Skip to content

Commit

Permalink
Merge pull request #5947 from algorand/relbeta3.22.1
Browse files Browse the repository at this point in the history
  • Loading branch information
algojohnlee authored Mar 5, 2024
2 parents 7a0cd10 + 08407ca commit eb702d4
Show file tree
Hide file tree
Showing 11 changed files with 104 additions and 106 deletions.
2 changes: 1 addition & 1 deletion buildnumber.dat
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0
1
21 changes: 11 additions & 10 deletions data/transactions/logic/eval.go
Original file line number Diff line number Diff line change
Expand Up @@ -5509,18 +5509,15 @@ func opItxnSubmit(cx *EvalContext) (err error) {
parent = cx.currentTxID()
}
for itx := range cx.subtxns {
// The goal is to follow the same invariants used by the
// transaction pool. Namely that any transaction that makes it
// to Perform (which is equivalent to eval.applyTransaction)
// is authorized, and WellFormed.
txnErr := authorizedSender(cx, cx.subtxns[itx].Txn.Sender)
if txnErr != nil {
return txnErr
}
// The goal is to follow the same invariants used by the transaction
// pool. Namely that any transaction that makes it to Perform (which is
// equivalent to eval.applyTransaction) is WellFormed. Authorization
// must be checked later, to take state changes from earlier in the
// group into account.

// Recall that WellFormed does not care about individual
// transaction fees because of fee pooling. Checked above.
txnErr = cx.subtxns[itx].Txn.WellFormed(*cx.Specials, *cx.Proto)
txnErr := cx.subtxns[itx].Txn.WellFormed(*cx.Specials, *cx.Proto)
if txnErr != nil {
return txnErr
}
Expand Down Expand Up @@ -5639,7 +5636,11 @@ func opItxnSubmit(cx *EvalContext) (err error) {
ep.Tracer.BeforeTxn(ep, i)
}

err := cx.Ledger.Perform(i, ep)
err := authorizedSender(cx, ep.TxnGroup[i].Txn.Sender)
if err != nil {
return err
}
err = cx.Ledger.Perform(i, ep)

if ep.Tracer != nil {
ep.Tracer.AfterTxn(ep, i, ep.TxnGroup[i].ApplyData, err)
Expand Down
28 changes: 28 additions & 0 deletions data/transactions/logic/evalAppTxn_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,34 @@ func TestRekeyBack(t *testing.T) {
})
}

// TestRekeyInnerGroup ensures that in an inner group, if an account is
// rekeyed, it can not be used (by the previously owning app) later in the
// group.
func TestRekeyInnerGroup(t *testing.T) {
partitiontest.PartitionTest(t)
t.Parallel()

rekeyAndUse := `
itxn_begin
// pay 0 to the zero address, and rekey a junk addr
int pay; itxn_field TypeEnum
global ZeroAddress; byte 0x01; b|; itxn_field RekeyTo
itxn_next
// try to perform the same 0 pay, but fail because tx0 gave away control
int pay; itxn_field TypeEnum
itxn_submit
int 1
`

// v6 added inner rekey
TestLogicRange(t, 6, 0, func(t *testing.T, ep *EvalParams, tx *transactions.Transaction, ledger *Ledger) {
ledger.NewApp(tx.Receiver, 888, basics.AppParams{})
// fund the app account
ledger.NewAccount(basics.AppIndex(888).Address(), 1_000_000)
TestApp(t, rekeyAndUse, ep, "unauthorized AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVIOOBQA")
})
}

func TestDefaultSender(t *testing.T) {
partitiontest.PartitionTest(t)
t.Parallel()
Expand Down
1 change: 0 additions & 1 deletion package-deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ agents:
- NETWORK=$NETWORK
- NO_DEPLOY=$NO_DEPLOY
- PACKAGES_DIR=$PACKAGES_DIR
- S3_SOURCE=$S3_SOURCE
- STAGING=$STAGING
- VERSION=$VERSION
volumes:
Expand Down
17 changes: 17 additions & 0 deletions scripts/release/mule/common/ensure_centos8_image.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

set -exo pipefail

# Ensure the centos8 docker image is built and available

DOCKER_IMAGE="algorand/go-algorand-ci-linux-centos8:amd64-$(sha1sum scripts/configure_dev-deps.sh | cut -f1 -d' ')"
MATCH=${DOCKER_IMAGE/:*/}

echo "Checking for RPM image"
if docker images $DOCKER_IMAGE | grep -qs $MATCH > /dev/null 2>&1; then
echo "Image exists"
else
echo "RPM image doesn't exist, building"
docker build --platform=linux/amd64 --build-arg ARCH=amd64 \
--build-arg GOLANG_VERSION=$(./scripts/get_golang_version.sh) -t $DOCKER_IMAGE -f docker/build/cicd.centos8.Dockerfile .
fi
25 changes: 5 additions & 20 deletions scripts/release/mule/deploy/deb/deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,13 @@

set -ex

if [ -z "$NETWORK" ]
then
echo "[$0] Network is a required parameter."
exit 1
fi

if [ -z "$STAGING" ]
then
echo "[$0] Staging is a required parameter."
exit 1
fi

CHANNEL=$("./scripts/release/mule/common/get_channel.sh" "$NETWORK")
CHANNEL=${CHANNEL:-$("./scripts/release/mule/common/get_channel.sh" "$NETWORK")}
VERSION=${VERSION:-$(./scripts/compute_build_number.sh -f)}
PACKAGES_DIR=${PACKAGES_DIR:-~/packages}
SNAPSHOT=${SNAPSHOT:-"${CHANNEL}-${VERSION}"}

if [ -z "$SNAPSHOT" ]
then
SNAPSHOT="$CHANNEL-$VERSION"
fi

PACKAGES_DIR=/root/packages
mkdir -p /root/packages
mkdir -p $PACKAGES_DIR
rm -f $PACKAGES_DIR/*.deb

aptly mirror update stable
aptly mirror update beta
Expand Down
6 changes: 3 additions & 3 deletions scripts/release/mule/deploy/docker/docker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ if [ -z "$NETWORK" ] || [ -z "$VERSION" ]; then
exit 1
fi

if [[ ! "$NETWORK" =~ ^mainnet$|^testnet$|^betanet$|^alphanet$ ]]
if [[ ! "$NETWORK" =~ ^mainnet$|^testnet$|^betanet$ ]]
then
echo "[$0] Network values must be either \`mainnet\`, \`testnet\`, \`betanet\`, or \`alphanet\`."
echo "[$0] Network values must be either \`mainnet\`, \`testnet\`, or \`betanet\`."
exit 1
fi

Expand All @@ -28,7 +28,7 @@ then

# Build and push testnet.
./build_releases.sh --tagname "$VERSION" --network testnet --cached
elif [ "$NETWORK" = betanet ] || [ "$NETWORK" = alphanet ]
elif [ "$NETWORK" = betanet ]
then
./build_releases.sh --tagname "$VERSION" --network "$NETWORK"
fi
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,8 @@

set -ex

if [ -z "$NETWORK" ] || [ -z "$VERSION" ]
then
echo "[$0] Network and version are required parameters."
exit 1
fi

CHANNEL=$(./scripts/release/mule/common/get_channel.sh "$NETWORK")
CHANNEL=${CHANNEL:-$(./scripts/release/mule/common/get_channel.sh "$NETWORK")}
VERSION=${VERSION:-$(./scripts/compute_build_number.sh -f)}

cd scripts/release/mule/deploy/releases_page

Expand Down
42 changes: 23 additions & 19 deletions scripts/release/mule/deploy/rpm/deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,25 @@ echo
date "+build_release begin DEPLOY rpm stage %Y%m%d_%H%M%S"
echo

if [ -z "$NETWORK" ]; then
echo "[$0] NETWORK is missing."
exit 1
fi

CHANNEL=$(./scripts/release/mule/common/get_channel.sh "$NETWORK")
CHANNEL=${CHANNEL:-$(./scripts/release/mule/common/get_channel.sh "$NETWORK")}
VERSION=${VERSION:-$(./scripts/compute_build_number.sh -f)}
NO_DEPLOY=${NO_DEPLOY:-false}
OS_TYPE=$(./scripts/release/mule/common/ostype.sh)
PACKAGES_DIR=${PACKAGES_DIR:-"./tmp/node_pkgs/$OS_TYPE/$ARCH_TYPE"}
STAGING=${STAGING:-"algorand-staging/releases"}
PACKAGES_DIR=${PACKAGES_DIR:-"tmp"}

if [ -n "$S3_SOURCE" ]
then
PREFIX="$S3_SOURCE/$CHANNEL/$VERSION"
if [ "$CHANNEL" == "beta" ]
then
aws s3 cp "s3://$PREFIX/algorand-beta-$VERSION-1.x86_64.rpm" /root
aws s3 cp "s3://$PREFIX/algorand-devtools-beta-$VERSION-1.x86_64.rpm" /root
aws s3 cp "s3://$PREFIX/algorand-beta-$VERSION-1.x86_64.rpm" $PACKAGES_DIR
aws s3 cp "s3://$PREFIX/algorand-devtools-beta-$VERSION-1.x86_64.rpm" $PACKAGES_DIR
aws s3 cp "s3://$PREFIX/algorand-beta-$VERSION-1.aarch64.rpm" $PACKAGES_DIR
aws s3 cp "s3://$PREFIX/algorand-devtools-beta-$VERSION-1.aarch64.rpm" $PACKAGES_DIR
else
aws s3 cp "s3://$PREFIX/algorand-$VERSION-1.x86_64.rpm" /root
aws s3 cp "s3://$PREFIX/algorand-devtools-$VERSION-1.x86_64.rpm" /root
aws s3 cp "s3://$PREFIX/algorand-$VERSION-1.x86_64.rpm" $PACKAGES_DIR
aws s3 cp "s3://$PREFIX/algorand-devtools-$VERSION-1.x86_64.rpm" $PACKAGES_DIR
aws s3 cp "s3://$PREFIX/algorand-$VERSION-1.aarch64.rpm" $PACKAGES_DIR
aws s3 cp "s3://$PREFIX/algorand-devtools-$VERSION-1.aarch64.rpm" $PACKAGES_DIR
fi
else
cp "$PACKAGES_DIR"/*"$VERSION"*.rpm /root
Expand Down Expand Up @@ -56,11 +53,7 @@ cat << EOF > .rpmmacros
EOF

mkdir rpmrepo
for rpm in $(ls *"$VERSION"*.rpm)
do
rpmsign --addsign "$rpm"
cp -p "$rpm" rpmrepo
done
mv -f *"$VERSION"*.rpm rpmrepo

createrepo --database rpmrepo
rm -f rpmrepo/repodata/repomd.xml.asc
Expand All @@ -72,8 +65,19 @@ then
cp -r /root/rpmrepo .
else
aws s3 sync rpmrepo "s3://algorand-releases/rpm/$CHANNEL/"

# sync signatures to releases so that the .sig files load from there
aws s3 sync s3://$STAGING/releases/$CHANNEL/ s3://algorand-releases/rpm/sigs/$CHANNEL/ --exclude='*' --include='*.rpm.sig'
if [ -n "$S3_SOURCE" ]; then
# if S3_SOURCE exists, we copied files from s3
echo "Copy signatures from s3 staging to s3 releases"
aws s3 sync s3://algorand-staging/releases/$CHANNEL/ s3://algorand-releases/rpm/sigs/$CHANNEL/ --exclude='*' --include='*.rpm.sig'

else
# We are working with files locally
popd
echo "Copy local signatures to s3 releases"
aws s3 sync "$PACKAGES_DIR" "s3://algorand-releases/rpm/sigs/$CHANNEL/" --exclude='*' --include='*.rpm.sig'
fi
fi

echo
Expand Down
24 changes: 14 additions & 10 deletions scripts/release/mule/sign/sign.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,13 @@ echo
date "+build_release begin SIGN stage %Y%m%d_%H%M%S"
echo

if [ -z "$NETWORK" ]; then
echo "[$0] NETWORK is missing."
exit 1
fi

CHANNEL=$(./scripts/release/mule/common/get_channel.sh "$NETWORK")
CHANNEL=${CHANNEL:-$(./scripts/release/mule/common/get_channel.sh "$NETWORK")}
VERSION=${VERSION:-$(./scripts/compute_build_number.sh -f)}
PKG_DIR="./tmp/node_pkgs"
SIGNING_KEY_ADDR=dev@algorand.com
OS_TYPE=$(./scripts/release/mule/common/ostype.sh)
ARCHS=(amd64 arm arm64)
ARCH_BITS=(x86_64 armv7l aarch64)
ARCHS=(amd64 arm64)
ARCH_BITS=(x86_64 aarch64)
# Note that we don't want to use $GNUPGHOME here because that is a documented env var for the gnupg
# project and if it's set in the environment mule will automatically pick it up, which could have
# unintended consequences and be hard to debug.
Expand All @@ -40,6 +35,14 @@ then
find "$GPG_DIR" -type f -exec chmod 600 {} \;
fi

pushd /root
cat << EOF > .rpmmacros
%_gpg_name Algorand RPM <rpm@algorand.com>
%__gpg /usr/bin/gpg2
%__gpg_check_password_cmd true
EOF
popd

# Note that when downloading from the cloud that we'll get all packages for all architectures.
if [ -n "$S3_SOURCE" ]
then
Expand Down Expand Up @@ -87,13 +90,14 @@ for os in "${OS_TYPES[@]}"; do

for file in *.rpm
do
rpmsign --addsign "$file"
gpg -u rpm@algorand.com --detach-sign "$file"
done

HASHFILE="hashes_${CHANNEL}_${os}_${arch}_${VERSION}"
md5sum *.tar.gz *.deb *.rpm >> "$HASHFILE"
shasum -a 256 *.tar.gz *.deb *.rpm >> "$HASHFILE"
shasum -a 512 *.tar.gz *.deb *.rpm >> "$HASHFILE"
sha256sum *.tar.gz *.deb *.rpm >> "$HASHFILE"
sha512sum *.tar.gz *.deb *.rpm >> "$HASHFILE"

gpg -u "$SIGNING_KEY_ADDR" --detach-sign "$HASHFILE"
gpg -u "$SIGNING_KEY_ADDR" --clearsign "$HASHFILE"
Expand Down
35 changes: 0 additions & 35 deletions test/muleCI/mule.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,22 +61,6 @@ agents:
- GOLANG_VERSION=`./scripts/get_golang_version.sh`
- ARCH=arm64v8
- GOARCH=arm64
- name: cicd.ubuntu.arm
dockerFilePath: docker/build/cicd.ubuntu.Dockerfile
image: algorand/go-algorand-ci-linux
version: scripts/configure_dev-deps.sh
arch: arm32v7
env:
- TRAVIS_BRANCH=${GIT_BRANCH}
- NETWORK=$NETWORK
- VERSION=$VERSION
- BUILD_NUMBER=$BUILD_NUMBER
- GOHOSTARCH=arm
- FULLVERSION=${FULLVERSION}
buildArgs:
- GOLANG_VERSION=`./scripts/get_golang_version.sh`
- ARCH=arm32v7
- GOARCH=armv6l
- name: docker-ubuntu
dockerFilePath: docker/build/docker.ubuntu.Dockerfile
image: algorand/go-algorand-docker-linux-ubuntu
Expand Down Expand Up @@ -122,10 +106,6 @@ tasks:
name: build.arm64
agent: cicd.ubuntu.arm64
target: ci-build
- task: docker.Make
name: build.arm
agent: cicd.ubuntu.arm
target: ci-build

- task: docker.Make
name: archive
Expand Down Expand Up @@ -167,12 +147,6 @@ tasks:
stashId: ${JENKINS_JOB_CACHE_ID}/linux-arm64
globSpecs:
- tmp/node_pkgs/**/*
- task: stash.Stash
name: linux-arm
bucketName: go-algorand-ci-cache
stashId: ${JENKINS_JOB_CACHE_ID}/linux-arm
globSpecs:
- tmp/node_pkgs/**/*
- task: stash.Stash
name: packages
bucketName: go-algorand-ci-cache
Expand All @@ -193,10 +167,6 @@ tasks:
name: darwin-amd64
bucketName: go-algorand-ci-cache
stashId: ${JENKINS_JOB_CACHE_ID}/darwin-amd64
- task: stash.Unstash
name: linux-arm
bucketName: go-algorand-ci-cache
stashId: ${JENKINS_JOB_CACHE_ID}/linux-arm
- task: stash.Unstash
name: darwin-arm64
bucketName: go-algorand-ci-cache
Expand Down Expand Up @@ -233,15 +203,10 @@ jobs:
tasks:
- docker.Make.build.arm64
- stash.Stash.linux-arm64
build-linux-arm32:
tasks:
- docker.Make.build.arm
- stash.Stash.linux-arm
package-all:
tasks:
- stash.Unstash.linux-amd64
- stash.Unstash.linux-arm64
- stash.Unstash.linux-arm
- stash.Unstash.darwin-arm64
- stash.Unstash.darwin-amd64
- docker.Make.deb.amd64
Expand Down

0 comments on commit eb702d4

Please sign in to comment.