Skip to content

Backport release/v6.6: Require absolute path for evmone lib#3669

Merged
masih merged 1 commit into
release/v6.6from
backport-3668-to-release/v6.6
Jun 30, 2026
Merged

Backport release/v6.6: Require absolute path for evmone lib#3669
masih merged 1 commit into
release/v6.6from
backport-3668-to-release/v6.6

Conversation

@seidroid

@seidroid seidroid Bot commented Jun 30, 2026

Copy link
Copy Markdown

Backport of #3668 to release/v6.6.

When supplied via env var, require the path to be absolute to assure
that the lib loaded is the same one we check the sha of.

(cherry picked from commit f12a7e1)
@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

PR Summary

Low Risk
Small validation change in EVM library path resolution with tests; no change to default /usr/lib or in-tree fallback behavior when the env var is unset.

Overview
Enforces that SEI_EVMONE_LIB_DIR must be an absolute path when set; relative values (e.g. .) now fail fast with a clear error instead of being used in library resolution.

This aligns operator overrides with the existing intent to load evmone via a fixed absolute path and SHA-256 check, reducing ambiguity about which directory is trusted. Tests cover rejection of relative overrides and successful resolution from an absolute temp directory.

Reviewed by Cursor Bugbot for commit eb3fe0d. Bugbot is set up for automated code reviews on this repo. Configure here.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedJun 30, 2026, 10:43 AM

@masih masih requested a review from sei-will June 30, 2026 10:41
@masih masih enabled auto-merge (squash) June 30, 2026 10:42
@codecov

codecov Bot commented Jun 30, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.02%. Comparing base (ae6a51e) to head (eb3fe0d).

Additional details and impacted files

Impacted file tree graph

@@               Coverage Diff                @@
##           release/v6.6    #3669      +/-   ##
================================================
- Coverage         58.90%   58.02%   -0.89%     
================================================
  Files              2225     2151      -74     
  Lines            183480   174935    -8545     
================================================
- Hits             108086   101505    -6581     
+ Misses            65691    64422    -1269     
+ Partials           9703     9008     -695     
Flag Coverage Δ
sei-chain-pr 37.14% <100.00%> (?)
sei-db 70.41% <ø> (ø)
sei-db-state-db ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
giga/executor/lib/evmlib.go 62.85% <100.00%> (+8.31%) ⬆️

... and 101 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Straightforward backport of #3668 to release/v6.6.

Extended reasoning...

Overview

This PR backports #3668 to the release/v6.6 branch. The change adds a check in resolveLibPath() that rejects SEI_EVMONE_LIB_DIR values that are not absolute paths, plus two unit tests covering the rejected-relative and accepted-absolute cases.

Security risks

None introduced. The change tightens a security boundary by ensuring operator overrides for the evmone library directory must be absolute paths, preventing ambiguity in dynamic library resolution. The existing SHA-256 integrity verification still applies regardless.

Level of scrutiny

Low. This is a mechanical backport of an already-merged change to a release branch. The diff is identical in intent to the original PR, the surface area is tiny (3 added lines in production code), and the new tests directly exercise both branches of the new validation.

Other factors

The change matches the documented intent in the existing comment block on libDirEnv ("It must be an absolute path..."). Test coverage is adequate for the new behavior.

@masih masih disabled auto-merge June 30, 2026 12:48
@masih masih merged commit 5ed245f into release/v6.6 Jun 30, 2026
31 of 35 checks passed
@masih masih deleted the backport-3668-to-release/v6.6 branch June 30, 2026 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants