Money path:
- Scoped, unbonded Nym exit for the money-path relay: the wallet dials a
relay operator's co-located exit over a MixnetStream (src/nym/streamexit.rs)
which pipes to its one relay; hostname-validated TLS end to end, no public
DNS. Anchor + fallback (never pin-only): any exit failure degrades to the
smolmix tunnel. relay.goblin.st's exit address is pinned in the relay pool
(src/nostr/pool.rs) and the maintainer gist so it bootstraps offline.
- STREAM_SETTLE bridges the open-before-accept gap so the first TLS byte is
not dropped into a stalled handshake.
- Verified end to end: two wallets complete a real gift-wrapped Grin payment
through relay.goblin.st over the exit, finalized + posted on mainnet
(src/wallet/e2e.rs, ignored live test).
Encryption:
- Adopt NIP-44 v3 for the NIP-17 gift-wrap path (G4): src/nostr/wrapv3.rs,
nip44 path dep; v3<->v3 and v3->v2 interop.
Also: mix-DNS (src/nym/dns.rs), full localization pass, GUI polish,
avatar-ring example, Android icon/script updates, GRIM deviation notes,
xrelay + connect-timing tests.
The empty-flavor test compared the literal string 'flavor', so a no-flavor
invocation left the APK output path as apk//debug/app--debug.apk and the
rename failed. Default to 'local' correctly.
Add scripts/toolchain.sh: fetches GRIM's canonical build toolchains (custom
NDK r29, zig, appimagetool + type2 runtime, and optionally the Android SDK /
gradle / osxcross) into a gitignored .toolchains/ and writes env.sh.
linux/build_release.sh and scripts/android.sh now source .toolchains/env.sh,
preferring the DEV toolchains and falling back to system installs:
- Android links against the custom NDK r29 (rebuilt LLVM), producing
16 KB page-aligned .so libraries — required by the Play Store.
- The Linux AppImage cross-builds with the DEV zig + appimagetool; bindgen is
pointed at the host kernel headers so v4l2-sys finds linux/videodev2.h under
zig's glibc-2.17 sysroot.
Also fix the stale .gitignore AppRun entry (Grim.AppDir -> Goblin.AppDir).
Security (audit H-2): the legacy update check is OFF by default. It hit
code.gri.mw (GRIM's gitea) directly over CLEARNET via the old HttpClient —
leaking "this user runs Goblin" metadata on every wallet-list view, which
defeats the nothing-clearnet mixnet model, and it pointed at the wrong
project's releases anyway. Opt-in only until reworked to run over the
mixnet against Goblin's own releases.
Build: with the Nym SDK linked in-process there's no sidecar binary to
embed or bundle. linux/build_release.sh drops the GOBLIN_NYM_UNIX_BIN
embed (AppImage is one self-contained binary); scripts/android.sh stops
bundling nym-socks5-client into jniLibs (the cdylib links nym-sdk
directly); scripts/nym-android.sh deleted.
Ship the bundled nym-socks5-client on Windows and Android, not just Linux:
- sidecar.rs resolves the binary per platform — nym-socks5-client.exe on
Windows; on Android the sidecar rides in the APK jniLibs as
libnym_socks5_client.so and is launched from the native-library dir (the
one exec-allowed path), located via NATIVE_LIBS_DIR.
- Restore a vendored, statically-linked OpenSSL. Upstream Grim got this from
arti's static feature; dropping arti for Nym took it with it, which broke
Android/cross builds (no system OpenSSL for the target) and left desktop
dynamically linked to libssl. Inert on Windows/macOS (SChannel/Security.fw).
- android.sh bundles the sidecar into jniLibs per ABI; scripts/nym-android.sh
cross-builds it. Onboarding copy: Tor -> the Nym mixnet.
Verified end to end on an x86_64 emulator: the sidecar extracts, launches,
initialises, and opens the mixnet SOCKS5 proxy on 127.0.0.1:1080.
- Build Linux x86 on separate runner (fix Appimage on x86 platform)
- Use Cargo Nexus registry
- Build at single file
- Fix previous release check for tag
Reviewed-on: https://code.gri.mw/GUI/grim/pulls/38