Use bitcoinj with chainwork fix

[HenrikJannsen]

See bisq-network/bitcoinj#45

Summary by CodeRabbit

• Chores
  • Bumped application version to 1.9.22 and updated packaged macOS build identifiers and version files.
  • Updated bitcoin-related library to a newer single version and added Protobuf components to the build metadata.
• Security / Packaging
  • Added a new release signing key and updated installer/packaging signing artifacts and public key materials.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Bumps release version to 1.9.22, updates bitcoinj dependency hash and Gradle verification metadata (adds protobuf 3.18.0 entries), adds a new PGP signing key and resource, and includes the new key in installer trusted keys; updates macOS packaging scripts and metadata.

Changes

Cohort / File(s)	Summary
Version constants & packaging build-logic/packaging/src/main/kotlin/bisq/gradle/packaging/PackagingPlugin.kt, common/src/main/java/bisq/common/app/Version.java, desktop/src/main/resources/version.txt	Bumped APP_VERSION / VERSION from 1.9.21 → 1.9.22; version.txt updated from 1.9.21-SNAPSHOT → 1.9.22.
macOS package metadata & scripts desktop/package/macosx/Info.plist, desktop/package/macosx/copy_dbs.sh, desktop/package/macosx/finalize.sh, desktop/package/macosx/insert_snapshot_version.sh, desktop/package/macosx/replace_version_number.sh	Advanced version literals to 1.9.22; Info.plist CFBundleVersion/CFBundleShortVersionString set to 1.9.22; finalize.sh switched signing key reference to new key.
Signing keys and resources desktop/package/signingkey.asc, desktop/package/387C8307.asc, desktop/src/main/resources/keys/387C8307.asc	Replaced signing key id E222AA02 → 387C8307; added new public key files (387C8307.asc) in package and resources.
Installer trusted keys desktop/src/main/java/bisq/desktop/main/overlays/windows/downloadupdate/BisqInstaller.java	Added new signing key fingerprint constant FINGER_PRINT_HENRIK_JANNSEN and included its key descriptors in the getKeyFileDescriptors() list.
Gradle dependency versions gradle/libs.versions.toml	Updated bitcoinj version hash from b005953e5eec339a82daf4866f85518091f6b9f6 → 7dc0851a807857ba19f76824e48d75ab0390eca7.
Gradle verification metadata gradle/verification-metadata.xml	Replaced bitcoinj component entry to version 7dc0851a807857ba19f76824e48d75ab0390eca7; added protobuf components for com.google.protobuf:protobuf-bom:3.18.0, protobuf-java:3.18.0, and protobuf-parent:3.18.0 with associated artifacts and checksums.

Sequence Diagram(s)

(omitted — changes are versioning, metadata, and asset additions without new multi-component control flow)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Release/v1.9.21 #7505 — Also updates release/version constants (PackagingPlugin.APP_VERSION and common Version) to bump the release version.

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides a link to the bitcoinj PR but lacks detail about the changes made in this PR, including version bump and key additions.	Expand the description to explain the version bump to 1.9.22, the addition of Henrik Jannsen's signing key, and why these changes are necessary.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Title check	✅ Passed	The PR title 'Use bitcoinj with chainwork fix' is directly related to the main objective, which is to update bitcoinj to a commit that includes a chainwork fix, matching the PR description and the referenced bitcoinj PR #45.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 65b8e2d and 37e6a47.

📒 Files selected for processing (11)

• build-logic/packaging/src/main/kotlin/bisq/gradle/packaging/PackagingPlugin.kt
• common/src/main/java/bisq/common/app/Version.java
• desktop/package/387C8307.asc
• desktop/package/macosx/Info.plist
• desktop/package/macosx/copy_dbs.sh
• desktop/package/macosx/finalize.sh
• desktop/package/macosx/insert_snapshot_version.sh
• desktop/package/macosx/replace_version_number.sh
• desktop/package/signingkey.asc
• desktop/src/main/java/bisq/desktop/main/overlays/windows/downloadupdate/BisqInstaller.java
• desktop/src/main/resources/version.txt

✅ Files skipped from review due to trivial changes (2)

• desktop/package/387C8307.asc
• desktop/package/macosx/copy_dbs.sh

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Test Java 11, macOS-latest
• GitHub Check: Test Java 11, ubuntu-latest
• GitHub Check: Test Java 11, windows-latest

🔇 Additional comments (11)

desktop/package/macosx/insert_snapshot_version.sh (1)

5-5: LGTM!

The version bump from 1.9.21 to 1.9.22 is correct and aligns with the broader version update across the project.

desktop/src/main/java/bisq/desktop/main/overlays/windows/downloadupdate/BisqInstaller.java (1)

61-61: LGTM!

The new fingerprint constant for Henrik Jannsen is correctly defined and follows the established naming convention.

build-logic/packaging/src/main/kotlin/bisq/gradle/packaging/PackagingPlugin.kt (1)

25-25: LGTM!

The APP_VERSION constant update from 1.9.21 to 1.9.22 is correct and consistent with the project-wide version bump.

desktop/package/macosx/replace_version_number.sh (1)

5-6: LGTM!

The version literals are correctly updated for the 1.9.21 → 1.9.22 bump, maintaining the script's intended behavior.

desktop/src/main/resources/version.txt (1)

1-1: LGTM!

The version update from 1.9.21-SNAPSHOT to 1.9.22 is correct. The removal of the SNAPSHOT suffix indicates this is a release version.

desktop/package/macosx/Info.plist (1)

8-8: LGTM!

Both CFBundleVersion and CFBundleShortVersionString are correctly updated to 1.9.22, maintaining consistency in the macOS bundle versioning.

Also applies to: 11-11

desktop/package/macosx/finalize.sh (2)

5-5: LGTM!

The version bump to 1.9.22 is correct and aligns with the project-wide version update.

---

62-63: Verify the key file exists before copying.

The script copies Henrik Jannsen's key file to the release directory. The source file desktop/package/387C8307.asc exists and contains a valid PGP public key.

desktop/package/signingkey.asc (1)

1-1: The signing key file is present and accessible.

The key file 387C8307.asc exists in desktop/package/ and is accessible at the public URL (HTTP 200). No action required.

common/src/main/java/bisq/common/app/Version.java (2)

46-48: Verify whether "1.9.22" should be added to the historical resource file list.

The HISTORICAL_RESOURCE_FILE_VERSION_TAGS list currently ends at "1.9.20". According to the comment on lines 42-45, this list should only contain versions where new version-tagged resource files are added for historical data stores.

Please confirm whether version "1.9.22" introduces new version-tagged resource files that require addition to this list.

---

39-39: Version bump is complete and correct.

Version updated from 1.9.21 to 1.9.22 consistently across Version.java and PackagingPlugin.kt. The HISTORICAL_RESOURCE_FILE_VERSION_TAGS list correctly excludes this version, as documented—it only includes versions that add new resource files for historical data stores.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

desktop/src/main/java/bisq/desktop/main/overlays/windows/downloadupdate/BisqInstaller.java (1)

249-250: Consider adding defensive null-checking to getLocalKeyFileDescriptor.

The resource file desktop/src/main/resources/keys/387C8307.asc exists and the past fix has been properly applied. However, the getLocalKeyFileDescriptor method (lines 265-272) directly calls getClass().getResource("/keys/" + fingerPrint + ".asc").toExternalForm() without null-checking. If the resource is ever missing, this will throw a NullPointerException. Add defensive null-checking:

private FileDescriptor getLocalKeyFileDescriptor(String fingerPrint) {
    java.net.URL resource = getClass().getResource("/keys/" + fingerPrint + ".asc");
    if (resource == null) {
        throw new IllegalStateException("Local key file not found for fingerprint: " + fingerPrint);
    }
    return FileDescriptor.builder()
            .type(DownloadType.KEY)
            .fileName(fingerPrint + ".asc-local")
            .id(fingerPrint)
            .loadUrl(resource.toExternalForm())
            .build();
}

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 37e6a47 and 0429d87.

📒 Files selected for processing (5)

• desktop/package/387C8307.asc
• desktop/package/macosx/finalize.sh
• desktop/package/signingkey.asc
• desktop/src/main/java/bisq/desktop/main/overlays/windows/downloadupdate/BisqInstaller.java
• desktop/src/main/resources/keys/387C8307.asc

✅ Files skipped from review due to trivial changes (1)

• desktop/src/main/resources/keys/387C8307.asc

🚧 Files skipped from review as they are similar to previous changes (3)

• desktop/package/signingkey.asc
• desktop/package/387C8307.asc
• desktop/package/macosx/finalize.sh

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Test Java 11, windows-latest
• GitHub Check: Test Java 11, macOS-latest
• GitHub Check: Test Java 11, ubuntu-latest

🔇 Additional comments (1)

desktop/src/main/java/bisq/desktop/main/overlays/windows/downloadupdate/BisqInstaller.java (1)

61-61: LGTM! Constant declaration follows existing pattern.

The fingerprint constant for Henrik Jannsen is declared consistently with the existing key fingerprints for Gabriel Bernard and Alejandro Garcia.