From 4fdb6af183c8d145e9c5389f4a0d808455c9e75d Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Mon, 7 Jul 2025 17:45:47 -0500 Subject: [PATCH 1/2] use versioned production.json for measurements --- start-testnet-client.sh | 6 ++++-- tools/download_sigstruct.sh | 27 ++++++++++++++++----------- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/start-testnet-client.sh b/start-testnet-client.sh index a1874ba214..4dc959d804 100755 --- a/start-testnet-client.sh +++ b/start-testnet-client.sh @@ -14,9 +14,11 @@ source "$HOME/.cargo/env" pushd "$(dirname "$0")" -echo "Pulling down TestNet consensus validator signature material" +ENCLAVE_VERSION_TAG=v6.0.0 -SIGSTRUCT_URI=$(curl -s https://enclave-distribution.test.mobilecoin.com/production.json | awk '/sigstruct.*consensus/ {print $2}' | tr -d \") +echo "Pulling down TestNet consensus validator signature material for ${ENCLAVE_VERSION_TAG}" + +SIGSTRUCT_URI=$(curl -s https://enclave-distribution.test.mobilecoin.com/production-${ENCLAVE_VERSION_TAG}.json | awk '/sigstruct.*consensus/ {print $2}' | tr -d \") curl -O https://enclave-distribution.test.mobilecoin.com/${SIGSTRUCT_URI} TARGETDIR=${CARGO_TARGET_DIR:-./target}/release diff --git a/tools/download_sigstruct.sh b/tools/download_sigstruct.sh index 14716bc001..57c6e66288 100755 --- a/tools/download_sigstruct.sh +++ b/tools/download_sigstruct.sh @@ -14,19 +14,24 @@ # # Use with e.g. NETWORK="test.mobilecoin.com" or NETWORK="prod.mobilecoin.com" -if [ -z ${NETWORK+x} ]; then - NETWORK="test.mobilecoin.com" -fi +NETWORK="${NETWORK:-"test.mobilecoin.com"}" +ENCLAVE_VERSION_TAG="${ENCLAVE_VERSION_TAG:-"v6.0.0"}" -CONSENSUS_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production.json | grep consensus-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) +CONSENSUS_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production-${ENCLAVE_VERSION_TAG}.json | grep consensus-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) curl -O https://enclave-distribution.${NETWORK}/${CONSENSUS_SIGSTRUCT_URI} -INGEST_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production.json | grep ingest-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) + +INGEST_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production-${ENCLAVE_VERSION_TAG}.json | grep ingest-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) curl -O https://enclave-distribution.${NETWORK}/${INGEST_SIGSTRUCT_URI} -LEDGER_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production.json | grep ledger-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) + +LEDGER_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production-${ENCLAVE_VERSION_TAG}.json | grep ledger-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) curl -O https://enclave-distribution.${NETWORK}/${LEDGER_SIGSTRUCT_URI} -VIEW_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production.json | grep view-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) + +VIEW_SIGSTRUCT_URI=$(curl -s https://enclave-distribution.${NETWORK}/production-${ENCLAVE_VERSION_TAG}.json | grep view-enclave.css | awk '{print $2}' | tr -d \" | tr -d ,) curl -O https://enclave-distribution.${NETWORK}/${VIEW_SIGSTRUCT_URI} -export CONSENSUS_ENCLAVE_CSS=$(pwd)/consensus-enclave.css -export INGEST_ENCLAVE_CSS=$(pwd)/ingest-enclave.css -export LEDGER_ENCLAVE_CSS=$(pwd)/ledger-enclave.css -export VIEW_ENCLAVE_CSS=$(pwd)/view-enclave.css + +CONSENSUS_ENCLAVE_CSS="$(pwd)/consensus-enclave.css" +INGEST_ENCLAVE_CSS="$(pwd)/ingest-enclave.css" +LEDGER_ENCLAVE_CSS="$(pwd)/ledger-enclave.css" +VIEW_ENCLAVE_CSS="$(pwd)/view-enclave.css" + +export CONSENSUS_ENCLAVE_CSS INGEST_ENCLAVE_CSS LEDGER_ENCLAVE_CSS VIEW_ENCLAVE_CSS From 576de667ae5588d98468cd920adf45a9974a8ff3 Mon Sep 17 00:00:00 2001 From: Jason Greathouse Date: Mon, 7 Jul 2025 17:46:49 -0500 Subject: [PATCH 2/2] minor clean up readme order, fix release flags --- tools/release/03-populate-release.sh | 4 ++-- tools/release/README.md | 26 +++++++++++++------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tools/release/03-populate-release.sh b/tools/release/03-populate-release.sh index 6fd8ce27e8..e56d40313b 100755 --- a/tools/release/03-populate-release.sh +++ b/tools/release/03-populate-release.sh @@ -91,7 +91,7 @@ then echo "${release_sgx}" >> "${TMP_DIR}/release-notes.md" gh release edit "${GIT_TAG}" \ - --pre-release \ + --prerelease \ --title "MobileCoin Core (Consensus/Fog) ${GIT_TAG}" \ --notes-file "${TMP_DIR}/release-notes.md" @@ -104,7 +104,7 @@ else echo "${release_sgx}" >> "${TMP_DIR}/release-notes.md" gh release create "${GIT_TAG}" \ - --pre-release \ + --prerelease \ --title "MobileCoin Core (Consensus/Fog) ${GIT_TAG}" \ --notes-file "${TMP_DIR}/release-notes.md" \ diff --git a/tools/release/README.md b/tools/release/README.md index be8924abc1..a8bbc98519 100644 --- a/tools/release/README.md +++ b/tools/release/README.md @@ -22,13 +22,13 @@ This repo uses semver. Enclave updates are considered "breaking" changes. Enclave tags are vX.0.0 tags. Any minor.patch updates will use the major.0.0 tag for building the enclave. ``` + cd mobilecoin git checkout v7.0.0 ``` 1. From the root of the `mobilecoin` repo use the `mob` command to start the build container environment. ``` - cd mobilecoin ./mob prompt ``` @@ -73,8 +73,8 @@ The following files will be generated: ``` - .tmp/${chain_id}-enclaves-${tag}.tar.gz # tarball package of ${chain_id}-enclaves-${tag} directory - .tmp/${chain_id}-enclaves-${tag}/ + .tmp/${chain_id}net-enclaves-${tag}.tar.gz # tarball package of ${chain_id}net-enclaves-${tag} directory + .tmp/${chain_id}net-enclaves-${tag}/ |- build-enclaves.log # log of the build process |- consensus-enclave.dat # enclave digest file |- ingest-enclave.dat # enclave digest file @@ -88,7 +88,7 @@ ### Offline Signing -Copy the `${chain_id}-enclaves-${tag}.tar.gz` onto a USB drive and transfer the files over to your offline workstation. +Copy the `${chain_id}net-enclaves-${tag}.tar.gz` onto a USB drive and transfer the files over to your offline workstation. Follow KMG process for safe key handling and sign the `.dat` files with `openssl` or an HSM device. @@ -96,9 +96,9 @@ Package original files along with the newly generated `*sig.bin` files and a cop Your tarball should now include the following: -`${chain_id}-enclaves-${tag}.tar.gz` +`${chain_id}net-enclaves-${tag}.tar.gz` ``` -${chain_id}-enclaves-${tag}/ +${chain_id}net-enclaves-${tag}/ |- build-enclaves.log |- consensus-enclave.dat |- ingest-enclave.dat @@ -116,11 +116,11 @@ ${chain_id}-enclaves-${tag}/ |- view-sig.bin # signature file ``` -Copy the `*sig.bin` and `enclave-public.pem` file back into the `.tmp/${chain_id}-enclaves-${tag}/` directory and complete the Singed Enclave build. +Copy the `*sig.bin` and `enclave-public.pem` file back into the `.tmp/${chain_id}net-enclaves-${tag}/` directory and complete the Singed Enclave build. ### Build Signed Enclaves -Place the tarball with the artifacts and signing materials in `.tmp/${chain_id}-enclaves-${tag}.tar.gz` +Place the tarball with the artifacts and signing materials in `.tmp/${chain_id}net-enclaves-${tag}.tar.gz` The `02-build-signed.sh` script will check to make sure all the files exist in their expected locations. @@ -187,14 +187,14 @@ The `02-build-signed.sh` script will check to make sure all the files exist in t ``` 1. The process will create two tarball artifacts that will be attached to the GitHub release in the next step - - `.tmp/${chain_id}-signed.so-${tag}.tar.gz` - - `.tmp/${chain_id}-measurements-${tag}.tar.gz` + - `.tmp/${chain_id}net-signed.so-${tag}.tar.gz` + - `.tmp/${chain_id}net-measurements-${tag}.tar.gz` ### Create GitHub Release 1. Confirm that the tarball artifacts exist - - `.tmp/${chain_id}-signed.so-${tag}.tar.gz` - - `.tmp/${chain_id}-measurements-${tag}.tar.gz` + - `.tmp/${chain_id}net-signed.so-${tag}.tar.gz` + - `.tmp/${chain_id}net-measurements-${tag}.tar.gz` 1. Run `03-populate-release.sh` @@ -210,6 +210,6 @@ Use the GitHub actions `dispatch_workflow` for "(Manual) Build MobileCoin Releas Select `Run workflow` and pick the Tag you want to build. -The build will check to see if the `.tmp/${chain_id}-measurements-${tag}.tar.gz` and `${chain_id}-signed.so-${tag}.tar.gz` tarballs are attached to the GitHub Release for that Tag. +The build will check to see if the `.tmp/${chain_id}net-measurements-${tag}.tar.gz` and `${chain_id}net-signed.so-${tag}.tar.gz` tarballs are attached to the GitHub Release for that Tag. If the tarballs exist and contains all the expected files, the process will build the rest of the release artifacts (binaries, containers, charts) and upload the results to the appropriate repositories.