merge upstream

.github/workflows/build_and_test.yml

@@ -182,7 +182,7 @@ jobs:
           echo "PROJECT=${{ matrix.flavor_id }}-${{ matrix.demo_name }}" >> $GITHUB_ENV
           echo "VERSION=dev.$version" >> $GITHUB_ENV
           echo "WORKER_IMAGE_TAG=integritee-worker:dev.$version" >> $GITHUB_ENV
-          echo "INTEGRITEE_NODE=integritee-node-dev:1.1.0.$version" >> $GITHUB_ENV
+          echo "INTEGRITEE_NODE=integritee-node:1.1.3.$version" >> $GITHUB_ENV
           echo "CLIENT_IMAGE_TAG=integritee-cli:dev.$version" >> $GITHUB_ENV
           if [[ ${{ matrix.sgx_mode }} == 'HW' ]]; then
              echo "SGX_PROVISION=/dev/sgx/provision" >> $GITHUB_ENV
@@ -227,8 +227,8 @@ jobs:
           fi
           docker tag integritee-worker-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.WORKER_IMAGE_TAG }}
           docker tag integritee-cli-client-${{ matrix.flavor_id }}-${{ github.sha }} ${{ env.CLIENT_IMAGE_TAG }}
-          docker pull integritee/integritee-node-dev:1.1.0
-          docker tag integritee/integritee-node-dev:1.1.0 ${{ env.INTEGRITEE_NODE }}
+          docker pull integritee/integritee-node:1.1.3
+          docker tag integritee/integritee-node:1.1.3 ${{ env.INTEGRITEE_NODE }}
           docker images --all
 
       ##
@@ -304,6 +304,10 @@ jobs:
             mode: teeracle
             sgx_mode: HW
             additional_features: dcap
+          - flavor_id: sidechain
+            mode: sidechain
+            sgx_mode: HW
+            additional_features: dcap
 
     steps:
       - uses: actions/checkout@v3
@@ -397,15 +401,15 @@ jobs:
           name: integritee-worker-teeracle-${{ github.ref_name }}.tar.gz
           path: .
 
+      - name: Download Worker Image
+        uses: actions/download-artifact@v3
+        with:
+          name: integritee-worker-sidechain-${{ github.ref_name }}.tar.gz
+          path: .
+
       #
       # Temporary comment out until we decide what to release
       #
-      # - name: Download Integritee Service
-      #   uses: actions/download-artifact@v3
-      #   with:
-      #     name: integritee-worker-sidechain-${{ github.sha }}
-      #     path: integritee-worker-tmp
-
       # - name: Download Integritee Client
       #   uses: actions/download-artifact@v3
       #   with:
@@ -447,6 +451,7 @@ jobs:
           name: Docker ${{ github.ref_name }}
           files: |
             integritee-worker-teeracle-${{ github.ref_name }}.tar.gz
+            integritee-worker-sidechain-${{ github.ref_name }}.tar.gz
             integritee-client
             integritee-demo-validateer
             enclave.signed.so

.github/workflows/publish-docker-sidechain.yml

@@ -0,0 +1,43 @@
+name: Publish Docker image for new sidechain release
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  main:
+    name: Push Integritee Sidechain to Dockerhub
+    runs-on: [ self-hosted ]
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Download sidechain from release
+        uses: dsaltares/fetch-gh-release-asset@master
+        with:
+          version: "tags/${{ github.event.release.tag_name }}"
+          file: integritee-worker-sidechain-${{ github.event.release.tag_name }}.tar.gz
+          target: "integritee-worker-sidechain.tar.gz"
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Login to Dockerhub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Load Worker & Push
+        env:
+          DOCKER_BUILDKIT: 1
+        run: |
+            docker image load --input integritee-worker-sidechain.tar.gz
+            docker images --all
+            docker push integritee/sidechain:${{ github.event.release.tag_name }}
+
+      - name: Delete images
+        run: |
+          if [[ "$(docker images -q integritee/sidechain:${{ github.event.release.tag_name }} 2> /dev/null)" != "" ]]; then
+              docker image rmi --force integritee/sidechain:${{ github.event.release.tag_name }} 2>/dev/null
+          fi
+          docker images --all

core/parentchain/block-importer/src/block_importer.rs

@@ -114,13 +114,10 @@ impl<
 		for (signed_block, raw_events) in
 			blocks_to_import.into_iter().zip(events_to_import.into_iter())
 		{
-			// Check if there are any extrinsics in the to-be-imported block that we sent and cached in the light-client before.
-			// If so, remove them now from the cache.
-			if let Err(e) = self.validator_accessor.execute_mut_on_validator(|v| {
-				v.check_xt_inclusion(&signed_block.block)?;
-
-				v.submit_block(&signed_block)
-			}) {
+			if let Err(e) = self
+				.validator_accessor
+				.execute_mut_on_validator(|v| v.submit_block(&signed_block))
+			{
 				error!("[{:?}] Header submission to light client failed: {:?}", id, e);
 				return Err(e.into())
 			}

core/parentchain/light-client/src/io.rs

@@ -358,7 +358,6 @@ pub mod sgx_tests {
 		.unwrap();
 
 		assert_eq!(validator.genesis_hash().unwrap(), parachain_params.genesis_header.hash());
-		assert_eq!(validator.num_xt_to_be_included().unwrap(), 0);
 		assert_eq!(validator.latest_finalized_header().unwrap(), parachain_params.genesis_header);
 		assert_eq!(
 			validator.penultimate_finalized_block_header().unwrap(),

core/parentchain/light-client/src/lib.rs

@@ -74,8 +74,6 @@ where
 {
 	fn submit_block(&mut self, signed_block: &SignedBlock<Block>) -> Result<(), Error>;
 
-	fn check_xt_inclusion(&mut self, block: &Block) -> Result<(), Error>;
-
 	fn get_state(&self) -> &LightValidationState<Block>;
 }
 
@@ -85,8 +83,6 @@ pub trait ExtrinsicSender {
 }
 
 pub trait LightClientState<Block: ParentchainBlockTrait> {
-	fn num_xt_to_be_included(&self) -> Result<usize, Error>;
-
 	fn genesis_hash(&self) -> Result<HashFor<Block>, Error>;
 
 	fn latest_finalized_header(&self) -> Result<Block::Header, Error>;

core/parentchain/light-client/src/light_validation.rs

@@ -26,10 +26,9 @@ use core::iter::Iterator;
 use itp_ocall_api::EnclaveOnChainOCallApi;
 use itp_storage::{Error as StorageError, StorageProof, StorageProofChecker};
 use itp_types::parentchain::{IdentifyParentchain, ParentchainId};
-use log::*;
 use sp_runtime::{
 	generic::SignedBlock,
-	traits::{Block as ParentchainBlockTrait, Hash as HashTrait, Header as HeaderTrait},
+	traits::{Block as ParentchainBlockTrait, Header as HeaderTrait},
 	Justifications, OpaqueExtrinsic,
 };
 use std::{boxed::Box, fmt, sync::Arc, vec::Vec};
@@ -115,7 +114,10 @@ impl<Block: ParentchainBlockTrait, OcallApi: EnclaveOnChainOCallApi>
 			}
 		}
 
-		// A valid grandpa proof proves finalization of all previous unjustified blocks.
+		// Todo: Justifying the headers here is actually wrong, but it prevents an ever-growing
+		// `unjustified_headers` queue because in the parachain case we won't have justifications,
+		// and in solo chain setups we only get a justification upon an Grandpa authority change.
+		// Hence, we justify the headers here until we properly solve this in #1404.
 		relay.justify_headers();
 		relay.push_header_hash(header.hash());
 
@@ -128,17 +130,6 @@ impl<Block: ParentchainBlockTrait, OcallApi: EnclaveOnChainOCallApi>
 
 		Ok(())
 	}
-
-	fn submit_xt_to_be_included(&mut self, extrinsic: OpaqueExtrinsic) {
-		let relay = self.light_validation_state.get_relay_mut();
-		relay.verify_tx_inclusion.push(extrinsic);
-
-		debug!(
-			"[{:?}] {} extrinsics in cache, waiting for inclusion verification",
-			self.parentchain_id,
-			relay.verify_tx_inclusion.len()
-		);
-	}
 }
 
 impl<Block, OCallApi> Validator<Block> for LightValidation<Block, OCallApi>
@@ -160,44 +151,6 @@ where
 		self.submit_finalized_headers(header.clone(), vec![], justifications)
 	}
 
-	fn check_xt_inclusion(&mut self, block: &Block) -> Result<(), Error> {
-		let relay = self.light_validation_state.get_relay_mut();
-
-		if relay.verify_tx_inclusion.is_empty() {
-			return Ok(())
-		}
-
-		let mut found_xts = vec![];
-		block.extrinsics().iter().for_each(|xt| {
-			if let Some(index) = relay.verify_tx_inclusion.iter().position(|xt_opaque| {
-				<HashingFor<Block>>::hash_of(xt) == <HashingFor<Block>>::hash_of(xt_opaque)
-			}) {
-				found_xts.push(index);
-			}
-		});
-
-		// sort highest index first
-		found_xts.sort_by(|a, b| b.cmp(a));
-
-		let rm: Vec<OpaqueExtrinsic> =
-			found_xts.into_iter().map(|i| relay.verify_tx_inclusion.remove(i)).collect();
-
-		if !rm.is_empty() {
-			info!(
-				"[{:?}] Verified inclusion proof of {} extrinsics.",
-				self.parentchain_id,
-				rm.len()
-			);
-		}
-		debug!(
-			"[{:?}] {} extrinsics remaining in cache, waiting for inclusion verification",
-			self.parentchain_id,
-			relay.verify_tx_inclusion.len()
-		);
-
-		Ok(())
-	}
-
 	fn get_state(&self) -> &LightValidationState<Block> {
 		&self.light_validation_state
 	}
@@ -210,10 +163,6 @@ where
 	OCallApi: EnclaveOnChainOCallApi,
 {
 	fn send_extrinsics(&mut self, extrinsics: Vec<OpaqueExtrinsic>) -> Result<(), Error> {
-		for xt in extrinsics.iter() {
-			self.submit_xt_to_be_included(xt.clone());
-		}
-
 		self.ocall_api
 			.send_to_parentchain(extrinsics, &self.parentchain_id)
 			.map_err(|e| {
@@ -230,10 +179,6 @@ where
 	Block: ParentchainBlockTrait,
 	OCallApi: EnclaveOnChainOCallApi,
 {
-	fn num_xt_to_be_included(&self) -> Result<usize, Error> {
-		self.light_validation_state.num_xt_to_be_included()
-	}
-
 	fn genesis_hash(&self) -> Result<HashFor<Block>, Error> {
 		self.light_validation_state.genesis_hash()
 	}

core/parentchain/light-client/src/light_validation_state.rs

@@ -52,11 +52,6 @@ impl<Block> LightClientState<Block> for LightValidationState<Block>
 where
 	Block: ParentchainBlockTrait,
 {
-	fn num_xt_to_be_included(&self) -> Result<usize, Error> {
-		let relay = self.get_relay();
-		Ok(relay.verify_tx_inclusion.len())
-	}
-
 	fn genesis_hash(&self) -> Result<HashFor<Block>, Error> {
 		Ok(self.get_relay().genesis_hash)
 	}

core/parentchain/light-client/src/mocks/validator_mock.rs

@@ -49,10 +49,6 @@ impl Validator<Block> for ValidatorMock {
 		Ok(())
 	}
 
-	fn check_xt_inclusion(&mut self, _block: &Block) -> Result<()> {
-		Ok(())
-	}
-
 	fn get_state(&self) -> &LightValidationState<Block> {
 		&self.light_validation_state
 	}
@@ -65,10 +61,6 @@ impl ExtrinsicSender for ValidatorMock {
 }
 
 impl LightClientState<Block> for ValidatorMock {
-	fn num_xt_to_be_included(&self) -> Result<usize> {
-		todo!()
-	}
-
 	fn genesis_hash(&self) -> Result<HashFor<Block>> {
 		todo!()
 	}

core/parentchain/light-client/src/state.rs

@@ -17,10 +17,7 @@
 
 use codec::{Decode, Encode};
 use sp_consensus_grandpa::{AuthorityList, SetId};
-use sp_runtime::{
-	traits::{Block as BlockT, Header as HeaderT},
-	OpaqueExtrinsic,
-};
+use sp_runtime::traits::{Block as BlockT, Header as HeaderT};
 use std::{collections::VecDeque, fmt, vec::Vec};
 
 /// Defines the amount of parentchain headers to keep.
@@ -35,7 +32,6 @@ pub struct RelayState<Block: BlockT> {
 	pub current_validator_set_id: SetId,
 	header_hashes: VecDeque<Block::Hash>,
 	pub unjustified_headers: Vec<Block::Hash>, // Finalized headers without grandpa proof
-	pub verify_tx_inclusion: Vec<OpaqueExtrinsic>, // Transactions sent by the relay
 	pub scheduled_change: Option<ScheduledChangeAtBlock<Block::Header>>, // Scheduled Authorities change as indicated in the header's digest.
 }
 
@@ -79,7 +75,6 @@ impl<Block: BlockT> RelayState<Block> {
 			current_validator_set: validator_set,
 			current_validator_set_id: 0,
 			unjustified_headers: Vec::new(),
-			verify_tx_inclusion: Vec::new(),
 			scheduled_change: None,
 		}
 	}
@@ -95,11 +90,11 @@ impl<Block: BlockT> fmt::Debug for RelayState<Block> {
 		write!(
 			f,
 			"RelayInfo {{ last_finalized_block_header_number: {:?}, current_validator_set: {:?}, \
-        current_validator_set_id: {} amount of transaction in tx_inclusion_queue: {} }}",
+        current_validator_set_id: {}, number of unjustified headers: {} }}",
 			self.last_finalized_block_header.number(),
 			self.current_validator_set,
 			self.current_validator_set_id,
-			self.verify_tx_inclusion.len()
+			self.unjustified_headers.len()
 		)
 	}
 }

docker/README.md

@@ -4,7 +4,7 @@
 
 * Make sure you have installed Docker (version >= `2.0.0`) with [Docker Compose](https://docs.docker.com/compose/install/). On Windows, this can be Docker Desktop with WSL 2 integration.
 * In case you also build the worker directly, without docker (e.g. on a dev machine, running `make`), you should run `make clean` before running the docker build. Otherwise, it can occasionally lead to build errors.
-* The node image version that is loaded in the `docker-compose.yml`, (e.g. `image: "integritee/integritee-node-dev:1.0.32"`) needs to be compatible with the worker you're trying to build.
+* The node image version that is loaded in the `docker-compose.yml`, (e.g. `image: "integritee/integritee-node:1.1.3"`) needs to be compatible with the worker you're trying to build.
 * Set export VERSION=dev
 * `envsubst` should be installed, it is needed to replace the $VERSION in yaml files as docker compose doesn't support variables on service names.
 

docker/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   "integritee-node-${VERSION}":
-    image: "${INTEGRITEE_NODE:-integritee/integritee-node-dev:1.1.0}"
+    image: "${INTEGRITEE_NODE:-integritee/integritee-node:1.1.3}"
     hostname: integritee-node
     devices:
       - "${SGX_PROVISION:-/dev/null}:/dev/sgx/provision"
@@ -15,7 +15,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 6
-    command: --dev --rpc-methods unsafe --ws-external --rpc-external --ws-port 9912
+    command: -lruntime=info -lteerex=debug --dev --rpc-methods unsafe --ws-external --rpc-external --ws-port 9912
     #logging:
     #driver: local
   "integritee-worker-1-${VERSION}":