fix: compare sudo key on pubkey bytes (SS58-prefix safe) + fix authorizedUpgrade wait timeout#17
Merged
Conversation
SS58 string comparison broke the sudo/proxy permission check on chains whose registered SS58 prefix differs from the keyring default (e.g. 0 on Polkadot Asset Hub, 42 on the keyring), so the same account could render as different strings and fail the check. Compare on raw public key bytes instead and re-encode the chain sudo key with prefix 42 for log parity. Also fix the wait for system.authorizedUpgrade so the advertised 5m timeout is actually used (was capping at ~60s due to i===29 inside a i<150 loop).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The sudo/proxy permission check compared SS58 strings, which mismatch when the chain's SS58 prefix differs from the keyring's default (42). This made //Alice fail as sudo on previewnet-asset-hub (prefix 0, Polkadot AH style) even though it is the chain's sudo. Compare on raw public key bytes and re-encode the chain sudo key with prefix 42 for log parity. Also fix the wait loop so the advertised 5m timeout on system.authorizedUpgrade is actually used (was capping at ~60s).
Ref: https://github.com/paritytech/devops-cloud-infra/actions/runs/25815120656