dkg: add --no-verify for hash verifications

[dB2510]

Configure --no-verify for config_hash and definition_hash verifications.

category: refactor
ticket: #1084

[codecov]

Codecov Report

Merging #1090 (aeae27b) into main (8536307) will decrease coverage by 0.14%.
The diff coverage is 67.21%.

@@            Coverage Diff             @@
##             main    #1090      +/-   ##
==========================================
- Coverage   53.67%   53.52%   -0.15%     
==========================================
  Files         127      127              
  Lines       14309    14246      -63     
==========================================
- Hits         7680     7625      -55     
+ Misses       5546     5544       -2     
+ Partials     1083     1077       -6     

Impacted Files	Coverage Δ
cluster/definition.go	57.43% <64.28%> (-1.56%)	⬇️
dkg/disk.go	56.41% <100.00%> (+1.94%)	⬆️
core/unsigneddata.go	41.24% <0.00%> (-2.82%)	⬇️
core/leadercast/transport.go	75.14% <0.00%> (-1.19%)	⬇️
core/bcast/bcast.go	50.00% <0.00%> (-1.00%)	⬇️
core/proto.go	63.02% <0.00%> (-0.70%)	⬇️
core/dutydb/memory.go	69.77% <0.00%> (-0.59%)	⬇️
core/parsigex/parsigex.go	57.48% <0.00%> (-0.38%)	⬇️
core/interfaces.go	0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[corverroos]

requiring a fixed json indentation as part of verification isn't correct. The json indentation shouldn't matter.

[dB2510]

yeah right, corrected 👍

[corverroos]

Comparing raw json with fixed indentation is not robust

[corverroos]

this API doesn't feel good. Needing to pass the raw bytes again doesn't feel intuitive.

I would go for something like:

var d Definition
err = json.Unmarshal(rawBytes, &d)

err = d.VerifyHashes()

For this to work, you need to unmarshal the hashes into private unexported fields so you can calculate the actual hashes and compare.

[dB2510]

i was also thinking the same to include this as private fields but was hesitant to do any changes in Definition type

[dB2510]

for this to work we would need to do json marshal every time when new Definition is called, this doesn't feel right

[dB2510]

suggest: keep VerifyHashesJSON(data []byte) error but as stateless function which would introduce two function parameters as VerifyHashesJSON(rawBytes, configHash, defHash []byte) error ?

[dB2510]

if raw bytes are equal then it doesn't make sense for this require

[corverroos]

not sure about this, why not just leave it here, it might catch some weird edge case, especially since we now have fields that are not marshalled?

[corverroos]

rather add an ``Equal` method to Definition

[corverroos]

not sure about this, why not just leave it here, it might catch some weird edge case, especially since we now have fields that are not marshalled?

[corverroos]

godoc please

[corverroos]

not a fan of this wall of text. Making changes to this is impossible. Rather:

• unmarshal valid definition above from disk into map[string]any
• delete the config and definition hashes
• marshal to disk

[corverroos]

rather add an Equal method to Definition

[dB2510]

taken care by #1099