paritytech · mrcnski · Apr 13, 2023 · koute · Apr 13, 2023 · koute
diff --git a/cli/src/cli.rs b/cli/src/cli.rs
@@ -118,6 +118,10 @@ pub struct RunCmd {
 	#[arg(long)]
 	pub beefy: bool,
 
+	/// Allows the validator to run insecurely if they know what they're doing.
+	#[arg(long = "insecure-validator-i-know-what-i-do", requires = "validator")]
+	pub insecure_validator: bool,
+
 	/// Add the destination address to the jaeger agent.
 	///
 	/// Must be valid socket address, of format `IP:Port`

diff --git a/cli/src/command.rs b/cli/src/command.rs
@@ -303,6 +303,12 @@ where
 		return Err(Error::Other("BEEFY disallowed on production networks".to_string()))
 	}
 
+	if cli.run.base.validator && !cli.run.insecure_validator {
+		if let Err(e) = can_run_as_secure_validator() {
+			return Err(Error::InsecureValidator(e))
+		}
+	}
+
 	set_default_ss58_version(chain_spec);
 
 	let grandpa_pause = if cli.run.grandpa_pause.is_empty() {
@@ -732,3 +738,17 @@ pub fn run() -> Result<()> {
 	}
 	Ok(())
 }
+
+/// Returns an error if a secure validator cannot be built for the target OS and architecture.
+fn can_run_as_secure_validator() -> std::result::Result<(), String> {
+	#[cfg(not(target_os = "linux"))]
+	let result = Err("Must be on Linux to run a validator securely.".into());
+
+	#[cfg(all(target_os = "linux", not(target_arch = "x86_64")))]
+	let result = Err("Must be on x86_64 to run a validator securely.".into());
-	#[cfg(not(target_os = "linux"))]
-	let result = Err("Must be on Linux to run a validator securely.".into());
-
-	#[cfg(all(target_os = "linux", not(target_arch = "x86_64")))]
-	let result = Err("Must be on x86_64 to run a validator securely.".into());
+	#[cfg(not(target_os = "linux"))]
+	let result = Err("Running a validator is only supported on Linux.".into());
+
+	#[cfg(all(target_os = "linux", not(target_arch = "x86_64")))]
+	let result = Err("Running a validator is only supported on CPUs from the x86_64 family (usually Intel or AMD).".into());
-	#[cfg(not(target_os = "linux"))]
-	let result = Err("Must be on Linux to run a validator securely.".into());
-
-	#[cfg(all(target_os = "linux", not(target_arch = "x86_64")))]
-	let result = Err("Must be on x86_64 to run a validator securely.".into());
+	#[cfg(not(target_os = "linux"))]
+	let result = Err("Running a validator is only supported on Linux.".into());
+
+	#[cfg(all(target_os = "linux", not(target_arch = "x86_64")))]
+	let result = Err("Running a validator is only supported on CPUs from the x86_64 family (usually Intel or AMD).".into());
+
+	#[cfg(all(target_os = "linux", target_arch = "x86_64"))]
+	let result = Ok(());
+
+	result
+}
diff --git a/cli/src/error.rs b/cli/src/error.rs
@@ -57,4 +57,7 @@ pub enum Error {
 
 	#[error("This subcommand is only available when compiled with `{feature}`")]
 	FeatureNotEnabled { feature: &'static str },
+
+	#[error("Insecure validator: {0} Run with --insecure-validator-i-know-what-i-do if you understand and accept the risks of running insecurely.")]
-	#[error("Insecure validator: {0} Run with --insecure-validator-i-know-what-i-do if you understand and accept the risks of running insecurely.")]
+	#[error("Your system cannot securely run a validator: {0}\nYou can ignore this requirement by using the `--insecure-validator-i-know-what-i-do` command line argument if you understand and accept the risks of running insecurely.")]
-	#[error("Insecure validator: {0} Run with --insecure-validator-i-know-what-i-do if you understand and accept the risks of running insecurely.")]
+	#[error("Your system cannot securely run a validator: {0}\nYou can ignore this requirement by using the `--insecure-validator-i-know-what-i-do` command line argument if you understand and accept the risks of running insecurely.")]
+	InsecureValidator(String),
 }