Skip to content
This repository was archived by the owner on Jun 30, 2025. It is now read-only.

feat: Generate + store station_id keypair and pass to Zinnia via env var#406

Closed
PatrickNercessian wants to merge 16 commits intoCheckerNetwork:mainfrom
PatrickNercessian:station_id
Closed

feat: Generate + store station_id keypair and pass to Zinnia via env var#406
PatrickNercessian wants to merge 16 commits intoCheckerNetwork:mainfrom
PatrickNercessian:station_id

Conversation

@PatrickNercessian
Copy link
Copy Markdown
Contributor

@PatrickNercessian PatrickNercessian commented Apr 12, 2024
edited
Loading

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 12, 2024
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/keytar@7.9.0 Transitive: environment, filesystem, network, shell +38 1.25 MB shiftkey

View full report↗︎

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 12, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/keytar@7.9.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@juliangruber juliangruber marked this pull request as draft April 15, 2024 07:08
juliangruber
juliangruber reviewed Apr 15, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@juliangruber juliangruber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work so far, @PatrickNercessian! 👏

Comment thread lib/cryptoOperations.js Outdated
Comment thread commands/station.js Outdated
@PatrickNercessian PatrickNercessian changed the title Generate and store station_id Ed25119 keypair and pass to Zinnia via … Generate and store station_id keypair and pass to Zinnia via env var Apr 15, 2024
@PatrickNercessian PatrickNercessian changed the title Generate and store station_id keypair and pass to Zinnia via env var Feat: Generate + store station_id keypair and pass to Zinnia via env var Apr 15, 2024
bajtos
bajtos reviewed Apr 17, 2024
View reviewed changes
Comment thread commands/station.js Outdated
@PatrickNercessian PatrickNercessian marked this pull request as ready for review April 17, 2024 22:26
@bajtos bajtos mentioned this pull request Apr 18, 2024
Merged
@bajtos
Copy link
Copy Markdown
Member

bajtos commented Apr 18, 2024

@PatrickNercessian would you mind adding Station ID to the ping telemetry points?

https://github.com/filecoin-station/core/blob/f8fd023d90715202ef5d23d253776b8036ee6456/lib/telemetry.js#L52-L56

Proposed change in commands/station.js

-  startPingLoop().unref()
+  startPingLoop({ STATION_ID }).unref()

juliangruber
juliangruber reviewed Apr 18, 2024
View reviewed changes
Comment thread commands/station.js
@bajtos bajtos mentioned this pull request Apr 18, 2024
Merged
bajtos
bajtos approved these changes Apr 22, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@bajtos bajtos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏻

@juliangruber: Could you please check the new keytar interaction when both Desktop and Core read from the keychain at startup?

@juliangruber
Copy link
Copy Markdown
Member

juliangruber commented Apr 22, 2024

Tested and works 👍

@PatrickNercessian PatrickNercessian mentioned this pull request Apr 22, 2024
Closed
@bajtos
Copy link
Copy Markdown
Member

bajtos commented Apr 22, 2024

@SocketSecurity ignore npm/keytar@7.9.0

@juliangruber juliangruber enabled auto-merge (squash) April 22, 2024 14:22
@bajtos

This comment was marked as resolved.

Sign in to view
bajtos added 2 commits April 22, 2024 16:34
@bajtos
deps: fix package-lock.json
8ac0b34 
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
@bajtos
Merge branch 'main' into station_id
bb90265
bajtos added 3 commits April 22, 2024 16:36
@bajtos
Merge branch 'main' into station_id
51ea303
@bajtos
fix: import of webcrypto.subtle in Node.js 18.x
58d2457 
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
@bajtos
fix: typings for retval of subtle.generateKey()
9c88ea2 
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
@bajtos
Copy link
Copy Markdown
Member

bajtos commented Apr 22, 2024

The builds are failing on Linux now.

[Error: The name org.freedesktop.secrets was not provided by any .service files]

node:internal/modules/cjs/loader:1465
  return process.dlopen(module, path.toNamespacedPath(filename));
                 ^

Error: libsecret-1.so.0: cannot open shared object file: No such file or directory
    at Module._extensions..node (node:internal/modules/cjs/loader:1465:18)
    at Module.load (node:internal/modules/cjs/loader:1206:32)
    at Module._load (node:internal/modules/cjs/loader:1022:12)
    at Module.require (node:internal/modules/cjs/loader:1231:19)
    at require (node:internal/modules/helpers:179:18)
    at Object.<anonymous> (/usr/src/app/node_modules/keytar/lib/keytar.js:1:14)
    at Module._compile (node:internal/modules/cjs/loader:1369:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1427:10)
    at Module.load (node:internal/modules/cjs/loader:1206:32)
    at Module._load (node:internal/modules/cjs/loader:1022:12) {
  code: 'ERR_DLOPEN_FAILED'
}

@bajtos
ci: setup libsecret on Ubuntu
0fe59a9 
Signed-off-by: Miroslav Bajtoš <oss@bajtos.net>
@bajtos bajtos disabled auto-merge April 22, 2024 15:12
@bajtos bajtos changed the title Feat: Generate + store station_id keypair and pass to Zinnia via env var feat: Generate + store station_id keypair and pass to Zinnia via env var Apr 22, 2024
@bajtos
Copy link
Copy Markdown
Member

bajtos commented Apr 22, 2024

I added 0fe59a9 to install libsecret required by node-tar.

We are getting a different error now:

[Error: Object does not exist at path “/org/freedesktop/secrets/collection/login”]

@PatrickNercessian could you please look into this yourself?

Maybe we can copy the setup steps from keytar's CI, see the following two blocks:

That code is more than two years old; there may be easier options available by now. Feel free to use a different approach to fix this problem!

@juliangruber
Copy link
Copy Markdown
Member

juliangruber commented Apr 22, 2024

See PatrickNercessian#1

@bajtos bajtos mentioned this pull request Apr 23, 2024
Merged
@bajtos bajtos closed this in #424 Apr 25, 2024
@PatrickNercessian PatrickNercessian deleted the station_id branch April 30, 2024 15:14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@juliangruber juliangruber juliangruber left review comments

@bajtos bajtos bajtos approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@PatrickNercessian @bajtos @juliangruber