Enable parachain AD on AH, PC and YAP#12489
Conversation
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
# Conflicts: # .github/zombienet-tests/zombienet_cumulus_tests.yml
…t-sdk into sandreim/parachain-ad
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
# Conflicts: # .github/zombienet-tests/zombienet_cumulus_tests.yml # Cargo.lock # cumulus/zombienet/zombienet-sdk/Cargo.toml
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
…t-sdk into sandreim/parachain-ad
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
…t-sdk into sandreim/parachain-ad
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
|
/cmd fmt |
…ytech/polkadot-sdk into sandrem/enable-AD-on-system-chains
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
|
/cmd fmt |
|
All GitHub workflows were cancelled due to failure one of the required jobs. |
…rem/enable-AD-on-system-chains
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
| /// Derive an [`sp_authority_discovery::AuthorityId`] from an [`AuraId`] by reusing the | ||
| /// underlying sr25519 public key bytes. Used in genesis config presets so collators can | ||
| /// reuse their Aura keystore secret for authority-discovery until they rotate. | ||
| pub fn authority_discovery_id_from_aura(aura: AuraId) -> sp_authority_discovery::AuthorityId { | ||
| sp_core::sr25519::Public::from(aura).into() | ||
| } |
There was a problem hiding this comment.
I don't get why we need this function at all? Because you change the genesis code to also generate a key for authority discovery?
There was a problem hiding this comment.
Yes, this is only done for genesis.
| let aura_raw: [u8; 32] = sp_core::sr25519::Public::from(aura.clone()).0; | ||
| let hash = sp_io::hashing::blake2_256(&aura_raw); | ||
| sp_core::sr25519::Public::from_raw(hash).into() |
There was a problem hiding this comment.
| let aura_raw: [u8; 32] = sp_core::sr25519::Public::from(aura.clone()).0; | |
| let hash = sp_io::hashing::blake2_256(&aura_raw); | |
| sp_core::sr25519::Public::from_raw(hash).into() | |
| sp_core::sr25519::Public::from_raw([0; 32]).into() |
There was a problem hiding this comment.
This is what I initially wanted to do, but then decided not to because the all-zero 32 bytes is the canonical encoding of the Ristretto identity, and I also checked and schnorrkel accepts it as a valid pubkey. As far as I can tell tehre is nothing on the node side that filters it out, so attackers can forge and basically publish bogus addresses that other collators resolve.
If we change to zero here, we need to change the AD worker to ignore it.
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Signed-off-by: Andrei Sandu <andrei-mihail@parity.io>
Adds Authority Discovery support for test Parachains.
TODO: