diff --git a/Dockerfile b/Dockerfile index 80c6249c..3c9cb9b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,12 @@ +# Use golang base image FROM golang:1.20-alpine3.18 as build + WORKDIR /ssv-dkg # Install build dependencies required for CGO RUN apk add --no-cache musl-dev gcc g++ libstdc++ git openssl -# Copy the go.mod and go.sum first and download the dependencies. +# Copy the go.mod and go.sum first and download the dependencies. # This layer will be cached unless these files change. COPY go.mod go.sum ./ RUN --mount=type=cache,target=/root/.cache/go-build \ @@ -18,30 +20,26 @@ COPY . . ENV CGO_ENABLED=1 ENV GOOS=linux -# Setup a directory for your certificates -RUN mkdir /ssl - -# Generate a self-signed SSL certificate -RUN openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ - -keyout /ssl/tls.key -out /ssl/tls.crt \ - -subj "/C=CN/ST=GD/L=SZ/O=ssv, Inc./CN=*.ssv.com" - RUN --mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,mode=0755,target=/go/pkg \ VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) && \ go build -o /bin/ssv-dkg -ldflags "-X main.Version=$VERSION -linkmode external -extldflags \"-static -lm\"" \ ./cmd/ssv-dkg -# -# Run stage. -# +# Final stage FROM alpine:3.18 WORKDIR /ssv-dkg -# Copy the built binary from the previous stage +# Install openssl +RUN apk add --no-cache openssl + +# Copy the built binary and entry-point script from the previous stage/build context COPY --from=build /bin/ssv-dkg /bin/ssv-dkg -COPY --from=build /ssl /ssl +COPY entry-point.sh /entry-point.sh + +# Ensure the entry-point script is executable +RUN chmod +x /entry-point.sh -ENTRYPOINT ["/bin/ssv-dkg"] +ENTRYPOINT ["/entry-point.sh"] -EXPOSE 3030 \ No newline at end of file +EXPOSE 3030 diff --git a/entry-point.sh b/entry-point.sh new file mode 100644 index 00000000..46b7d646 --- /dev/null +++ b/entry-point.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# Setup directory for certificates +CERT_DIR=/ssl +mkdir -p "$CERT_DIR" + +# Paths to the certificate and key files +CERT_FILE="$CERT_DIR/tls.crt" +KEY_FILE="$CERT_DIR/tls.key" + +# Check if the first argument is "start-operator" +if [ "$1" = "start-operator" ]; then + # Generate a self-signed SSL certificate only if it doesn't exist + if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then + echo "Certificate or key file not found. Generating new SSL certificate and key." + openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ + -keyout "$KEY_FILE" -out "$CERT_FILE" \ + -subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io" + else + echo "Existing SSL certificate and key found. Using them." + fi +fi + +# Execute the main binary and pass all script arguments +exec /bin/ssv-dkg "$@" diff --git a/examples/generate_certs.sh b/examples/generate_certs.sh index 0c4394f2..bc3cc725 100755 --- a/examples/generate_certs.sh +++ b/examples/generate_certs.sh @@ -1,7 +1,7 @@ #!/bin/bash openssl genrsa -out ./initiator/rootCA.key 4096 -openssl req -x509 -new -key ./initiator/rootCA.key -subj "/C=CN/ST=GD/L=SZ/O=ssv, Inc./CN=*.ssv.com" -days 3650 -out ./initiator/rootCA.crt +openssl req -x509 -new -key ./initiator/rootCA.key -subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io" -days 3650 -out ./initiator/rootCA.crt for i in $(seq 1 8); diff --git a/integration_test/integration_test.go b/integration_test/integration_test.go index e21d7422..c24a21ba 100644 --- a/integration_test/integration_test.go +++ b/integration_test/integration_test.go @@ -41,7 +41,7 @@ func TestHappyFlows(t *testing.T) { err := logging.SetGlobalLogger("info", "capital", "console", nil) require.NoError(t, err) logger := zap.L().Named("integration-tests") - version := "v1.0.2" + version := "test.version" servers, ops := createOperators(t, version) clnt, err := initiator.New(ops, logger, version, rootCert) require.NoError(t, err) @@ -107,7 +107,7 @@ func TestHappyFlows(t *testing.T) { func TestBulkHappyFlows4Ops(t *testing.T) { err := logging.SetGlobalLogger("info", "capital", "console", nil) require.NoError(t, err) - version := "v1.0.2" + version := "test.version" servers, ops := createOperators(t, version) operators, err := json.Marshal(ops) require.NoError(t, err) @@ -151,7 +151,7 @@ func TestBulkHappyFlows4Ops(t *testing.T) { func TestBulkHappyFlows7Ops(t *testing.T) { err := logging.SetGlobalLogger("info", "capital", "console", nil) require.NoError(t, err) - version := "v1.0.2" + version := "test.version" servers, ops := createOperators(t, version) operators, err := json.Marshal(ops) require.NoError(t, err) @@ -194,7 +194,7 @@ func TestBulkHappyFlows7Ops(t *testing.T) { func TestBulkHappyFlows10Ops(t *testing.T) { err := logging.SetGlobalLogger("info", "capital", "console", nil) require.NoError(t, err) - version := "v1.0.2" + version := "test.version" servers, ops := createOperators(t, version) operators, err := json.Marshal(ops) require.NoError(t, err) @@ -237,7 +237,7 @@ func TestBulkHappyFlows10Ops(t *testing.T) { func TestBulkHappyFlows13Ops(t *testing.T) { err := logging.SetGlobalLogger("info", "capital", "console", nil) require.NoError(t, err) - version := "v1.0.2" + version := "test.version" servers, ops := createOperators(t, version) operators, err := json.Marshal(ops) require.NoError(t, err) @@ -281,7 +281,7 @@ func TestThreshold(t *testing.T) { err := logging.SetGlobalLogger("info", "capital", "console", nil) require.NoError(t, err) logger := zap.L().Named("integration-tests") - version := "v1.0.2" + version := "test.version" servers, ops := createOperators(t, version) clnt, err := initiator.New(ops, logger, version, rootCert) require.NoError(t, err) @@ -375,13 +375,13 @@ func TestUnhappyFlows(t *testing.T) { err := logging.SetGlobalLogger("info", "capital", "console", nil) require.NoError(t, err) logger := zap.L().Named("integration-tests") - version := "v1.0.2" + version := "test.version" servers, ops := createOperators(t, version) ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 133, PubKey: &servers[12].PrivKey.PublicKey}) ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 0, PubKey: &servers[12].PrivKey.PublicKey}) ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 144, PubKey: &servers[12].PrivKey.PublicKey}) ops = append(ops, wire.OperatorCLI{Addr: servers[12].HttpSrv.URL, ID: 155, PubKey: &servers[12].PrivKey.PublicKey}) - clnt, err := initiator.New(ops, logger, "v1.0.2", rootCert) + clnt, err := initiator.New(ops, logger, "test.version", rootCert) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) @@ -505,33 +505,33 @@ func TestLargeOperatorIDs(t *testing.T) { require.NoError(t, err) logger := zap.L().Named("integration-tests") ops := wire.OperatorsCLI{} - srv1 := test_utils.CreateTestOperator(t, 1100, "v1.0.2", operatorCert, operatorKey) + srv1 := test_utils.CreateTestOperator(t, 1100, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv1.HttpSrv.URL, ID: 1100, PubKey: &srv1.PrivKey.PublicKey}) - srv2 := test_utils.CreateTestOperator(t, 2222, "v1.0.2", operatorCert, operatorKey) + srv2 := test_utils.CreateTestOperator(t, 2222, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv2.HttpSrv.URL, ID: 2222, PubKey: &srv2.PrivKey.PublicKey}) - srv3 := test_utils.CreateTestOperator(t, 3300, "v1.0.2", operatorCert, operatorKey) + srv3 := test_utils.CreateTestOperator(t, 3300, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3300, PubKey: &srv3.PrivKey.PublicKey}) - srv4 := test_utils.CreateTestOperator(t, 4444, "v1.0.2", operatorCert, operatorKey) + srv4 := test_utils.CreateTestOperator(t, 4444, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4444, PubKey: &srv4.PrivKey.PublicKey}) - srv5 := test_utils.CreateTestOperator(t, 5555, "v1.0.2", operatorCert, operatorKey) + srv5 := test_utils.CreateTestOperator(t, 5555, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv5.HttpSrv.URL, ID: 5555, PubKey: &srv5.PrivKey.PublicKey}) - srv6 := test_utils.CreateTestOperator(t, 6666, "v1.0.2", operatorCert, operatorKey) + srv6 := test_utils.CreateTestOperator(t, 6666, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv6.HttpSrv.URL, ID: 6666, PubKey: &srv6.PrivKey.PublicKey}) - srv7 := test_utils.CreateTestOperator(t, 7777, "v1.0.2", operatorCert, operatorKey) + srv7 := test_utils.CreateTestOperator(t, 7777, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv7.HttpSrv.URL, ID: 7777, PubKey: &srv7.PrivKey.PublicKey}) - srv8 := test_utils.CreateTestOperator(t, 8888, "v1.0.2", operatorCert, operatorKey) + srv8 := test_utils.CreateTestOperator(t, 8888, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv8.HttpSrv.URL, ID: 8888, PubKey: &srv8.PrivKey.PublicKey}) - srv9 := test_utils.CreateTestOperator(t, 9999, "v1.0.2", operatorCert, operatorKey) + srv9 := test_utils.CreateTestOperator(t, 9999, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv9.HttpSrv.URL, ID: 9999, PubKey: &srv9.PrivKey.PublicKey}) - srv10 := test_utils.CreateTestOperator(t, 10000, "v1.0.2", operatorCert, operatorKey) + srv10 := test_utils.CreateTestOperator(t, 10000, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv10.HttpSrv.URL, ID: 10000, PubKey: &srv10.PrivKey.PublicKey}) - srv11 := test_utils.CreateTestOperator(t, 11111, "v1.0.2", operatorCert, operatorKey) + srv11 := test_utils.CreateTestOperator(t, 11111, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv11.HttpSrv.URL, ID: 11111, PubKey: &srv11.PrivKey.PublicKey}) - srv12 := test_utils.CreateTestOperator(t, 12222, "v1.0.2", operatorCert, operatorKey) + srv12 := test_utils.CreateTestOperator(t, 12222, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv12.HttpSrv.URL, ID: 12222, PubKey: &srv12.PrivKey.PublicKey}) - srv13 := test_utils.CreateTestOperator(t, 13333, "v1.0.2", operatorCert, operatorKey) + srv13 := test_utils.CreateTestOperator(t, 13333, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv13.HttpSrv.URL, ID: 13333, PubKey: &srv13.PrivKey.PublicKey}) - clnt, err := initiator.New(ops, logger, "v1.0.2", rootCert) + clnt, err := initiator.New(ops, logger, "test.version", rootCert) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) @@ -566,13 +566,13 @@ func TestWrongInitiatorVersion(t *testing.T) { require.NoError(t, err) logger := zap.L().Named("integration-tests") ops := wire.OperatorsCLI{} - srv1 := test_utils.CreateTestOperator(t, 1, "v1.0.2", operatorCert, operatorKey) + srv1 := test_utils.CreateTestOperator(t, 1, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv1.HttpSrv.URL, ID: 1, PubKey: &srv1.PrivKey.PublicKey}) - srv2 := test_utils.CreateTestOperator(t, 2, "v1.0.2", operatorCert, operatorKey) + srv2 := test_utils.CreateTestOperator(t, 2, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv2.HttpSrv.URL, ID: 2, PubKey: &srv2.PrivKey.PublicKey}) - srv3 := test_utils.CreateTestOperator(t, 3, "v1.0.2", operatorCert, operatorKey) + srv3 := test_utils.CreateTestOperator(t, 3, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3, PubKey: &srv3.PrivKey.PublicKey}) - srv4 := test_utils.CreateTestOperator(t, 4, "v1.0.2", operatorCert, operatorKey) + srv4 := test_utils.CreateTestOperator(t, 4, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4, PubKey: &srv4.PrivKey.PublicKey}) clnt, err := initiator.New(ops, logger, "v1.0.0", rootCert) require.NoError(t, err) @@ -594,13 +594,13 @@ func TestWrongOperatorVersion(t *testing.T) { ops := wire.OperatorsCLI{} srv1 := test_utils.CreateTestOperator(t, 1, "v1.0.0", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv1.HttpSrv.URL, ID: 1, PubKey: &srv1.PrivKey.PublicKey}) - srv2 := test_utils.CreateTestOperator(t, 2, "v1.0.2", operatorCert, operatorKey) + srv2 := test_utils.CreateTestOperator(t, 2, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv2.HttpSrv.URL, ID: 2, PubKey: &srv2.PrivKey.PublicKey}) - srv3 := test_utils.CreateTestOperator(t, 3, "v1.0.2", operatorCert, operatorKey) + srv3 := test_utils.CreateTestOperator(t, 3, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv3.HttpSrv.URL, ID: 3, PubKey: &srv3.PrivKey.PublicKey}) - srv4 := test_utils.CreateTestOperator(t, 4, "v1.0.2", operatorCert, operatorKey) + srv4 := test_utils.CreateTestOperator(t, 4, "test.version", operatorCert, operatorKey) ops = append(ops, wire.OperatorCLI{Addr: srv4.HttpSrv.URL, ID: 4, PubKey: &srv4.PrivKey.PublicKey}) - clnt, err := initiator.New(ops, logger, "v1.0.2", rootCert) + clnt, err := initiator.New(ops, logger, "test.version", rootCert) require.NoError(t, err) withdraw := newEthAddress(t) owner := newEthAddress(t) diff --git a/pkgs/initiator/initiator_test.go b/pkgs/initiator/initiator_test.go index a4188760..32463542 100644 --- a/pkgs/initiator/initiator_test.go +++ b/pkgs/initiator/initiator_test.go @@ -58,7 +58,7 @@ func TestStartDKG(t *testing.T) { require.NoError(t, err) logger := zap.L().Named("operator-tests") ops := wire.OperatorsCLI{} - version := "v1.0.2" + version := "test.version" srv1 := test_utils.CreateTestOperatorFromFile(t, 1, examplePath, version, operatorCert, operatorKey) srv2 := test_utils.CreateTestOperatorFromFile(t, 2, examplePath, version, operatorCert, operatorKey) srv3 := test_utils.CreateTestOperatorFromFile(t, 3, examplePath, version, operatorCert, operatorKey) @@ -73,7 +73,7 @@ func TestStartDKG(t *testing.T) { withdraw := common.HexToAddress("0x0000000000000000000000000000000000000009") owner := common.HexToAddress("0x0000000000000000000000000000000000000007") t.Run("happy flow", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "v1.0.2", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert) require.NoError(t, err) id := crypto.NewID() depositData, keyshares, _, err := intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4}, "mainnet", owner, 0) @@ -84,21 +84,21 @@ func TestStartDKG(t *testing.T) { require.NoError(t, err) }) t.Run("test wrong amount of opeators < 4", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "v1.0.2", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert) require.NoError(t, err) id := crypto.NewID() _, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3}, "mainnet", owner, 0) require.ErrorContains(t, err, "wrong operators len: < 4") }) t.Run("test wrong amount of opeators > 13", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "v1.0.2", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert) require.NoError(t, err) id := crypto.NewID() _, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14}, "prater", owner, 0) require.ErrorContains(t, err, "wrong operators len: > 13") }) t.Run("test opeators not unique", func(t *testing.T) { - intr, err := initiator.New(ops, logger, "v1.0.2", rootCert) + intr, err := initiator.New(ops, logger, "test.version", rootCert) require.NoError(t, err) id := crypto.NewID() _, _, _, err = intr.StartDKG(id, withdraw.Bytes(), []uint64{1, 2, 3, 4, 5, 6, 7, 7, 9, 10, 11, 12, 12}, "holesky", owner, 0) diff --git a/pkgs/operator/operator_test.go b/pkgs/operator/operator_test.go index 67d9630c..f55d2e1c 100644 --- a/pkgs/operator/operator_test.go +++ b/pkgs/operator/operator_test.go @@ -42,7 +42,7 @@ var ( ) func TestRateLimit(t *testing.T) { - version := "v1.0.2" + version := "test.version" srv := test_utils.CreateTestOperatorFromFile(t, 1, examplePath, version, operatorCert, operatorKey) // Initiator priv key _, pv, err := rsaencryption.GenerateKeys() @@ -172,7 +172,7 @@ func TestWrongInitiatorSignature(t *testing.T) { require.NoError(t, err) logger := zap.L().Named("operator-tests") ops := wire.OperatorsCLI{} - version := "v1.0.2" + version := "test.version" srv1 := test_utils.CreateTestOperatorFromFile(t, 1, examplePath, version, operatorCert, operatorKey) srv2 := test_utils.CreateTestOperatorFromFile(t, 2, examplePath, version, operatorCert, operatorKey) srv3 := test_utils.CreateTestOperatorFromFile(t, 3, examplePath, version, operatorCert, operatorKey) diff --git a/pkgs/operator/state_test.go b/pkgs/operator/state_test.go index 1a93c0d9..71ebee2b 100644 --- a/pkgs/operator/state_test.go +++ b/pkgs/operator/state_test.go @@ -57,7 +57,7 @@ func TestCreateInstance(t *testing.T) { privateKey, ops := generateOperatorsData(t, numOps) tempDir, err := os.MkdirTemp("", "dkg") require.NoError(t, err) - s, err := New(privateKey, logger, []byte("v1.0.2"), 1, tempDir) + s, err := New(privateKey, logger, []byte("test.version"), 1, tempDir) require.NoError(t, err) var reqID [24]byte copy(reqID[:], "testRequestID1234567890") // Just a sample value @@ -105,7 +105,7 @@ func TestInitInstance(t *testing.T) { require.NoError(t, err) tempDir, err := os.MkdirTemp("", "dkg") require.NoError(t, err) - swtch, err := New(privateKey, logger, []byte("v1.0.2"), 1, tempDir) + swtch, err := New(privateKey, logger, []byte("test.version"), 1, tempDir) require.NoError(t, err) var reqID [24]byte copy(reqID[:], "testRequestID1234567890") // Just a sample value @@ -129,7 +129,7 @@ func TestInitInstance(t *testing.T) { initmsg, err := init.MarshalSSZ() require.NoError(t, err) - version := "v1.0.2" + version := "test.version" initMessage := &wire.Transport{ Type: wire.InitMessageType, Identifier: reqID, @@ -185,7 +185,7 @@ func TestSwitch_cleanInstances(t *testing.T) { operatorPubKey := privateKey.Public().(*rsa.PublicKey) pkBytes, err := crypto.EncodeRSAPublicKey(operatorPubKey) require.NoError(t, err) - swtch := NewSwitch(privateKey, logger, []byte("v1.0.2"), pkBytes, 1) + swtch := NewSwitch(privateKey, logger, []byte("test.version"), pkBytes, 1) var reqID [24]byte copy(reqID[:], "testRequestID1234567890") // Just a sample value _, pv, err := rsaencryption.GenerateKeys() @@ -207,7 +207,7 @@ func TestSwitch_cleanInstances(t *testing.T) { initmsg, err := init.MarshalSSZ() require.NoError(t, err) - version := "v1.0.2" + version := "test.version" initMessage := &wire.Transport{ Type: wire.InitMessageType, Identifier: reqID,