Skip to content

Latest commit

 

History

History
499 lines (371 loc) · 16.6 KB

CHANGELOG.md

File metadata and controls

499 lines (371 loc) · 16.6 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.13.1 (2024-01-18)

Added

  • CanonicalVoteExtension signature support (#837)

0.13.0 (2023-10-23)

Added

  • Support for secp256k1 consensus keys (#644, #790)

Changed

  • Bump tendermint-rs dependencies to v0.34; MSRV 1.72 (#778)
    • cosmrs v0.15
    • ed25519 v2
    • ed25519-dalek => ed25519-consensus v2
    • elliptic-curve v0.13
    • k256 v0.13
    • prost v0.12
    • prost-derive v0.12
    • rpassword v7
    • signature v2
    • tendermint v0.34
    • tendermint-config v0.34
    • tendermint-proto v0.34
    • tendermint-p2p v0.34
    • yubihsm v0.42
  • Rename tmkms ledger initialize to tmkms ledger init (#787)
  • Use -H for tmkms ledger init height parameter (#789)

Fixed

  • Use correct signing capabilities for YubiHSM account keygen (#725)
  • yubihsm udev rules GROUP (#728)
  • Support RPC messages up to 256kB (#792)

Removed

  • tx-signer feature (#764)
  • Amino encoding support (#775)

0.12.2 (2022-08-08)

Changed

  • Bump cosmrs to v0.9 (#591)
  • Bump tendermint to v0.23.9 (#591)

0.12.1 (2022-08-03)

Changed

  • MSRV 1.57 (#557)
  • Updated dependencies (#577)
    • cosmrs v0.8
    • elliptic-curve v0.12
    • hkd32 v0.7
    • hkdf v0.12
    • k256 v0.11
    • sdkms v0.5
    • sha2 v0.10
    • signtature v1.5
    • stdtx v0.7
    • tendermint-* v0.23.8
    • uuid v1
    • yubihsm v0.41

0.12.0 (2022-05-24)

Added

  • Fortanix DSM signer (#469)
  • version command (#487)

Changed

  • Bump cosmrs to v0.7 (#537)
  • Bump prost to v0.10 (#523, #537)
  • Bump tendermint-rs crates to v0.23.7 (#537)

0.11.0 (2022-02-11)

Added

  • Sentinel config (#351)
  • Osmosis config (#370)
  • Persistence config (#373)
  • New key_format type: cosmos-json (#407)

Changed

  • Rust 2021 edition upgrade (#465)
  • Dependency updates:
    • abscissa framework v0.6 upgrade: includes new clap v3 argument parser (#478)
    • k256 to v0.10 (#457)
    • signature v1.3.2 (#417)
    • stdtx v0.6 (#457)
    • tendermint.rs v0.23.3 (#457)
    • yubishm.rs v0.40 (#457)

Fixed

  • Sporadic deadlocks when using the YubiHSM2 backend (#37)
  • tmkms keys import -t priv_validator (#350)

0.10.1 (2021-04-22)

Changed

  • Bump tendermint-rs crates to v0.19 (#327)

0.10.0 (2021-02-16)

This release is compatible with tendermint v0.34 or older.

It includes initial support for "Stargate", an upgrade to Cosmos Hub which will enable IBC. It also retains backwards compatibility for all older versions of Tendermint via the [validator.protocol_version] setting in tmkms.toml.

For Stargate, configure this value to:

[[validator]]
chain_id = "cosmoshub-4"
protocol_version = "v0.34"
state_file = "/path/to/cosmoshub-4-state.json"

Also make sure to update the state_file with a new filename (e.g. cosmoshub-4-state.json) and retain the old state file for cosmoshub-3. You'll need the old state file if a chain rollback is required!

Added

  • Tendermint v0.34 signing compatibility (#211)

Changed

  • rpc: add support for protobuf-encoded messages (#201)
  • tx-signer: retry failed transactions up to 3 times (#213)
  • Use consensus::State serializers from tendermint-rs (#232)
  • Use tendermint-p2p crate for secret connection (#234, #290)
  • Bump stdtx to v0.4 (#249)
  • Bump tendermint-rs to v0.18 (#290)
  • Bump tokio to v1.0 (#290)
  • Bump yubihsm crate dependency to v0.38 (#289)
  • MSRV 1.46+ (#249)

0.9.0 (2020-10-22)

This release is compatible with tendermint v0.33 or older.

It's primarily a maintenance release containing dependency upgrades as well as a small number of breaking changes.

While it contains preliminary work to support newer versions (e.g. Stargate), this work is in a partial/incomplete state and it is NOT yet compatible. We intend to have full Stargate (Tendermint v0.34) support in the next release (v0.10).

Notable breaking changes:

  • The ledgertm cargo feature has been renamed to ledger
  • The protocol_version field of [[validator]] is now mandatory. Please set it to legacy if it was omitted before.
  • The JSONRPC format used by tx-signer has changed. Please see README.txsigner.md.

Added

  • HTTPS support (#188)
  • tx-signer: JSONRPC request params (#170)

Changed

  • Rename ledgertm Cargo feature to ledger (#186)
  • Vendor the signatory-ledger-tm crate into the tmkms app (#186)
  • Bump dependencies (#104, #115, #121, #122, #183, #184
  • tx-signer: logging improvements (#146, #152, #154, #167, #177)
  • tx-signer: use broadcast_tx_commit instead of broadcast_tx_sync (#165)
  • tx-signer: include signer's public key in transaction (#148)

Fixed

  • tx-signer: error and sequence number handling (#181, #178, #168)
  • Bogus secret connection identity key handling - non-security-critical bug (#164)

0.8.0 (2020-07-02)

This release adds initial support for tendermint v0.33.

Added

  • yubihsm: show labels when listing keys (#102)
  • yubihsm: add account key support to yubihsm keys generate (#101)
  • Transaction Signer (tx-signer) documentation (#98)
  • tmkms init subcommand (#89)
  • Initial ECDSA support (#76, #86)
  • Transaction signer (#78)
  • Support both the Tendermint legacy and v0.33 secret connection handshake (#58)

Changed

  • Minimum Supported Rust Version: 1.41.0
  • Bump prost-amino to v0.6 (#92)
  • Replace atomicwrites dependency with tempfile (#62)
  • Refactor locking; add more debug locking (#60)

0.7.3 (2020-05-12)

  • Bump tendermint crate to v0.13 (#36)
  • Bump signatory to v0.19 (#36)
  • Bump yubihsm crate to v0.33 (#36)

0.7.2 (2020-03-03)

  • Upgrade hkdf to v0.8 (#13)
  • Move repository to iqlusioninc/tmkms (#10)
  • Upgrade yubihsm to v0.32 (#6)

0.7.1 (2020-01-23)

  • Remove explicit dependency on the log crate
  • Remove byteorder dependency
  • Replace tiny-bip39 with the equivalent hkd32 functionality
  • Replace lazy_static with once_cell
  • Update rpassword requirement from 3.0 to 4.0
  • Upgrade x25519-dalek to v0.6; remove rand_os
  • Remove failure
  • Update to tendermint-rs 0.12.0-rc0; prost-amino v0.5; signatory v0.18

0.7.0 (2019-12-16)

  • Upgrade to abscissa v0.5
  • Validate chains are registered on startup
  • Use an initial height of 0 in default chain state
  • Upgrade tendermint-rs to v0.11
  • Upgrade to signatory v0.16; yubihsm v0.29.0
  • Use the chacha20poly1305 crate for Secret Connection
  • Vendor Secret Connection impl back from tendermint-rs
  • Add timeout to TCP socket
  • Double signing detection and logging improvements
  • Log signing message type during attempted double sign events

0.6.3 (2019-08-07)

  • Detect and don't attempt to recover from PoisonError

0.6.2 (2019-08-07)

  • chain/state: Avoid panicking in update_consensus_state

0.6.1 (2019-08-06)

  • abscissa crate v0.3
  • Refactor Session to remove code duplication
  • Remove signal handlers
  • Double signing - allow some block ID switches
  • Consider signed <nil> votes to be double signs

0.6.0 (2019-07-30)

This release is tested against tendermint v0.31 and known to be compatible with tendermint v0.32.

Upgrade Notes

state_file syntax changes

The validator state files use an incompatible syntax from Tendermint KMS v0.5. It has been changed to match the conventions used by the rest of Tendermint, where integer values are stored in strings rather than JSON integers.

When upgrading, you will need to either delete existing state files (they will be recreated automatically), or ensure the integer height and round fields contained within these files are quoted in strings, e.g. {"height":"123456","round":"0",...}.

Unknown fields now disallowed in tmkms.toml

The previous parser for tmkms.toml ignored unknown attributes in the config file. This means it would often ignore syntax errors, spelling mistakes, or attributes in the wrong location when parsing files.

This has been changed to explicitly reject such fields, however please be aware if your config file contained invalid syntax, it will now be rejected by the parser and the KMS will no longer boot.

We suggest validating the configuration in a staging or other noncritical deployment of the KMS in order to ensure your configuration does not contain accidental misconfigurations which were previously uncaught.

YubiHSM improvements

This release contains many improvements for users of the yubihsm backend:

  • New yubihsm-server feature: this release includes support for the KMS exposing an HTTP service which is compatible with Yubico's yubihsm-connector service. This allows for concurrently administering a YubiHSM2 while the KMS is running, either through tmkms yubihsm (see additional notes below) or via Yubico's yubihsm-shell.
  • Loopback support for tmkms yubihsm: the CLI functionality in the KMS for administering YubiHSMs can now be configured to connect to the KMS's own yubihsm-server. Additionally it can also be configured to use a different authentication key, and to prompt for a password as opposed to using one in the configuration file.

For more information on these changes, please see the "yubihsm-server feature" section in the Tendermint KMS YubiHSM docs:

https://github.com/iqlusioninc/tmkms/blob/main/README.yubihsm.md

Detailed Changes

  • tendermint crate v0.10.0
  • Double signing logging improvements
  • Log tendermint::consensus::State height/round/step
  • yubihsm keys import: base64 support
  • yubihsm: Support for reading password from a file
  • softsign: Fix private key decoding + import command
  • softsign: Add subcommand; move keygen under it
  • yubihsm setup: use hkd32 crate to derive key hierarchy
  • yubihsm setup: Collect 256-bits entropy from both RNGs
  • abscissa crate v0.2
  • Log durations for each signing operation
  • Add serde(deny_unknown_fields) to all config structs
  • tmkms yubihsm keys list: Use chain-specific formatters
  • yubihsm-server: Allow CLI commands to use loopback connection
  • yubihsm-server: Optional yubihsm-connector compatibility
  • Send RemoteSignerError response to validator on double sign
  • Logging improvements
  • yubihsm: Mark imported priv_validator.json keys as re-exportable
  • ledger: Add init commands
  • Add max_height support for stopping chains at specific heights
  • Chain-specific keyrings / multitenancy
  • ledger: Use ledger-tendermint backend

0.5.0 (2019-03-13)

  • tendermint crate v0.5.0
  • Optional peer ID verification
  • Bump subtle-encoding dependency to v0.3.3
  • Allow setting config path via TMKMS_CONFIG_FILE env var
  • yubihsm: Add back HTTP connector support
  • Initial Tendermint [chain] registry in tmkms.toml
  • Disable 'softsign' backend by default
  • State tracking for double sign protection (thanks [@zmanian]!)

0.4.0 (2019-03-05)

  • tendermint crate v0.3.0
  • yubihsm: Support for exporting/importing wrapped (encrypted) keys
  • yubihsm setup
  • Ledger integration

0.3.0 (2019-01-23)

  • Add ability to terminate on SIGTERM or SIGINT
  • Remove PoisonPillMsg

0.2.4 (2019-01-18)

  • Refactor client/tests to always dial out to tendermint/gaiad
  • Migrate to rust 2018 edition

0.2.3 (2018-12-08)

  • Lower reconnect delay to 1s

0.2.2 (2018-12-03)

  • Allow empty BlockIds in validation method

0.2.1 (2018-11-27)

  • Encode node (and softwign) private keys as Base64
  • Add integration tests for yubihsm subcommands
  • Fix tmkms yubihsm keys import command

0.2.0 (2018-11-20)

  • Add tmkms yubihsm keys import command
  • Simplify tmkms.toml syntax
  • Minor clarifications/fixes

0.1.0 (2018-11-13)

  • Initial validator signing support
  • Extract tendermint crate as a reusable Rust library
  • Support for Bech32-formatted Cosmos keys/addresses
  • Validator signing via Unix domain socket IPC

0.0.1 (2018-10-16)

  • Initial "preview" release