mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-22 03:30:35 +00:00
ef21d3adf8
* `EpochFromString`: Use already defined `Uint64FromString` function.
* `Test_uint64FromString` => `Test_FromString`
This test function tests more functions than `Uint64FromString`.
* Slashing protection history: Remove unreachable code.
The function `NewKVStore` creates, via `kv.UpdatePublicKeysBuckets`,
a new item in the `proposal-history-bucket-interchange`.
IMO there is no real reason to prefer `proposal` than `attestation`
as a prefix for this bucket, but this is the way it is done right now
and renaming the bucket will probably be backward incompatible.
An `attestedPublicKey` cannot exist without
the corresponding `proposedPublicKey`.
Thus, the `else` portion of code removed in this commit is not reachable.
We raise an error if we get there.
This is also probably the reason why the removed `else` portion was not
tested.
* `NewKVStore`: Switch items in `createBuckets`.
So the order corresponds to `schema.go`
* `slashableAttestationCheck`: Fix comments and logs.
* `ValidatorClient.db`: Use `iface.ValidatorDB`.
* BoltDB database: Implement `GraffitiFileHash`.
* Filesystem database: Creates `db.go`.
This file defines the following structs:
- `Store`
- `Graffiti`
- `Configuration`
- `ValidatorSlashingProtection`
This files implements the following public functions:
- `NewStore`
- `Close`
- `Backup`
- `DatabasePath`
- `ClearDB`
- `UpdatePublicKeysBuckets`
This files implements the following private functions:
- `slashingProtectionDirPath`
- `configurationFilePath`
- `configuration`
- `saveConfiguration`
- `validatorSlashingProtection`
- `saveValidatorSlashingProtection`
- `publicKeys`
* Filesystem database: Creates `genesis.go`.
This file defines the following public functions:
- `GenesisValidatorsRoot`
- `SaveGenesisValidatorsRoot`
* Filesystem database: Creates `graffiti.go`.
This file defines the following public functions:
- `SaveGraffitiOrderedIndex`
- `GraffitiOrderedIndex`
* Filesystem database: Creates `migration.go`.
This file defines the following public functions:
- `RunUpMigrations`
- `RunDownMigrations`
* Filesystem database: Creates proposer_settings.go.
This file defines the following public functions:
- `ProposerSettings`
- `ProposerSettingsExists`
- `SaveProposerSettings`
* Filesystem database: Creates `attester_protection.go`.
This file defines the following public functions:
- `EIPImportBlacklistedPublicKeys`
- `SaveEIPImportBlacklistedPublicKeys`
- `SigningRootAtTargetEpoch`
- `LowestSignedTargetEpoch`
- `LowestSignedSourceEpoch`
- `AttestedPublicKeys`
- `CheckSlashableAttestation`
- `SaveAttestationForPubKey`
- `SaveAttestationsForPubKey`
- `AttestationHistoryForPubKey`
* Filesystem database: Creates `proposer_protection.go`.
This file defines the following public functions:
- `HighestSignedProposal`
- `LowestSignedProposal`
- `ProposalHistoryForPubKey`
- `ProposalHistoryForSlot`
- `ProposedPublicKeys`
* Ensure that the filesystem store implements the `ValidatorDB` interface.
* `slashableAttestationCheck`: Check the database type.
* `slashableProposalCheck`: Check the database type.
* `slashableAttestationCheck`: Allow usage of minimal slashing protection.
* `slashableProposalCheck`: Allow usage of minimal slashing protection.
* `ImportStandardProtectionJSON`: Check the database type.
* `ImportStandardProtectionJSON`: Allow usage of min slashing protection.
* Implement `RecursiveDirFind`.
* Implement minimal<->complete DB conversion.
3 public functions are implemented:
- `IsCompleteDatabaseExisting`
- `IsMinimalDatabaseExisting`
- `ConvertDatabase`
* `setupDB`: Add `isSlashingProtectionMinimal` argument.
The feature addition is located in `validator/node/node_test.go`.
The rest of this commit consists in minimal slashing protection testing.
* `setupWithKey`: Add `isSlashingProtectionMinimal` argument.
The feature addition is located in `validator/client/propose_test.go`.
The rest of this commit consists in tests wrapping.
* `setup`: Add `isSlashingProtectionMinimal` argument.
The added feature is located in the `validator/client/propose_test.go`
file.
The rest of this commit consists in tests wrapping.
* `initializeFromCLI` and `initializeForWeb`: Factorize db init.
* Add `convert-complete-to-minimal` command.
* Creates `--enable-minimal-slashing-protection` flag.
* `importSlashingProtectionJSON`: Check database type.
* `exportSlashingProtectionJSON`: Check database type.
* `TestClearDB`: Test with minimal slashing protection.
* KeyManager: Test with minimal slashing protection.
* RPC: KeyManager: Test with minimal slashing protection.
* `convert-complete-to-minimal`: Change option names.
Options were:
- `--source` (for source data directory), and
- `--target` (for target data directory)
However, since this command deals with slashing protection, which has
source (epochs) and target (epochs), the initial option names may confuse
the user.
In this commit:
`--source` ==> `--source-data-dir`
`--target` ==> `--target-data-dir`
* Set `SlashableAttestationCheck` as an iface method.
And delete `CheckSlashableAttestation` from iface.
* Move helpers functions in a more general directory.
No functional change.
* Extract common structs out of `kv`.
==> `filesystem` does not depend anymore on `kv`.
==> `iface` does not depend anymore on `kv`.
==> `slashing-protection` does not depend anymore on `kv`.
* Move `ValidateMetadata` in `validator/helpers`.
* `ValidateMetadata`: Test with mock.
This way, we can:
- Avoid any circular import for tests.
- Implement once for all `iface.ValidatorDB` implementations
the `ValidateMetadata`function.
- Have tests (and coverage) of `ValidateMetadata`in
its own package.
The ideal solution would have been to implement `ValidateMetadata` as
a method with the `iface.ValidatorDB`receiver.
Unfortunately, golang does not allow that.
* `iface.ValidatorDB`: Implement ImportStandardProtectionJSON.
The whole purpose of this commit is to avoid the `switch validatorDB.(type)`
in `ImportStandardProtectionJSON`.
* `iface.ValidatorDB`: Implement `SlashableProposalCheck`.
* Remove now useless `slashableProposalCheck`.
* Delete useless `ImportStandardProtectionJSON`.
* `file.Exists`: Detect directories and return an error.
Before, `Exists` was only able to detect if a file exists.
Now, this function takes an extra `File` or `Directory` argument.
It detects either if a file or a directory exists.
Before, if an error was returned by `os.Stat`, the the file was
considered as non existing.
Now, it is treated as a real error.
* Replace `os.Stat` by `file.Exists`.
* Remove `Is{Complete,Minimal}DatabaseExisting`.
* `publicKeys`: Add log if unexpected file found.
* Move `{Source,Target}DataDirFlag`in `db.go`.
* `failedAttLocalProtectionErr`: `var`==> `const`
* `signingRoot`: `32`==> `fieldparams.RootLength`.
* `validatorClientData`==> `validator-client-data`.
To be consistent with `slashing-protection`.
* Add progress bars for `import` and `convert`.
* `parseBlocksForUniquePublicKeys`: Move in `db/kv`.
* helpers: Remove unused `initializeProgressBar` function.
385 lines
9.9 KiB
Go
385 lines
9.9 KiB
Go
package file
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"os/user"
|
|
"path"
|
|
"path/filepath"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/prysmaticlabs/prysm/v5/config/params"
|
|
)
|
|
|
|
type ObjType int
|
|
|
|
const (
|
|
Regular ObjType = iota
|
|
Directory
|
|
)
|
|
|
|
// ExpandPath given a string which may be a relative path.
|
|
// 1. replace tilde with users home dir
|
|
// 2. expands embedded environment variables
|
|
// 3. cleans the path, e.g. /a/b/../c -> /a/c
|
|
// Note, it has limitations, e.g. ~someuser/tmp will not be expanded
|
|
func ExpandPath(p string) (string, error) {
|
|
if strings.HasPrefix(p, "~/") || strings.HasPrefix(p, "~\\") {
|
|
if home := HomeDir(); home != "" {
|
|
p = home + p[1:]
|
|
}
|
|
}
|
|
return filepath.Abs(path.Clean(os.ExpandEnv(p)))
|
|
}
|
|
|
|
// HandleBackupDir takes an input directory path and either alters its permissions to be usable if it already exists, creates it if not
|
|
func HandleBackupDir(dirPath string, permissionOverride bool) error {
|
|
expanded, err := ExpandPath(dirPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
exists, err := HasDir(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if exists {
|
|
info, err := os.Stat(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if info.Mode().Perm() != params.BeaconIoConfig().ReadWriteExecutePermissions {
|
|
if permissionOverride {
|
|
if err := os.Chmod(expanded, params.BeaconIoConfig().ReadWriteExecutePermissions); err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
return errors.New("dir already exists without proper 0700 permissions")
|
|
}
|
|
}
|
|
}
|
|
return os.MkdirAll(expanded, params.BeaconIoConfig().ReadWriteExecutePermissions)
|
|
}
|
|
|
|
// MkdirAll takes in a path, expands it if necessary, and creates the directory accordingly
|
|
// with standardized, Prysm project permissions. If a directory already exists as this path,
|
|
// then the method returns without making any changes. This is the static-analysis enforced
|
|
// method for creating a directory programmatically in Prysm.
|
|
func MkdirAll(dirPath string) error {
|
|
expanded, err := ExpandPath(dirPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
exists, err := HasDir(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if exists {
|
|
return nil
|
|
}
|
|
return os.MkdirAll(expanded, params.BeaconIoConfig().ReadWriteExecutePermissions)
|
|
}
|
|
|
|
// WriteFile is the static-analysis enforced method for writing binary data to a file
|
|
// in Prysm, enforcing a single entrypoint with standardized permissions.
|
|
func WriteFile(file string, data []byte) error {
|
|
expanded, err := ExpandPath(file)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
exists, err := Exists(expanded, Regular)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "could not check if file exists at path %s", expanded)
|
|
}
|
|
|
|
if exists {
|
|
info, err := os.Stat(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if info.Mode() != params.BeaconIoConfig().ReadWritePermissions {
|
|
return errors.New("file already exists without proper 0600 permissions")
|
|
}
|
|
}
|
|
return os.WriteFile(expanded, data, params.BeaconIoConfig().ReadWritePermissions)
|
|
}
|
|
|
|
// HomeDir for a user.
|
|
func HomeDir() string {
|
|
if home := os.Getenv("HOME"); home != "" {
|
|
return home
|
|
}
|
|
if usr, err := user.Current(); err == nil {
|
|
return usr.HomeDir
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// HasDir checks if a directory indeed exists at the specified path.
|
|
func HasDir(dirPath string) (bool, error) {
|
|
fullPath, err := ExpandPath(dirPath)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
info, err := os.Stat(fullPath)
|
|
if os.IsNotExist(err) {
|
|
return false, nil
|
|
}
|
|
if info == nil {
|
|
return false, err
|
|
}
|
|
return info.IsDir(), err
|
|
}
|
|
|
|
// HasReadWritePermissions checks if file at a path has proper
|
|
// 0600 permissions set.
|
|
func HasReadWritePermissions(itemPath string) (bool, error) {
|
|
info, err := os.Stat(itemPath)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return info.Mode() == params.BeaconIoConfig().ReadWritePermissions, nil
|
|
}
|
|
|
|
// Exists returns true if a file is not a directory and exists
|
|
// at the specified path.
|
|
func Exists(filename string, objType ObjType) (bool, error) {
|
|
filePath, err := ExpandPath(filename)
|
|
if err != nil {
|
|
return false, errors.Wrapf(err, "could not expend path of file %s", filename)
|
|
}
|
|
|
|
info, err := os.Stat(filePath)
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
return false, nil
|
|
}
|
|
|
|
return false, errors.Wrapf(err, "could not get file info for file %s", filename)
|
|
}
|
|
|
|
if info == nil {
|
|
return false, errors.New("file info is nil")
|
|
}
|
|
|
|
isDir := info.IsDir()
|
|
|
|
return objType == Directory && isDir || objType == Regular && !isDir, nil
|
|
}
|
|
|
|
// RecursiveFileFind returns true, and the path, if a file is not a directory and exists
|
|
// at dir or any of its subdirectories. Finds the first instant based on the Walk order and returns.
|
|
// Define non-fatal error to stop the recursive directory walk
|
|
var errStopWalk = errors.New("stop walking")
|
|
|
|
// RecursiveFileFind searches for file in a directory and its subdirectories.
|
|
func RecursiveFileFind(filename, dir string) (bool, string, error) {
|
|
var found bool
|
|
var fpath string
|
|
dir = filepath.Clean(dir)
|
|
found = false
|
|
err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// checks if its a file and has the exact name as the filename
|
|
// need to break the walk function by using a non-fatal error
|
|
if !info.IsDir() && filename == info.Name() {
|
|
found = true
|
|
fpath = path
|
|
return errStopWalk
|
|
}
|
|
|
|
// no errors or file found
|
|
return nil
|
|
})
|
|
if err != nil && err != errStopWalk {
|
|
return false, "", err
|
|
}
|
|
return found, fpath, nil
|
|
}
|
|
|
|
// RecursiveDirFind searches for directory in a directory and its subdirectories.
|
|
func RecursiveDirFind(dirname, dir string) (bool, string, error) {
|
|
var (
|
|
found bool
|
|
fpath string
|
|
)
|
|
|
|
dir = filepath.Clean(dir)
|
|
found = false
|
|
|
|
err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error walking directory %s", dir)
|
|
}
|
|
|
|
// Checks if its a file and has the exact name as the dirname
|
|
// need to break the walk function by using a non-fatal error
|
|
if info.IsDir() && dirname == info.Name() {
|
|
found = true
|
|
fpath = path
|
|
return errStopWalk
|
|
}
|
|
|
|
// No errors or file found
|
|
return nil
|
|
})
|
|
|
|
if err != nil && err != errStopWalk {
|
|
return false, "", errors.Wrapf(err, "error walking directory %s", dir)
|
|
}
|
|
|
|
return found, fpath, nil
|
|
}
|
|
|
|
// ReadFileAsBytes expands a file name's absolute path and reads it as bytes from disk.
|
|
func ReadFileAsBytes(filename string) ([]byte, error) {
|
|
filePath, err := ExpandPath(filename)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not determine absolute path of password file")
|
|
}
|
|
return os.ReadFile(filePath) // #nosec G304
|
|
}
|
|
|
|
// CopyFile copy a file from source to destination path.
|
|
func CopyFile(src, dst string) error {
|
|
exists, err := Exists(src, Regular)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "could not check if file exists at path %s", src)
|
|
}
|
|
|
|
if !exists {
|
|
return errors.New("source file does not exist at provided path")
|
|
}
|
|
f, err := os.Open(src) // #nosec G304
|
|
if err != nil {
|
|
return err
|
|
}
|
|
dstFile, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, params.BeaconIoConfig().ReadWritePermissions) // #nosec G304
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = io.Copy(dstFile, f)
|
|
return err
|
|
}
|
|
|
|
// CopyDir copies contents of one directory into another, recursively.
|
|
func CopyDir(src, dst string) error {
|
|
dstExists, err := HasDir(dst)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if dstExists {
|
|
return errors.New("destination directory already exists")
|
|
}
|
|
fds, err := os.ReadDir(src)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if err := MkdirAll(dst); err != nil {
|
|
return errors.Wrapf(err, "error creating directory: %s", dst)
|
|
}
|
|
for _, fd := range fds {
|
|
srcPath := path.Join(src, fd.Name())
|
|
dstPath := path.Join(dst, fd.Name())
|
|
if fd.IsDir() {
|
|
if err = CopyDir(srcPath, dstPath); err != nil {
|
|
return errors.Wrapf(err, "error copying directory %s -> %s", srcPath, dstPath)
|
|
}
|
|
} else {
|
|
if err = CopyFile(srcPath, dstPath); err != nil {
|
|
return errors.Wrapf(err, "error copying file %s -> %s", srcPath, dstPath)
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// DirsEqual checks whether two directories have the same content.
|
|
func DirsEqual(src, dst string) bool {
|
|
hash1, err := HashDir(src)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
hash2, err := HashDir(dst)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return hash1 == hash2
|
|
}
|
|
|
|
// HashDir calculates and returns hash of directory: each file's hash is calculated and saved along
|
|
// with the file name into the list, after which list is hashed to produce the final signature.
|
|
// Implementation is based on https://github.com/golang/mod/blob/release-branch.go1.15/sumdb/dirhash/hash.go
|
|
func HashDir(dir string) (string, error) {
|
|
files, err := DirFiles(dir)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
h := sha256.New()
|
|
files = append([]string(nil), files...)
|
|
sort.Strings(files)
|
|
for _, file := range files {
|
|
hf, err := HashFile(filepath.Join(dir, file))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if _, err := fmt.Fprintf(h, "%x %s\n", hf, file); err != nil {
|
|
return "", err
|
|
}
|
|
}
|
|
return "hashdir:" + base64.StdEncoding.EncodeToString(h.Sum(nil)), nil
|
|
}
|
|
|
|
// HashFile calculates and returns the hash of a file.
|
|
func HashFile(filePath string) ([]byte, error) {
|
|
f, err := os.Open(filepath.Clean(filePath))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
hf := sha256.New()
|
|
if _, err := io.Copy(hf, f); err != nil {
|
|
return nil, err
|
|
}
|
|
err = f.Close()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return hf.Sum(nil), nil
|
|
}
|
|
|
|
// DirFiles returns list of files found within a given directory and its sub-directories.
|
|
// Directory prefix will not be included as a part of returned file string i.e. for a file located
|
|
// in "dir/foo/bar" only "foo/bar" part will be returned.
|
|
func DirFiles(dir string) ([]string, error) {
|
|
var files []string
|
|
dir = filepath.Clean(dir)
|
|
err := filepath.Walk(dir, func(file string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if info.IsDir() {
|
|
return nil
|
|
}
|
|
relFile := file
|
|
if dir != "." {
|
|
relFile = file[len(dir)+1:]
|
|
}
|
|
files = append(files, filepath.ToSlash(relFile))
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return files, nil
|
|
}
|