While it works, it's not good operational practice, particularly when
running guardiand alongside other services like a Solana node.
Even inside a container, it's best to run as non-root.
Change-Id: I331533ef37eaab6e73f6759d7eb779bbda849384
This makes the publicrpc service available to the admin CLI
regardless of whether the publicrpc socket is enabled on the node.
Change-Id: If0265f3cd14af44a7f8e9726af796f8879dd7a4b
This matches the adminrpc implementation, removing the runnable
and socket listener from pkg/publicrpc API surface.
Change-Id: Ia6461c2ff839f39462391c5afd2694b1619b30b6
This allows requesting attestations for various commitment/confirmation levels. This is helpful for low-latency applications like Pyth.
Change-Id: Ib49ace163365106b227613d2f66b787b3e5f5461
This allows forcibly submitting a failing VAA on-chain in cases where
the preflight check would hinder debugging.
It does not change behavior of guardiand.
Co-authored-by: Hendrik Hofstadt <hendrik@nexantic.com>
Change-Id: I63df22049ad27f659dc0638190edd20628b7a338
- Distribute raw heartbeats via new proto package publicrpc
- Manage channel subscription on client req/close.
- Expose publicprc endpoint in devnet Service.
Change-Id: Ic96d624733961aa56e00b03c3b5cff6af11523a4
This mitigates https://github.com/solana-labs/solana/issues/9909 by
polling GetProgramAccounts with a server-side filter. It also removes
the agent dependency for the lockup observation logic - the agent is now
used for transaction construction only.
* Terra fee payer key moved from environment variable into the separate file
* Removed closed issues from the comments, VAA submition made async
* Review comments fixed
This allows us to use UNIX filesystem permissions for access control.
Previously, any process in the network namespace could connect to it,
which is insecure for obvious reasons.
Verified that correct permissions are set:
```
# ls -lisa /run/bridge/
total 8
31996269 4 drwxrwxrwx 2 root root 4096 Nov 23 21:58 .
14676759 4 drwxr-xr-x 1 root root 4096 Nov 23 21:58 ..
31996306 0 srwx------ 1 root root 0 Nov 23 21:58 agent.sock
```
Fixes#119
Reviewer note: Does not touch any of the business logic. Avoided
renaming files whereever possible to make it easier to spot differences.
Verbatim migration, in a future CL, we could replace some of the
flag validation code with cobra features and eliminate the global vars.
Moved the dlv tool definition out of the way for the top-level wrapper.
tools/bin/cobra is a helper utility that generates boilerplate
(we slightly deviate from their default scheme by having guardiand
in a separate package, rather than stuffing everything into cmd/)
ghstack-source-id: caec9a38a6
Pull Request resolved: https://github.com/certusone/wormhole/pull/67