cerc-io/laconicd-deprecated
19
0
Fork 1
Code Issues 21 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Merge branch 'main' of github.com:cerc-io/laconicd into murali/record-attributes

Browse Source
This commit is contained in:
0xmuralik 2023-02-27 13:39:04 +05:30
commit 6025fadc71
15 changed files with 390 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/docker-image.yml vendored
View File

@ -1,4 +1,4 @@
name: Publish onn release
name: Publish on release
on:
release:
types: [published]

49
.github/workflows/test.yml vendored
View File

@ -36,7 +36,7 @@ jobs:
- uses: codecov/codecov-action@v3
with:
file: ./coverage.txt
fail_ci_if_error: true
fail_ci_if_error: false
if: env.GIT_DIFF
test-importer:
@ -81,6 +81,53 @@ jobs:
make test-rpc
if: env.GIT_DIFF
sdk_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Checkout laconic-sdk
uses: actions/checkout@v3
with:
path: "./laconic-sdk/"
repository: cerc-io/laconic-sdk
fetch-depth: 0
ref: jest_timeout
- name: Environment
run: ls -tlh && env
- name: build containers scripts
working-directory: tests/sdk_tests
run: ./build-laconicd-container.sh && ./build-sdk-test-container.sh
- name: start containers
working-directory: tests/sdk_tests
run: docker compose up -d
- name: run-tests.sh
working-directory: tests/sdk_tests
run: ./run-tests.sh
- name: reset containers for auction tests
working-directory: tests/sdk_tests
if: always()
run: docker compose down
- name: start auction containers
working-directory: tests/sdk_tests
run: docker compose -f docker-compose-auctions.yml up -d
- name: run-acution-tests.sh
working-directory: tests/sdk_tests
run: ./run-auction-tests.sh
- name: reset containers for nameservice tests
working-directory: tests/sdk_tests
if: always()
run: docker compose -f docker-compose-auctions.yml down
- name: start auction containers
working-directory: tests/sdk_tests
run: docker compose -f docker-compose-nameservice.yml up -d
- name: run-nameservice-expiry-tests.sh
working-directory: tests/sdk_tests
run: ./run-nameservice-expiry-tests.sh
- name: reset containers for nameservice tests
working-directory: tests/sdk_tests
if: always()
run: docker compose -f docker-compose-nameservice.yml down
# integration_tests:
# runs-on: ubuntu-latest
# steps:

1
.gitignore vendored
View File

@ -50,6 +50,7 @@ coverage.txt
sim_log_file
tests/**/tmp/*
yarn.lock
x/auction/client/testutil/bidder-bafyre*
# Vagrant
.vagrant/

2
Dockerfile
View File

@ -20,7 +20,7 @@ RUN make build
FROM alpine:3.17.0
# Install ca-certificates
RUN apk add --update ca-certificates jq
RUN apk add --update ca-certificates jq curl
WORKDIR /
# Copy over binaries from the build-env

8
README.md
View File

@ -15,6 +15,14 @@ The Source of Proof. Laconic is a next generation data availability & verifiabil
make install
```
## Usage
To quickly get started with a single node fixture, run:
```bash
./init.sh
```
## Community
The following chat channels and forums are a great spot to ask questions about Ethermint:

62
SECURITY.md
View File

@ -1,62 +0,0 @@
# Security
As part of our vulnerability disclosure policy, we operate a security vulnerability program through [Immunefi](https://immunefi.com/). This document serves as a complementary guideline for reporting vulnerabilities and how the disclosure process is managed. Please refer to the official Evmos [bug bounty program](https://immunefi.com/bounty/evmos/) for up-to-date information.
## Guidelines
We require that all researchers:
- Use the Evmos [bug bounty program](https://immunefi.com/bounty/evmos/) on Immunefi to disclose all vulnerabilities, and avoid posting vulnerability information in public places, including GitHub, Discord, Telegram, Twitter or other non-private channels.
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data.
- Keep any information about vulnerabilities that youve discovered confidential between yourself and the engineering team until the issue has been resolved and disclosed
- Avoid posting personally identifiable information, privately or publicly
If you follow these guidelines when reporting an issue to us, we commit to:
- Not pursue or support any legal action related to your research on this vulnerability
- Work with you to understand, resolve and ultimately disclose the issue in a timely fashion
## Disclosure Process
Evmos uses the following disclosure process:
1. Once a security report is received via the Immunefi Bug Bounty program, the team works to verify the issue and confirm its severity level using [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) or [Immunefis Vulnerability Severity Classification System v2.2](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-2/).
1. Two people from the affected project will review, replicate and acknowledge the report within 48-96 hours of the alert according to the table below:
| Security Level | Hours to First Response (ACK) from Escalation |
| -------------------- | --------------------------------------------- |
| Critical | 48 |
| High | 96 |
| Medium | 96 |
| Low or Informational | 96 |
| None | 96 |
2. If the report is not applicable or reproducible, the Security Lead (or Security Secondary) will revert to the reporter to request more info or close the report.
3. The report is confirmed by the Security Lead to the reporter.
2. The team determines the vulnerabilitys potential impact on Evmos.
1. Vulnerabilities with `Informational` and `Low` categorization will result in creating a public issue.
2. Vulnerabilities with `Medium` categorization will result in the creation of an internal ticket and patch of the code.
3. Vulnerabilities with `High` or `Critical` will result in the [creation of a new Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/creating-a-repository-security-advisory)
Once the vulnerability severity is defined, the following steps apply:
- For `High` and `Critical`:
1. Patches are prepared for supported releases of Evmos in a [temporary private fork](https://docs.github.com/en/code-security/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability) of the repository.
2. Only relevant parties will be notified about an upcoming upgrade. These being validators, the core developer team, and users directly affected by the vulnerability.
3. 24 hours following this notification, relevant releases with the patch will be made public.
4. The nodes and validators update their Evmos and Ethermint dependencies to use these releases.
5. A week (or less) after the security vulnerability has been patched on Evmos, we will disclose that the mentioned release contained a security fix.
6. After an additional 2 weeks, we will publish a public announcement of the vulnerability. We also publish a security Advisory on GitHub and publish a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)
- For `Informational` , `Low` and `Medium` severities:
1. `Medium` and `Low` severity bug reports are included in a public issue and will be incorporated in the current sprint and patched in the next release. `Informational` reports are additionally categorized as with low or medium priority and might not be included in the next release.
2. One week after the releases go out, we will publish a post with further details on the vulnerability as well as our response to it.
This process can take some time. Every effort will be made to handle the bug in as timely a manner as possible, however, it's important that we follow the process described above to ensure that disclosures are handled consistently and to keep Ethermint and its downstream dependent projects, including but not limited to Evmos, as secure as possible.
### Payment Process
The payment process will be executed according to Evmoss Immunefi Bug Bounty program Rules.
### Contact
The Evmos Security Team is constantly being monitored. If you need to reach out to the team directly, please reach out via email: [security@evmos.org](mailto:security@evmos.org)

178
testnet/validator upgrade 0.6.0 - 0.7.0.md Normal file
View File

@ -0,0 +1,178 @@
# Validator Upgrade Guide for laconic_81337-5 Testnet v0.6.0 -> v0.7.0
This guide assumes you have followed the instructions to crete a systemd service or docker container validator node v0.6.0 and you perform the upgrade on a machine running v0.6.0
It is highly recommended to make the backup of your datadir after you stop v0.6.0 and before you start v0.7.0. Unless you changed your datadir, it should be located in `~/.laconicd`
## Systemd service
Skip this section if you use docker
This is very similar to building v0.6.0. We keep v 0.6.0 running until v0.7.0 is built and only after the successful build we should replace 0.6.0 binary with v0.7.0. This is to avoid jailing your validator for long downtime.
The general upgrade plan is the following:
1. Install Go v1.19.5 (we used 1.18 for v0.6.0)
2. Remove old copy of the github repository and build directory
3. Download the latest laconicd repository and checkout v0.7.0
4. Build laconicd binary (but not install in this moment)
5. Stop laconicd systemd service
6. Install recently built new version of laconicd
7. Start laconicd service
>***You have ~10 minutes after step 5 to complete steps 6 and 7 before your validator is jailed for downtime. Getting jailed for downtime is not a disaster, however would require manual unjailing.***
### Install Go 1.19
```sh
# Update Ubuntu
sudo apt update
sudo apt upgrade -y
# Install required software packages
sudo apt install git curl build-essential make jq -y
# Remove any existing installation of `go`
sudo rm -rf /usr/local/go
# Install Go version 1.19.5
curl https://dl.google.com/go/go1.19.5.linux-amd64.tar.gz | sudo tar -C/usr/local -zxvf -
```
Check the version of go installed
```sh
go version
# Should return something like: go version go1.19.5 linux/amd64
```
---
### Remove old copy of `laconicd` build
>Attention should be paid that the directory mentioned below is `~/laconicd` and NOT `~/.laconicd`. The latter is the data directory containing all your node data and configuration and it must be kept during the upgrade.
```sh
# Remove the previous build directory
cd ~
rm -rf laconicd
```
---
### Download `laconicd` repository
```sh
git clone https://github.com/cerc-io/laconicd.git
cd laconicd
# Checkout 0.7.0 branch
git fetch --all
git checkout v0.7.0
```
---
### Build the new version of `laconicd`
```sh
# Build laconic (but not install at this moment)
make VERSION=v0.7.0 build
```
---
### Stop `laconicd` systemd service
```sh
sudo systemctl stop laconicd
```
>***Make sure the service is stopped***
```sh
sudo systemctl status laconicd
```
---
### Install new `laconicd` version
```sh
make VERSION=v0.7.0 install
```
Verify your installation
```sh
laconicd version
```
This should return `0.7.0`
---
### Start `laconicd` systemd service
```sh
sudo systemctl start laconicd
```
Verify that the node joined the network and produces new blocks
```sh
journalctl -f -u laconicd
```
---
## Docker container
Upgrade plan:
1. Stop running v0.6.0 container
2. Delete v0.6.0 container
3. Create v0.7.0 container
4. Start v0.7.0 container
>***You have ~10 minutes to complete the upgrade procedure before your validator is jailed for downtime. Getting jailed for downtime is not a disaster, however would require manual unjailing.***
### Stop running v0.6.0 container
```sh
docker stop laconic-testnet-5
```
---
### Delete v0.6.0 container
```sh
docker rm laconic-testnet-5
```
---
### Create v0.7.0 container
```sh
docker create --name laconic-testnet-5 \
--restart always \
-v ~/.laconicd:/root/.laconicd \
-p 26656:26656 \
-p 127.0.0.1:26657:26657 \
-p 127.0.0.1:26660:26660 \
git.vdb.to/cerc-io/laconicd/laconicd:v0.7.0 \
laconicd start --gql-playground --gql-server --log_level=warn
```
---
### Start v0.7.0 container
```sh
docker start laconic-testnet-5
```
Verify that the node joined the network and produces new blocks
```sh
docker logs -f laconic-testnet-5
```
---

31
tests/sdk_tests/docker-compose-auctions.yml Normal file
View File

@ -0,0 +1,31 @@
services:
laconicd:
restart: unless-stopped
image: cerc-io/laconicd:local-test
environment:
- TEST_AUCTION_ENABLED=true
command: ["sh", "/docker-entrypoint-scripts.d/create-fixturenet.sh"]
volumes:
- ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh
healthcheck:
test: ["CMD", "curl", "-v", "http://127.0.0.1:6060"]
interval: 1s
timeout: 5s
retries: 30
ports:
- "6060"
- "26657"
- "26656"
- "9473"
- "8545"
- "8546"
- "9090"
- "9091"
- "1317"
sdk-test-runner:
image: cerc-io/laconic-sdk-tester:local-test
depends_on:
laconicd:
condition: service_healthy
command: tail -F /dev/null

31
tests/sdk_tests/docker-compose-nameservice.yml Normal file
View File

@ -0,0 +1,31 @@
services:
laconicd:
restart: unless-stopped
image: cerc-io/laconicd:local-test
environment:
- TEST_REGISTRY_EXPIRY=true
command: ["sh", "/docker-entrypoint-scripts.d/create-fixturenet.sh"]
volumes:
- ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh
healthcheck:
test: ["CMD", "curl", "-v", "http://127.0.0.1:6060"]
interval: 1s
timeout: 5s
retries: 30
ports:
- "6060"
- "26657"
- "26656"
- "9473"
- "8545"
- "8546"
- "9090"
- "9091"
- "1317"
sdk-test-runner:
image: cerc-io/laconic-sdk-tester:local-test
depends_on:
laconicd:
condition: service_healthy
command: tail -F /dev/null

2
tests/sdk_tests/docker-compose.yml
View File

@ -6,7 +6,7 @@ services:
volumes:
- ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh
healthcheck:
test: ["CMD", "wget", "-nv", "-t1", "--spider", "http://localhost:6060"]
test: ["CMD", "curl", "-v", "http://127.0.0.1:6060"]
interval: 1s
timeout: 5s
retries: 30

16
tests/sdk_tests/run-auction-tests.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
if [ -n "$CERC_SCRIPT_DEBUG" ]; then
set -x
fi
# Get the key from laconicd
laconicd_key=$( docker compose exec laconicd echo y | docker compose exec laconicd laconicd keys export mykey --unarmored-hex --unsafe )
# Set parameters for the test suite
cosmos_chain_id=laconic_9000-1
laconicd_rest_endpoint=http://laconicd:1317
laconicd_gql_endpoint=http://laconicd:9473/api
# Run tests
docker network inspect sdk_tests_default
sleep 30s
docker logs sdk_tests-laconicd-1
docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:auctions"

16
tests/sdk_tests/run-nameservice-expiry-tests.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
if [ -n "$CERC_SCRIPT_DEBUG" ]; then
set -x
fi
# Get the key from laconicd
laconicd_key=$( docker compose exec laconicd echo y | docker compose exec laconicd laconicd keys export mykey --unarmored-hex --unsafe )
# Set parameters for the test suite
cosmos_chain_id=laconic_9000-1
laconicd_rest_endpoint=http://laconicd:1317
laconicd_gql_endpoint=http://laconicd:9473/api
# Run tests
docker network inspect sdk_tests_default
sleep 30s
docker logs sdk_tests-laconicd-1
docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:nameservice-expiry"

8
tests/sdk_tests/run-tests.sh
View File

@ -3,10 +3,16 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then
set -x
fi
# Get the key from laconicd
laconicd_key=$( docker compose exec laconicd echo y | laconicd keys export mykey --unarmored-hex --unsafe )
laconicd_key=$( docker compose exec laconicd echo y | docker compose exec laconicd laconicd keys export mykey --unarmored-hex --unsafe )
# Set parameters for the test suite
cosmos_chain_id=laconic_9000-1
laconicd_rest_endpoint=http://laconicd:1317
laconicd_gql_endpoint=http://laconicd:9473/api
# Run tests
docker network inspect sdk_tests_default
sleep 30s
docker logs laconicd
docker compose exec laconicd sh -c "curl http://127.0.0.1:9473/api"
docker compose exec laconicd sh -c "curl http://localhost:9473/api"
docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test"

31
utils/json.go
View File

@ -8,17 +8,16 @@ import (
"bytes"
"errors"
"github.com/ipld/go-ipld-prime/codec/dagcbor"
"github.com/ipld/go-ipld-prime/fluent"
"github.com/ipld/go-ipld-prime/linking"
cidlink "github.com/ipld/go-ipld-prime/linking/cid"
"github.com/ipld/go-ipld-prime/multicodec"
"github.com/ipld/go-ipld-prime/storage/memstore"
canonicalJson "github.com/gibson042/canonicaljson-go"
"github.com/ipfs/go-cid"
cbor "github.com/ipfs/go-ipld-cbor"
"github.com/ipld/go-ipld-prime/codec/dagcbor"
"github.com/ipld/go-ipld-prime/codec/dagjson"
"github.com/ipld/go-ipld-prime/linking"
cidlink "github.com/ipld/go-ipld-prime/linking/cid"
"github.com/ipld/go-ipld-prime/multicodec"
basicnode "github.com/ipld/go-ipld-prime/node/basic"
"github.com/ipld/go-ipld-prime/storage/memstore"
mh "github.com/multiformats/go-multihash"
)
@ -68,7 +67,17 @@ func GetAttributeAsString(obj map[string]interface{}, attr string) (string, erro
}
// CIDFromJSONBytesUsingIpldPrime returns CID (dagcbor) for json (as bytes).
// This is combination of samples for unmarshalling and linking
// see: https://pkg.go.dev/github.com/ipld/go-ipld-prime
func CIDFromJSONBytesUsingIpldPrime(content []byte) (string, error) {
np := basicnode.Prototype.Any // Pick a stle for the in-memory data.
nb := np.NewBuilder() // Create a builder.
err := dagjson.Decode(nb, bytes.NewReader(content)) // Hand the builder to decoding -- decoding will fill it in!
if err != nil {
return "", err
}
n := nb.Build() // Call 'Build' to get the resulting Node. (It's immutable!)
lsys := cidlink.DefaultLinkSystem()
// We want to store the serialized data somewhere.
@ -87,14 +96,6 @@ func CIDFromJSONBytesUsingIpldPrime(content []byte) (string, error) {
MhLength: 32, // sha2-256 hash has a 32-byte sum.
}}
// And we need some data to link to! Here's a quick piece of example data:
n, err := fluent.Build(basicnode.Prototype.Any, func(na fluent.NodeAssembler) {
na.AssignBytes(content)
})
if err != nil {
return "", err
}
// Now: time to apply the LinkSystem, and do the actual store operation!
lnk, err := lsys.Store(
linking.LinkContext{}, // The zero value is fine. Configure it it you want cancellability or other features.

35
utils/json_test.go Normal file
View File

@ -0,0 +1,35 @@
package utils
import (
"github.com/stretchr/testify/require"
"testing"
)
func TestAndValidateCIDGeneration(t *testing.T) {
testCases := []struct {
name string
content string
expected string
}{
// empty string and empty json blows up
// {
// "empty string", "", "bafyreiengp2sbi6ez34a2jctv34bwyjl7yoliteleaswgcwtqzrhmpyt2m",
// },
// {
// "empty json", "{}", "bafyreihpfkdvib5muloxlj5b3tgdwibjdcu3zdsuhyft33z7gtgnlzlkpm",
// },
{
"test record", "{\"build_artifact_cid\":\"QmP8jTG1m9GSDJLCbeWhVSVgEzCPPwXRdCRuJtQ5Tz9Kc9\",\"repo_registration_record_cid\":\"QmSnuWmxptJZdLJpKRarxBMS2Ju2oANVrgbr2xWbie9b2D\",\"tls_cert_cid\":\"QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR\",\"type\":\"WebsiteRegistrationRecord\",\"url\":\"https://cerc.io\",\"version\":\"0.0.1\"}",
"bafyreiek4hnoqmits66bjyxswapplweuoqe4en2ux6u772o4y3askpd3ny",
},
}
for _, tc := range testCases {
deprecatedAndCorrect, _ := CIDFromJSONBytes([]byte(tc.content))
newImpl, err := CIDFromJSONBytesUsingIpldPrime([]byte(tc.content))
require.NoError(t, err)
require.Equal(t, deprecatedAndCorrect, newImpl, tc.name)
require.Equal(t, tc.expected, newImpl)
}
}