Problem: no gen keypackage command in dev-utils (fix #1692) #1738
Conversation
certificate_validity_secs: 86400, | ||
}); | ||
if config.is_err() { | ||
println!("cannot connect ra-sp-server, run ra-sp-server beforehand e.g.) ra-sp-server --quote-type Unlinkable --ias-key $IAS_API_KEY --spid $SPID") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
print out the error itself?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
to notify keypackage failure just when user create it,
otherwise, it's very hard for user to know which step is wrong
.keypackage | ||
.verify(&*ra_client::ENCLAVE_CERT_VERIFIER, now); | ||
if let Err(value) = verication_result { | ||
println!("verification_fail {}", value); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Write the error into the stderr, and exit with a non zero code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Codecov Report
@@ Coverage Diff @@
## master #1738 +/- ##
==========================================
- Coverage 65.71% 65.66% -0.05%
==========================================
Files 204 205 +1
Lines 25294 25310 +16
==========================================
- Hits 16622 16621 -1
- Misses 8672 8689 +17
|
eaa675b
to
aacd2b1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
client-* can be made simple by not including the development-only utilities, like gen_package -- it can just accept the generated payload?
@@ -22,8 +22,9 @@ use client_common::tendermint::types::{Genesis, Time}; | |||
use client_common::{ErrorKind, Result, ResultExt}; | |||
|
|||
use crate::commands::genesis_dev_config::GenesisDevConfig; | |||
use client_common::gen_keypackage; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perhaps no need to have that function in client_common
, it can be moved to dev-utils?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok,
i'll also remove it from client-cli, because no longer necessary.
user can use dev-utils to create key-package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
working on now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gen-package is being used in client-rpc, so i will not remove it.
only remove in client-cli
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is it used in client-rpc?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, it's used in integration test.
can be replaced with dev-utils
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok to be replaced then in the integration test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, i'll change integration test,
and remove from client-rpc.
removed gen-keypackage in client-rpc, |
./dev-utils keypackage generate added another category in dev-utils |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one small fmt issue: https://travis-ci.org/github/crypto-com/chain/jobs/696918322#L1408
bors try |
tryBuild failed: |
i'm checking travis issue |
@leejw51crypto travis issue should be fixable with |
yes, i'm checking again |
bors try |
tryTimed out. |
@@ -59,7 +59,7 @@ steps: | |||
commands: | |||
- export CARGO_HOME=$PWD/drone/cargo | |||
- export CARGO_TARGET_DIR=$PWD/drone/target | |||
- export PATH=$CARGO_HOME/bin:$PATH | |||
- export PATH=$CARGO_HOME/bin:$CARGO_TARGET_DIR/debug:$PATH |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, because it need to call 'dev-utils', without it, cannot call 'dev-utils'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The run_multinode.sh
will add the target dir into PATH, it'll also take BUILD_PROFILE
into account.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but, when i run drone local, PATH didn't work.
also this PATH is static, i think it's simpler just to include inside .drone.yml,
not inside runtime bash script.
this is for simplicity.
if it's located to other script, hard to catch bug when runtime error occurs,
because you don't know exact PATH env status just like in checking time.
updated hmac |
bors r+ |
Merge conflict. |
} else { | ||
break kp; | ||
} | ||
/* TODO : use dev-utils to verify*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not verify by calling the function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because mls, ra-client moved to dev-utils, cannot call verification directly.
also client-core will be compiled via WASM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm adding verification now
@@ -479,9 +468,6 @@ fn get_node_metadata( | |||
.err_kind(ErrorKind::InvalidInput, || "invalid base64") | |||
.map_err(to_rpc_error)?; | |||
|
|||
#[cfg(not(feature = "mock-enclave"))] | |||
verify_keypackage(&keypackage).map_err(to_rpc_error)?; | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why remove?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, to remove dependency of mls,ra-client in client-core
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But we should verify this in client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's supported in dev-utils
dev-utils keypackage verify
also i added verification in generation process
so if sgx remote attestation fails, generation itself stops
because it is not necessary to continue with failed remote attestation result.
it is much easier just to notify to user in generating keypackage.
so when remote attestation fails, user will resolve by configuration
in bios or reinstall sgx-driver, and aesm_service.
so commands are
dev-utils keypackage generate
<- generate keypacakge via ra-sp-server
dev-utils keypackage verify
<- verify
Solution: add gen-keypackage tidy up more detail in message tidy up print error in stderr remove gen-keypackage in client-cli fix integration test add path for dev-utils tidy up update hmac
rebased for merge conflict |
bors retry |
Build succeeded: |
added
keyspace generation
in dev-utils.