laantungir/nostr_core_lib
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
711a7cc15cbb0b7094e923987cb7e16695b2fc7f
nostr_core_lib/secp256k1.depreciated/SECURITY.md
Laan Tungir 711a7cc15c feat: migrate to system dependencies from static linking 
BREAKING CHANGE: Library now requires system-installed dependencies

Major Changes:
- Convert secp256k1 from bundled static lib to system dependency
- Convert OpenSSL from bundled static lib to system dependency
- Convert curl from bundled static lib to system dependency
- Update build.sh with pkg-config detection and fallback logic
- Remove all static library extraction/building logic
- Update README.md with new dependency requirements and installation

Build System:
- Add detect_system_secp256k1() with pkg-config support
- Add detect_system_openssl() with pkg-config support
- Add detect_system_curl() with pkg-config support
- Remove secp256k1 building/extraction from ar archive
- Update CFLAGS and LIBS to use system library variables
- Clear error messages for missing dependencies with install commands

Documentation:
- Add system dependency installation for Ubuntu/Debian/CentOS/macOS
- Update all compile/link examples to include -lssl -lcrypto -lcurl -lsecp256k1
- Remove references to 'self-contained' and 'no external dependencies'
- Update integration examples throughout README

Benefits:
- Smaller library size (only internal code bundled)
- Automatic security updates via system package manager
- Standard Linux library distribution pattern
- Reduced build complexity
- Better system integration with pkg-config

Required Installation:
Ubuntu/Debian: sudo apt install libssl-dev libcurl4-openssl-dev libsecp256k1-dev
CentOS/RHEL: sudo yum install openssl-devel libcurl-devel libsecp256k1-devel
macOS: brew install openssl curl secp256k1
2025-08-16 13:59:29 -04:00

714 B
Raw Blame History

Security Policy

Reporting a Vulnerability

To report security issues send an email to secp256k1-security@bitcoincore.org (not for support).

The following keys may be used to communicate sensitive information to developers:

Name Fingerprint
Pieter Wuille 133E AC17 9436 F14A 5CF1 B794 860F EB80 4E66 9320
Jonas Nick 36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366
Tim Ruffing 09E0 3F87 1092 E40E 106E 902B 33BC 86AB 80FF 5516

You can import a key by running the following command with that individuals fingerprint: gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>" Ensure that you put quotes around fingerprints containing spaces.