Validate cluster definition and lock files #589

corverroos · 2022-05-23T11:17:07Z

Problem to be solved

The cluster definition and cluster lock files contain hashes and signatures. But we neither validate the hash nor the signature in charon dkg or charon run commands.

Proposed solution

In DKG and RUN:

Validate the cluster definition hash
Validate the cluster definition operator signatures

In RUN:

Validate the cluster lock hash
Validate the cluster lock aggregate signature

Add a --no-verify flag to both DKG and RUN to disable the validation for local testing.

The text was updated successfully, but these errors were encountered:

Adds `--no-verify` flags to `charon run` and `charon dkg`. Verify config otherwise. Note that `charon create cluster` requires `--no-verify` since it doesn't sign the generated lock file. category: feature ticket: #589

corverroos added the enhancement New feature or request label May 23, 2022

corverroos changed the title ~~Validator cluster definition and lock files~~ Validate cluster definition and lock files May 23, 2022

Battenfield added the Size: 2 label May 26, 2022

xenowits self-assigned this May 31, 2022

xenowits removed their assignment Jun 22, 2022

xenowits mentioned this issue Jun 23, 2022

docs: replace manifest with cluster definition/lock #742

Merged

thomasheremans assigned corverroos Jul 28, 2022

thomasheremans removed the Size: 2 label Aug 3, 2022

corverroos mentioned this issue Aug 22, 2022

cluster: verify config signatures #1014

Merged

corverroos closed this as completed Aug 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validate cluster definition and lock files #589

Validate cluster definition and lock files #589

corverroos commented May 23, 2022

Validate cluster definition and lock files #589

Validate cluster definition and lock files #589

Comments

corverroos commented May 23, 2022

Problem to be solved

Proposed solution