node: verify genesis doc hash against the file contents rather than remarshalled JSON#1293
Merged
node: verify genesis doc hash against the file contents rather than remarshalled JSON#1293
Conversation
jmalicevic
reviewed
Sep 1, 2023
Contributor
Author
|
I don't think this needs a changelog entry, as this is a follow-up to #1017 and we haven't released the functional changes yet. |
Collaborator
|
@mzabaluev PR #1295 is likely to affect this PR. Sorry for the inconveniences... |
Contributor
Author
No worries, I will wait (and review) and rebase once that one is merged. |
Collaborator
|
Merging the PR now so you are free to rebase! Thanks Mikhail ! |
3 tasks
Marshalling the doc data back into JSON to checksum is wasteful. In the future, the hash of the genesis file may be passed as a CLI or config parameter to help control coordinated upgrades. We want that hash to be the same as the hash stored in the database.
Don't put the requirement to verify the JSON content checksum onto every genesis doc provider, do it in one place in the main code.
ae9d6ea to
0f13216
Compare
jmalicevic
reviewed
Sep 4, 2023
| // DefaultGenesisDocProviderFunc returns a GenesisDocProvider that loads | ||
| // the GenesisDoc from the config.GenesisFile() on the filesystem. | ||
| func DefaultGenesisDocProviderFunc(config *cfg.Config) GenesisDocProvider { | ||
| return func() (*types.GenesisDoc, error) { |
Collaborator
There was a problem hiding this comment.
I wonder whether instead of changing the return value of this function (which is used in many other places), we can not move the checksum logic into the LoadStateFromDBOrGenesisProvider to be executed only once if there is no hash in the DB or if we have a flag provided via cli? Basically move it to line 576 and put the logic of reading the file and computing the sum there?
Contributor
Author
There was a problem hiding this comment.
I wonder whether instead of changing the return value of this function (which is used in many other places), we can not move the checksum logic into the
LoadStateFromDBOrGenesisProviderto be executed only once if there is no hash in the DB or if we have a flag provided via cli? Basically move it to line 576 and put the logic of reading the file and computing the sum there?
I have not come across any other places where the GenesisDocProvider signature was used. My concern is about eventually reworking this for streamability: the provider should not need to store the whole file content in RAM to parse the JSON or calculate the checksum. This signature allows implementing it with an incremental parser (e.g. json.Decoder from the standard library) and an incremental SHA-256 hasher. I have left a FIXME comment about this in the default provider function. Maybe I should turn it into a backlog issue.
Collaborator
There was a problem hiding this comment.
DefaultGenesisProvider is being used a lot although mostly to create a new node so technically it should be fine. But I am not sure whether it is used by users as well .
So instead of changing a public interface for a future optimization, could we not do one of two things:
- Leave this until we do the actual optimization and then we can even create a
DefaultStreamingDocProvideror - Keep the
genesisProviderreturning just the doc and have a specialcreateChecksumfunction that could afterwards be altered to not read the file but rather stream through it based on a given path. This function is then called to get the hash (the fact that the genesisProvider has it in memory does not change anything as we anyways still keep it in memory).
Contributor
Author
There was a problem hiding this comment.
Also, we cannot really do this without changing the signature and contract for GenesisDocProvider in some way: in main, it only returns the parsed doc, and both retrieval or JSON content from the source and parsing is supposed to happen inside the provider function.
Contributor
Author
There was a problem hiding this comment.
There is a backward-compatible alternative: add a checksum field to the GenesisDoc struct and mandate every genesis doc provider set it with the computed checksum. But: 1) it feels conceptually wrong; 2) this special field has to be fenced away from normal handling of the GenesisDoc fields by the JSON marshal and unmarshal implementations.
Collaborator
There was a problem hiding this comment.
Yes, you are right it might be wrong.. What abut the solution of changing the signature of LoadStateFromDBOrGenesisDocProvider by adding it a path to the genesis file (as we will anyways change this function signature to pass the hash from command line)? Both are breaking, just not sure which is more (as in breaking the way people are used to use these things).
Collaborator
Contributor
Author
There was a problem hiding this comment.
If we include a changelog explaining the signature change, I doesn't seem highly disruptive. Thoughts?
I support this. But I do need to add a changelog, after all.
Collaborator
There was a problem hiding this comment.
I also agree with the change. Even my proposed solution about breaking the API of the other function is not going to work. As Mikhail pointed out on Slack, the whole point of the provider is to have an abstract provider so passing a path to a function is def not that.
jmalicevic
approved these changes
Sep 4, 2023
Contributor
Author
|
The tests seem flaky: I've got failures in two different test buckets on subsequent pushes that did not add anything to the changes. |
melekes
pushed a commit
that referenced
this pull request
Jan 9, 2024
…emarshalled JSON (#1293) * node: verify genesis doc hash against the file Marshalling the doc data back into JSON to checksum is wasteful. In the future, the hash of the genesis file may be passed as a CLI or config parameter to help control coordinated upgrades. We want that hash to be the same as the hash stored in the database. * node: centralize genesis doc hash verification Don't put the requirement to verify the JSON content checksum onto every genesis doc provider, do it in one place in the main code. * node: link the issue on the recent FIXME comment * Changelog entry for #1293
melekes
pushed a commit
that referenced
this pull request
Jan 9, 2024
…emarshalled JSON (#1293) * node: verify genesis doc hash against the file Marshalling the doc data back into JSON to checksum is wasteful. In the future, the hash of the genesis file may be passed as a CLI or config parameter to help control coordinated upgrades. We want that hash to be the same as the hash stored in the database. * node: centralize genesis doc hash verification Don't put the requirement to verify the JSON content checksum onto every genesis doc provider, do it in one place in the main code. * node: link the issue on the recent FIXME comment * Changelog entry for #1293
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 6, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Feb 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jul 7, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 backports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian.ap@gmail.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jul 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jul 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jul 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jul 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jul 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jul 14, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Oct 20, 2025
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
troian
added a commit
to akash-network/cometbft
that referenced
this pull request
Jan 23, 2026
This avoids saving the genesisDoc to database. When using goleveldb and ~4GiB+ genesis files, it causes a panic during snappy encoding (panic: snappy: decoded block is too large). refs akash-network/support#280 ports: - cometbft#1017 - cometbft#1293 Signed-off-by: Artur Troian <troian@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1287
PR checklist
.changelog(we use unclog to manage our changelog)docs/orspec/) and code comments