Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: Verify ELF with actual feature set on network before program deployment #148

Closed
joncinque opened this issue Mar 8, 2024 · 0 comments · Fixed by #1654
Closed

cli: Verify ELF with actual feature set on network before program deployment #148

joncinque opened this issue Mar 8, 2024 · 0 comments · Fixed by #1654
Assignees
@LucasSte

Comments

@joncinque
Copy link

This is a copy of solana-labs#32462

Problem

As noticed in solana-labs#32448, there's currently an issue deploying programs to the network that use new syscalls. The quick solution there was to change the check to FeatureSet::all_enabled() to unblock users. This is OK because the loader will do a final check before deployment.

However, it's still possible to write an ELF buffer that contains an unactivated syscall, only for it to fail at the final stage deployment. That's not great UX, since the CLI can tell the user if their program contains unresolved symbols before ever attempting a deployment.

Proposed Solution

Rather than using FeatureSet::all_enabled(), fetch the actual feature set from the network and validate the ELF against that. We can also add a flag to skip these checks. This can be useful for a DAO or multisig queuing up a program upgrade once a syscall is activated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LucasSte LucasSte

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Verify elf with active feature set before attempting deployment LucasSte/agave
2 participants
@joncinque @LucasSte