Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tmkms v0.6.0 #329

merged 1 commit into from Jul 30, 2019


Copy link

commented Jul 30, 2019

This release is tested against tendermint v0.31 and known to be compatible with tendermint v0.32.

Upgrade Notes

state_file syntax changes

The validator state files use an incompatible syntax from Tendermint KMS v0.5. It has been changed to match the conventions used by the rest of Tendermint, where integer values are stored in strings rather than JSON integers.

When upgrading, you will need to either delete existing state files (they will be recreated automatically), or ensure the integer height and round fields contained within these files are quoted in strings, e.g. {"height":"123456","round":"0",...}.

Unknown fields now disallowed in tmkms.toml

The previous parser for tmkms.toml ignored unknown attributes in the config file. This means it would often ignore syntax errors, spelling mistakes, or attributes in the wrong location when parsing files.

This has been changed to explicitly reject such fields, however please be aware if your config file contained invalid syntax, it will now be rejected by the parser and the KMS will no longer boot.

We suggest validating the configuration in a staging or other noncritical deployment of the KMS in order to ensure your configuration does not contain accidental misconfigurations which were previously uncaught.

See #282 for more information.

YubiHSM improvements

This release contains many improvements for users of the yubihsm backend:

  • New yubihsm-server feature: this release includes support for the KMS exposing an HTTP service which is compatible with Yubico's yubihsm-connector service. This allows for concurrently administering a YubiHSM2 while the KMS is running, either through tmkms yubihsm (see additional notes below) or via Yubico's yubihsm-shell.
  • Loopback support for tmkms yubihsm: the CLI functionality in the KMS for administering YubiHSMs can now be configured to connect to the KMS's own yubihsm-server. Additionally it can also be configured to use a different authentication key, and to prompt for a password as opposed to using one in the configuration file.

For more information on these changes, please see the "yubihsm-server feature" section in the Tendermint KMS YubiHSM docs:

Detailed Changes

  • tendermint crate v0.10.0 (#328)
  • Double signing logging improvements (#322, #319, #317)
  • Log tendermint::consensus::State height/round/step (#316)
  • yubihsm keys import: base64 support (#306)
  • yubihsm: Support for reading password from a file (#305)
  • softsign: Fix private key decoding + import command (#304)
  • softsign: Add subcommand; move keygen under it (#303)
  • yubihsm setup: use hkd32 crate to derive key hierarchy (#302)
  • yubihsm setup: Collect 256-bits entropy from both RNGs (#300)
  • abscissa crate v0.2 (#294)
  • Log durations for each signing operation (#283)
  • Add serde(deny_unknown_fields) to all config structs (#282)
  • tmkms yubihsm keys list: Use chain-specific formatters (#275)
  • yubihsm-server: Allow CLI commands to use loopback connection (#274)
  • yubihsm-server: Optional yubihsm-connector compatibility (#273)
  • Send RemoteSignerError response to validator on double sign (#249)
  • Logging improvements (#271)
  • yubihsm: Mark imported priv_validator.json keys as re-exportable (#248)
  • ledger: Add init commands (#242)
  • Add max_height support for stopping chains at specific heights (#238)
  • Chain-specific keyrings / multitenancy (#232)
  • ledger: Use ledger-tendermint backend (#225)
@tarcieri tarcieri referenced this pull request Jul 30, 2019

@tarcieri tarcieri merged commit d08c68c into master Jul 30, 2019

1 check passed

ci/circleci Your tests passed on CircleCI!

@tarcieri tarcieri deleted the tmkms/v0.6.0 branch Jul 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.