feat: peer id claim for strong FID<>Peer ID authentication #2164
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
🦋 Changeset detectedLatest commit: aad8d67 The changes in this PR will be included in the next version bump. This PR includes changesets to release 4 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
There was a problem hiding this comment.
Should we come up with some signature scheme that allows FIDs to "prove" they are runners of a given peer ID?
Otherwise people can just impersonate.
Thinking here: you don't need to keep your FID's custody wallet online, you just sign a message with your FID + the peer ID you're running with and then any other hub can verify the legitimacy of that signature?
(We may have discussed this, so not a blocker if we just want to get something out)
| resolved "https://registry.npmjs.org/@chainsafe/libp2p-noise/-/libp2p-noise-11.0.0.tgz#ecfc82230f0fa73be3ed92add4b09424d9d1e280" | ||
| integrity sha512-NEl5aIv6muz9OL+dsa3INEU89JX0NViBxOy7NwwG8eNRPUDHo5E3ZTMSHXQpVx1K/ofoNS4ANO9xwezY6ss5GA== | ||
| "@chainsafe/libp2p-noise@^11.0.0": | ||
| version "11.0.4" |
There was a problem hiding this comment.
I don't know why this changed, but hub peered and synced fine with it 🤷🏾
Wazzymandias
changed the title
…ck to match signer with FID after on-chain event sync
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Wazzymandias
changed the title
Wazzymandias
force-pushed
the
fix/hub-startup-require-fid
branch
from
dc29309
to
1e915ff
Compare
| const contactInfo = NetworkFactories.GossipContactInfoContent.build({ timestamp: now }); | ||
| const olderContactInfo = NetworkFactories.GossipContactInfoContent.build({ timestamp: now - 10 }); | ||
| const newerContactInfo = NetworkFactories.GossipContactInfoContent.build({ timestamp: now + 10 }); | ||
| const contactInfo: ContactInfoContent = NetworkFactories.GossipContactInfoContent.build({ |
There was a problem hiding this comment.
We should dedupe content and body attributes at some point, especially since they're no longer equivalent after this PR and can end up creating subtle, annoying bugs
| @@ -125,6 +125,9 @@ jobs: | |||
| - name: Install Foundry | |||
| uses: foundry-rs/foundry-toolchain@v1 | |||
|
|
|||
| - name: Install turbo | |||
There was a problem hiding this comment.
This might not be needed - CI is failing, still investigating
| @@ -36,7 +36,7 @@ jobs: | |||
|
|
|||
| - name: Run Hubble | |||
| shell: bash | |||
| run: docker run --name hub --detach -p2282:2282 -p2283:2283 farcasterxyz/hubble:test sh -c 'node build/cli.js identity create && HUBBLE_ARGS="start --rpc-port 2283 --ip 0.0.0.0 --gossip-port 2282 --eth-mainnet-rpc-url https://eth-mainnet.g.alchemy.com/v2/8cz__IXnQ5FK_GNYDlfooLzYhBAW7ta0 --l2-rpc-url https://opt-mainnet.g.alchemy.com/v2/3xWX-cWV-an3IPXmVCRXX51PpQzc-8iJ --network 3 --allowed-peers none --catchup-sync-with-snapshot false" npx pm2-runtime start pm2.config.cjs' | |||
| run: docker run --name hub --detach -p2282:2282 -p2283:2283 farcasterxyz/hubble:test sh -c 'node build/cli.js identity create && HUBBLE_ARGS="start --rpc-port 2283 --ip 0.0.0.0 --gossip-port 2282 --eth-mainnet-rpc-url https://eth-mainnet.g.alchemy.com/v2/8cz__IXnQ5FK_GNYDlfooLzYhBAW7ta0 --l2-rpc-url https://opt-mainnet.g.alchemy.com/v2/3xWX-cWV-an3IPXmVCRXX51PpQzc-8iJ --network 3 --allowed-peers none --catchup-sync-with-snapshot false --hub-operator-fid 1" npx pm2-runtime start pm2.config.cjs' | |||
There was a problem hiding this comment.
this still needs valid claim file, to be passed in via --peer-identity-claim - working on it
Wazzymandias
changed the title
|
Closing due to age, and not actively being pursued. Thanks! |
Why is this change needed?
Merge Checklist
Choose all relevant options below by adding an
xnow or at any time before submitting for reviewPR-Codex overview
This PR focuses on adding FID requirement on hub startup and integrating FID into gossip contact info.
Detailed summary