From ad4de9a37f3c536b496ee4ec17940b32136f0dd1 Mon Sep 17 00:00:00 2001 From: Joe Date: Fri, 9 Sep 2022 11:45:26 +0100 Subject: [PATCH 01/11] fix typo and add engine-api note --- content/docs/developers/geth-developer/Private-Network.md | 2 +- content/docs/interacting_with_geth/RPC/server.md | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/content/docs/developers/geth-developer/Private-Network.md b/content/docs/developers/geth-developer/Private-Network.md index ed1d6f7cf5..dadf8f0215 100644 --- a/content/docs/developers/geth-developer/Private-Network.md +++ b/content/docs/developers/geth-developer/Private-Network.md @@ -457,7 +457,7 @@ This account can then be unlocked and some ether sent to Node 2, using the follo ```javascript // unlock account -personal.unlock(eth.accounts[0]) +personal.unlockAccount(eth.accounts[0]) // send some Wei eth.sendTransaction({to: "0xc94d95a5106270775351eecfe43f97e8e75e59e8", from: eth.accounts[0], value: 25000}) diff --git a/content/docs/interacting_with_geth/RPC/server.md b/content/docs/interacting_with_geth/RPC/server.md index a45f6311c1..7409d1bf24 100644 --- a/content/docs/interacting_with_geth/RPC/server.md +++ b/content/docs/interacting_with_geth/RPC/server.md @@ -116,6 +116,12 @@ The following table summarizes the relative strengths and weaknesses of each tra As a general rule IPC is most secure because it is limited to interactions on the local machine and cannot be exposed to external traffic. It can also be used to subscribe to events. HTTP is a familiar and idempotent transport that closes connections between requests and can therefore have lower overall overheads if the number of requests is fairly low. Websockets provides a continuous open channel that can enable event subscriptions and streaming and handle large volumes of requests with smaller per-message overheads. +## Engine-API + +The Engine-API is a set of RPC methods that enable communication between Geth and the [consensus client](/docs/getting_started/consensus-clients.md). These are not designed to be exposed to the user - instead they are called automatically by the clients when they need to exchange information. The Engine API is enabled by default - the user is not required to pass any instruction to Geth to enable these methods. + +Read more in the [Engine API spec](https://github.com/ethereum/execution-apis/blob/main/src/engine/specification.md). + ## Summary From ea9a8c9555332c656cf2e48cc4e0b46e9f4e7125 Mon Sep 17 00:00:00 2001 From: Joe Date: Fri, 9 Sep 2022 12:05:55 +0100 Subject: [PATCH 02/11] move resources to docs, add about team section --- content/{ => docs}/resources.md | 18 +++++++++++++++++- content/homepage.md | 13 +++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) rename content/{ => docs}/resources.md (89%) diff --git a/content/resources.md b/content/docs/resources.md similarity index 89% rename from content/resources.md rename to content/docs/resources.md index 773f68b5eb..058b8d2c9d 100644 --- a/content/resources.md +++ b/content/docs/resources.md @@ -1,31 +1,47 @@ --- title: resources -description: read, watch and listen more about Geth and Ethereum +description: Read, watch and listen more about Geth and Ethereum --- +Here are more resources for a deeper understanding of Geth and related topics. ## Read [Geth team AMA: August 2022](https://www.reddit.com/r/cryptoall/comments/wpr6dk/ama_we_are_the_go_ethereum_geth_team_18_august/) + [Ethereum stack exchange](https://ethereum.stackexchange.com/) ## Watch [Péter at ETH Prage 2022: Ethereum in numbers: where TPS meets physics](https://www.youtube.com/watch?v=TdsaVoJiy3g) + [Marius at ETH Amsterdam 2022: Deep dive into Geth](https://www.youtube.com/watch?v=c4N79UXZqSc) + [Péter interview at ETH Prage 2022:](https://www.youtube.com/watch?v=cfxGzZZ_uOI) + [Guillame at Devconnect 2022: Stateless Ethereum](https://www.youtube.com/watch?v=XkzJncPYj0M&list=PLJijNYoOwnsuqDH9ITSvbqDOaUdA1vp2O&index=9) + [lightclients at Devconnect 2022: Future of Ethereum accounts](https://www.youtube.com/watch?v=pS5asEp6ry8&list=PLJijNYoOwnsuqDH9ITSvbqDOaUdA1vp2O&index=7) + [Zsolt at Devconnect 2022: Geth in the pos light client ecosystem](https://www.youtube.com/watch?v=EPZeFXau-RE&list=PLJijNYoOwnst-feT7PsCLaSdiFYzWtf7j&index=2) + [Jared at Devconnect 2022: Removing SELFDESTRUCT](https://www.youtube.com/watch?v=pDr-h334-Cs&list=PLJijNYoOwnsuqDH9ITSvbqDOaUdA1vp2O&index=5) + [Marius interview at ETH Prague 2022](https://www.youtube.com/watch?v=QKr3KHTjbjQ) + [Marius at ETHOnline 2021: The Megre from the perspective of the execution layer](https://www.youtube.com/watch?v=3DDjfUvQ2TE) + [Péter's 2020 online Geth AMA](https://www.youtube.com/watch?v=gVMDw66atr4) + [Martin at Devcon 5: Protecting the base layer](https://www.youtube.com/watch?v=wLcyIgblIxE) + [Péter at DevCon 5: Monitoring Ethereum infrastructure](https://www.youtube.com/watch?v=2I_Cfr-OUp4) + [Péter at DevCon 4: Plugging metadata leaks in Ethereum](https://www.youtube.com/watch?v=J1JenTo7oLE) + [Péter at DevCon 2: Import Geth in Go](https://www.youtube.com/watch?v=R0Ia1U9Gxjg) + [Péter at dotGo 2016: Immutability in Go](https://www.youtube.com/watch?v=fNUx4jHTaIc) diff --git a/content/homepage.md b/content/homepage.md index 93e7beefe6..99880f077d 100644 --- a/content/homepage.md +++ b/content/homepage.md @@ -36,3 +36,16 @@ Running your own node enables you to use Ethereum in a truly private, self-suffi We welcome contributions from anyone on the internet, and are grateful for even the smallest of fixes! If you'd like to contribute to the Geth source code, please fork the [Github repository](https://github.com/ethereum/go-ethereum), fix, commit and send a pull request for the maintainers to review and merge into the main code base. See our [contribution guidelines](/content/docs/developers/contributing.md) for more information. +## About the Team + +The Geth team are: + +* Foo McBar: @beep +* - +* - +* +... + + + + \ No newline at end of file From ed41b09adaf0ffebb6bcb498fbde3b9063a9133b Mon Sep 17 00:00:00 2001 From: Joe Date: Fri, 9 Sep 2022 13:04:40 +0100 Subject: [PATCH 03/11] add About Team copy --- content/homepage.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/content/homepage.md b/content/homepage.md index 99880f077d..3a6d3c22a8 100644 --- a/content/homepage.md +++ b/content/homepage.md @@ -38,14 +38,7 @@ We welcome contributions from anyone on the internet, and are grateful for even ## About the Team -The Geth team are: - -* Foo McBar: @beep -* - -* - -* -... - +The Geth team comprises 10 developers distributed all over the world. The Geth team is funded directly by [The Ethereum Foundation](https://ethereum.foundation). \ No newline at end of file From f39052aa07eb7f1b1aa8f8827698aa99d36eb5d6 Mon Sep 17 00:00:00 2001 From: Joe Date: Fri, 9 Sep 2022 13:05:29 +0100 Subject: [PATCH 04/11] refine copy --- content/homepage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/homepage.md b/content/homepage.md index 3a6d3c22a8..21411218e7 100644 --- a/content/homepage.md +++ b/content/homepage.md @@ -38,7 +38,7 @@ We welcome contributions from anyone on the internet, and are grateful for even ## About the Team -The Geth team comprises 10 developers distributed all over the world. The Geth team is funded directly by [The Ethereum Foundation](https://ethereum.foundation). +The Geth team comprises 10 developers distributed across the world. The Geth team is funded directly by [The Ethereum Foundation](https://ethereum.foundation). \ No newline at end of file From 618422fb681c40186623da68ff839188d2951906 Mon Sep 17 00:00:00 2001 From: Joe Date: Mon, 12 Sep 2022 09:34:40 +0100 Subject: [PATCH 05/11] rm duplicate pages and rm remaining'sort-key' --- .../docs/getting_started/Backup--restore.md | 65 ---------- .../docs/interacting_with_geth/RPC/ns-eth.md | 2 +- .../docs/interacting_with_geth/RPC/server.md | 2 +- vulnerabilities/vulnerabilities.md | 113 ------------------ 4 files changed, 2 insertions(+), 180 deletions(-) delete mode 100644 content/docs/getting_started/Backup--restore.md delete mode 100644 vulnerabilities/vulnerabilities.md diff --git a/content/docs/getting_started/Backup--restore.md b/content/docs/getting_started/Backup--restore.md deleted file mode 100644 index 6d038572d1..0000000000 --- a/content/docs/getting_started/Backup--restore.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Backup & Restore -sort_key: C ---- - -Most important info first: **REMEMBER YOUR PASSWORD** and **BACKUP YOUR KEYSTORE**. - -## Data Directory - -Everything `geth` persists gets written inside its data directory. The default data -directory locations are platform specific: - -* Mac: `~/Library/Ethereum` -* Linux: `~/.ethereum` -* Windows: `%LOCALAPPDATA%\Ethereum` - -Accounts are stored in the `keystore` subdirectory. The contents of this directories -should be transportable between nodes, platforms, implementations (C++, Go, Python). - -To configure the location of the data directory, the `--datadir` parameter can be -specified. See [CLI Options](../interface/command-line-options) for more details. - -Note the [ethash dag](../interface/mining) is stored at `~/.ethash` (Mac/Linux) or -`%APPDATA%\Ethash` (Windows) so that it can be reused by all clients. You can store this -in a different location by using a symbolic link. - -## Cleanup - -Geth's blockchain and state databases can be removed with: - -``` -geth removedb -``` - -This is useful for deleting an old chain and sync'ing to a new one. It only affects data -directories that can be re-created on synchronisation and does not touch the keystore. - -## Blockchain Import/Export - -Export the blockchain in binary format with: - -``` -geth export -``` - -Or if you want to back up portions of the chain over time, a first and last block can be -specified. For example, to back up the first epoch: - -``` -geth export 0 29999 -``` - -Note that when backing up a partial chain, the file will be appended rather than -truncated. - -Import binary-format blockchain exports with: - -``` -geth import -``` - -_See https://eth.wiki/en/howto/blockchain-import-and-export-instructions for more info_ - - -And finally: **REMEMBER YOUR PASSWORD** and **BACKUP YOUR KEYSTORE** diff --git a/content/docs/interacting_with_geth/RPC/ns-eth.md b/content/docs/interacting_with_geth/RPC/ns-eth.md index 4756a1c4a1..b73db7efbc 100644 --- a/content/docs/interacting_with_geth/RPC/ns-eth.md +++ b/content/docs/interacting_with_geth/RPC/ns-eth.md @@ -1,6 +1,6 @@ --- title: eth Namespace -sort_key: Documentation for the JSON-RPC API "eth" namespace +description: Documentation for the JSON-RPC API "eth" namespace --- Geth provides several extensions to the standard "eth" JSON-RPC namespace. diff --git a/content/docs/interacting_with_geth/RPC/server.md b/content/docs/interacting_with_geth/RPC/server.md index 7409d1bf24..b8108e8944 100644 --- a/content/docs/interacting_with_geth/RPC/server.md +++ b/content/docs/interacting_with_geth/RPC/server.md @@ -1,6 +1,6 @@ --- title: JSON-RPC Server -sort_key: Introduction to the JSON-RPC server +description: Introduction to the JSON_RPC server --- Interacting with Geth requires sending requests to specific JSON-RPC API methods. Geth supports all standard [JSON-RPC API](https://github.com/ethereum/execution-apis) endpoints. diff --git a/vulnerabilities/vulnerabilities.md b/vulnerabilities/vulnerabilities.md deleted file mode 100644 index 07d7baf86d..0000000000 --- a/vulnerabilities/vulnerabilities.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -title: Vulnerability disclosure -sort_key: A ---- - -## About disclosures - -In the software world, it is expected for security vulnerabilities to be immediately -announced, thus giving operators an opportunity to take protective measure against -attackers. - -Vulnerabilies typically take two forms: - -1. Vulnerabilies that, if exploited, would harm the software operator. In the case of - go-ethereum, examples would be: - - A bug that would allow remote reading or writing of OS files, or - - Remote command execution, or - - Bugs that would leak cryptographic keys -2. Vulnerabilies that, if exploited, would harm the Ethereum mainnet. In the case of - go-ethereum, examples would be: - - Consensus vulnerabilities, which would cause a chain split, - - Denial-of-service during block processing, whereby a malicious transaction could cause the geth-portion of the network to crash. - - Denial-of-service via p2p networking, whereby portions of the network could be made - inaccessible due to crashes or resource consumption. - -In most cases so far, vulnerabilities in `geth` have been of the second type, where the -health of the network is a concern, rather than individual node operators. For such -issues, we reserve the right to silently patch and ship fixes in new releases. - -### Why silent patches - -In the case of Ethereum, it takes a lot of time (weeks, months) to get node operators to -update even to a scheduled hard fork. If we were to highlight that a release contains -important consensus or DoS fixes, there is always a risk of someone trying to beat node -operators to the punch, and exploit the vulnerability. Delaying a potential attack -sufficiently to make the majority of node operators immune may be worth the temporary loss -of transparency. - -The primary goal for the Geth team is the health of the Ethereum network as a whole, and -the decision whether or not to publish details about a serious vulnerability boils down to -minimizing the risk and/or impact of discovery and exploitation. - -At certain times, it's better to remain silent. This practice is also followed by other -projects such as -[Monero](https://www.getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html), -[ZCash](https://electriccoin.co/blog/zcash-counterfeiting-vulnerability-successfully-remediated/) -and -[Bitcoin](https://www.coindesk.com/the-latest-bitcoin-bug-was-so-bad-developers-kept-its-full-details-a-secret). - -### Public transparency - -As of November 2020, our policy going forward is: - -- If we silently fix a vulnerability and include the fix in release `X`, then, -- After 4-8 weeks, we will disclose that `X` contained a security-fix. -- After an additional 4-8 weeks, we will publish the details about the vulnerability. - -We hope that this provides sufficient balance between transparency versus the need for -secrecy, and aids node operators and downstream projects in keeping up to date with what -versions to run on their infrastructure. - -In keeping with this policy, we have taken inspiration from [Solidity bug disclosure](https://solidity.readthedocs.io/en/develop/bugs.html) - see below. - -## Disclosed vulnerabilities - -In this folder, you can find a JSON-formatted list -([`vulnerabilities.json`](vulnerabilities.json)) of some of the known security-relevant -vulnerabilities concerning `geth`. - -As of `geth` version `1.9.25`, geth has a built-in command to check whether it is affected -by any publically disclosed vulnerability, using the command `geth version-check`. This -command will fetch the latest json file (and the accompanying -[signature-file](vulnerabilities.json.minisig), and cross-check the data against it's own -version number. - -The file itself is hosted in the Github repository, on the `gh-pages`-branch. The list was -started in November 2020, and covers mainly `v1.9.7` and forward. - -The JSON file of known vulnerabilities below is a list of objects, one for each -vulnerability, with the following keys: - -- `name` - - Unique name given to the vulnerability. -- `uid` - - Unique identifier of the vulnerability. Format `GETH--` -- `summary` - - Short description of the vulnerability. -- `description` - - Detailed description of the vulnerability. -- `links` - - List of relevant URLs with more detailed information (optional). -- `introduced` - - The first published Geth version that contained the vulnerability (optional). -- `fixed` - - The first published Geth version that did not contain the vulnerability anymore. -- `published` - - The date at which the vulnerability became known publicly (optional). -- `severity` - - Severity of the vulnerability: `low`, `medium`, `high`, `critical`. - - Takes into account the severity of impact and likelihood of exploitation. -- `check` - - This field contains a regular expression, which can be used against the reported `web3_clientVersion` of a node. If the check - matches, the node is with a high likelyhood affected by the vulnerability. -- `CVE` - - The assigned `CVE` identifier, if available (optional) - -### What about Github security advisories - -We prefer to not rely on Github as the only/primary publishing protocol for security -advisories, but we plan to use the Github-advisory process as a second channel for -disseminating vulnerability-information. - -Advisories published via Github can be accessed [here](https://github.com/ethereum/go-ethereum/security/advisories?state=published). From 0a1713ec3aace9b4aa78102f42d2acab9c03d3e9 Mon Sep 17 00:00:00 2001 From: Joe Date: Mon, 12 Sep 2022 09:42:19 +0100 Subject: [PATCH 06/11] sync-modes page: apply suggestions from review --- content/docs/fundamentals/sync-modes.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/content/docs/fundamentals/sync-modes.md b/content/docs/fundamentals/sync-modes.md index dfb03b6a26..e118c58ad2 100644 --- a/content/docs/fundamentals/sync-modes.md +++ b/content/docs/fundamentals/sync-modes.md @@ -1,8 +1,3 @@ ---- -title: Sync modes -description: Introduction to the three ways to sync Geth ---- - Syncing is the process by which Geth catches up to the latest Ethereum block and current global state. There are several ways to sync a Geth node that differ in their speed, storage requirements and trust assumptions. This page outlines three sync configurations for full nodes and one for light nodes. ## Full nodes @@ -29,13 +24,13 @@ It is also possible to create a partial/recent archive node where the node was s ## Light nodes -A light node syncs very quickly and stores the bare minimum of blockchain data. Light nodes only process block headers, not entire blocks. This greatly reduces the computation time, storage and bandwidth required relative to a full node. Light nodes are suitable for resource-constrained devices and can catch up to the head of the chain much faster when they are new or have been offline for a while. The trade-off is that light nodes rely heavily on data served by altruistic full nodes. A light client can be used to query data from Ethereum and submit transactions, acting as a locally-hosted Ethereum wallet. However, because they don't keep local copies of the Ethereum state, light nodes can't validate blocks in the same way as full nodes - they have to trust that the data they receive is honest. To start a node in light mode, pass `--syncmode light`. Be aware that full nodes serving light data are relative scarce so light nodes can struggle to find peers. +A light node syncs very quickly and stores the bare minimum of blockchain data. Light nodes only process block headers, not entire blocks. This greatly reduces the computation time, storage and bandwidth required relative to a full node. This means light nodes are suitable for resource-constrained devices and can catch up to the head of the chain much faster when they are new or have been offline for a while. The trade-off is that light nodes rely heavily on data served by altruistic full nodes. A light client can be used to query data from Ethereum and submit transactions, acting as a locally-hosted Ethereum wallet. However, because they don't keep local copies of the Ethereum state, light nodes can't validate blocks in the same way as full nodes - they have to trust that the data they receive is honest. To start a node in light mode, pass `--syncmode light`. Be aware that full nodes serving light data are relative scarce so light nodes can struggle to find peers. Read more about light nodes on our [LES page](/content/docs/fundamentals/les.md). ## Consensus layer syncing -Since Ethereum transitioned to proof-of-stake, all consensus logic and block propagation was handed over to consensus clients. This means that syncing the blockchain is now a process shared between the consensus and execution clients. Blocks are downloaded by the consensus client and verified by the execution client. There are two ways to sync a consensus client: optimistic sync and checkpoint sync. +At the transition to proof-of-stake, all consensus logic and block propagation is handed over to consensus clients. This means that syncing the blockchain is a process shared between the consensus and execution clients. Blocks are downloaded by the consensus client and verified by the execution client. There are two ways to sync a consensus client: optimistic sync and checkpoint sync. ### Optimistic sync @@ -45,7 +40,7 @@ Read more in the [optimistic sync specs](https://github.com/ethereum/consensus-s ### Checkpoint sync -Alternatively, the consensus client can grab a checkpoint from a trusted source which provides a target state to sync up to, before switching to full sync and verifying each block in turn. In this mode, the node trusts that the checkpoint is correct. There are many possible sources for this checkpoint - the gold standard would be to get it out-of-band from a trusted friend, but it could also come from block explorers or public APIs/web apps. +Alternatively, the consensus client can grab a checkpoint from a trusted source which provides a target state to sync up to, before switching to full sync and verifying each block in turn. In this mode, the node trusts that the checkpoint is correct. There are many possible sources for this checkpoint - the gold standard would be to get it out-of-band from another trusted friend, but it could also come from block explorers or public APIs/web apps. **Note** it is not currently possible to use a Geth light node as an execution client on proof-of-stake Ethereum. From 1b3849e1ae1c2709a6e07faef19d06eb0fd0eff0 Mon Sep 17 00:00:00 2001 From: Joe Date: Mon, 12 Sep 2022 10:01:52 +0100 Subject: [PATCH 07/11] small updates to node-architecture page --- content/docs/fundamentals/node-architecture.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/docs/fundamentals/node-architecture.md b/content/docs/fundamentals/node-architecture.md index dbe318412e..c52e7ea214 100644 --- a/content/docs/fundamentals/node-architecture.md +++ b/content/docs/fundamentals/node-architecture.md @@ -7,13 +7,13 @@ description: Introduction to how Ethereum nodes are organized and where Geth fit Geth is an [execution client](https://ethereum.org/en/developers/docs/nodes-and-clients/#execution-clients). Originally, an execution client alone was enough to run a full Ethereum node. However, ever since Ethereum turned off [proof-of-work](https://ethereum.org/en/developers/docs/consensus-mechanisms/pow/) and implemented [proof-of-stake](https://ethereum.org/en/developers/docs/consensus-mechanisms/pow/), Geth has needed to be coupled to another piece of software called a [“consensus client”](https://ethereum.org/en/developers/docs/nodes-and-clients/#consensus-clients) in order to keep track of the Ethereum blockchain. -The execution client is responsible for transaction handling, transaction gossip, state management and supporting the Ethereum Virtual Machine ([EVM])(https://ethereum.org/en/developers/docs/evm/). However, Geth is **not** responsible for block building, block gossiping or handling consensus logic. These are in the remit of the consensus client. +The execution client (Geth) is responsible for transaction handling, transaction gossip, state management and supporting the Ethereum Virtual Machine ([EVM])(https://ethereum.org/en/developers/docs/evm/). However, Geth is **not** responsible for block building, block gossiping or handling consensus logic. These are in the remit of the consensus client. The relationship between the two Ethereum clients is shown in the schematic below. The two clients each connect to their own respective peer-to-peer (P2P) networks. This is because the execution clients gossip transactions over their P2P network enabling them to manage their local transaction pool. The consensus clients gossip blocks over their P2P network, enabling consensus and chain growth. ![node-architecture](/assets/node_architecture.png) -For this two-client structure to work, consensus clients must be able to pass bundles of transactions to Geth to be executed. Executing the transactions locally is how the client validates that the transactions do not violate any Ethereum rules and that the proposed update to Ethereum’s state is correct. Likewise, when the node is selected to be a block producer the consensus client must be able to request bundles of transactions from Geth to include in the new block. This inter-client communication is handled by a local RPC connection using the [engine API](https://github.com/ethereum/execution-apis/blob/main/src/engine/specification.md) which is exposed internally over port 8551 by default. +For this two-client structure to work, consensus clients must be able to pass bundles of transactions to Geth to be executed. Executing the transactions locally is how the client validates that the transactions do not violate any Ethereum rules and that the proposed update to Ethereum’s state is correct. Likewise, when the node is selected to be a block producer the consensus client must be able to request bundles of transactions from Geth to include in the new block. This inter-client communication is handled by a local RPC connection using the [engine API](https://github.com/ethereum/execution-apis/blob/main/src/engine/specification.md). ## What does Geth do? From db1ad2d1c00ab282574aec4bc3c14fbf8d7422c4 Mon Sep 17 00:00:00 2001 From: Joe Date: Mon, 12 Sep 2022 10:30:28 +0100 Subject: [PATCH 08/11] small typo fixes --- content/docs/fundamentals/security.md | 5 ++--- content/docs/getting_started/consensus-clients.md | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/content/docs/fundamentals/security.md b/content/docs/fundamentals/security.md index 97f6cdbf8f..532dc65b0d 100644 --- a/content/docs/fundamentals/security.md +++ b/content/docs/fundamentals/security.md @@ -5,7 +5,7 @@ description: A primer on Geth security best practice. ## Downloading Geth -Download Geth using the links on our [Downloads](/downloads) page. The SHA256 hashes of the downloaded files can be compared to ours to ensure precise consistency with our releases. This protects against malicious code being inadvertently downloaded from an adversarial source. The same measures should also be taken to download trusted consensus client software. +Download Geth using the links on the [Downloads](/downloads) page. The SHA256 hashes of the downloaded files can be used to confirm precise consistency with our releases. This protects against malicious code being inadvertently downloaded from an adversarial source. The same measures should also be taken to download trusted consensus client software. ## Networking security @@ -23,8 +23,7 @@ Geth has built-in account management tools that are sufficiently secure for most Geth allows account unlocking by passing account passwords at startup. This unlocks the account all the while that Geth is running. This is not allowed when `http` traffic is enabled, even with appropriate firewall settings. The combination of `http` and `-unlock` poses too much of a security risk because an attacker able to access the node over the exposed HTTP port would be able to make JSON-RPC requests to the node from the unlocked account, including sending funds to other addresses. -**back up your keystore and passwords safely and securely!** - +**Back up your keystore and passwords safely and securely!** ## Other security considerations diff --git a/content/docs/getting_started/consensus-clients.md b/content/docs/getting_started/consensus-clients.md index d65907c71f..8e70dea49e 100644 --- a/content/docs/getting_started/consensus-clients.md +++ b/content/docs/getting_started/consensus-clients.md @@ -23,7 +23,7 @@ geth --authrpc.addr localhost --authrpc.port 8551 --authrpc.vhosts localhost --a ## Consensus clients -There are currently four consensus clients that can be run alongside Geth. These are: +There are currently five consensus clients that can be run alongside Geth. These are: [Lighthouse](https://lighthouse-book.sigmaprime.io/): written in Rust From bcd1e93a0ad916ada5a612e90a66f2b81a5b3efb Mon Sep 17 00:00:00 2001 From: Joe Date: Mon, 12 Sep 2022 11:58:41 +0100 Subject: [PATCH 09/11] rename vulnerabilities.md -> disclosures.md --- .../{vulnerabilities.md => disclosures.md} | 2 +- url-list.csv | 58 +++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) rename content/docs/developers/geth-developer/{vulnerabilities.md => disclosures.md} (96%) create mode 100644 url-list.csv diff --git a/content/docs/developers/geth-developer/vulnerabilities.md b/content/docs/developers/geth-developer/disclosures.md similarity index 96% rename from content/docs/developers/geth-developer/vulnerabilities.md rename to content/docs/developers/geth-developer/disclosures.md index fb4a96ff3c..66e8c53176 100644 --- a/content/docs/developers/geth-developer/vulnerabilities.md +++ b/content/docs/developers/geth-developer/disclosures.md @@ -41,7 +41,7 @@ In keeping with this policy, we have taken inspiration from [Solidity bug disclo ## Disclosed vulnerabilities -On the Geth Github can find a JSON-formatted list ([`vulnerabilities.json`](vulnerabilities.json)) of some of the known security-relevant vulnerabilities concerning Geth. +There is a JSON-formatted list ([`vulnerabilities.json`](vulnerabilities.json)) of some of the known security-relevant vulnerabilities concerning Geth. As of version `1.9.25`, Geth has a built-in command to check whether it is affected by any publically disclosed vulnerability, using the command `geth version-check`. This command will fetch the latest json file (and the accompanying [signature-file](vulnerabilities.json.minisig), and cross-check the data against it's own version number. diff --git a/url-list.csv b/url-list.csv new file mode 100644 index 0000000000..536c11d844 --- /dev/null +++ b/url-list.csv @@ -0,0 +1,58 @@ +OLD Geth website URLS,Equivalent NEW website URLs,Relative path to markdown file +https://geth.ethereum.org/,https://geth.ethereum.org/,src/pages/homepage +https://geth.ethereum.org/downloads/,https://geth.ethereum.org/downloads/,src/pages/downloads +https://geth.ethereum.org/docs/,https://geth.ethereum.org/docs/,src/pages/docs +https://geth.ethereum.org/docs/getting-started,https://geth.ethereum.org/docs/getting_started/,src/pages/docs/getting_started/getting_started.md +https://geth.ethereum.org/docs/getting-started/geth-and-clef,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/getting-started-with-clef.md +https://geth.ethereum.org/docs/getting-started/dev-mode,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/dev-mode.md +https://geth.ethereum.org/docs/install-and-build/installing-geth,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/backup-restore.md +https://geth.ethereum.org/docs/install-and-build/backup-restore,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/installing-geth.md +https://geth.ethereum.org/docs/install-and-build/cross-compile,page removed,page removed +https://geth.ethereum.org/docs/interface/command-line-options,https://geth.ethereum.org/docs/fundamentals/command-line-options,src/pages/docs/fundamentals/command-line-options.md +https://geth.ethereum.org/docs/interface/pruning,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/pruning.md +https://geth.ethereum.org/docs/interface/merge,page removed,page removed +https://geth.ethereum.org/docs/interface/consensus-clients,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/consensus-clients.md +https://geth.ethereum.org/docs/interface/peer-to-peer,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/peer-to-peer.md +https://geth.ethereum.org/docs/interface/les,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/les.md +https://geth.ethereum.org/docs/interface/managing-your-accounts,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/account-management.md +https://geth.ethereum.org/docs/faq,https://geth.ethereum.org/docs/,src/pages/docs/faq.md +https://geth.ethereum.org/docs/interface/javascript-console,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/javascript-console.md +https://geth.ethereum.org/docs/interface/private-network,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/private-network.md +https://geth.ethereum.org/docs/interface/mining,page removed,page removed +https://geth.ethereum.org/docs/interface/metrics,https://geth.ethereum.org/docs/,src/pages/docs/monitoring/metrics.md +https://geth.ethereum.org/docs/dapp/native,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/native.md +https://geth.ethereum.org/docs/dapp/tracing,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/tracing.md +https://geth.ethereum.org/docs/dapp/custom-tracer,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/custom-tracer.md +https://geth.ethereum.org/docs/dapp/builtin-tracers,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/built-in-tracers.md +https://geth.ethereum.org/docs/dapp/native-accounts,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/native-accounts.md +https://geth.ethereum.org/docs/dapp/native-bindings,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/native-bindings.md +https://geth.ethereum.org/docs/dapp/mobile,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/mobile.md +https://geth.ethereum.org/docs/dapp/mobile-accounts,page removed,page removed +https://geth.ethereum.org/docs/rpc/server,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/server.md +https://geth.ethereum.org/docs/rpc/pubsub,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/pubsub.md +https://geth.ethereum.org/docs/rpc/batch,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/batch.md +https://geth.ethereum.org/docs/rpc/graphql,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/graphql.md +https://geth.ethereum.org/docs/rpc/ns-admin,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-admin.md +https://geth.ethereum.org/docs/rpc/ns-clique,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-clique.md +https://geth.ethereum.org/docs/rpc/ns-debug,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-debug.md +https://geth.ethereum.org/docs/rpc/ns-eth,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-eth.md +https://geth.ethereum.org/docs/rpc/ns-les,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-les.md +https://geth.ethereum.org/docs/rpc/ns-miner,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-miner.md +https://geth.ethereum.org/docs/rpc/ns-net,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-net.md +https://geth.ethereum.org/docs/rpc/ns-personal,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-personalmd +https://geth.ethereum.org/docs/rpc/ns-txpool,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-txpool.md +https://geth.ethereum.org/docs/rpc/objects,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/objects.md +https://geth.ethereum.org/docs/developers/devguide,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/devguide.md +https://geth.ethereum.org/docs/developers/code-review-guidelines,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/code-review-guidelines.md +https://geth.ethereum.org/docs/developers/issue-handling-workflow,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/issue-handling-workflow.md +https://geth.ethereum.org/docs/developers/dns-discovery-setup,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/dns-discovery-workflow.md +https://geth.ethereum.org/docs/clef/introduction,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/introduction.md +https://geth.ethereum.org/docs/clef/tutorial,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/tutorial.md +https://geth.ethereum.org/docs/clef/cliquesigning,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/clique-signing.md +https://geth.ethereum.org/docs/clef/rules,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/rules.md +https://geth.ethereum.org/docs/clef/setup,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/setup.md +https://geth.ethereum.org/docs/clef/apis,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/apis.md +https://geth.ethereum.org/docs/clef/datatypes,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/datatypes.md +https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json,https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json,src/pages/docs/vulnerabilities/vulnerabilities.json +https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json.minisig,https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json.minisig,src/pages/docs/vulnerabilities/vulnerabilities.json.minisig +https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.md,https://geth.ethereum.org/docs/developers/geth-developers/discloures,src/pages/docs/developers/geth-developers/disclosures From 18e7ae49a26b62393fa6986b031281cc440a5d78 Mon Sep 17 00:00:00 2001 From: Joe Date: Mon, 12 Sep 2022 14:19:54 +0100 Subject: [PATCH 10/11] update url list --- url-list.csv | 116 +++++++++++++++++++++++++-------------------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/url-list.csv b/url-list.csv index 536c11d844..4465d8508f 100644 --- a/url-list.csv +++ b/url-list.csv @@ -1,58 +1,58 @@ -OLD Geth website URLS,Equivalent NEW website URLs,Relative path to markdown file -https://geth.ethereum.org/,https://geth.ethereum.org/,src/pages/homepage -https://geth.ethereum.org/downloads/,https://geth.ethereum.org/downloads/,src/pages/downloads -https://geth.ethereum.org/docs/,https://geth.ethereum.org/docs/,src/pages/docs -https://geth.ethereum.org/docs/getting-started,https://geth.ethereum.org/docs/getting_started/,src/pages/docs/getting_started/getting_started.md -https://geth.ethereum.org/docs/getting-started/geth-and-clef,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/getting-started-with-clef.md -https://geth.ethereum.org/docs/getting-started/dev-mode,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/dev-mode.md -https://geth.ethereum.org/docs/install-and-build/installing-geth,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/backup-restore.md -https://geth.ethereum.org/docs/install-and-build/backup-restore,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/installing-geth.md -https://geth.ethereum.org/docs/install-and-build/cross-compile,page removed,page removed -https://geth.ethereum.org/docs/interface/command-line-options,https://geth.ethereum.org/docs/fundamentals/command-line-options,src/pages/docs/fundamentals/command-line-options.md -https://geth.ethereum.org/docs/interface/pruning,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/pruning.md -https://geth.ethereum.org/docs/interface/merge,page removed,page removed -https://geth.ethereum.org/docs/interface/consensus-clients,https://geth.ethereum.org/docs/,src/pages/docs/getting_started/consensus-clients.md -https://geth.ethereum.org/docs/interface/peer-to-peer,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/peer-to-peer.md -https://geth.ethereum.org/docs/interface/les,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/les.md -https://geth.ethereum.org/docs/interface/managing-your-accounts,https://geth.ethereum.org/docs/,src/pages/docs/fundamentals/account-management.md -https://geth.ethereum.org/docs/faq,https://geth.ethereum.org/docs/,src/pages/docs/faq.md -https://geth.ethereum.org/docs/interface/javascript-console,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/javascript-console.md -https://geth.ethereum.org/docs/interface/private-network,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/private-network.md -https://geth.ethereum.org/docs/interface/mining,page removed,page removed -https://geth.ethereum.org/docs/interface/metrics,https://geth.ethereum.org/docs/,src/pages/docs/monitoring/metrics.md -https://geth.ethereum.org/docs/dapp/native,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/native.md -https://geth.ethereum.org/docs/dapp/tracing,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/tracing.md -https://geth.ethereum.org/docs/dapp/custom-tracer,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/custom-tracer.md -https://geth.ethereum.org/docs/dapp/builtin-tracers,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/built-in-tracers.md -https://geth.ethereum.org/docs/dapp/native-accounts,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/native-accounts.md -https://geth.ethereum.org/docs/dapp/native-bindings,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/native-bindings.md -https://geth.ethereum.org/docs/dapp/mobile,https://geth.ethereum.org/docs/,src/pages/docs/developers/dapp-developer/mobile.md -https://geth.ethereum.org/docs/dapp/mobile-accounts,page removed,page removed -https://geth.ethereum.org/docs/rpc/server,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/server.md -https://geth.ethereum.org/docs/rpc/pubsub,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/pubsub.md -https://geth.ethereum.org/docs/rpc/batch,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/batch.md -https://geth.ethereum.org/docs/rpc/graphql,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/graphql.md -https://geth.ethereum.org/docs/rpc/ns-admin,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-admin.md -https://geth.ethereum.org/docs/rpc/ns-clique,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-clique.md -https://geth.ethereum.org/docs/rpc/ns-debug,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-debug.md -https://geth.ethereum.org/docs/rpc/ns-eth,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-eth.md -https://geth.ethereum.org/docs/rpc/ns-les,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-les.md -https://geth.ethereum.org/docs/rpc/ns-miner,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-miner.md -https://geth.ethereum.org/docs/rpc/ns-net,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-net.md -https://geth.ethereum.org/docs/rpc/ns-personal,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-personalmd -https://geth.ethereum.org/docs/rpc/ns-txpool,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/ns-txpool.md -https://geth.ethereum.org/docs/rpc/objects,https://geth.ethereum.org/docs/,src/pages/docs/interacting-with-geth/rpc/objects.md -https://geth.ethereum.org/docs/developers/devguide,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/devguide.md -https://geth.ethereum.org/docs/developers/code-review-guidelines,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/code-review-guidelines.md -https://geth.ethereum.org/docs/developers/issue-handling-workflow,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/issue-handling-workflow.md -https://geth.ethereum.org/docs/developers/dns-discovery-setup,https://geth.ethereum.org/docs/,src/pages/docs/developers/geth-developer/dns-discovery-workflow.md -https://geth.ethereum.org/docs/clef/introduction,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/introduction.md -https://geth.ethereum.org/docs/clef/tutorial,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/tutorial.md -https://geth.ethereum.org/docs/clef/cliquesigning,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/clique-signing.md -https://geth.ethereum.org/docs/clef/rules,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/rules.md -https://geth.ethereum.org/docs/clef/setup,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/setup.md -https://geth.ethereum.org/docs/clef/apis,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/apis.md -https://geth.ethereum.org/docs/clef/datatypes,https://geth.ethereum.org/docs/,src/pages/docs/tools/clef/datatypes.md -https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json,https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json,src/pages/docs/vulnerabilities/vulnerabilities.json -https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json.minisig,https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json.minisig,src/pages/docs/vulnerabilities/vulnerabilities.json.minisig -https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.md,https://geth.ethereum.org/docs/developers/geth-developers/discloures,src/pages/docs/developers/geth-developers/disclosures +OLD Geth website URLS,Equivalent NEW website URLs,Relative path to markdown file,Notes +https://geth.ethereum.org/,https://geth.ethereum.org,src/pages/homepage,will be react page +https://geth.ethereum.org/downloads/,https://geth.ethereum.org/downloads,src/pages/downloads,will be react page +https://geth.ethereum.org/docs/,https://geth.ethereum.org/docs,src/pages/docs,n/a +https://geth.ethereum.org/docs/getting-started,https://geth.ethereum.org/docs/getting_started,src/pages/docs/getting_started/getting_started.md,n/a +https://geth.ethereum.org/docs/getting-started/geth-and-clef,https://geth.ethereum.org/docs/getting_started_with_clef.md,src/pages/docs/getting_started/getting-started-with-clef.md,n/a +https://geth.ethereum.org/docs/getting-started/dev-mode,https://geth.ethereum.org/docs/developers/geth-developers/dev-mode,src/pages/docs/developers/geth-developer/dev-mode.md,n/a +https://geth.ethereum.org/docs/install-and-build/installing-geth,https://geth.ethereum.org/docs/getting_started/install-geth,src/pages/docs/getting_started/backup-restore.md,n/a +https://geth.ethereum.org/docs/install-and-build/backup-restore,https://geth.ethereum.org/docs/getting_started/backup-restore,src/pages/docs/getting_started/installing-geth.md,n/a +https://geth.ethereum.org/docs/install-and-build/cross-compile,page removed,page removed,n/a +https://geth.ethereum.org/docs/interface/command-line-options,https://geth.ethereum.org/fundamentals/command-line-options,src/pages/docs/fundamentals/command-line-options.md,n/a +https://geth.ethereum.org/docs/interface/pruning,https://geth.ethereum.org/docs/fundamentals/pruning,src/pages/docs/fundamentals/pruning.md,n/a +https://geth.ethereum.org/docs/interface/merge,page removed,page removed,n/a +https://geth.ethereum.org/docs/interface/consensus-clients,https://geth.ethereum.org/docs/getting_started/consensus-client,src/pages/docs/getting_started/consensus-clients.md,n/a +https://geth.ethereum.org/docs/interface/peer-to-peer,https://geth.ethereum.org/docs/fundamentals/peer-to-peer,src/pages/docs/fundamentals/peer-to-peer.md,n/a +https://geth.ethereum.org/docs/interface/les,https://geth.ethereum.org/docs/fundamentals/les,src/pages/docs/fundamentals/les.md,n/a +https://geth.ethereum.org/docs/interface/managing-your-accounts,https://geth.ethereum.org/docs/fundamentals/account-management,src/pages/docs/fundamentals/account-management.md,n/a +https://geth.ethereum.org/docs/faq,https://geth.ethereum.org/docs/faq,src/pages/docs/faq.md,n/a +https://geth.ethereum.org/docs/interface/javascript-console,https://geth.ethereum.org/docs/interacting-with-geth/javascript-console,src/pages/docs/interacting-with-geth/javascript-console.md,n/a +https://geth.ethereum.org/docs/interface/private-network,https://geth.ethereum.org/docs/developers/geth-developer/private-network,src/pages/docs/developers/geth-developer/private-network.md,n/a +https://geth.ethereum.org/docs/interface/mining,page removed,page removed,n/a +https://geth.ethereum.org/docs/interface/metrics,https://geth.ethereum.org/docs/monitoring/metrics,src/pages/docs/monitoring/metrics.md,n/a +https://geth.ethereum.org/docs/dapp/native,https://geth.ethereum.org/docs/developers/dapp-developer/native,src/pages/docs/developers/dapp-developer/native.md,n/a +https://geth.ethereum.org/docs/dapp/tracing,https://geth.ethereum.org/docs/developers/dapp-developer/tracing,src/pages/docs/developers/dapp-developer/tracing.md,n/a +https://geth.ethereum.org/docs/dapp/custom-tracer,https://geth.ethereum.org/docs/developers/dapp-developer/custom-tracer,src/pages/docs/developers/dapp-developer/custom-tracer.md,n/a +https://geth.ethereum.org/docs/dapp/builtin-tracers,https://geth.ethereum.org/docs/developers/dapp-developer/built-in-tracer,src/pages/docs/developers/dapp-developer/built-in-tracers.md,n/a +https://geth.ethereum.org/docs/dapp/native-accounts,https://geth.ethereum.org/docs/developers/dapp-developer/native-accounts,src/pages/docs/developers/dapp-developer/native-accounts.md,n/a +https://geth.ethereum.org/docs/dapp/native-bindings,https://geth.ethereum.org/docs/developers/dapp-developer/native-bindings,src/pages/docs/developers/dapp-developer/native-bindings.md,n/a +https://geth.ethereum.org/docs/dapp/mobile,https://geth.ethereum.org/docs/developers/dapp-developer/mobile,src/pages/docs/developers/dapp-developer/mobile.md,n/a +https://geth.ethereum.org/docs/dapp/mobile-accounts,page removed,page removed,n/a +https://geth.ethereum.org/docs/rpc/server,https://geth.ethereum.org/docs/interacting-with-geth/rpc/server,src/pages/docs/interacting-with-geth/rpc/server.md,n/a +https://geth.ethereum.org/docs/rpc/pubsub,https://geth.ethereum.org/docs/interacting-with-geth/rpc/pubsub,src/pages/docs/interacting-with-geth/rpc/pubsub.md,n/a +https://geth.ethereum.org/docs/rpc/batch,https://geth.ethereum.org/docs//interacting-with-geth/rpc/batch,src/pages/docs/interacting-with-geth/rpc/batch.md,n/a +https://geth.ethereum.org/docs/rpc/graphql,https://geth.ethereum.org/docs/interacting_with_geth/rpc/graphql,src/pages/docs/interacting-with-geth/rpc/graphql.md,n/a +https://geth.ethereum.org/docs/rpc/ns-admin,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-admin,src/pages/docs/interacting-with-geth/rpc/ns-admin.md,n/a +https://geth.ethereum.org/docs/rpc/ns-clique,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-clique,src/pages/docs/interacting-with-geth/rpc/ns-clique.md,n/a +https://geth.ethereum.org/docs/rpc/ns-debug,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-debug,src/pages/docs/interacting-with-geth/rpc/ns-debug.md,n/a +https://geth.ethereum.org/docs/rpc/ns-eth,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-eth,src/pages/docs/interacting-with-geth/rpc/ns-eth.md,n/a +https://geth.ethereum.org/docs/rpc/ns-les,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-les,src/pages/docs/interacting-with-geth/rpc/ns-les.md,n/a +https://geth.ethereum.org/docs/rpc/ns-miner,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-miner,src/pages/docs/interacting-with-geth/rpc/ns-miner.md,n/a +https://geth.ethereum.org/docs/rpc/ns-net,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-net,src/pages/docs/interacting-with-geth/rpc/ns-net.md,n/a +https://geth.ethereum.org/docs/rpc/ns-personal,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-personal,src/pages/docs/interacting-with-geth/rpc/ns-personalmd,n/a +https://geth.ethereum.org/docs/rpc/ns-txpool,https://geth.ethereum.org/docs/interacting_with_geth/rpc/ns-txpool,src/pages/docs/interacting-with-geth/rpc/ns-txpool.md,n/a +https://geth.ethereum.org/docs/rpc/objects,https://geth.ethereum.org/docs/interacting_with_geth/rpc/objects,src/pages/docs/interacting-with-geth/rpc/objects.md,n/a +https://geth.ethereum.org/docs/developers/dev-guide,https://geth.ethereum.org/docs/developers/geth-developer/dev-guide,src/pages/docs/developers/geth-developer/devguide.md,n/a +https://geth.ethereum.org/docs/developers/code-review-guidelines,https://geth.ethereum.org/docs/developers/geth-developer/code-review-guidelines,src/pages/docs/developers/geth-developer/code-review-guidelines.md,n/a +https://geth.ethereum.org/docs/developers/issue-handling-workflow,https://geth.ethereum.org/docs/developers/geth-developer/code-review-guidelines,src/pages/docs/developers/geth-developer/issue-handling-workflow.md,n/a +https://geth.ethereum.org/docs/developers/dns-discovery-setup,https://geth.ethereum.org/doce/developers/geth-developer/dns-discovery-setup,src/pages/docs/developers/geth-developer/dns-discovery-workflow.md,n/a +https://geth.ethereum.org/docs/clef/introduction,https://geth.ethereum.org/docs/tools/clef/introduction,src/pages/docs/tools/clef/introduction.md,n/a +https://geth.ethereum.org/docs/clef/tutorial,https://geth.ethereum.org/docs/tools/clef/tutorial,src/pages/docs/tools/clef/tutorial.md,n/a +https://geth.ethereum.org/docs/clef/cliquesigning,https://geth.ethereum.org/docs/tools/clef/clique-signing,src/pages/docs/tools/clef/clique-signing.md,n/a +https://geth.ethereum.org/docs/clef/rules,https://geth.ethereum.org/docs/tools/clef/rules,src/pages/docs/tools/clef/rules.md,n/a +https://geth.ethereum.org/docs/clef/setup,https://geth.ethereum.org/docs/tools/clef/setup,src/pages/docs/tools/clef/setup.md,n/a +https://geth.ethereum.org/docs/clef/apis,https://geth.ethereum.org/docs/tools/clef/apis,src/pages/docs/tools/clef/apis.md,n/a +https://geth.ethereum.org/docs/clef/datatypes,https://geth.ethereum.org/docs/tools/clef/datatypes,src/pages/docs/tools/clef/datatypes.md,n/a +https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json,https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json,src/pages/docs/vulnerabilities/vulnerabilities.json,must be served at original URL +https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json.minisig,https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.json.minisig,src/pages/docs/vulnerabilities/vulnerabilities.json.minisig,must be served at original URL +https://github.com/ethereum/go-ethereum/tree/gh-pages/docs/_vulnerabilities/vulnerabilities.md,https://geth.ethereum.org/docs/developers/geth-developers/discloures,src/pages/docs/developers/geth-developers/disclosures,moved to /docs and renamed From 572a5cfa9fa9771c4e3c7ddc1a46b4478a76f15d Mon Sep 17 00:00:00 2001 From: Joe Date: Wed, 14 Sep 2022 10:11:39 +0100 Subject: [PATCH 11/11] add link to EF bug bounty page --- content/docs/developers/geth-developer/disclosures.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/content/docs/developers/geth-developer/disclosures.md b/content/docs/developers/geth-developer/disclosures.md index 66e8c53176..1d0489fa4a 100644 --- a/content/docs/developers/geth-developer/disclosures.md +++ b/content/docs/developers/geth-developer/disclosures.md @@ -41,7 +41,7 @@ In keeping with this policy, we have taken inspiration from [Solidity bug disclo ## Disclosed vulnerabilities -There is a JSON-formatted list ([`vulnerabilities.json`](vulnerabilities.json)) of some of the known security-relevant vulnerabilities concerning Geth. +There is a JSON-formatted list ([`vulnerabilities.json`](/vulnerabilities.json)) of some of the known security-relevant vulnerabilities concerning Geth. As of version `1.9.25`, Geth has a built-in command to check whether it is affected by any publically disclosed vulnerability, using the command `geth version-check`. This command will fetch the latest json file (and the accompanying [signature-file](vulnerabilities.json.minisig), and cross-check the data against it's own version number. @@ -79,3 +79,7 @@ The JSON file of known vulnerabilities below is a list of objects, one for each We prefer to not rely on Github as the only/primary publishing protocol for security advisories, but we plan to use the Github-advisory process as a second channel for disseminating vulnerability-information. Advisories published via Github can be accessed [here](https://github.com/ethereum/go-ethereum/security/advisories?state=published). + +## Bug Bounties + +The Ethereum Foundation run a bug bounty program to reward responsible disclosures of bugs in client software and specs. The details are provided on [ethereum.org](https://ethereum.org/en/bug-bounty/). \ No newline at end of file