mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-22 19:40:37 +00:00
ef21d3adf8
* `EpochFromString`: Use already defined `Uint64FromString` function. * `Test_uint64FromString` => `Test_FromString` This test function tests more functions than `Uint64FromString`. * Slashing protection history: Remove unreachable code. The function `NewKVStore` creates, via `kv.UpdatePublicKeysBuckets`, a new item in the `proposal-history-bucket-interchange`. IMO there is no real reason to prefer `proposal` than `attestation` as a prefix for this bucket, but this is the way it is done right now and renaming the bucket will probably be backward incompatible. An `attestedPublicKey` cannot exist without the corresponding `proposedPublicKey`. Thus, the `else` portion of code removed in this commit is not reachable. We raise an error if we get there. This is also probably the reason why the removed `else` portion was not tested. * `NewKVStore`: Switch items in `createBuckets`. So the order corresponds to `schema.go` * `slashableAttestationCheck`: Fix comments and logs. * `ValidatorClient.db`: Use `iface.ValidatorDB`. * BoltDB database: Implement `GraffitiFileHash`. * Filesystem database: Creates `db.go`. This file defines the following structs: - `Store` - `Graffiti` - `Configuration` - `ValidatorSlashingProtection` This files implements the following public functions: - `NewStore` - `Close` - `Backup` - `DatabasePath` - `ClearDB` - `UpdatePublicKeysBuckets` This files implements the following private functions: - `slashingProtectionDirPath` - `configurationFilePath` - `configuration` - `saveConfiguration` - `validatorSlashingProtection` - `saveValidatorSlashingProtection` - `publicKeys` * Filesystem database: Creates `genesis.go`. This file defines the following public functions: - `GenesisValidatorsRoot` - `SaveGenesisValidatorsRoot` * Filesystem database: Creates `graffiti.go`. This file defines the following public functions: - `SaveGraffitiOrderedIndex` - `GraffitiOrderedIndex` * Filesystem database: Creates `migration.go`. This file defines the following public functions: - `RunUpMigrations` - `RunDownMigrations` * Filesystem database: Creates proposer_settings.go. This file defines the following public functions: - `ProposerSettings` - `ProposerSettingsExists` - `SaveProposerSettings` * Filesystem database: Creates `attester_protection.go`. This file defines the following public functions: - `EIPImportBlacklistedPublicKeys` - `SaveEIPImportBlacklistedPublicKeys` - `SigningRootAtTargetEpoch` - `LowestSignedTargetEpoch` - `LowestSignedSourceEpoch` - `AttestedPublicKeys` - `CheckSlashableAttestation` - `SaveAttestationForPubKey` - `SaveAttestationsForPubKey` - `AttestationHistoryForPubKey` * Filesystem database: Creates `proposer_protection.go`. This file defines the following public functions: - `HighestSignedProposal` - `LowestSignedProposal` - `ProposalHistoryForPubKey` - `ProposalHistoryForSlot` - `ProposedPublicKeys` * Ensure that the filesystem store implements the `ValidatorDB` interface. * `slashableAttestationCheck`: Check the database type. * `slashableProposalCheck`: Check the database type. * `slashableAttestationCheck`: Allow usage of minimal slashing protection. * `slashableProposalCheck`: Allow usage of minimal slashing protection. * `ImportStandardProtectionJSON`: Check the database type. * `ImportStandardProtectionJSON`: Allow usage of min slashing protection. * Implement `RecursiveDirFind`. * Implement minimal<->complete DB conversion. 3 public functions are implemented: - `IsCompleteDatabaseExisting` - `IsMinimalDatabaseExisting` - `ConvertDatabase` * `setupDB`: Add `isSlashingProtectionMinimal` argument. The feature addition is located in `validator/node/node_test.go`. The rest of this commit consists in minimal slashing protection testing. * `setupWithKey`: Add `isSlashingProtectionMinimal` argument. The feature addition is located in `validator/client/propose_test.go`. The rest of this commit consists in tests wrapping. * `setup`: Add `isSlashingProtectionMinimal` argument. The added feature is located in the `validator/client/propose_test.go` file. The rest of this commit consists in tests wrapping. * `initializeFromCLI` and `initializeForWeb`: Factorize db init. * Add `convert-complete-to-minimal` command. * Creates `--enable-minimal-slashing-protection` flag. * `importSlashingProtectionJSON`: Check database type. * `exportSlashingProtectionJSON`: Check database type. * `TestClearDB`: Test with minimal slashing protection. * KeyManager: Test with minimal slashing protection. * RPC: KeyManager: Test with minimal slashing protection. * `convert-complete-to-minimal`: Change option names. Options were: - `--source` (for source data directory), and - `--target` (for target data directory) However, since this command deals with slashing protection, which has source (epochs) and target (epochs), the initial option names may confuse the user. In this commit: `--source` ==> `--source-data-dir` `--target` ==> `--target-data-dir` * Set `SlashableAttestationCheck` as an iface method. And delete `CheckSlashableAttestation` from iface. * Move helpers functions in a more general directory. No functional change. * Extract common structs out of `kv`. ==> `filesystem` does not depend anymore on `kv`. ==> `iface` does not depend anymore on `kv`. ==> `slashing-protection` does not depend anymore on `kv`. * Move `ValidateMetadata` in `validator/helpers`. * `ValidateMetadata`: Test with mock. This way, we can: - Avoid any circular import for tests. - Implement once for all `iface.ValidatorDB` implementations the `ValidateMetadata`function. - Have tests (and coverage) of `ValidateMetadata`in its own package. The ideal solution would have been to implement `ValidateMetadata` as a method with the `iface.ValidatorDB`receiver. Unfortunately, golang does not allow that. * `iface.ValidatorDB`: Implement ImportStandardProtectionJSON. The whole purpose of this commit is to avoid the `switch validatorDB.(type)` in `ImportStandardProtectionJSON`. * `iface.ValidatorDB`: Implement `SlashableProposalCheck`. * Remove now useless `slashableProposalCheck`. * Delete useless `ImportStandardProtectionJSON`. * `file.Exists`: Detect directories and return an error. Before, `Exists` was only able to detect if a file exists. Now, this function takes an extra `File` or `Directory` argument. It detects either if a file or a directory exists. Before, if an error was returned by `os.Stat`, the the file was considered as non existing. Now, it is treated as a real error. * Replace `os.Stat` by `file.Exists`. * Remove `Is{Complete,Minimal}DatabaseExisting`. * `publicKeys`: Add log if unexpected file found. * Move `{Source,Target}DataDirFlag`in `db.go`. * `failedAttLocalProtectionErr`: `var`==> `const` * `signingRoot`: `32`==> `fieldparams.RootLength`. * `validatorClientData`==> `validator-client-data`. To be consistent with `slashing-protection`. * Add progress bars for `import` and `convert`. * `parseBlocksForUniquePublicKeys`: Move in `db/kv`. * helpers: Remove unused `initializeProgressBar` function.
385 lines
9.9 KiB
Go
385 lines
9.9 KiB
Go
package file
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"os/user"
|
|
"path"
|
|
"path/filepath"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/prysmaticlabs/prysm/v5/config/params"
|
|
)
|
|
|
|
type ObjType int
|
|
|
|
const (
|
|
Regular ObjType = iota
|
|
Directory
|
|
)
|
|
|
|
// ExpandPath given a string which may be a relative path.
|
|
// 1. replace tilde with users home dir
|
|
// 2. expands embedded environment variables
|
|
// 3. cleans the path, e.g. /a/b/../c -> /a/c
|
|
// Note, it has limitations, e.g. ~someuser/tmp will not be expanded
|
|
func ExpandPath(p string) (string, error) {
|
|
if strings.HasPrefix(p, "~/") || strings.HasPrefix(p, "~\\") {
|
|
if home := HomeDir(); home != "" {
|
|
p = home + p[1:]
|
|
}
|
|
}
|
|
return filepath.Abs(path.Clean(os.ExpandEnv(p)))
|
|
}
|
|
|
|
// HandleBackupDir takes an input directory path and either alters its permissions to be usable if it already exists, creates it if not
|
|
func HandleBackupDir(dirPath string, permissionOverride bool) error {
|
|
expanded, err := ExpandPath(dirPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
exists, err := HasDir(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if exists {
|
|
info, err := os.Stat(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if info.Mode().Perm() != params.BeaconIoConfig().ReadWriteExecutePermissions {
|
|
if permissionOverride {
|
|
if err := os.Chmod(expanded, params.BeaconIoConfig().ReadWriteExecutePermissions); err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
return errors.New("dir already exists without proper 0700 permissions")
|
|
}
|
|
}
|
|
}
|
|
return os.MkdirAll(expanded, params.BeaconIoConfig().ReadWriteExecutePermissions)
|
|
}
|
|
|
|
// MkdirAll takes in a path, expands it if necessary, and creates the directory accordingly
|
|
// with standardized, Prysm project permissions. If a directory already exists as this path,
|
|
// then the method returns without making any changes. This is the static-analysis enforced
|
|
// method for creating a directory programmatically in Prysm.
|
|
func MkdirAll(dirPath string) error {
|
|
expanded, err := ExpandPath(dirPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
exists, err := HasDir(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if exists {
|
|
return nil
|
|
}
|
|
return os.MkdirAll(expanded, params.BeaconIoConfig().ReadWriteExecutePermissions)
|
|
}
|
|
|
|
// WriteFile is the static-analysis enforced method for writing binary data to a file
|
|
// in Prysm, enforcing a single entrypoint with standardized permissions.
|
|
func WriteFile(file string, data []byte) error {
|
|
expanded, err := ExpandPath(file)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
exists, err := Exists(expanded, Regular)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "could not check if file exists at path %s", expanded)
|
|
}
|
|
|
|
if exists {
|
|
info, err := os.Stat(expanded)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if info.Mode() != params.BeaconIoConfig().ReadWritePermissions {
|
|
return errors.New("file already exists without proper 0600 permissions")
|
|
}
|
|
}
|
|
return os.WriteFile(expanded, data, params.BeaconIoConfig().ReadWritePermissions)
|
|
}
|
|
|
|
// HomeDir for a user.
|
|
func HomeDir() string {
|
|
if home := os.Getenv("HOME"); home != "" {
|
|
return home
|
|
}
|
|
if usr, err := user.Current(); err == nil {
|
|
return usr.HomeDir
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// HasDir checks if a directory indeed exists at the specified path.
|
|
func HasDir(dirPath string) (bool, error) {
|
|
fullPath, err := ExpandPath(dirPath)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
info, err := os.Stat(fullPath)
|
|
if os.IsNotExist(err) {
|
|
return false, nil
|
|
}
|
|
if info == nil {
|
|
return false, err
|
|
}
|
|
return info.IsDir(), err
|
|
}
|
|
|
|
// HasReadWritePermissions checks if file at a path has proper
|
|
// 0600 permissions set.
|
|
func HasReadWritePermissions(itemPath string) (bool, error) {
|
|
info, err := os.Stat(itemPath)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return info.Mode() == params.BeaconIoConfig().ReadWritePermissions, nil
|
|
}
|
|
|
|
// Exists returns true if a file is not a directory and exists
|
|
// at the specified path.
|
|
func Exists(filename string, objType ObjType) (bool, error) {
|
|
filePath, err := ExpandPath(filename)
|
|
if err != nil {
|
|
return false, errors.Wrapf(err, "could not expend path of file %s", filename)
|
|
}
|
|
|
|
info, err := os.Stat(filePath)
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
return false, nil
|
|
}
|
|
|
|
return false, errors.Wrapf(err, "could not get file info for file %s", filename)
|
|
}
|
|
|
|
if info == nil {
|
|
return false, errors.New("file info is nil")
|
|
}
|
|
|
|
isDir := info.IsDir()
|
|
|
|
return objType == Directory && isDir || objType == Regular && !isDir, nil
|
|
}
|
|
|
|
// RecursiveFileFind returns true, and the path, if a file is not a directory and exists
|
|
// at dir or any of its subdirectories. Finds the first instant based on the Walk order and returns.
|
|
// Define non-fatal error to stop the recursive directory walk
|
|
var errStopWalk = errors.New("stop walking")
|
|
|
|
// RecursiveFileFind searches for file in a directory and its subdirectories.
|
|
func RecursiveFileFind(filename, dir string) (bool, string, error) {
|
|
var found bool
|
|
var fpath string
|
|
dir = filepath.Clean(dir)
|
|
found = false
|
|
err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// checks if its a file and has the exact name as the filename
|
|
// need to break the walk function by using a non-fatal error
|
|
if !info.IsDir() && filename == info.Name() {
|
|
found = true
|
|
fpath = path
|
|
return errStopWalk
|
|
}
|
|
|
|
// no errors or file found
|
|
return nil
|
|
})
|
|
if err != nil && err != errStopWalk {
|
|
return false, "", err
|
|
}
|
|
return found, fpath, nil
|
|
}
|
|
|
|
// RecursiveDirFind searches for directory in a directory and its subdirectories.
|
|
func RecursiveDirFind(dirname, dir string) (bool, string, error) {
|
|
var (
|
|
found bool
|
|
fpath string
|
|
)
|
|
|
|
dir = filepath.Clean(dir)
|
|
found = false
|
|
|
|
err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error walking directory %s", dir)
|
|
}
|
|
|
|
// Checks if its a file and has the exact name as the dirname
|
|
// need to break the walk function by using a non-fatal error
|
|
if info.IsDir() && dirname == info.Name() {
|
|
found = true
|
|
fpath = path
|
|
return errStopWalk
|
|
}
|
|
|
|
// No errors or file found
|
|
return nil
|
|
})
|
|
|
|
if err != nil && err != errStopWalk {
|
|
return false, "", errors.Wrapf(err, "error walking directory %s", dir)
|
|
}
|
|
|
|
return found, fpath, nil
|
|
}
|
|
|
|
// ReadFileAsBytes expands a file name's absolute path and reads it as bytes from disk.
|
|
func ReadFileAsBytes(filename string) ([]byte, error) {
|
|
filePath, err := ExpandPath(filename)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not determine absolute path of password file")
|
|
}
|
|
return os.ReadFile(filePath) // #nosec G304
|
|
}
|
|
|
|
// CopyFile copy a file from source to destination path.
|
|
func CopyFile(src, dst string) error {
|
|
exists, err := Exists(src, Regular)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "could not check if file exists at path %s", src)
|
|
}
|
|
|
|
if !exists {
|
|
return errors.New("source file does not exist at provided path")
|
|
}
|
|
f, err := os.Open(src) // #nosec G304
|
|
if err != nil {
|
|
return err
|
|
}
|
|
dstFile, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, params.BeaconIoConfig().ReadWritePermissions) // #nosec G304
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = io.Copy(dstFile, f)
|
|
return err
|
|
}
|
|
|
|
// CopyDir copies contents of one directory into another, recursively.
|
|
func CopyDir(src, dst string) error {
|
|
dstExists, err := HasDir(dst)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if dstExists {
|
|
return errors.New("destination directory already exists")
|
|
}
|
|
fds, err := os.ReadDir(src)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if err := MkdirAll(dst); err != nil {
|
|
return errors.Wrapf(err, "error creating directory: %s", dst)
|
|
}
|
|
for _, fd := range fds {
|
|
srcPath := path.Join(src, fd.Name())
|
|
dstPath := path.Join(dst, fd.Name())
|
|
if fd.IsDir() {
|
|
if err = CopyDir(srcPath, dstPath); err != nil {
|
|
return errors.Wrapf(err, "error copying directory %s -> %s", srcPath, dstPath)
|
|
}
|
|
} else {
|
|
if err = CopyFile(srcPath, dstPath); err != nil {
|
|
return errors.Wrapf(err, "error copying file %s -> %s", srcPath, dstPath)
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// DirsEqual checks whether two directories have the same content.
|
|
func DirsEqual(src, dst string) bool {
|
|
hash1, err := HashDir(src)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
hash2, err := HashDir(dst)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return hash1 == hash2
|
|
}
|
|
|
|
// HashDir calculates and returns hash of directory: each file's hash is calculated and saved along
|
|
// with the file name into the list, after which list is hashed to produce the final signature.
|
|
// Implementation is based on https://github.com/golang/mod/blob/release-branch.go1.15/sumdb/dirhash/hash.go
|
|
func HashDir(dir string) (string, error) {
|
|
files, err := DirFiles(dir)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
h := sha256.New()
|
|
files = append([]string(nil), files...)
|
|
sort.Strings(files)
|
|
for _, file := range files {
|
|
hf, err := HashFile(filepath.Join(dir, file))
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if _, err := fmt.Fprintf(h, "%x %s\n", hf, file); err != nil {
|
|
return "", err
|
|
}
|
|
}
|
|
return "hashdir:" + base64.StdEncoding.EncodeToString(h.Sum(nil)), nil
|
|
}
|
|
|
|
// HashFile calculates and returns the hash of a file.
|
|
func HashFile(filePath string) ([]byte, error) {
|
|
f, err := os.Open(filepath.Clean(filePath))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
hf := sha256.New()
|
|
if _, err := io.Copy(hf, f); err != nil {
|
|
return nil, err
|
|
}
|
|
err = f.Close()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return hf.Sum(nil), nil
|
|
}
|
|
|
|
// DirFiles returns list of files found within a given directory and its sub-directories.
|
|
// Directory prefix will not be included as a part of returned file string i.e. for a file located
|
|
// in "dir/foo/bar" only "foo/bar" part will be returned.
|
|
func DirFiles(dir string) ([]string, error) {
|
|
var files []string
|
|
dir = filepath.Clean(dir)
|
|
err := filepath.Walk(dir, func(file string, info os.FileInfo, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if info.IsDir() {
|
|
return nil
|
|
}
|
|
relFile := file
|
|
if dir != "." {
|
|
relFile = file[len(dir)+1:]
|
|
}
|
|
files = append(files, filepath.ToSlash(relFile))
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return files, nil
|
|
}
|