common/releases: rewrite release version contract + use native dapps

This commit is contained in:
Péter Szilágyi 2016-03-31 12:20:24 +03:00
parent ecd7199c43
commit d46da273c6
6 changed files with 1107 additions and 367 deletions

View File

@ -1,152 +0,0 @@
// Copyright 2015 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
// WARNING: WORK IN PROGRESS & UNTESTED
//
// contract tracking versions added by designated signers.
// designed to track versions of geth (go-ethereum) recommended by the
// go-ethereum team. geth client interfaces with contract through ABI by simply
// reading the full state and then deciding on recommended version based on
// some logic (e.g. version date & number of signers).
//
// to keep things simple, the contract does not use FSM for multisig
// but rather allows any designated signer to add a version or vote for an
// existing version. this avoids need to track voting-in-progress states and
// also provides history of all past versions.
//
contract Versions {
struct V {
bytes32 v;
uint64 ts;
address[] signers;
}
address[] public parties; // owners/signers
address[] public deleteAcks; // votes to suicide contract
uint public deleteAcksReq; // number of votes needed
V[] public versions;
modifier canAccess(address addr) {
bool access = false;
for (uint i = 0; i < parties.length; i++) {
if (parties[i] == addr) {
access = true;
break;
}
}
if (access == false) {
throw;
}
_
}
function Versions(address[] addrs) {
if (addrs.length < 2) {
throw;
}
parties = addrs;
deleteAcksReq = (addrs.length / 2) + 1;
}
// TODO: use dynamic array when solidity adds proper support for returning them
function GetVersions() returns (bytes32[10], uint64[10], uint[10]) {
bytes32[10] memory vs;
uint64[10] memory ts;
uint[10] memory ss;
for (uint i = 0; i < versions.length; i++) {
vs[i] = versions[i].v;
ts[i] = versions[i].ts;
ss[i] = versions[i].signers.length;
}
return (vs, ts, ss);
}
// either submit a new version or acknowledge an existing one
function AckVersion(bytes32 ver)
canAccess(msg.sender)
{
for (uint i = 0; i < versions.length; i++) {
if (versions[i].v == ver) {
for (uint j = 0; j < versions[i].signers.length; j++) {
if (versions[i].signers[j] == msg.sender) {
// already signed
throw;
}
}
// add sender as signer of existing version
versions[i].signers.push(msg.sender);
return;
}
}
// version is new, add it
// due to dynamic array, push it first then set values
V memory v;
versions.push(v);
versions[versions.length - 1].v = ver;
// signers is dynamic array; have to extend size manually
versions[versions.length - 1].signers.length++;
versions[versions.length - 1].signers[0] = msg.sender;
versions[versions.length - 1].ts = uint64(block.timestamp);
}
// remove vote for a version, if present
function NackVersion(bytes32 ver)
canAccess(msg.sender)
{
for (uint i = 0; i < versions.length; i++) {
if (versions[i].v == ver) {
for (uint j = 0; j < versions[i].signers.length; j++) {
if (versions[i].signers[j] == msg.sender) {
delete versions[i].signers[j];
}
}
}
}
}
// delete-this-contract vote, suicide if enough votes
function AckDelete()
canAccess(msg.sender)
{
for (uint i = 0; i < deleteAcks.length; i++) {
if (deleteAcks[i] == msg.sender) {
throw; // already acked delete
}
}
deleteAcks.push(msg.sender);
if (deleteAcks.length >= deleteAcksReq) {
suicide(msg.sender);
}
}
// remove sender's delete-this-contract vote, if present
function NackDelete()
canAccess(msg.sender)
{
uint len = deleteAcks.length;
for (uint i = 0; i < len; i++) {
if (deleteAcks[i] == msg.sender) {
if (len > 1) {
deleteAcks[i] = deleteAcks[len-1];
}
deleteAcks.length -= 1;
}
}
}
}

View File

@ -1,215 +0,0 @@
// Copyright 2015 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
package versions
import (
"fmt"
"math/big"
"strconv"
"time"
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/core"
"github.com/ethereum/go-ethereum/core/state"
"github.com/ethereum/go-ethereum/crypto"
"github.com/ethereum/go-ethereum/eth"
"github.com/ethereum/go-ethereum/logger"
"github.com/ethereum/go-ethereum/logger/glog"
"github.com/ethereum/go-ethereum/node"
"github.com/ethereum/go-ethereum/p2p"
"github.com/ethereum/go-ethereum/rpc"
)
var (
jsonlogger = logger.NewJsonLogger()
// TODO: add Frontier address
GlobalVersionsAddr = common.HexToAddress("0x40bebcadbb4456db23fda39f261f3b2509096e9e") // test
dummySender = common.HexToAddress("0x16db48070243bc37a1c59cd5bb977ad7047618be") // test
getVersionsSignature = "GetVersions()"
firstCheckTime = time.Second * 4
continousCheckTime = time.Second * 600
)
type VersionCheck struct {
serverName string
timer *time.Timer
e *eth.Ethereum
stop chan bool
}
// Boilerplate to satisfy node.Service interface
func (v *VersionCheck) Protocols() []p2p.Protocol {
return []p2p.Protocol{}
}
func (v *VersionCheck) APIs() []rpc.API {
return []rpc.API{}
}
func (v *VersionCheck) Start(server *p2p.Server) error {
v.serverName = server.Name
// Check version first time after a few seconds so it shows after
// other startup messages
t := time.NewTimer(firstCheckTime)
v.timer = t
v.stop = make(chan bool)
versionCheck := func() {
for {
select {
case <-v.stop:
close(v.stop)
return
case <-v.timer.C:
_, err := get(v.e, v.serverName)
if err != nil {
glog.V(logger.Error).Infof("Could not query geth version contract: %s", err)
}
v.timer.Reset(continousCheckTime)
}
}
}
go versionCheck()
return nil
}
func (v *VersionCheck) Stop() error {
v.stop <- true
select {
case <-v.stop:
}
return nil
}
func NewVersionCheck(ctx *node.ServiceContext) (node.Service, error) {
var v VersionCheck
var e *eth.Ethereum
// sets e to the Ethereum instance previously started
// expects double pointer
ctx.Service(&e)
v.e = e
return &v, nil
}
// query versions list from the (custom) accessor in the versions contract
func get(e *eth.Ethereum, clientVersion string) (string, error) {
// TODO: move common/registrar abiSignature to some util package
abi := crypto.Sha3([]byte(getVersionsSignature))[:4]
res, _, err := simulateCall(
e,
&dummySender,
&GlobalVersionsAddr,
big.NewInt(3000000), // gasLimit
big.NewInt(1), // gasPrice
big.NewInt(0), // value
abi)
if err != nil {
return "", err
}
// TODO: we use static arrays of size versionCount as workaround
// until solidity has proper support for returning dynamic arrays
versionCount := 10
if len(res) != 2+(64*versionCount*3) { // 0x + three 32-byte fields per version
return "", fmt.Errorf("unexpected result length from GetVersions")
}
// TODO: use ABI (after solidity supports returning arrays of arrays and/or structs)
var versions []string
var timestamps []uint64
var signerCounts []uint64
// trim 0x
res = res[2:]
// parse res
for i := 0; i < versionCount; i++ {
bytes := common.FromHex(res[:64])
versions = append(versions, string(bytes))
res = res[64:]
}
for i := 0; i < versionCount; i++ {
ts, err := strconv.ParseUint(res[:64], 16, 64)
if err != nil {
return "", err
}
timestamps = append(timestamps, ts)
res = res[64:]
}
for i := 0; i < versionCount; i++ {
sc, err := strconv.ParseUint(res[:64], 16, 64)
if err != nil {
return "", err
}
signerCounts = append(signerCounts, sc)
res = res[64:]
}
// TODO: version matching logic (e.g. most votes / most recent)
if versions[0] != clientVersion {
glog.V(logger.Info).Infof("geth version %s does not match recommended version %s", clientVersion, versions[0])
}
return res, nil
}
func simulateCall(e *eth.Ethereum, from0, to *common.Address, gas, gasPrice, value *big.Int, data []byte) (string, *big.Int, error) {
stateCopy, err := e.BlockChain().State()
if err != nil {
return "", nil, err
}
from := stateCopy.GetOrNewStateObject(*from0)
from.SetBalance(common.MaxBig)
msg := callmsg{
from: from,
to: to,
gas: gas,
gasPrice: gasPrice,
value: value,
data: data,
}
// Execute the call and return
vmenv := core.NewEnv(stateCopy, e.BlockChain(), msg, e.BlockChain().CurrentHeader())
gp := new(core.GasPool).AddGas(common.MaxBig)
res, gas, err := core.ApplyMessage(vmenv, msg, gp)
return common.ToHex(res), gas, err
}
// TODO: consider moving to package common or accounts/abi as it's useful for anyone
// simulating EVM CALL
type callmsg struct {
from *state.StateObject
to *common.Address
gas, gasPrice *big.Int
value *big.Int
data []byte
}
// accessor boilerplate to implement core.Message
func (m callmsg) From() (common.Address, error) { return m.from.Address(), nil }
func (m callmsg) Nonce() uint64 { return m.from.Nonce() }
func (m callmsg) To() *common.Address { return m.to }
func (m callmsg) GasPrice() *big.Int { return m.gasPrice }
func (m callmsg) Gas() *big.Int { return m.gas }
func (m callmsg) Value() *big.Int { return m.value }
func (m callmsg) Data() []byte { return m.data }

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,240 @@
// Copyright 2016 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
// ReleaseOracle is an Ethereum contract to store the current and previous
// versions of the go-ethereum implementation. Its goal is to allow Geth to
// check for new releases automatically without the need to consult a central
// repository.
//
// The contract takes a vote based approach on both assigning authorized signers
// as well as signing off on new Geth releases.
//
// Note, when a signer is demoted, the currently pending release is auto-nuked.
// The reason is to prevent suprises where a demotion actually tilts the votes
// in favor of one voter party and pushing out a new release as a consequence of
// a simple demotion.
contract ReleaseOracle {
// Votes is an internal data structure to count votes on a specific proposal
struct Votes {
address[] pass; // List of signers voting to pass a proposal
address[] fail; // List of signers voting to fail a proposal
}
// Version is the version details of a particular Geth release
struct Version {
uint32 major; // Major version component of the release
uint32 minor; // Minor version component of the release
uint32 patch; // Patch version component of the release
bytes20 commit; // Git SHA1 commit hash of the release
uint64 time; // Timestamp of the release approval
Votes votes; // Votes that passed this release
}
// Oracle authorization details
mapping(address => bool) authorized; // Set of accounts allowed to vote on updating the contract
address[] signers; // List of addresses currently accepted as signers
// Various proposals being voted on
mapping(address => Votes) authProps; // Currently running user authorization proposals
address[] authPend; // List of addresses being voted on (map indexes)
Version verProp; // Currently proposed release being voted on
Version[] releases; // All the positively voted releases
// isSigner is a modifier to authorize contract transactions.
modifier isSigner() {
if (authorized[msg.sender]) {
_
}
}
// Constructor to assign the creator as the sole valid signer.
function ReleaseOracle() {
authorized[msg.sender] = true;
signers.push(msg.sender);
}
// Signers is an accessor method to retrieve all te signers (public accessor
// generates an indexed one, not a retreive-all version).
function Signers() constant returns(address[]) {
return signers;
}
// AuthProposals retrieves the list of addresses that authorization proposals
// are currently being voted on.
function AuthProposals() constant returns(address[]) {
return authPend;
}
// AuthVotes retrieves the current authorization votes for a particular user
// to promote him into the list of signers, or demote him from there.
function AuthVotes(address user) constant returns(address[] promote, address[] demote) {
return (authProps[user].pass, authProps[user].fail);
}
// CurrentVersion retrieves the semantic version, commit hash and release time
// of the currently votec active release.
function CurrentVersion() constant returns (uint32 major, uint32 minor, uint32 patch, bytes20 commit, uint time) {
if (releases.length == 0) {
return (0, 0, 0, 0, 0);
}
var release = releases[releases.length - 1];
return (release.major, release.minor, release.patch, release.commit, release.time);
}
// ProposedVersion retrieves the semantic version, commit hash and the current
// votes for the next proposed release.
function ProposedVersion() constant returns (uint32 major, uint32 minor, uint32 patch, bytes20 commit, address[] pass, address[] fail) {
return (verProp.major, verProp.minor, verProp.patch, verProp.commit, verProp.votes.pass, verProp.votes.fail);
}
// Promote pitches in on a voting campaign to promote a new user to a signer
// position.
function Promote(address user) {
updateSigner(user, true);
}
// Demote pitches in on a voting campaign to demote an authorized user from
// its signer position.
function Demote(address user) {
updateSigner(user, false);
}
// Release votes for a particular version to be included as the next release.
function Release(uint32 major, uint32 minor, uint32 patch, bytes20 commit) {
updateRelease(major, minor, patch, commit, true);
}
// Nuke votes for the currently proposed version to not be included as the next
// release. Nuking doesn't require a specific version number for simplicity.
function Nuke() {
updateRelease(0, 0, 0, 0, false);
}
// updateSigner marks a vote for changing the status of an Ethereum user, either
// for or against the user being an authorized signer.
function updateSigner(address user, bool authorize) isSigner {
// Gather the current votes and ensure we don't double vote
Votes votes = authProps[user];
for (uint i = 0; i < votes.pass.length; i++) {
if (votes.pass[i] == msg.sender) {
return;
}
}
for (i = 0; i < votes.fail.length; i++) {
if (votes.fail[i] == msg.sender) {
return;
}
}
// If no authorization proposal is open, add the user to the index for later lookups
if (votes.pass.length == 0 && votes.fail.length == 0) {
authPend.push(user);
}
// Cast the vote and return if the proposal cannot be resolved yet
if (authorize) {
votes.pass.push(msg.sender);
if (votes.pass.length <= signers.length / 2) {
return;
}
} else {
votes.fail.push(msg.sender);
if (votes.fail.length <= signers.length / 2) {
return;
}
}
// Proposal resolved in our favor, execute whatever we voted on
if (authorize && !authorized[user]) {
authorized[user] = true;
signers.push(user);
} else if (!authorize && authorized[user]) {
authorized[user] = false;
for (i = 0; i < signers.length; i++) {
if (signers[i] == user) {
signers[i] = signers[signers.length - 1];
signers.length--;
delete verProp; // Nuke any version proposal (no suprise releases!)
break;
}
}
}
// Finally delete the resolved proposal, index and garbage collect
delete authProps[user];
for (i = 0; i < authPend.length; i++) {
if (authPend[i] == user) {
authPend[i] = authPend[authPend.length - 1];
authPend.length--;
break;
}
}
}
// updateRelease votes for a particular version to be included as the next release,
// or for the currently proposed release to be nuked out.
function updateRelease(uint32 major, uint32 minor, uint32 patch, bytes20 commit, bool release) isSigner {
// Skip nuke votes if no proposal is pending
if (!release && verProp.votes.pass.length == 0) {
return;
}
// Mark a new release if no proposal is pending
if (verProp.votes.pass.length == 0) {
verProp.major = major;
verProp.minor = minor;
verProp.patch = patch;
verProp.commit = commit;
}
// Make sure positive votes match the current proposal
if (release && (verProp.major != major || verProp.minor != minor || verProp.patch != patch || verProp.commit != commit)) {
return;
}
// Gather the current votes and ensure we don't double vote
Votes votes = verProp.votes;
for (uint i = 0; i < votes.pass.length; i++) {
if (votes.pass[i] == msg.sender) {
return;
}
}
for (i = 0; i < votes.fail.length; i++) {
if (votes.fail[i] == msg.sender) {
return;
}
}
// Cast the vote and return if the proposal cannot be resolved yet
if (release) {
votes.pass.push(msg.sender);
if (votes.pass.length <= signers.length / 2) {
return;
}
} else {
votes.fail.push(msg.sender);
if (votes.fail.length <= signers.length / 2) {
return;
}
}
// Proposal resolved in our favor, execute whatever we voted on
if (release) {
verProp.time = uint64(now);
releases.push(verProp);
delete verProp;
} else {
delete verProp;
}
}
}

View File

@ -0,0 +1,374 @@
// Copyright 2016 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
package release
import (
"crypto/ecdsa"
"math/big"
"testing"
"github.com/ethereum/go-ethereum/accounts/abi/bind"
"github.com/ethereum/go-ethereum/accounts/abi/bind/backends"
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/core"
"github.com/ethereum/go-ethereum/crypto"
)
// setupReleaseTest creates a blockchain simulator and deploys a version oracle
// contract for testing.
func setupReleaseTest(t *testing.T, prefund ...*ecdsa.PrivateKey) (*ecdsa.PrivateKey, *ReleaseOracle, *backends.SimulatedBackend) {
// Generate a new random account and a funded simulator
key, _ := crypto.GenerateKey()
auth := bind.NewKeyedTransactor(key)
accounts := []core.GenesisAccount{{Address: auth.From, Balance: big.NewInt(10000000000)}}
for _, key := range prefund {
accounts = append(accounts, core.GenesisAccount{Address: crypto.PubkeyToAddress(key.PublicKey), Balance: big.NewInt(10000000000)})
}
sim := backends.NewSimulatedBackend(accounts...)
// Deploy a version oracle contract, commit and return
_, _, oracle, err := DeployReleaseOracle(auth, sim)
if err != nil {
t.Fatalf("Failed to deploy version contract: %v", err)
}
sim.Commit()
return key, oracle, sim
}
// Tests that the version contract can be deployed and the creator is assigned
// the sole authorized signer.
func TestContractCreation(t *testing.T) {
key, oracle, _ := setupReleaseTest(t)
owner := crypto.PubkeyToAddress(key.PublicKey)
signers, err := oracle.Signers(nil)
if err != nil {
t.Fatalf("Failed to retrieve list of signers: %v", err)
}
if len(signers) != 1 || signers[0] != owner {
t.Fatalf("Initial signer mismatch: have %v, want %v", signers, owner)
}
}
// Tests that subsequent signers can be promoted, each requiring half plus one
// votes for it to pass through.
func TestSignerPromotion(t *testing.T) {
// Prefund a few accounts to authorize with and create the oracle
keys := make([]*ecdsa.PrivateKey, 5)
for i := 0; i < len(keys); i++ {
keys[i], _ = crypto.GenerateKey()
}
key, oracle, sim := setupReleaseTest(t, keys...)
// Gradually promote the keys, until all are authorized
keys = append([]*ecdsa.PrivateKey{key}, keys...)
for i := 1; i < len(keys); i++ {
// Check that no votes are accepted from the not yet authed user
if _, err := oracle.Promote(bind.NewKeyedTransactor(keys[i]), common.Address{}); err != nil {
t.Fatalf("Iter #%d: failed invalid promotion attempt: %v", i, err)
}
sim.Commit()
pend, err := oracle.AuthProposals(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve active proposals: %v", i, err)
}
if len(pend) != 0 {
t.Fatalf("Iter #%d: proposal count mismatch: have %d, want 0", i, len(pend))
}
// Promote with half - 1 voters and check that the user's not yet authorized
for j := 0; j < i/2; j++ {
if _, err = oracle.Promote(bind.NewKeyedTransactor(keys[j]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid promotion attempt: %v", i, err)
}
}
sim.Commit()
signers, err := oracle.Signers(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve list of signers: %v", i, err)
}
if len(signers) != i {
t.Fatalf("Iter #%d: signer count mismatch: have %v, want %v", i, len(signers), i)
}
// Promote with the last one needed to pass the promotion
if _, err = oracle.Promote(bind.NewKeyedTransactor(keys[i/2]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid promotion completion attempt: %v", i, err)
}
sim.Commit()
signers, err = oracle.Signers(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve list of signers: %v", i, err)
}
if len(signers) != i+1 {
t.Fatalf("Iter #%d: signer count mismatch: have %v, want %v", i, len(signers), i+1)
}
}
}
// Tests that subsequent signers can be demoted, each requiring half plus one
// votes for it to pass through.
func TestSignerDemotion(t *testing.T) {
// Prefund a few accounts to authorize with and create the oracle
keys := make([]*ecdsa.PrivateKey, 5)
for i := 0; i < len(keys); i++ {
keys[i], _ = crypto.GenerateKey()
}
key, oracle, sim := setupReleaseTest(t, keys...)
// Authorize all the keys as valid signers and verify cardinality
keys = append([]*ecdsa.PrivateKey{key}, keys...)
for i := 1; i < len(keys); i++ {
for j := 0; j <= i/2; j++ {
if _, err := oracle.Promote(bind.NewKeyedTransactor(keys[j]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid promotion attempt: %v", i, err)
}
}
sim.Commit()
}
signers, err := oracle.Signers(nil)
if err != nil {
t.Fatalf("Failed to retrieve list of signers: %v", err)
}
if len(signers) != len(keys) {
t.Fatalf("Signer count mismatch: have %v, want %v", len(signers), len(keys))
}
// Gradually demote users until we run out of signers
for i := len(keys) - 1; i >= 0; i-- {
// Demote with half - 1 voters and check that the user's not yet dropped
for j := 0; j < (i+1)/2; j++ {
if _, err = oracle.Demote(bind.NewKeyedTransactor(keys[j]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid demotion attempt: %v", len(keys)-i, err)
}
}
sim.Commit()
signers, err := oracle.Signers(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve list of signers: %v", len(keys)-i, err)
}
if len(signers) != i+1 {
t.Fatalf("Iter #%d: signer count mismatch: have %v, want %v", len(keys)-i, len(signers), i+1)
}
// Demote with the last one needed to pass the demotion
if _, err = oracle.Demote(bind.NewKeyedTransactor(keys[(i+1)/2]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid demotion completion attempt: %v", i, err)
}
sim.Commit()
signers, err = oracle.Signers(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve list of signers: %v", len(keys)-i, err)
}
if len(signers) != i {
t.Fatalf("Iter #%d: signer count mismatch: have %v, want %v", len(keys)-i, len(signers), i)
}
// Check that no votes are accepted from the already demoted users
if _, err = oracle.Promote(bind.NewKeyedTransactor(keys[i]), common.Address{}); err != nil {
t.Fatalf("Iter #%d: failed invalid promotion attempt: %v", i, err)
}
sim.Commit()
pend, err := oracle.AuthProposals(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve active proposals: %v", i, err)
}
if len(pend) != 0 {
t.Fatalf("Iter #%d: proposal count mismatch: have %d, want 0", i, len(pend))
}
}
}
// Tests that new versions can be released, honouring both voting rights as well
// as the minimum required vote count.
func TestVersionRelease(t *testing.T) {
// Prefund a few accounts to authorize with and create the oracle
keys := make([]*ecdsa.PrivateKey, 5)
for i := 0; i < len(keys); i++ {
keys[i], _ = crypto.GenerateKey()
}
key, oracle, sim := setupReleaseTest(t, keys...)
// Track the "current release"
var (
verMajor = uint32(0)
verMinor = uint32(0)
verPatch = uint32(0)
verCommit = [20]byte{}
)
// Gradually push releases, always requiring more signers than previously
keys = append([]*ecdsa.PrivateKey{key}, keys...)
for i := 1; i < len(keys); i++ {
// Check that no votes are accepted from the not yet authed user
if _, err := oracle.Release(bind.NewKeyedTransactor(keys[i]), 0, 0, 0, [20]byte{0}); err != nil {
t.Fatalf("Iter #%d: failed invalid release attempt: %v", i, err)
}
sim.Commit()
prop, err := oracle.ProposedVersion(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve active proposal: %v", i, err)
}
if len(prop.Pass) != 0 {
t.Fatalf("Iter #%d: proposal vote count mismatch: have %d, want 0", i, len(prop.Pass))
}
// Authorize the user to make releases
for j := 0; j <= i/2; j++ {
if _, err = oracle.Promote(bind.NewKeyedTransactor(keys[j]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid promotion attempt: %v", i, err)
}
}
sim.Commit()
// Propose release with half voters and check that the release does not yet go through
for j := 0; j < (i+1)/2; j++ {
if _, err = oracle.Release(bind.NewKeyedTransactor(keys[j]), uint32(i), uint32(i+1), uint32(i+2), [20]byte{}); err != nil {
t.Fatalf("Iter #%d: failed valid release attempt: %v", i, err)
}
}
sim.Commit()
ver, err := oracle.CurrentVersion(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve current version: %v", i, err)
}
if ver.Major != verMajor || ver.Minor != verMinor || ver.Patch != verPatch || ver.Commit != verCommit {
t.Fatalf("Iter #%d: version mismatch: have %d.%d.%d-%x, want %d.%d.%d-%x", i, ver.Major, ver.Minor, ver.Patch, ver.Commit, verMajor, verMinor, verPatch, verCommit)
}
// Pass the release and check that it became the next version
verMajor, verMinor, verPatch, verCommit = uint32(i), uint32(i+1), uint32(i+2), [20]byte{}
if _, err = oracle.Release(bind.NewKeyedTransactor(keys[(i+1)/2]), uint32(i), uint32(i+1), uint32(i+2), [20]byte{}); err != nil {
t.Fatalf("Iter #%d: failed valid release completion attempt: %v", i, err)
}
sim.Commit()
ver, err = oracle.CurrentVersion(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve current version: %v", i, err)
}
if ver.Major != verMajor || ver.Minor != verMinor || ver.Patch != verPatch || ver.Commit != verCommit {
t.Fatalf("Iter #%d: version mismatch: have %d.%d.%d-%x, want %d.%d.%d-%x", i, ver.Major, ver.Minor, ver.Patch, ver.Commit, verMajor, verMinor, verPatch, verCommit)
}
}
}
// Tests that proposed versions can be nuked out of existence.
func TestVersionNuking(t *testing.T) {
// Prefund a few accounts to authorize with and create the oracle
keys := make([]*ecdsa.PrivateKey, 9)
for i := 0; i < len(keys); i++ {
keys[i], _ = crypto.GenerateKey()
}
key, oracle, sim := setupReleaseTest(t, keys...)
// Authorize all the keys as valid signers
keys = append([]*ecdsa.PrivateKey{key}, keys...)
for i := 1; i < len(keys); i++ {
for j := 0; j <= i/2; j++ {
if _, err := oracle.Promote(bind.NewKeyedTransactor(keys[j]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid promotion attempt: %v", i, err)
}
}
sim.Commit()
}
// Propose releases with more and more keys, always retaining enough users to nuke the proposals
for i := 1; i < (len(keys)+1)/2; i++ {
// Propose release with an initial set of signers
for j := 0; j < i; j++ {
if _, err := oracle.Release(bind.NewKeyedTransactor(keys[j]), uint32(i), uint32(i+1), uint32(i+2), [20]byte{}); err != nil {
t.Fatalf("Iter #%d: failed valid proposal attempt: %v", i, err)
}
}
sim.Commit()
prop, err := oracle.ProposedVersion(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve active proposal: %v", i, err)
}
if len(prop.Pass) != i {
t.Fatalf("Iter #%d: proposal vote count mismatch: have %d, want %d", i, len(prop.Pass), i)
}
// Nuke the release with half+1 voters
for j := i; j <= i+(len(keys)+1)/2; j++ {
if _, err := oracle.Nuke(bind.NewKeyedTransactor(keys[j])); err != nil {
t.Fatalf("Iter #%d: failed valid nuke attempt: %v", i, err)
}
}
sim.Commit()
prop, err = oracle.ProposedVersion(nil)
if err != nil {
t.Fatalf("Iter #%d: failed to retrieve active proposal: %v", i, err)
}
if len(prop.Pass) != 0 || len(prop.Fail) != 0 {
t.Fatalf("Iter #%d: proposal vote count mismatch: have %d/%d pass/fail, want 0/0", i, len(prop.Pass), len(prop.Fail))
}
}
}
// Tests that demoting a signer will auto-nuke the currently pending release.
func TestVersionAutoNuke(t *testing.T) {
// Prefund a few accounts to authorize with and create the oracle
keys := make([]*ecdsa.PrivateKey, 5)
for i := 0; i < len(keys); i++ {
keys[i], _ = crypto.GenerateKey()
}
key, oracle, sim := setupReleaseTest(t, keys...)
// Authorize all the keys as valid signers
keys = append([]*ecdsa.PrivateKey{key}, keys...)
for i := 1; i < len(keys); i++ {
for j := 0; j <= i/2; j++ {
if _, err := oracle.Promote(bind.NewKeyedTransactor(keys[j]), crypto.PubkeyToAddress(keys[i].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid promotion attempt: %v", i, err)
}
}
sim.Commit()
}
// Make a release proposal and check it's existence
if _, err := oracle.Release(bind.NewKeyedTransactor(keys[0]), 1, 2, 3, [20]byte{}); err != nil {
t.Fatalf("Failed valid proposal attempt: %v", err)
}
sim.Commit()
prop, err := oracle.ProposedVersion(nil)
if err != nil {
t.Fatalf("Failed to retrieve active proposal: %v", err)
}
if len(prop.Pass) != 1 {
t.Fatalf("Proposal vote count mismatch: have %d, want 1", len(prop.Pass))
}
// Demote a signer and check release proposal deletion
for i := 0; i <= len(keys)/2; i++ {
if _, err := oracle.Demote(bind.NewKeyedTransactor(keys[i]), crypto.PubkeyToAddress(keys[len(keys)-1].PublicKey)); err != nil {
t.Fatalf("Iter #%d: failed valid demotion attempt: %v", i, err)
}
}
sim.Commit()
prop, err = oracle.ProposedVersion(nil)
if err != nil {
t.Fatalf("Failed to retrieve active proposal: %v", err)
}
if len(prop.Pass) != 0 {
t.Fatalf("Proposal vote count mismatch: have %d, want 0", len(prop.Pass))
}
}

View File

@ -0,0 +1,19 @@
// Copyright 2016 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
//go:generate abigen --sol ./contract.sol --pkg release --out ./contract.go
package release