From c924dea6377eae6ae2390e6a12bda70f491352ca Mon Sep 17 00:00:00 2001
From: Eshel <eshel@scrtlabs.com>
Date: Mon, 9 Oct 2023 12:18:56 +0300
Subject: [PATCH 1/3] tweaking instructions md file based on what I had locally

---
 docs/test-v1.12-upgrade-handler.md | 46 ++++++++++++++++++------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/docs/test-v1.12-upgrade-handler.md b/docs/test-v1.12-upgrade-handler.md
index e7ec12db5..8eb52cd21 100644
--- a/docs/test-v1.12-upgrade-handler.md
+++ b/docs/test-v1.12-upgrade-handler.md
@@ -87,17 +87,29 @@ yarn test
 ```
 
 ## Step 4
+### Test Hardcoded admins: Prepare a binary where you're a hardcoded admin of a deployed contract
+Add yourself as a hardcoded admin of the just-deployed contract
+Add the following line to the list in the file `hardcoded_admins.go`:
+```go
+	"secret1mfk7n6mc2cg6lznujmeckdh4x0a5ezf6hx6y8q": "secret1ap26qrlp8mcq2pg6r47w43l0y8zkqm8a450s03",
+```
 
-Compile a v1.12 LocalSecret with the hardcoded admin.
+Add the following line to the list in the file `hardcoded_admins.rs`:
+```rust
+        ("secret1mfk7n6mc2cg6lznujmeckdh4x0a5ezf6hx6y8q", "secret1ap26qrlp8mcq2pg6r47w43l0y8zkqm8a450s03"),
+```
 
-Edit `x/compute/internal/keeper/hardcoded_admins.go` and `cosmwasm/enclaves/shared/contract-engine/src/hardcoded_admins.rs` and add:
+Add the following line to the `ALLOWED_CONTRACT_CODE_HASH` map in the file `hardcoded_admins.rs`:
+```rust
+        ("secret1mfk7n6mc2cg6lznujmeckdh4x0a5ezf6hx6y8q", "d45dc9b951ed5e9416bd52ccf28a629a52af0470a1a129afee7e53924416f555"),
+```
 
-- Contract: `secret1mfk7n6mc2cg6lznujmeckdh4x0a5ezf6hx6y8q`
-- Admin: `secret1ap26qrlp8mcq2pg6r47w43l0y8zkqm8a450s03`
-- Code hash: `d45dc9b951ed5e9416bd52ccf28a629a52af0470a1a129afee7e53924416f555`
+Compile a v1.12 LocalSecret with the hardcoded admin.
+```bash
+DOCKER_TAG=v1.12 make localsecret
+```
 
 ## Step 5
-
 Copy binaries from the v1.12 LocalSecret to the running v1.11 LocalSecret.
 
 ```bash
@@ -106,18 +118,16 @@ docker run -it -d --name localsecret-1.12 ghcr.io/scrtlabs/localsecret:v0.0.0
 sleep 5
 
 # Copy binaries from v1.12 chain to host (a limitation of `docker cp`)
-
 rm -rf /tmp/upgrade-bin && mkdir -p /tmp/upgrade-bin
-docker cp localsecret-1.12:/usr/bin/secretcli                                /tmp/upgrade-bin
-docker cp localsecret-1.12:/usr/bin/secretd                                  /tmp/upgrade-bin
-docker cp localsecret-1.12:/usr/lib/librust_cosmwasm_enclave.signed.so       /tmp/upgrade-bin
-docker cp localsecret-1.12:/usr/lib/libgo_cosmwasm.so                        /tmp/upgrade-bin
+docker cp localsecret-1.12:/usr/bin/secretcli                              /tmp/upgrade-bin
+docker cp localsecret-1.12:/usr/bin/secretd                                /tmp/upgrade-bin
+docker cp localsecret-1.12:/usr/lib/librust_cosmwasm_enclave.signed.so     /tmp/upgrade-bin
+docker cp localsecret-1.12:/usr/lib/libgo_cosmwasm.so                      /tmp/upgrade-bin
 
 # Can kill localsecret-1.12 at this point
 docker rm -f localsecret-1.12
 
 # Copy binaries from host to current v1.11 chain
-
 docker exec localsecret bash -c 'rm -rf /tmp/upgrade-bin && mkdir -p /tmp/upgrade-bin'
 
 docker cp /tmp/upgrade-bin/secretcli                                localsecret:/tmp/upgrade-bin
@@ -125,14 +135,14 @@ docker cp /tmp/upgrade-bin/secretd                                  localsecret:
 docker cp /tmp/upgrade-bin/librust_cosmwasm_enclave.signed.so       localsecret:/tmp/upgrade-bin
 docker cp /tmp/upgrade-bin/libgo_cosmwasm.so                        localsecret:/tmp/upgrade-bin
 
-# Overwrite v1.4 binaries with v1.11 binaries without affecting file permissions
+# Overwrite v1.11 binaries with v1.12 binaries without affecting file permissions
 # v1.11 chain is still running at this point
 # we assume v1.11 binaries are loaded to RAM
-# so overwriting them with v1.12 binraies won't take effect until a process restart
+# so overwriting them with v1.12 binaries won't take effect until a process restart
 
-docker exec localsecret bash -c 'cat /tmp/upgrade-bin/secretcli                                > /usr/bin/secretcli'
-docker exec localsecret bash -c 'cat /tmp/upgrade-bin/librust_cosmwasm_enclave.signed.so       > /usr/lib/librust_cosmwasm_enclave.signed.so'
-docker exec localsecret bash -c 'cat /tmp/upgrade-bin/libgo_cosmwasm.so                        > /usr/lib/libgo_cosmwasm.so'
+docker exec localsecret bash -c 'cat /tmp/upgrade-bin/secretcli                             > /usr/bin/secretcli'
+docker exec localsecret bash -c 'cat /tmp/upgrade-bin/librust_cosmwasm_enclave.signed.so    > /usr/lib/librust_cosmwasm_enclave.signed.so'
+docker exec localsecret bash -c 'cat /tmp/upgrade-bin/libgo_cosmwasm.so                     > /usr/lib/libgo_cosmwasm.so'
 
 # We cannot overwrite secretd because it's being used ("Text file busy")
 # so instead we're going to point the init script to the new binary
@@ -173,7 +183,7 @@ docker stop localsecret
 docker start localsecret -a
 ```
 
-You should see `INF applying upgrade "v1.12" at height` in the logs, following by blocks continute to stream.
+You should see `INF applying upgrade "v1.12" at height` in the logs, followed by blocks continuing to stream.
 
 ## Step 8
 

From d72b27d01f114943f69b8f1c33486424852cdf10 Mon Sep 17 00:00:00 2001
From: Eshel <eshel@scrtlabs.com>
Date: Mon, 9 Oct 2023 13:58:14 +0300
Subject: [PATCH 2/3] using correct tag when running new localsecret, adding
 sleep between tx after migrating

---
 docs/test-v1.12-upgrade-handler.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/test-v1.12-upgrade-handler.md b/docs/test-v1.12-upgrade-handler.md
index 8eb52cd21..98608326b 100644
--- a/docs/test-v1.12-upgrade-handler.md
+++ b/docs/test-v1.12-upgrade-handler.md
@@ -114,7 +114,7 @@ Copy binaries from the v1.12 LocalSecret to the running v1.11 LocalSecret.
 
 ```bash
 # Start a v1.12 chain and wait a bit for it to setup
-docker run -it -d --name localsecret-1.12 ghcr.io/scrtlabs/localsecret:v0.0.0
+docker run -it -d --name localsecret-1.12 ghcr.io/scrtlabs/localsecret:v1.12
 sleep 5
 
 # Copy binaries from v1.12 chain to host (a limitation of `docker cp`)
@@ -208,6 +208,7 @@ Expected result should be: `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=`
 ```bash
 docker cp ./contract-with-migrate.wasm.gz localsecret:/root/
 docker exec localsecret bash -c 'secretcli tx wasm store contract-with-migrate.wasm.gz --from a --gas 5000000 -y -b block'
+sleep 5
 docker exec localsecret bash -c 'secretcli tx wasm migrate secret1mfk7n6mc2cg6lznujmeckdh4x0a5ezf6hx6y8q 2 "{\"nop\":{}}" --from a -y -b block' | jq -r . code
 ```
 

From 4689040516376c2dba71752cd42087556fdcc8d1 Mon Sep 17 00:00:00 2001
From: toml01 <langer.tom7@gmail.com>
Date: Mon, 9 Oct 2023 18:11:05 +0300
Subject: [PATCH 3/3] Fix permissions on sealed files upon installation

---
 deployment/deb/postinst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/deb/postinst b/deployment/deb/postinst
index cec5eea8b..9bef31569 100644
--- a/deployment/deb/postinst
+++ b/deployment/deb/postinst
@@ -35,4 +35,4 @@ mkdir -p "/opt/secret/.sgx_secrets"
 mkdir -p "/opt/secret/.secretd/.node"
 mkdir -p "$(eval echo ~"$SUDO_USER")/.sgx_secrets"
 chown -R "$SUDO_USER":"$SUDO_USER" "/opt/secret/"
-chmod -R 666 "/opt/secret/"
\ No newline at end of file
+chmod -R 777 "/opt/secret/"
\ No newline at end of file