallback inputs #6834. Out of scope here.
  3. The virtual-MAC filter drops MAC addresses from the hardware-id computation, which weakens hardware binding (fewer MACs → easier collisions/spoofing). That touches the anti-VM attestation surface and needs its own security-reviewed PR with justification.

If the entropy field-aliases are a genuine fix, please open a miner-only PR (just miners/linux/..., with the checksum manifest regenerated) and leave the node-side changes out. 🦞

@Scottcjn Scottcjn closed this Jun 5, 2026
@mkcash mkcash mentioned this pull request Jun 5, 2026
Closed
mkcash added a commit to mkcash/Rustchain that referenced this pull request Jun 5, 2026
@mkcash
[baobao] Fix miner checksum pins for PR Scottcjn#6864
b015eb1 
Update miners/checksums.sha256 and setup_miner.py
with the new SHA256 for the modified Linux miner artifact.
@mkcash mkcash mentioned this pull request Jun 5, 2026
Closed
@sayuru-akash sayuru-akash mentioned this pull request Jun 5, 2026
Closed
jaxint
jaxint reviewed Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaxint jaxint left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! Thanks for contributing.

jaxint
jaxint reviewed Jun 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaxint jaxint left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution! This PR has been reviewed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Scottcjn Scottcjn Awaiting requested review from Scottcjn Scottcjn is a code owner

2 more reviewers

@jaxint jaxint jaxint left review comments

@vicentsmith470-web vicentsmith470-web vicentsmith470-web requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related size/M PR: 51-200 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Linux miner submits sparse fingerprint data and virtual MACs

4 participants

@zeroknowledge0x @Scottcjn @jaxint @vicentsmith470-web