From 8be46e73c3b49606f8d242d07360bc22e1a8056a Mon Sep 17 00:00:00 2001 From: Aman Sanghi Date: Thu, 19 Dec 2024 21:47:33 +0530 Subject: [PATCH 1/4] Add mock external signer --- .github/workflows/ci.yml | 3 ++- docker-compose.yaml | 7 +++++ scripts/config.ts | 56 ++++++++++++++++++++++++++++++++++++++++ test-node.bash | 16 ++++++++++-- 4 files changed, 79 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 807b5c29..ee37ef6c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,6 +19,7 @@ jobs: l3node: [l3node, l3node-token-6, no-l3node] tokenbridge: [tokenbridge, no-tokenbridge] simple: [simple, no-simple] + externalsigner: [externalsigner, no-externalsigner] steps: - name: Checkout @@ -39,7 +40,7 @@ jobs: restore-keys: ${{ runner.os }}-buildx- - name: Startup Nitro testnode - run: ${{ github.workspace }}/.github/workflows/testnode.bash --init-force ${{ (matrix.l3node == 'l3node' && '--l3node') || (matrix.l3node == 'l3node-token-6' && '--l3node --l3-fee-token --l3-token-bridge --l3-fee-token-decimals 6') || '' }} ${{ matrix.tokenbridge == 'tokenbridge' && '--tokenbridge' || '--no-tokenbridge' }} --detach ${{ matrix.pos == 'pos' && '--pos' || '' }} --simple ${{ (matrix.simple == 'simple' && '--simple') || (matrix.simple == 'no-simple' && '--no-simple') || '' }} + run: ${{ github.workspace }}/.github/workflows/testnode.bash --init-force ${{ (matrix.l3node == 'l3node' && '--l3node') || (matrix.l3node == 'l3node-token-6' && '--l3node --l3-fee-token --l3-token-bridge --l3-fee-token-decimals 6') || '' }} ${{ matrix.tokenbridge == 'tokenbridge' && '--tokenbridge' || '--no-tokenbridge' }} --detach ${{ matrix.pos == 'pos' && '--pos' || '' }} --simple ${{ (matrix.simple == 'simple' && '--simple') || (matrix.simple == 'no-simple' && '--no-simple') || '' }} ${{ matrix.externalsigner == 'externalsigner' && '--externalsigner' || '' }} bold_upgrade: runs-on: ubuntu-8 diff --git a/docker-compose.yaml b/docker-compose.yaml index 670d1238..2f4f2770 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -397,6 +397,13 @@ services: - "das-mirror-data:/das-mirror" command: + externalsigner: + image: nitro-node-dev-testnode + entrypoint: /usr/local/bin/mockexternalsigner + volumes: + - "config:/config" + command: + das-committee-a: pid: host # allow debugging image: nitro-node-dev-testnode diff --git a/scripts/config.ts b/scripts/config.ts index 15bc6f7b..2839e562 100644 --- a/scripts/config.ts +++ b/scripts/config.ts @@ -276,6 +276,27 @@ function writeConfigs(argv: any) { baseConfig.node["data-availability"]["sequencer-inbox-address"] = ethers.utils.hexlify(getChainInfo()[0]["rollup"]["sequencer-inbox"]); + if (argv.externalSignerUrl != "") { + baseConfig.node.staker["data-poster"]["external-signer"] = { + "url": argv.externalSignerUrl, + "address": argv.externalSignerAddress, + "method": argv.externalSignerMethod, + "root-ca": argv.externalSignerRootCA, + "client-cert": argv.externalSignerClientCert, + "client-private-key": argv.externalSignerClientPrivateKey, + "insecure-skip-verify": argv.externalSignerInsecureSkipVerify + } + baseConfig.node["batch-poster"]["data-poster"]["external-signer"] = { + "url": argv.externalSignerUrl, + "address": argv.externalSignerAddress, + "method": argv.externalSignerMethod, + "root-ca": argv.externalSignerRootCA, + "client-cert": argv.externalSignerClientCert, + "client-private-key": argv.externalSignerClientPrivateKey, + "insecure-skip-verify": argv.externalSignerInsecureSkipVerify + } + } + const baseConfJSON = JSON.stringify(baseConfig) if (argv.simple) { @@ -538,6 +559,41 @@ export const writeConfigCommand = { describe: "DAS committee member B BLS pub key", default: "" }, + externalSignerUrl: { + string: true, + describe: "external signer URL", + default: "" + }, + externalSignerAddress: { + string: true, + describe: "external signer address", + default: "" + }, + externalSignerMethod: { + string: true, + describe: "external signer method", + default: "" + }, + externalSignerRootCA: { + string: true, + describe: "external signer root CA", + default: "" + }, + externalSignerClientCert: { + string: true, + describe: "external signer client cert", + default: "" + }, + externalSignerClientPrivateKey: { + string: true, + describe: "external signer client private key", + default: "" + }, + externalSignerInsecureSkipVerify: { + boolean: true, + describe: "external signer insecure skip verify", + default: false + } }, handler: (argv: any) => { diff --git a/test-node.bash b/test-node.bash index 9c6f6ef5..710e96f5 100755 --- a/test-node.bash +++ b/test-node.bash @@ -59,6 +59,7 @@ devprivkey=b6b15c8cb491557369f3c7d2c287b053eb229daa9c22138887752191c9520659 l1chainid=1337 simple=true l2anytrust=false +externalsigner=false # Use the dev versions of nitro/blockscout dev_nitro=false @@ -251,6 +252,10 @@ while [[ $# -gt 0 ]]; do l2anytrust=true shift ;; + --externalsigner) + externalsigner=true + shift + ;; --redundantsequencers) simple=false redundantsequencers=$2 @@ -508,13 +513,20 @@ if $l2anytrust; then fi fi +externalsignerConfigLine="" + +if $externalsigner; then + echo == Generating External Signer Config + externalsignerConfigLine=$(docker compose run --entrypoint sh externalsigner "private_key") +fi + if $force_init; then if $simple; then echo == Writing configs - docker compose run scripts write-config --simple $anytrustNodeConfigLine + docker compose run scripts write-config --simple $anytrustNodeConfigLine $externalsignerConfigLine else echo == Writing configs - docker compose run scripts write-config $anytrustNodeConfigLine + docker compose run scripts write-config $anytrustNodeConfigLine $externalsignerConfigLine echo == Initializing redis docker compose up --wait redis From e0bdf1e04ecf770766a8ef9e979adae8632c3dc4 Mon Sep 17 00:00:00 2001 From: Aman Sanghi Date: Thu, 19 Dec 2024 21:49:08 +0530 Subject: [PATCH 2/4] minor fix --- docker-compose.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 2f4f2770..21bf188c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -400,8 +400,6 @@ services: externalsigner: image: nitro-node-dev-testnode entrypoint: /usr/local/bin/mockexternalsigner - volumes: - - "config:/config" command: das-committee-a: From 3f35196ce4a6928007e810add280430fe6ab3c6d Mon Sep 17 00:00:00 2001 From: Aman Sanghi Date: Thu, 19 Dec 2024 21:55:48 +0530 Subject: [PATCH 3/4] minor fix --- test-node.bash | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test-node.bash b/test-node.bash index 710e96f5..dd27f099 100755 --- a/test-node.bash +++ b/test-node.bash @@ -517,7 +517,8 @@ externalsignerConfigLine="" if $externalsigner; then echo == Generating External Signer Config - externalsignerConfigLine=$(docker compose run --entrypoint sh externalsigner "private_key") + sequencerPrivateKey=$(docker compose run scripts print-private-key --account sequencer | tail -n 1 | tr -d '\r\n') + externalsignerConfigLine=$(docker compose run --entrypoint sh externalsigner "$sequencerPrivateKey") fi if $force_init; then From 9ce8db574b7828c225eaac4076b1ad06e45f3925 Mon Sep 17 00:00:00 2001 From: Aman Sanghi Date: Thu, 19 Dec 2024 22:04:06 +0530 Subject: [PATCH 4/4] minor fix --- scripts/config.ts | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/scripts/config.ts b/scripts/config.ts index 2839e562..02fc352a 100644 --- a/scripts/config.ts +++ b/scripts/config.ts @@ -201,6 +201,21 @@ function writeConfigs(argv: any) { "staker-interval": "10s", "make-assertion-interval": "10s", "strategy": "MakeNodes", + "data-poster": { + "redis-signer": { + "signing-key": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + }, + "wait-for-l1-finality": false, + "external-signer": { + "url": "", + "address": "", + "method": "eth_signTransaction", + "root-ca": "", + "client-cert": "", + "client-private-key": "", + "insecure-skip-verify": false + } + } }, "sequencer": false, "dangerous": { @@ -234,7 +249,16 @@ function writeConfigs(argv: any) { "redis-signer": { "signing-key": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" }, - "wait-for-l1-finality": false + "wait-for-l1-finality": false, + "external-signer": { + "url": "", + "address": "", + "method": "eth_signTransaction", + "root-ca": "", + "client-cert": "", + "client-private-key": "", + "insecure-skip-verify": false + } } }, "block-validator": {