feat: Sign ancillary files in aggregator #2394
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for signing ancillary files in the aggregator by introducing a signed manifest that includes file paths and their SHA‐256 hashes, and updating the snapshotter to incorporate the signature into the resulting archive. Key changes include:
- Addition of environment variable definitions in the docker-compose files for the ancillary signer.
- Introduction of the SignableManifest entity along with its associated cryptographic types and tests in mithril-common.
- Updates to the aggregator’s snapshotter, ancillary signer implementation, dependency injection, and configuration to support manifest signing.
Reviewed Changes
Copilot reviewed 21 out of 23 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| mithril-infra/assets/docker/docker-compose-aggregator-noauth.yaml | Added ancillary signer environment variables (with extraneous commas). |
| mithril-infra/assets/docker/docker-compose-aggregator-noauth-p2p.yaml | Added ancillary signer environment variables (with extraneous commas). |
| mithril-infra/assets/docker/docker-compose-aggregator-auth.yaml | Added ancillary signer environment variables (with extraneous commas). |
| mithril-infra/assets/docker/docker-compose-aggregator-auth-p2p.yaml | Added ancillary signer environment variables (with extraneous commas). |
| mithril-common/src/test_utils/fake_keys.rs | Introduced a new fake key function for signable manifest signatures and updated tests. |
| mithril-common/src/entities/signable_manifest.rs | New entity definition for a signable manifest including hash computation and verification. |
| mithril-common/src/entities/mod.rs | Re-exported the new signable_manifest module. |
| mithril-common/src/crypto_helper/mod.rs & ed25519_alias.rs | Updated exports and added a manifest module for cryptographic types. |
| mithril-aggregator/src/services/snapshotter/compressed_archive_snapshotter.rs | Updated to build, sign, and include the ancillary manifest in the archive. |
| mithril-aggregator/src/services/snapshotter/ancillary_signer/{with_secret_key.rs, interface.rs, mod.rs} | Introduced ancillary signer abstractions and an implementation using a secret key. |
| mithril-aggregator/src/dependency_injection/builder/protocol/artifacts.rs | Updated dependency injection to create an ancillary signer from configuration. |
| mithril-aggregator/src/configuration.rs | Added configuration support for ancillary signers along with associated tests. |
| mithril-aggregator/src/artifact_builder/**/* | Updated tests and snapshotter usage to include a mock ancillary signer. |
Files not reviewed (2)
- mithril-aggregator/config/dev.json: Language not supported
- mithril-infra/mithril.aggregator.tf: Language not supported
mithril-infra/assets/docker/docker-compose-aggregator-noauth.yaml
Outdated
Show resolved
Hide resolved
mithril-infra/assets/docker/docker-compose-aggregator-noauth-p2p.yaml
Outdated
Show resolved
Hide resolved
mithril-infra/assets/docker/docker-compose-aggregator-auth.yaml
Outdated
Show resolved
Hide resolved
mithril-infra/assets/docker/docker-compose-aggregator-auth-p2p.yaml
Outdated
Show resolved
Hide resolved
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
from
21f496e to
d59f4da
Compare
Test Results 3 files ± 0 57 suites ±0 11m 29s ⏱️ -2s Results for commit a4f99fe. ± Comparison against base commit 78c5f58. This pull request removes 10 and adds 33 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
from
d59f4da to
9836223
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the ancillary archive creation by including a signed manifest file in the archive. Key changes include:
- Adding two new environment variables to the Docker compose files for configuring the ancillary files signer.
- Introducing a new signable manifest module with methods to compute and verify file hashes, along with additional tests.
- Updating the aggregator’s snapshotter to build, sign, and append the ancillary manifest, and wiring the ancillary signer into dependency injection and configuration.
Reviewed Changes
Copilot reviewed 21 out of 23 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| docker-compose-aggregator-*.yaml | Added ANCILLARY_FILES_SIGNER environment variables. |
| mithril-common/src/test_utils/fake_keys.rs | Added a new function to return pre-encoded ED25519 signatures for testing. |
| mithril-common/src/entities/signable_manifest.rs | New module defining SignableManifest and its helper methods. |
| mithril-common/src/crypto_helper/ed25519_alias.rs | Integrated manifest-related type aliases into ED25519 module. |
| mithril-aggregator/src/services/snapshotter/compressed_archive_snapshotter.rs | Updated snapshotter to build and sign the ancillary manifest using a chained appender. |
| mithril-aggregator/src/services/snapshotter/ancillary_signer/* | Added interface and a secret-key based implementation for manifest signing. |
| mithril-aggregator/src/dependency_injection/builder/protocol/artifacts.rs | Configured ancillary signer retrieval in dependency injection. |
| mithril-aggregator/src/configuration.rs | Added ancillary files signer configuration and tests. |
| artifact builder and tests | Updated tests to inject the ancillary signer (using mocks) where needed. |
Files not reviewed (2)
- mithril-aggregator/config/dev.json: Language not supported
- mithril-infra/mithril.aggregator.tf: Language not supported
Comments suppressed due to low confidence (1)
mithril-common/src/test_utils/fake_keys.rs:154
- Review the multi-line hex string literal to ensure that no unintended whitespace is introduced when the string is split across lines. Consider using explicit concatenation or a raw string literal to improve clarity and avoid potential parsing issues.
"ebc0652ffe864970a2ba538eacf7d088e9840e3db883c96d13eb6c5b4c74cfc6e84932e4640ca9e3b5e3de2dd6\
sfauvel
approved these changes
Mar 28, 2025
mithril-aggregator/src/dependency_injection/builder/protocol/artifacts.rs
Outdated
Show resolved
Hide resolved
jpraynaud
reviewed
Mar 28, 2025
mithril-aggregator/src/services/snapshotter/ancillary_signer/interface.rs
Outdated
Show resolved
Hide resolved
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
2 times, most recently
from
4c611d4 to
0157384
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
from
0157384 to
80abe83
Compare
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
3 times, most recently
from
5876e93 to
59c4b3e
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the ancillary archive creation by including a signed manifest file that details the list of ancillary files with their SHA256 hashes and a signature over their aggregation. Key changes include:
- New modules and crypto types to support signing of the manifest.
- Updates to the snapshotter to build, sign, and chain the ancillary manifest into the archive.
- Adjustments to configuration, dependency injection, and tests to integrate the ancillary files signer.
Reviewed Changes
Copilot reviewed 32 out of 33 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| mithril-common/src/entities/mod.rs | Adds signable_manifest module and exports its contents to support manifest creation. |
| mithril-common/src/crypto_helper/mod.rs | Updates to include manifest types from ed25519_alias. |
| mithril-common/src/crypto_helper/ed25519_alias.rs | Introduces a new module for manifest-specific cryptographic types and aliases. |
| mithril-common/Cargo.toml | Bump version to 0.5.18. |
| mithril-aggregator/src/services/snapshotter/mod.rs | Exposes the ancillary_signer module for manifest signing. |
| mithril-aggregator/src/services/snapshotter/compressed_archive_snapshotter.rs | Updates snapshotter to build/sign the manifest and chain it to the archive; accepts ancillary_signer dependency. |
| mithril-aggregator/src/services/snapshotter/ancillary_signer/** | Adds a new signer interface and its implementation using a secret key. |
| mithril-aggregator/src/dependency_injection/builder/protocol/artifacts.rs | Integration of ancillary_signer in dependency building. |
| mithril-aggregator/src/configuration.rs | Adds ancillary_files_signer configuration with ED25519 support. |
| mithril-aggregator/src/artifact_builder/{cardano_database_artifacts/immutable.rs, cardano_database.rs} | Updates tests to include ancillary signer and adjust expected archive size. |
| mithril-aggregator/Cargo.toml | Bump version to 0.7.27. |
| internal/mithril-cli-helper/** | Updates in serialization helpers and Cargo.toml to support configuration deserialization. |
| docs/website/root/manual/develop/nodes/mithril-aggregator.md | Documents the new ancillary_files_signer CLI parameter. |
| CHANGELOG.md | Lists the new signed manifest feature and separates ancillary archive contents. |
Files not reviewed (1)
- mithril-aggregator/config/dev.json: Language not supported
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
from
59c4b3e to
156cd04
Compare
jpraynaud
approved these changes
Mar 31, 2025
mithril-infra/assets/docker/docker-compose-aggregator-auth-p2p.yaml
Outdated
Show resolved
Hide resolved
…n reading configurations
+ use `temp_dir_create!` macro Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
- `AppenderData` allow to add raw bytes from memory directly into a tar archive, with a utility ctor to be built from serializable object into json - `ChainAppender` allow to chain two appender together, allowing to pass them at once to a file archiver - Add a `chain` method on the `TarAppender` trait with a blanket implementation to allow easy chaining without needing to import of the `ChainAppender`. Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
`SignableManifest` is a generic data structure to represent manifest files and use Ed25519 for its signature `AncillaryFilesManifest` is a specialization of the former for ancillary files that implement two capabilities: - verifying that the stored files path and hashes in the manifest match files in a given directory - aggregating the filenames and hashes into a single hash ready to be verified against a signature Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
…ashes Else reading huge files (such as the ledger) would have made the application unresponsive. Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
In order to easily create a manifest from a list of file paths, computing their hashes at the same time. Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
- add `ancillary_snapshot` module in `services/snapshotter` (located here because it will be the snapshotter that generate signed manifests) - define `AncillarySigner` trait - add `AncillarySignerWithSecretKey` that implement the trait using a in memory secret key Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
Co-authored-by: Damien Lachaume <dlachaume@users.noreply.github.com>
- rename `ancillary_files_signer` to `ancillary_files_signer_config`
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
from
156cd04 to
8882ed5
Compare
…` version * mithril-cli-helper from `0.0.2` to `0.0.3` * mithril-aggregator from `0.7.26` to `0.7.27` * mithril-common from `0.5.17` to `0.5.18` * mithril-end-to-end from `0.4.75` to `0.4.76` * mithril-infra/assets/infra.version from `0.3.15` to `0.3.16`
Alenar
force-pushed
the
ensemble/2362/sign_ancillary
branch
from
8882ed5 to
a4f99fe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Content
This PR enhance the ancillary archive creation by a adding a signed manifest file in the archive.
AppenderDatato append data directly from memory,ChainAppenderto chain two appender together.CompressedArchiveSnapshotter: compute, sign, and append to archive the ancillary manifestancillary_files_signermandatory configuration parameter (infrastructure and e2e runner were modified accordingly)Pre-submit checklist
Issue(s)
Relates to #2362