* cmd/clef, signer/core: use better terminal input for passwords, make it possible to avoid boot-up warning
* all: move commonly used prompter to isolated (small) package
* cmd/clef: Add new --acceptWarn to clef README
* cmd/clef: rename flag 'acceptWarn' to 'suppress-bootwarn'
Co-authored-by: ligi <ligi@ligi.de>
The leaks were mostly in unit tests, and could all be resolved by
adding suitably-sized channel buffers or by restructuring the test
to not send on a channel after an error has occurred.
There is an unavoidable goroutine leak in Console.Interactive: when
we receive a signal, the line reader cannot be unblocked and will get
stuck. This leak is now documented and I've tried to make it slightly
less bad by adding a one-element buffer to the output channels of
the line-reading loop. Should the reader eventually awake from its
blocked state (i.e. when stdin is closed), at least it won't get stuck
trying to send to the interpreter loop which has quit long ago.
Co-authored-by: Felix Lange <fjl@twurst.com>
This replaces the JavaScript interpreter used by the console with goja,
which is actively maintained and a lot faster than otto. Clef still uses otto
and eth/tracers still uses duktape, so we are currently dependent on three
different JS interpreters. We're looking to replace the remaining uses of otto
soon though.
This commit includes several API changes:
- The behavior of eth_sign is changed. It now accepts an arbitrary
message, prepends the well-known string
\x19Ethereum Signed Message:\n<length of message>
hashes the result using keccak256 and calculates the signature of
the hash. This breaks backwards compatability!
- personal_sign(hash, address [, password]) is added. It has the same
semantics as eth_sign but also accepts a password. The private key
used to sign the hash is temporarily unlocked in the scope of the
request.
- personal_recover(message, signature) is added and returns the
address for the account that created a signature.
