Skip to content

Commit

Permalink
Try #5927:
Browse files Browse the repository at this point in the history
  • Loading branch information
spacemesh-bors[bot] authored May 17, 2024
2 parents 7082a3c + 1c46f93 commit 615b7c4
Show file tree
Hide file tree
Showing 36 changed files with 1,490 additions and 290 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/systest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,13 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- uses: extractions/netrc@v2
with:
machine: github.com
username: ${{ secrets.GH_ACTION_TOKEN_USER }}
password: ${{ secrets.GH_ACTION_TOKEN }}
if: vars.GOPRIVATE

- name: Push go-spacemesh build to docker hub
run: make dockerpush

Expand All @@ -103,6 +110,13 @@ jobs:
shell: bash
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

- uses: extractions/netrc@v2
with:
machine: github.com
username: ${{ secrets.GH_ACTION_TOKEN_USER }}
password: ${{ secrets.GH_ACTION_TOKEN }}
if: vars.GOPRIVATE

- name: Build tests docker image
run: make -C systest docker

Expand Down
48 changes: 41 additions & 7 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ is macOS 14 (Sonoma) or later ([#5879](https://github.com/spacemeshos/go-spaceme

This update removes migration code for go-spacemesh databases created with versions before v1.5.0.
Upgrading to this version requires going through v1.5.x first. Removed migrations for:
* legacy keys in the post data directory ([#5907](https://github.com/spacemeshos/go-spacemesh/pull/5907)).
* ATX blob separation and always populating nonce column in atxs ([#5942](https://github.com/spacemeshos/go-spacemesh/pull/5942))

* legacy keys in the post data directory ([#5907](https://github.com/spacemeshos/go-spacemesh/pull/5907)).
* ATX blob separation and always populating nonce column in atxs ([#5942](https://github.com/spacemeshos/go-spacemesh/pull/5942))

### Highlights

Expand All @@ -32,22 +33,55 @@ Upgrading to this version requires going through v1.5.x first. Removed migration

* [#5888](https://github.com/spacemeshos/go-spacemesh/pull/5888) Handle DHT discovery startup errors properly

* [#5896](https://github.com/spacemeshos/go-spacemesh/pull/5896) Increase supported number of ATXs to 4.5 Mio.
* [#5927](https://github.com/spacemeshos/go-spacemesh/pull/5927) Fixed vulnerability in the way a node handles incoming
ATXs. This vulnerability allows an attacker to claim rewards for a full tick amount although they should not be
eligible for them.

## Release v1.5.3

### Improvements

* [#5929](https://github.com/spacemeshos/go-spacemesh/pull/5929) Fix "no nonce" error when persisting malicious
(initial) ATXs.

* [#5930](https://github.com/spacemeshos/go-spacemesh/pull/5930) Check if identity for a given malfeasance proof
exists when validating it.

## Release v1.5.2-hotfix1

This release includes our first CVE fix. A vulnerability was found in the way a node handles incoming ATXs. We urge all
node operators to update to this version as soon as possible.

### Improvements

* Fixed a vulnerability in the way a node handles incoming ATXs. This vulnerability allows an attacker to claim rewards
for a full tick amount although they should not be eligible for them.

## Release v1.5.2

### Improvements

* [#5904](https://github.com/spacemeshos/go-spacemesh/pull/5904) Avoid repeated searching for positioning ATX in 1:N

* [#5911](https://github.com/spacemeshos/go-spacemesh/pull/5911) Avoid pulling poet proof multiple times in 1:N setups

## Release v1.5.1

### Improvements

* [#5896](https://github.com/spacemeshos/go-spacemesh/pull/5896) Increase supported number of ATXs to 4.5 Mio.

## Release v1.5.0

* [#5923](https://github.com/spacemeshos/go-spacemesh/pull/5923) Fix high memory consumption and performance issues
in the proposal handler

* [#5932](https://github.com/spacemeshos/go-spacemesh/pull/5932) Fix caching malfeasance when processing new proofs

* [#5943](https://github.com/spacemeshos/go-spacemesh/pull/5943) Fix timing out querying proof in 1:N in a presence of a broken Poet.

Previously, every identitiy waited for the full timeout time (~20 minutes) before giving up.
* [#5943](https://github.com/spacemeshos/go-spacemesh/pull/5943) Fix timing out querying proof in 1:N in a presence of
a broken Poet.

## (v1.5.0)
Previously, every identity waited for the full timeout time (~20 minutes) before giving up.

### Upgrade information

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ RUN make get-libs
COPY go.mod .
COPY go.sum .

RUN go mod download
RUN --mount=type=secret,id=mynetrc,dst=/root/.netrc go mod download

# Here we copy the rest of the source code
COPY . .
Expand Down
11 changes: 9 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,11 @@ list-versions:

dockerbuild-go:
DOCKER_BUILDKIT=1 docker build \
--secret id=mynetrc,src=$(HOME)/.netrc \
--build-arg VERSION=${VERSION} \
-t go-spacemesh:$(SHA) \
-t $(DOCKER_HUB)/$(DOCKER_IMAGE_REPO):$(DOCKER_IMAGE_VERSION) .
-t $(DOCKER_HUB)/$(DOCKER_IMAGE_REPO):$(DOCKER_IMAGE_VERSION) \
.
.PHONY: dockerbuild-go

dockerpush: dockerbuild-go dockerpush-only
Expand All @@ -171,7 +173,12 @@ endif
.PHONY: dockerpush-only

dockerbuild-bs:
DOCKER_BUILDKIT=1 docker build -t go-spacemesh-bs:$(SHA) -t $(DOCKER_HUB)/$(DOCKER_IMAGE_REPO)-bs:$(DOCKER_IMAGE_VERSION) -f ./bootstrap.Dockerfile .
DOCKER_BUILDKIT=1 docker build \
--secret id=mynetrc,src=$(HOME)/.netrc \
-t go-spacemesh-bs:$(SHA) \
-t $(DOCKER_HUB)/$(DOCKER_IMAGE_REPO)-bs:$(DOCKER_IMAGE_VERSION) \
-f ./bootstrap.Dockerfile \
.
.PHONY: dockerbuild-bs

dockerpush-bs: dockerbuild-bs dockerpush-bs-only
Expand Down
2 changes: 1 addition & 1 deletion activation/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ func (h *Handler) HandleSyncedAtx(ctx context.Context, expHash types.Hash32, pee

// HandleGossipAtx handles the atx gossip data channel.
func (h *Handler) HandleGossipAtx(ctx context.Context, peer p2p.Peer, msg []byte) error {
proof, err := h.handleAtx(ctx, types.Hash32{}, peer, msg)
proof, err := h.handleAtx(ctx, types.EmptyHash32, peer, msg)
if err != nil && !errors.Is(err, errMalformedData) && !errors.Is(err, errKnownAtx) {
h.log.WithContext(ctx).With().Warning("failed to process atx gossip",
log.Stringer("sender", peer),
Expand Down
26 changes: 20 additions & 6 deletions activation/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -221,17 +221,32 @@ func newTestHandler(tb testing.TB, goldenATXID types.ATXID, opts ...HandlerOptio
}
}

func createIdentity(tb testing.TB, db sql.Executor, sig *signing.EdSigner) {
tb.Helper()
atx := &types.ActivationTx{
PublishEpoch: types.EpochID(1),
Coinbase: types.Address{},
NumUnits: 1,
SmesherID: sig.NodeID(),
}
atx.SetReceived(time.Now())
atx.SetID(types.RandomATXID())
atx.TickCount = 1
require.NoError(tb, atxs.Add(db, atx))
}

func testHandler_PostMalfeasanceProofs(t *testing.T, synced bool) {
goldenATXID := types.ATXID{2, 3, 4}
atxHdlr := newTestHandler(t, goldenATXID)

sig, err := signing.NewEdSigner()
require.NoError(t, err)
nodeID := sig.NodeID()

_, err = identities.GetMalfeasanceProof(atxHdlr.cdb, nodeID)
_, err = identities.GetMalfeasanceProof(atxHdlr.cdb, sig.NodeID())
require.ErrorIs(t, err, sql.ErrNotFound)

createIdentity(t, atxHdlr.cdb, sig)

atx := newInitialATXv1(t, goldenATXID)
atx.Sign(sig)

Expand Down Expand Up @@ -314,7 +329,7 @@ func TestHandler_ProcessAtxStoresNewVRFNonce(t *testing.T) {
require.NoError(t, err)
require.Equal(t, types.VRFPostIndex(*atx1.VRFNonce), got)

atx2 := newChainedActivationTxV1(t, goldenATXID, atx1, atx1.ID())
atx2 := newChainedActivationTxV1(t, atx1, atx1.ID())
nonce2 := types.VRFPostIndex(456)
atx2.VRFNonce = (*uint64)(&nonce2)
atx2.Sign(sig)
Expand All @@ -336,7 +351,7 @@ func TestHandler_HandleGossipAtx(t *testing.T) {
first := newInitialATXv1(t, goldenATXID)
first.Sign(sig)

second := newChainedActivationTxV1(t, goldenATXID, first, first.ID())
second := newChainedActivationTxV1(t, first, first.ID())
second.Sign(sig)

// the poet is missing
Expand Down Expand Up @@ -639,7 +654,7 @@ func TestHandler_AtxWeight(t *testing.T) {
require.Equal(t, leaves/tickSize, stored1.TickHeight())
require.Equal(t, (leaves/tickSize)*units, stored1.GetWeight())

atx2 := newChainedActivationTxV1(t, goldenATXID, atx1, atx1.ID())
atx2 := newChainedActivationTxV1(t, atx1, atx1.ID())
atx2.Sign(sig)
buf = codec.MustEncode(atx2)

Expand Down Expand Up @@ -740,7 +755,6 @@ func newInitialATXv1(

func newChainedActivationTxV1(
t testing.TB,
goldenATXID types.ATXID,
prev *wire.ActivationTxV1,
pos types.ATXID,
) *wire.ActivationTxV1 {
Expand Down
Loading

0 comments on commit 615b7c4

Please sign in to comment.