From 769914472ad5f7ef7bc435d16a904e5b0a4b8fd7 Mon Sep 17 00:00:00 2001 From: Josh Wilson Date: Sat, 1 Jun 2024 10:45:33 +0900 Subject: [PATCH] feat(keys): enable compile or runtime override of keys --- README.md | 10 ++++-- sn_transfers/src/genesis.rs | 25 +++++++------ sn_transfers/src/lib.rs | 71 ++++++++++++++++++++++++++++++++----- 3 files changed, 82 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index c5b592599a..7ac8663b68 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,13 @@ Libp2p.
### For Developers +At build time the following env vars can be set to override default keys (** and must be set during the release process to override the default keys**. Github Secrets can be used to set these values for the release process): + +`FOUNDATION_PK` - The foundation public key to use for the initial disbursement to the foundation. +`GENESIS_PK` - The genesis spend public key to use for genesis verification. +`GENESIS_SK` - If building the faucet for the genesis spend, this is the secret key to use for genesis verification. This should be kept secret. +`NETWORK_ROYALTIES_PK` - The foundation public key to use for receiving network royalties. + - [Client](https://github.com/maidsafe/safe_network/blob/main/sn_client/README.md) The client APIs allowing use of the SafeNetwork to users and developers. - [Registers](https://github.com/maidsafe/safe_network/blob/main/sn_registers/README.md) The CRDT @@ -513,8 +520,7 @@ metrics. ## Contributing -Feel free to clone and modify this project. Pull requests are welcome.
You can also visit * -*[The MaidSafe Forum](https://safenetforum.org/)** for discussion or if you would like to join our +Feel free to clone and modify this project. Pull requests are welcome.
You can also visit \* \*[The MaidSafe Forum](https://safenetforum.org/)\*\* for discussion or if you would like to join our online community. ### Pull Request Process diff --git a/sn_transfers/src/genesis.rs b/sn_transfers/src/genesis.rs index eb46cc4967..401e368baf 100644 --- a/sn_transfers/src/genesis.rs +++ b/sn_transfers/src/genesis.rs @@ -64,25 +64,24 @@ pub enum Error { } lazy_static! { - /// This key is public for auditing purposes. - /// The hard coded value is for testing purposes, - /// In production a hard-coded PK should be set at build time. - /// This allows all nodes to validate it. - /// The env set value is only used for testing purpose. pub static ref GENESIS_PK: MainPubkey = { - let pk_str = if let Ok(pk_str) = std::env::var("GENESIS_PK") { - pk_str - } - else { + let compile_time_key = option_env!("GENESIS_PK").unwrap_or(DEFAULT_LIVE_GENESIS_PK); + let runtime_key = + std::env::var("GENESIS_PK").unwrap_or_else(|_| compile_time_key.to_string()); + + if runtime_key == DEFAULT_LIVE_GENESIS_PK { warn!("USING DEFAULT GENESIS SK (9934c2) FOR TESTING PURPOSES! EXPECTING PAIRED SK (23746b) TO BE USED!"); - DEFAULT_LIVE_GENESIS_PK.to_string() - }; + } else if runtime_key == compile_time_key { + warn!("Using compile-time GENESIS_PK: {}", compile_time_key); + } else { + warn!("Overridden by runtime GENESIS_PK: {}", runtime_key); + } - match MainPubkey::from_hex(pk_str) { + match MainPubkey::from_hex(&runtime_key) { Ok(pk) => { info!("Genesis PK: {pk:?}"); pk - }, + } Err(err) => panic!("Failed to parse genesis PK: {err:?}"), } }; diff --git a/sn_transfers/src/lib.rs b/sn_transfers/src/lib.rs index 1603cf1c08..2224b0e1c4 100644 --- a/sn_transfers/src/lib.rs +++ b/sn_transfers/src/lib.rs @@ -42,35 +42,88 @@ use lazy_static::lazy_static; /// The following PKs shall be updated to match its correspondent SKs before the formal release /// /// Foundation wallet public key (used to receive initial disbursment from the genesis wallet) -const FOUNDATION_PK_STR: &str = "8f73b97377f30bed96df1c92daf9f21b4a82c862615439fab8095e68860a5d0dff9f97dba5aef503a26c065e5cb3c7ca"; // DevSkim: ignore DS173237 +const DEFAULT_FOUNDATION_PK_STR: &str = "8f73b97377f30bed96df1c92daf9f21b4a82c862615439fab8095e68860a5d0dff9f97dba5aef503a26c065e5cb3c7ca"; // DevSkim: ignore DS173237 /// Public key where network royalties payments are expected to be made to. -const NETWORK_ROYALTIES_STR: &str = "b4243ec9ceaec374ef992684cd911b209758c5de53d1e406b395bc37ebc8ce50e68755ea6d32da480ae927e1af4ddadb"; // DevSkim: ignore DS173237 +const DEFAULT_NETWORK_ROYALTIES_STR: &str = "b4243ec9ceaec374ef992684cd911b209758c5de53d1e406b395bc37ebc8ce50e68755ea6d32da480ae927e1af4ddadb"; // DevSkim: ignore DS173237 /// Public key where payment forward to be targeted. -const PAYMENT_FORWARD_STR: &str = "a585839f0502713a0ed6a327f3bd0c301f9e8fe298c93dd00ed7869d8e6804244f0d3014e90df45cd344a7ccd702865c"; // DevSkim: ignore DS173237 +const DEFAULT_PAYMENT_FORWARD_STR: &str = "a585839f0502713a0ed6a327f3bd0c301f9e8fe298c93dd00ed7869d8e6804244f0d3014e90df45cd344a7ccd702865c"; // DevSkim: ignore DS173237 lazy_static! { pub static ref FOUNDATION_PK: MainPubkey = { - match MainPubkey::from_hex(FOUNDATION_PK_STR) { + let compile_time_key = option_env!("FOUNDATION_PK").unwrap_or(DEFAULT_FOUNDATION_PK_STR); + let runtime_key = + std::env::var("FOUNDATION_PK").unwrap_or_else(|_| compile_time_key.to_string()); + + if runtime_key == DEFAULT_FOUNDATION_PK_STR { + warn!("Using default FOUNDATION_PK: {}", DEFAULT_FOUNDATION_PK_STR); + } else if runtime_key == compile_time_key { + warn!("Using compile-time FOUNDATION_PK: {}", compile_time_key); + } else { + warn!("Overridden by runtime FOUNDATION_PK: {}", runtime_key); + } + + match MainPubkey::from_hex(&runtime_key) { Ok(pk) => pk, - Err(err) => panic!("Failed to parse hard-coded foundation PK: {err:?}"), + Err(err) => panic!("Failed to parse foundation PK: {err:?}"), } }; } lazy_static! { pub static ref NETWORK_ROYALTIES_PK: MainPubkey = { - match MainPubkey::from_hex(NETWORK_ROYALTIES_STR) { + let compile_time_key = + option_env!("NETWORK_ROYALTIES_PK").unwrap_or(DEFAULT_NETWORK_ROYALTIES_STR); + let runtime_key = + std::env::var("NETWORK_ROYALTIES_PK").unwrap_or_else(|_| compile_time_key.to_string()); + + if runtime_key == DEFAULT_NETWORK_ROYALTIES_STR { + warn!( + "Using default NETWORK_ROYALTIES_PK: {}", + DEFAULT_NETWORK_ROYALTIES_STR + ); + } else if runtime_key == compile_time_key { + warn!( + "Using compile-time NETWORK_ROYALTIES_PK: {}", + compile_time_key + ); + } else { + warn!( + "Overridden by runtime NETWORK_ROYALTIES_PK: {}", + runtime_key + ); + } + + match MainPubkey::from_hex(&runtime_key) { Ok(pk) => pk, - Err(err) => panic!("Failed to parse hard-coded network royalty PK: {err:?}"), + Err(err) => panic!("Failed to parse network royalties PK: {err:?}"), } }; } lazy_static! { pub static ref PAYMENT_FORWARD_PK: MainPubkey = { - match MainPubkey::from_hex(PAYMENT_FORWARD_STR) { + let compile_time_key = + option_env!("PAYMENT_FORWARD_PK").unwrap_or(DEFAULT_PAYMENT_FORWARD_STR); + let runtime_key = + std::env::var("PAYMENT_FORWARD_PK").unwrap_or_else(|_| compile_time_key.to_string()); + + if runtime_key == DEFAULT_PAYMENT_FORWARD_STR { + warn!( + "Using default PAYMENT_FORWARD_PK: {}", + DEFAULT_PAYMENT_FORWARD_STR + ); + } else if runtime_key == compile_time_key { + warn!( + "Using compile-time PAYMENT_FORWARD_PK: {}", + compile_time_key + ); + } else { + warn!("Overridden by runtime PAYMENT_FORWARD_PK: {}", runtime_key); + } + + match MainPubkey::from_hex(&runtime_key) { Ok(pk) => pk, - Err(err) => panic!("Failed to parse hard-coded payment forward PK: {err:?}"), + Err(err) => panic!("Failed to parse payment forward PK: {err:?}"), } }; }