New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify param files that are downloaded via ipfs http gateway #2458
Comments
Just published I found on crates that there's a brand new implementation for CAR format in https://github.com/blocklessnetwork/rust-car will look into it too Such an interesting coincidence that both packages are back to back in the docs queue 🤣 (see items 5 and 6 in the build queue) |
@hanabi1224 What's the usage pattern of paramfetch crate?
|
only for the first run
23 files (as of writing)
1 file at ~293MB, 2 at ~2MB, others at <1MB |
Ok so it would be ok to buffer in memory? I assume the eventual memory required by the node after startup is more than ~500MB |
We need ~8GB memory in total so ~500MB is not a big deal. The largest file ( |
Re-opening. This caused hash mismatches that unfortunately passed the CI so I had to revert 2b5515d https://github.com/ChainSafe/forest/actions/runs/4374624518/jobs/7654288564
|
Rethinking about this issue, if you already have a hash to check the integrity of the file, the statement from the original is not true
As long as the hash is vetted by you and distributed in the binary you should be fine. Is that the case? |
@dapplion yeah, they are in the binary.
@hanabi1224 Could you please rephrase what you had in mind? Is the verification that we have in place now enough? |
@LesnyRumcajs @dapplion IMHO downloading from IPFS in trustless mode is in general a more robust and simple solution than doing verifications on our own, e.g. we might want to download state migration bundles from IPFS as well in the future. If the lib can be fixed in a way that the reconstructed file matches original file byte-to-byte, we could remove our own verification code, does that make sense? |
@LesnyRumcajs @dapplion I did some investigation and found that the issue only happens to very small files (<5KiB) when BufWriter is used, see https://github.com/ChainSafe/forest/pull/3244/files#diff-734f459e0440e878447df521e861ef2ae155d2ced12b3ac144bffd60cb3989d4R44 |
Hmm, it seems like an issue with the crate itself, right? |
Thanks for looking into this @hanabi1224 whenever I have bandwidth I can add tests for this usage pattern upstream. Can you confirm that now all config files big and small match the expected digest? |
Issue summary
Currently, a forest daemon fetches param files via ipfs http gateway without content verification, while IPFS http gateway now offers a trustless mode (SPEC) in which content is downloaded in
car
format so that a client can verify the integrity of the downloaded content.And here is a web demo.
Related forest code: https://github.com/ChainSafe/forest/blob/main/utils/paramfetch/src/lib.rs#L20
Other information and links
https://github.com/ipfs/specs/blob/main/http-gateways/TRUSTLESS_GATEWAY.md
https://github.com/2color/verified-ipfs-retrieval
The text was updated successfully, but these errors were encountered: