Signer related fixes (#220)

* add pems 16 and 17 * remove .bin extension from generated binaries * no more json files to copy to docker image
2026-02-26 12:57:26 +08:00 · 2024-05-26 19:31:39 -04:00 · 2024-05-26 19:31:39 -04:00 · 99702af0b7
commit 99702af0b7
parent 88d704ab16
4 changed files with 35 additions and 23 deletions
--- a/2
+++ b/2
@ -36,8 +36,6 @@ LABEL org.opencontainers.image.revision=$GIT_COMMIT

 COPY --from=build /go/bin/node /usr/local/bin
 COPY --from=build /go/bin/grpcurl /usr/local/bin
-COPY --from=build /opt/ceremonyclient/node/ceremony.json /root
-COPY --from=build /opt/ceremonyclient/node/retroactive_peers.json /root
 COPY --from=build /opt/ceremonyclient/client/qclient /usr/local/bin

 WORKDIR /root
--- a/signers/Taskfile.yaml
+++ b/signers/Taskfile.yaml
@ -83,24 +83,28 @@ tasks:
    sources:
      - '**/*.go'
    generates:
-      - node-{{.VERSION}}-*.bin
+      - node-{{.VERSION}}-darwin-arm64
+      - node-{{.VERSION}}-linux-amd64
+      - node-{{.VERSION}}-linux-arm64
    cmds:
-      - GOOS=darwin go build -ldflags "-s -w" -o node-{{.VERSION}}-darwin-arm64.bin
-      - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-amd64.bin
-      - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-arm64.bin
+      - GOOS=darwin go build -ldflags "-s -w" -o node-{{.VERSION}}-darwin-arm64
+      - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-amd64
+      - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-arm64

  digest:
    desc: Generate digests for node binaries.
    deps: [build]
    dir: ../node
    sources:
-      - node-{{.VERSION}}-*.bin
+      - node-{{.VERSION}}-darwin-arm64
+      - node-{{.VERSION}}-linux-amd64
+      - node-{{.VERSION}}-linux-arm64
    generates:
      - node-{{.VERSION}}-*.dgst
    cmds:
-      - openssl sha3-256 -out node-{{.VERSION}}-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64.bin   
-      - openssl sha3-256 -out node-{{.VERSION}}-linux-amd64.dgst node-{{.VERSION}}-linux-amd64.bin
-      - openssl sha3-256 -out node-{{.VERSION}}-linux-arm64.dgst node-{{.VERSION}}-linux-arm64.bin
+      - openssl sha3-256 -out node-{{.VERSION}}-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64
+      - openssl sha3-256 -out node-{{.VERSION}}-linux-amd64.dgst node-{{.VERSION}}-linux-amd64
+      - openssl sha3-256 -out node-{{.VERSION}}-linux-arm64.dgst node-{{.VERSION}}-linux-arm64

  sign:
    desc: Generate signatures for node binaries.
@ -130,9 +134,9 @@ tasks:
      - docker:build_image
    cmds:
      - docker run --name signers --rm -it -v {{.PARENT_FOLDER}}:/home/{{.USER_NAME}}/ceremonyclient -u {{.USER_NAME}} -w /home/{{.USER_NAME}}/ceremonyclient/signers {{.QUILIBRIUM_SIGNERS_IMAGE_NAME}} task verify:build:container
-      - diff node-{{.VERSION}}-darwin-arm64.bin node-tmp-darwin-arm64.bin
-      - diff node-{{.VERSION}}-linux-amd64.bin node-tmp-linux-amd64.bin
-      - diff node-{{.VERSION}}-linux-arm64.bin node-tmp-linux-arm64.bin
+      - diff node-{{.VERSION}}-darwin-arm64 node-tmp-darwin-arm64
+      - diff node-{{.VERSION}}-linux-amd64 node-tmp-linux-amd64
+      - diff node-{{.VERSION}}-linux-arm64 node-tmp-linux-arm64

  verify:build:container:
    desc: Verify that the existing binaries can be rebuilt exactly the same, inside tbe Docker container.
@ -140,22 +144,24 @@ tasks:
    sources:
      - '**/*.go'
    generates:
-      - node-tmp-*.bin
+      - node-tmp-darwin-arm64
+      - node-tmp-linux-amd64
+      - node-tmp-linux-arm64
    cmds:
-      - GOOS=darwin go build -ldflags "-s -w" -o node-tmp-darwin-arm64.bin
-      - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-tmp-linux-amd64.bin
-      - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-tmp-linux-arm64.bin
-      - diff node-{{.VERSION}}-darwin-arm64.bin node-tmp-darwin-arm64.bin
-      - diff node-{{.VERSION}}-linux-amd64.bin node-tmp-linux-amd64.bin
-      - diff node-{{.VERSION}}-linux-arm64.bin node-tmp-linux-arm64.bin
+      - GOOS=darwin go build -ldflags "-s -w" -o node-tmp-darwin-arm64
+      - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-tmp-linux-amd64
+      - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-tmp-linux-arm64
+      - diff node-{{.VERSION}}-darwin-arm64 node-tmp-darwin-arm64
+      - diff node-{{.VERSION}}-linux-amd64 node-tmp-linux-amd64
+      - diff node-{{.VERSION}}-linux-arm64 node-tmp-linux-arm64

  verify:digest:
    desc: Verify that the existing digests are correct.
    dir: ../node
    cmds:
-      - openssl sha3-256 -out node-tmp-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64.bin   
-      - openssl sha3-256 -out node-tmp-linux-amd64.dgst node-{{.VERSION}}-linux-amd64.bin
-      - openssl sha3-256 -out node-tmp-linux-arm64.dgst node-{{.VERSION}}-linux-arm64.bin
+      - openssl sha3-256 -out node-tmp-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64
+      - openssl sha3-256 -out node-tmp-linux-amd64.dgst node-{{.VERSION}}-linux-amd64
+      - openssl sha3-256 -out node-tmp-linux-arm64.dgst node-{{.VERSION}}-linux-arm64
      - diff node-{{.VERSION}}-darwin-arm64.dgst node-tmp-darwin-arm64.dgst
      - diff node-{{.VERSION}}-linux-amd64.dgst node-tmp-linux-amd64.dgst
      - diff node-{{.VERSION}}-linux-arm64.dgst node-tmp-linux-arm64.dgst
--- a/signers/pems/16.pem
+++ b/signers/pems/16.pem
@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEMwBQYDK2VxAzoAbihy9zxIaMQoa+97/i9UeaQcQvTgdQXvpIg8eVDHQCUuDup4
+7vEMWEsZsdzaAfd2fTE10HwzJEEA
+-----END PUBLIC KEY-----
--- a/signers/pems/17.pem
+++ b/signers/pems/17.pem
@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEMwBQYDK2VxAzoAoRSwYfjTXj80l8jEPYO6a0r2eqezm3Q7Gwo18tZhELUFHdPY
+b2m1cSKjW2TmJLgYC+5jthUvzkKA
+-----END PUBLIC KEY-----