Problem: no gen keypackage command in dev-utils (fix #1692) #1738
Conversation
leejw51crypto
requested review from
calvinaco,
devashishdxt and
tomtau
as code owners
| certificate_validity_secs: 86400, | ||
| }); | ||
| if config.is_err() { | ||
| println!("cannot connect ra-sp-server, run ra-sp-server beforehand e.g.) ra-sp-server --quote-type Unlinkable --ias-key $IAS_API_KEY --spid $SPID") |
There was a problem hiding this comment.
print out the error itself?
There was a problem hiding this comment.
to notify keypackage failure just when user create it,
otherwise, it's very hard for user to know which step is wrong
| .keypackage | ||
| .verify(&*ra_client::ENCLAVE_CERT_VERIFIER, now); | ||
| if let Err(value) = verication_result { | ||
| println!("verification_fail {}", value); |
There was a problem hiding this comment.
Write the error into the stderr, and exit with a non zero code.
Codecov Report
@@ Coverage Diff @@
## master #1738 +/- ##
==========================================
- Coverage 65.71% 65.66% -0.05%
==========================================
Files 204 205 +1
Lines 25294 25310 +16
==========================================
- Hits 16622 16621 -1
- Misses 8672 8689 +17
|
leejw51
force-pushed
the
cro-1692
branch
2 times, most recently
from
eaa675b
to
aacd2b1
Compare
| @@ -22,8 +22,9 @@ use client_common::tendermint::types::{Genesis, Time}; | |||
| use client_common::{ErrorKind, Result, ResultExt}; | |||
|
|
|||
| use crate::commands::genesis_dev_config::GenesisDevConfig; | |||
| use client_common::gen_keypackage; | |||
There was a problem hiding this comment.
perhaps no need to have that function in client_common, it can be moved to dev-utils?
There was a problem hiding this comment.
ok,
i'll also remove it from client-cli, because no longer necessary.
user can use dev-utils to create key-package.
There was a problem hiding this comment.
working on now
There was a problem hiding this comment.
gen-package is being used in client-rpc, so i will not remove it.
only remove in client-cli
There was a problem hiding this comment.
why is it used in client-rpc?
There was a problem hiding this comment.
yes, it's used in integration test.
can be replaced with dev-utils
There was a problem hiding this comment.
ok to be replaced then in the integration test?
There was a problem hiding this comment.
yes, i'll change integration test,
and remove from client-rpc.
|
removed gen-keypackage in client-rpc, |
|
./dev-utils keypackage generate added another category in dev-utils |
There was a problem hiding this comment.
one small fmt issue: https://travis-ci.org/github/crypto-com/chain/jobs/696918322#L1408
|
bors try |
tryBuild failed: |
|
i'm checking travis issue |
|
@leejw51crypto travis issue should be fixable with |
|
yes, i'm checking again |
|
bors try |
tryTimed out. |
| @@ -59,7 +59,7 @@ steps: | |||
| commands: | |||
| - export CARGO_HOME=$PWD/drone/cargo | |||
| - export CARGO_TARGET_DIR=$PWD/drone/target | |||
| - export PATH=$CARGO_HOME/bin:$PATH | |||
| - export PATH=$CARGO_HOME/bin:$CARGO_TARGET_DIR/debug:$PATH | |||
There was a problem hiding this comment.
yes, because it need to call 'dev-utils', without it, cannot call 'dev-utils'
There was a problem hiding this comment.
The run_multinode.sh will add the target dir into PATH, it'll also take BUILD_PROFILE into account.
There was a problem hiding this comment.
but, when i run drone local, PATH didn't work.
also this PATH is static, i think it's simpler just to include inside .drone.yml,
not inside runtime bash script.
this is for simplicity.
if it's located to other script, hard to catch bug when runtime error occurs,
because you don't know exact PATH env status just like in checking time.
|
updated hmac |
|
bors r+ |
|
Merge conflict. |
| } else { | ||
| break kp; | ||
| } | ||
| /* TODO : use dev-utils to verify*/ |
There was a problem hiding this comment.
why not verify by calling the function?
There was a problem hiding this comment.
because mls, ra-client moved to dev-utils, cannot call verification directly.
also client-core will be compiled via WASM
There was a problem hiding this comment.
i'm adding verification now
| @@ -479,9 +468,6 @@ fn get_node_metadata( | |||
| .err_kind(ErrorKind::InvalidInput, || "invalid base64") | |||
| .map_err(to_rpc_error)?; | |||
|
|
|||
| #[cfg(not(feature = "mock-enclave"))] | |||
| verify_keypackage(&keypackage).map_err(to_rpc_error)?; | |||
|
|
|||
There was a problem hiding this comment.
yes, to remove dependency of mls,ra-client in client-core
There was a problem hiding this comment.
But we should verify this in client.
There was a problem hiding this comment.
it's supported in dev-utils
dev-utils keypackage verify
also i added verification in generation process
so if sgx remote attestation fails, generation itself stops
because it is not necessary to continue with failed remote attestation result.
it is much easier just to notify to user in generating keypackage.
so when remote attestation fails, user will resolve by configuration in bios or reinstall sgx-driver, and aesm_service.
so commands are
dev-utils keypackage generate <- generate keypacakge via ra-sp-server
dev-utils keypackage verify <- verify
Solution: add gen-keypackage tidy up more detail in message tidy up print error in stderr remove gen-keypackage in client-cli fix integration test add path for dev-utils tidy up update hmac
|
rebased for merge conflict |
|
bors retry |
|
Build succeeded: |
added
keyspace generationin dev-utils.