All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
NOTE: this release adds a new sign_extensions
configuration option in
tmkms.toml
which needs to be configured for any [[chain]]
which uses
extension signing. For an example of how to configure it,
see tmkms.toml.example
.
- Optional
sign_extensions
field to[[chain]]
config (#882)
- Always sign extension even when it's empty (#857, #867)
- Bump tendermint-rs dependencies to v0.35; cosmrs v0.16 (#881)
- Unused imports and future clippy warnings (#883)
CanonicalVoteExtension
signature support (#837)
- Bump tendermint-rs dependencies to v0.34; MSRV 1.72 (#778)
cosmrs
v0.15ed25519
v2ed25519-dalek
=>ed25519-consensus
v2elliptic-curve
v0.13k256
v0.13prost
v0.12prost-derive
v0.12rpassword
v7signature
v2tendermint
v0.34tendermint-config
v0.34tendermint-proto
v0.34tendermint-p2p
v0.34yubihsm
v0.42
- Rename
tmkms ledger initialize
totmkms ledger init
(#787) - Use
-H
fortmkms ledger init
height parameter (#789)
- Use correct signing capabilities for YubiHSM account keygen (#725)
- yubihsm udev rules GROUP (#728)
- Support RPC messages up to 256kB (#792)
- MSRV 1.57 (#557)
- Updated dependencies (#577)
cosmrs
v0.8elliptic-curve
v0.12hkd32
v0.7hkdf
v0.12k256
v0.11sdkms
v0.5sha2
v0.10signtature
v1.5stdtx
v0.7tendermint-*
v0.23.8uuid
v1yubihsm
v0.41
- Bump
cosmrs
to v0.7 (#537) - Bump
prost
to v0.10 (#523, #537) - Bump tendermint-rs crates to v0.23.7 (#537)
- Sentinel config (#351)
- Osmosis config (#370)
- Persistence config (#373)
- New
key_format
type:cosmos-json
(#407)
- Rust 2021 edition upgrade (#465)
- Dependency updates:
- Bump tendermint-rs crates to v0.19 (#327)
This release is compatible with tendermint v0.34 or older.
It includes initial support for "Stargate", an upgrade to Cosmos Hub which
will enable IBC. It also retains backwards compatibility for all older versions
of Tendermint via the [validator.protocol_version]
setting in tmkms.toml
.
For Stargate, configure this value to:
[[validator]]
chain_id = "cosmoshub-4"
protocol_version = "v0.34"
state_file = "/path/to/cosmoshub-4-state.json"
Also make sure to update the state_file
with a new filename
(e.g. cosmoshub-4-state.json
) and retain the old state file for cosmoshub-3
.
You'll need the old state file if a chain rollback is required!
- Tendermint v0.34 signing compatibility (#211)
- rpc: add support for protobuf-encoded messages (#201)
- tx-signer: retry failed transactions up to 3 times (#213)
- Use
consensus::State
serializers fromtendermint-rs
(#232) - Use
tendermint-p2p
crate for secret connection (#234, #290) - Bump
stdtx
to v0.4 (#249) - Bump
tendermint-rs
to v0.18 (#290) - Bump
tokio
to v1.0 (#290) - Bump
yubihsm
crate dependency to v0.38 (#289) - MSRV 1.46+ (#249)
This release is compatible with tendermint v0.33 or older.
It's primarily a maintenance release containing dependency upgrades as well as a small number of breaking changes.
While it contains preliminary work to support newer versions (e.g. Stargate), this work is in a partial/incomplete state and it is NOT yet compatible. We intend to have full Stargate (Tendermint v0.34) support in the next release (v0.10).
Notable breaking changes:
- The
ledgertm
cargo feature has been renamed toledger
- The
protocol_version
field of[[validator]]
is now mandatory. Please set it tolegacy
if it was omitted before. - The JSONRPC format used by
tx-signer
has changed. Please seeREADME.txsigner.md
.
- Rename
ledgertm
Cargo feature toledger
(#186) - Vendor the
signatory-ledger-tm
crate into the tmkms app (#186) - Bump dependencies (#104, #115, #121, #122, #183, #184
tx-signer
: logging improvements (#146, #152, #154, #167, #177)tx-signer
: usebroadcast_tx_commit
instead ofbroadcast_tx_sync
(#165)tx-signer
: include signer's public key in transaction (#148)
tx-signer
: error and sequence number handling (#181, #178, #168)- Bogus secret connection identity key handling - non-security-critical bug (#164)
This release adds initial support for tendermint v0.33.
- yubihsm: show labels when listing keys (#102)
- yubihsm: add account key support to
yubihsm keys generate
(#101) - Transaction Signer (
tx-signer
) documentation (#98) tmkms init
subcommand (#89)- Initial ECDSA support (#76, #86)
- Transaction signer (#78)
- Support both the Tendermint legacy and v0.33 secret connection handshake (#58)
- Minimum Supported Rust Version: 1.41.0
- Bump
prost-amino
to v0.6 (#92) - Replace
atomicwrites
dependency withtempfile
(#62) - Refactor locking; add more debug locking (#60)
- Bump
tendermint
crate to v0.13 (#36) - Bump
signatory
to v0.19 (#36) - Bump
yubihsm
crate to v0.33 (#36)
- Remove explicit dependency on the
log
crate - Remove
byteorder
dependency - Replace
tiny-bip39
with the equivalenthkd32
functionality - Replace
lazy_static
withonce_cell
- Update
rpassword
requirement from 3.0 to 4.0 - Upgrade
x25519-dalek
to v0.6; removerand_os
- Remove
failure
- Update to
tendermint-rs
0.12.0-rc0;prost-amino
v0.5;signatory v0.18
- Upgrade to
abscissa
v0.5 - Validate chains are registered on startup
- Use an initial height of 0 in default chain state
- Upgrade
tendermint-rs
to v0.11 - Upgrade to
signatory
v0.16;yubihsm
v0.29.0 - Use the
chacha20poly1305
crate for Secret Connection - Vendor Secret Connection impl back from
tendermint-rs
- Add timeout to TCP socket
- Double signing detection and logging improvements
- Log signing message type during attempted double sign events
- Detect and don't attempt to recover from PoisonError
- chain/state: Avoid panicking in update_consensus_state
abscissa
crate v0.3- Refactor
Session
to remove code duplication - Remove signal handlers
- Double signing - allow some block ID switches
- Consider signed
<nil>
votes to be double signs
This release is tested against tendermint v0.31 and known to be compatible with tendermint v0.32.
The validator state files use an incompatible syntax from Tendermint KMS v0.5. It has been changed to match the conventions used by the rest of Tendermint, where integer values are stored in strings rather than JSON integers.
When upgrading, you will need to either delete existing state files
(they will be recreated automatically), or ensure the integer height
and
round
fields contained within these files are quoted in strings, e.g.
{"height":"123456","round":"0",...}
.
The previous parser for tmkms.toml
ignored unknown attributes in the
config file. This means it would often ignore syntax errors, spelling mistakes,
or attributes in the wrong location when parsing files.
This has been changed to explicitly reject such fields, however please be aware if your config file contained invalid syntax, it will now be rejected by the parser and the KMS will no longer boot.
We suggest validating the configuration in a staging or other noncritical deployment of the KMS in order to ensure your configuration does not contain accidental misconfigurations which were previously uncaught.
This release contains many improvements for users of the yubihsm
backend:
- New
yubihsm-server
feature: this release includes support for the KMS exposing an HTTP service which is compatible with Yubico'syubihsm-connector
service. This allows for concurrently administering a YubiHSM2 while the KMS is running, either throughtmkms yubihsm
(see additional notes below) or via Yubico'syubihsm-shell
. - Loopback support for
tmkms yubihsm
: the CLI functionality in the KMS for administering YubiHSMs can now be configured to connect to the KMS's ownyubihsm-server
. Additionally it can also be configured to use a different authentication key, and to prompt for a password as opposed to using one in the configuration file.
For more information on these changes, please see the "yubihsm-server feature" section in the Tendermint KMS YubiHSM docs:
https://github.com/iqlusioninc/tmkms/blob/main/README.yubihsm.md
tendermint
crate v0.10.0- Double signing logging improvements
- Log
tendermint::consensus::State
height/round/step yubihsm keys import
: base64 supportyubihsm
: Support for reading password from a filesoftsign
: Fix private key decoding +import
commandsoftsign
: Add subcommand; movekeygen
under ityubihsm setup
: usehkd32
crate to derive key hierarchyyubihsm setup
: Collect 256-bits entropy from both RNGsabscissa
crate v0.2- Log durations for each signing operation
- Add
serde(deny_unknown_fields)
to all config structs tmkms yubihsm keys list
: Use chain-specific formattersyubihsm-server
: Allow CLI commands to use loopback connectionyubihsm-server
: Optionalyubihsm-connector
compatibility- Send
RemoteSignerError
response to validator on double sign - Logging improvements
- yubihsm: Mark imported
priv_validator.json
keys as re-exportable - ledger: Add init commands
- Add
max_height
support for stopping chains at specific heights - Chain-specific keyrings / multitenancy
- ledger: Use
ledger-tendermint
backend
tendermint
crate v0.5.0- Optional peer ID verification
- Bump subtle-encoding dependency to v0.3.3
- Allow setting config path via
TMKMS_CONFIG_FILE
env var - yubihsm: Add back HTTP connector support
- Initial Tendermint
[chain]
registry in tmkms.toml - Disable 'softsign' backend by default
- State tracking for double sign protection (thanks [@zmanian]!)
tendermint
crate v0.3.0- yubihsm: Support for exporting/importing wrapped (encrypted) keys
- yubihsm setup
- Ledger integration
- Add ability to terminate on SIGTERM or SIGINT
- Remove
PoisonPillMsg
- Refactor client/tests to always dial out to tendermint/gaiad
- Migrate to rust 2018 edition
- Lower reconnect delay to 1s
- Allow empty BlockIds in validation method
- Encode node (and softwign) private keys as Base64
- Add integration tests for yubihsm subcommands
- Fix
tmkms yubihsm keys import
command
- Add
tmkms yubihsm keys import
command - Simplify
tmkms.toml
syntax - Minor clarifications/fixes
- Initial validator signing support
- Extract
tendermint
crate as a reusable Rust library - Support for Bech32-formatted Cosmos keys/addresses
- Validator signing via Unix domain socket IPC
- Initial "preview" release