From 99702af0b7afd3b556bb20e9bebc238b3e52b53a Mon Sep 17 00:00:00 2001 From: Marius Scurtescu Date: Sun, 26 May 2024 19:31:39 -0400 Subject: [PATCH] Signer related fixes (#220) * add pems 16 and 17 * remove .bin extension from generated binaries * no more json files to copy to docker image --- Dockerfile | 2 -- signers/Taskfile.yaml | 48 ++++++++++++++++++++++++------------------- signers/pems/16.pem | 4 ++++ signers/pems/17.pem | 4 ++++ 4 files changed, 35 insertions(+), 23 deletions(-) create mode 100644 signers/pems/16.pem create mode 100644 signers/pems/17.pem diff --git a/Dockerfile b/Dockerfile index 1cfbdc3..42fa039 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,8 +36,6 @@ LABEL org.opencontainers.image.revision=$GIT_COMMIT COPY --from=build /go/bin/node /usr/local/bin COPY --from=build /go/bin/grpcurl /usr/local/bin -COPY --from=build /opt/ceremonyclient/node/ceremony.json /root -COPY --from=build /opt/ceremonyclient/node/retroactive_peers.json /root COPY --from=build /opt/ceremonyclient/client/qclient /usr/local/bin WORKDIR /root diff --git a/signers/Taskfile.yaml b/signers/Taskfile.yaml index dd5b67e..a5d4c3f 100644 --- a/signers/Taskfile.yaml +++ b/signers/Taskfile.yaml @@ -83,24 +83,28 @@ tasks: sources: - '**/*.go' generates: - - node-{{.VERSION}}-*.bin + - node-{{.VERSION}}-darwin-arm64 + - node-{{.VERSION}}-linux-amd64 + - node-{{.VERSION}}-linux-arm64 cmds: - - GOOS=darwin go build -ldflags "-s -w" -o node-{{.VERSION}}-darwin-arm64.bin - - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-amd64.bin - - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-arm64.bin + - GOOS=darwin go build -ldflags "-s -w" -o node-{{.VERSION}}-darwin-arm64 + - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-amd64 + - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-arm64 digest: desc: Generate digests for node binaries. deps: [build] dir: ../node sources: - - node-{{.VERSION}}-*.bin + - node-{{.VERSION}}-darwin-arm64 + - node-{{.VERSION}}-linux-amd64 + - node-{{.VERSION}}-linux-arm64 generates: - node-{{.VERSION}}-*.dgst cmds: - - openssl sha3-256 -out node-{{.VERSION}}-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64.bin - - openssl sha3-256 -out node-{{.VERSION}}-linux-amd64.dgst node-{{.VERSION}}-linux-amd64.bin - - openssl sha3-256 -out node-{{.VERSION}}-linux-arm64.dgst node-{{.VERSION}}-linux-arm64.bin + - openssl sha3-256 -out node-{{.VERSION}}-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64 + - openssl sha3-256 -out node-{{.VERSION}}-linux-amd64.dgst node-{{.VERSION}}-linux-amd64 + - openssl sha3-256 -out node-{{.VERSION}}-linux-arm64.dgst node-{{.VERSION}}-linux-arm64 sign: desc: Generate signatures for node binaries. @@ -130,9 +134,9 @@ tasks: - docker:build_image cmds: - docker run --name signers --rm -it -v {{.PARENT_FOLDER}}:/home/{{.USER_NAME}}/ceremonyclient -u {{.USER_NAME}} -w /home/{{.USER_NAME}}/ceremonyclient/signers {{.QUILIBRIUM_SIGNERS_IMAGE_NAME}} task verify:build:container - - diff node-{{.VERSION}}-darwin-arm64.bin node-tmp-darwin-arm64.bin - - diff node-{{.VERSION}}-linux-amd64.bin node-tmp-linux-amd64.bin - - diff node-{{.VERSION}}-linux-arm64.bin node-tmp-linux-arm64.bin + - diff node-{{.VERSION}}-darwin-arm64 node-tmp-darwin-arm64 + - diff node-{{.VERSION}}-linux-amd64 node-tmp-linux-amd64 + - diff node-{{.VERSION}}-linux-arm64 node-tmp-linux-arm64 verify:build:container: desc: Verify that the existing binaries can be rebuilt exactly the same, inside tbe Docker container. @@ -140,22 +144,24 @@ tasks: sources: - '**/*.go' generates: - - node-tmp-*.bin + - node-tmp-darwin-arm64 + - node-tmp-linux-amd64 + - node-tmp-linux-arm64 cmds: - - GOOS=darwin go build -ldflags "-s -w" -o node-tmp-darwin-arm64.bin - - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-tmp-linux-amd64.bin - - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-tmp-linux-arm64.bin - - diff node-{{.VERSION}}-darwin-arm64.bin node-tmp-darwin-arm64.bin - - diff node-{{.VERSION}}-linux-amd64.bin node-tmp-linux-amd64.bin - - diff node-{{.VERSION}}-linux-arm64.bin node-tmp-linux-arm64.bin + - GOOS=darwin go build -ldflags "-s -w" -o node-tmp-darwin-arm64 + - GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-tmp-linux-amd64 + - GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-tmp-linux-arm64 + - diff node-{{.VERSION}}-darwin-arm64 node-tmp-darwin-arm64 + - diff node-{{.VERSION}}-linux-amd64 node-tmp-linux-amd64 + - diff node-{{.VERSION}}-linux-arm64 node-tmp-linux-arm64 verify:digest: desc: Verify that the existing digests are correct. dir: ../node cmds: - - openssl sha3-256 -out node-tmp-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64.bin - - openssl sha3-256 -out node-tmp-linux-amd64.dgst node-{{.VERSION}}-linux-amd64.bin - - openssl sha3-256 -out node-tmp-linux-arm64.dgst node-{{.VERSION}}-linux-arm64.bin + - openssl sha3-256 -out node-tmp-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64 + - openssl sha3-256 -out node-tmp-linux-amd64.dgst node-{{.VERSION}}-linux-amd64 + - openssl sha3-256 -out node-tmp-linux-arm64.dgst node-{{.VERSION}}-linux-arm64 - diff node-{{.VERSION}}-darwin-arm64.dgst node-tmp-darwin-arm64.dgst - diff node-{{.VERSION}}-linux-amd64.dgst node-tmp-linux-amd64.dgst - diff node-{{.VERSION}}-linux-arm64.dgst node-tmp-linux-arm64.dgst diff --git a/signers/pems/16.pem b/signers/pems/16.pem new file mode 100644 index 0000000..342ea8f --- /dev/null +++ b/signers/pems/16.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEMwBQYDK2VxAzoAbihy9zxIaMQoa+97/i9UeaQcQvTgdQXvpIg8eVDHQCUuDup4 +7vEMWEsZsdzaAfd2fTE10HwzJEEA +-----END PUBLIC KEY----- diff --git a/signers/pems/17.pem b/signers/pems/17.pem new file mode 100644 index 0000000..0683f45 --- /dev/null +++ b/signers/pems/17.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEMwBQYDK2VxAzoAoRSwYfjTXj80l8jEPYO6a0r2eqezm3Q7Gwo18tZhELUFHdPY +b2m1cSKjW2TmJLgYC+5jthUvzkKA +-----END PUBLIC KEY-----