Merge branch 'master' into skisel-bt/676-google-secret-manager-support

CHANGELOG.md

@@ -5,6 +5,9 @@
 ### Bugs fixed
 - Update netty to fix CVE-2023-44487
 
+### Features Added
+- Removed need for KZG trusted setup file and associated --Xtrusted-setup command line argument
+
 ## 23.9.1
 
 ### Breaking Changes

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfiguration.java

@@ -72,7 +72,6 @@ public class SignerConfiguration {
   private final Optional<Long> denebForkEpoch;
   private final Optional<String> network;
   private final boolean keyManagerApiEnabled;
-  private final Optional<String> trustedSetup;
   private Optional<WatermarkRepairParameters> watermarkRepairParameters;
   private int downstreamHttpPort;
   private Optional<ClientTlsOptions> downstreamTlsOptions;
@@ -124,7 +123,6 @@ public SignerConfiguration(
       final int downstreamHttpPort,
       final Optional<ClientTlsOptions> downstreamTlsOptions,
       final ChainIdProvider chainIdProvider,
-      final Optional<String> trustedSetup,
       final Optional<KeystoresParameters> v3KeystoresBulkloadParameters) {
     this.hostname = hostname;
     this.logLevel = logLevel;
@@ -169,7 +167,6 @@ public SignerConfiguration(
     this.downstreamHttpPort = downstreamHttpPort;
     this.downstreamTlsOptions = downstreamTlsOptions;
     this.chainIdProvider = chainIdProvider;
-    this.trustedSetup = trustedSetup;
     this.v3KeystoresBulkloadParameters = v3KeystoresBulkloadParameters;
   }
 
@@ -353,10 +350,6 @@ public ChainIdProvider getChainIdProvider() {
     return chainIdProvider;
   }
 
-  public Optional<String> getTrustedSetup() {
-    return trustedSetup;
-  }
-
   public Optional<KeystoresParameters> getV3KeystoresBulkloadParameters() {
     return v3KeystoresBulkloadParameters;
   }

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfigurationBuilder.java

@@ -80,7 +80,6 @@ public class SignerConfigurationBuilder {
   private ClientTlsOptions downstreamTlsOptions;
 
   private ChainIdProvider chainIdProvider = new ConfigurationChainId(DEFAULT_CHAIN_ID);
-  private String trustedSetup;
 
   private KeystoresParameters v3KeystoresBulkloadParameters;
 
@@ -313,11 +312,6 @@ public SignerConfigurationBuilder withChainIdProvider(final ChainIdProvider chai
     return this;
   }
 
-  public SignerConfigurationBuilder withTrustedSetup(final String trustedSetup) {
-    this.trustedSetup = trustedSetup;
-    return this;
-  }
-
   public SignerConfigurationBuilder withV3KeystoresBulkloadParameters(
       final KeystoresParameters v3KeystoresBulkloadParameters) {
     this.v3KeystoresBulkloadParameters = v3KeystoresBulkloadParameters;
@@ -372,7 +366,6 @@ public SignerConfiguration build() {
         downstreamHttpPort,
         Optional.ofNullable(downstreamTlsOptions),
         chainIdProvider,
-        Optional.ofNullable(trustedSetup),
         Optional.ofNullable(v3KeystoresBulkloadParameters));
   }
 }

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java

@@ -489,12 +489,6 @@ private String createEth2SlashingProtectionArgs() {
               signerConfig.getDenebForkEpoch().get()));
     }
 
-    if (signerConfig.getTrustedSetup().isPresent()) {
-      yamlConfig.append(
-          String.format(
-              YAML_STRING_FMT, "eth2.Xtrusted-setup", signerConfig.getTrustedSetup().get()));
-    }
-
     if (signerConfig.getNetwork().isPresent()) {
       yamlConfig.append(
           String.format(YAML_STRING_FMT, "eth2.network", signerConfig.getNetwork().get()));

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java

@@ -297,11 +297,6 @@ private Collection<String> createEth2Args() {
       params.add(Long.toString(signerConfig.getDenebForkEpoch().get()));
     }
 
-    if (signerConfig.getTrustedSetup().isPresent()) {
-      params.add("--Xtrusted-setup");
-      params.add(signerConfig.getTrustedSetup().get());
-    }
-
     if (signerConfig.getNetwork().isPresent()) {
       params.add("--network");
       params.add(signerConfig.getNetwork().get());

acceptance-tests/src/test/java/tech/pegasys/web3signer/tests/signing/Eth2CustomNetworkFileAcceptanceTest.java

@@ -19,7 +19,6 @@
 import tech.pegasys.teku.bls.BLSPublicKey;
 import tech.pegasys.teku.bls.BLSSecretKey;
 import tech.pegasys.teku.infrastructure.unsigned.UInt64;
-import tech.pegasys.teku.networks.Eth2NetworkConfiguration;
 import tech.pegasys.teku.spec.Spec;
 import tech.pegasys.teku.spec.SpecFactory;
 import tech.pegasys.teku.spec.datastructures.util.ForkAndSpecMilestone;
@@ -31,7 +30,6 @@
 
 import java.nio.file.Path;
 import java.util.List;
-import java.util.Objects;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.google.common.io.Resources;
@@ -53,10 +51,6 @@ public class Eth2CustomNetworkFileAcceptanceTest extends SigningAcceptanceTestBa
       BLSSecretKey.fromBytes(Bytes32.fromHexString(PRIVATE_KEY));
   private static final BLSKeyPair KEY_PAIR = new BLSKeyPair(KEY);
   private static final BLSPublicKey PUBLIC_KEY = KEY_PAIR.getPublicKey();
-  private static final String TRUSTED_SETUP_PATH =
-      Objects.requireNonNull(
-              Eth2NetworkConfiguration.class.getResource("minimal-trusted-setup.txt"))
-          .toExternalForm();
 
   @BeforeEach
   void setup() {
@@ -65,11 +59,7 @@ void setup() {
     METADATA_FILE_HELPERS.createUnencryptedYamlFileAt(keyConfigFile, PRIVATE_KEY, KeyType.BLS);
 
     final SignerConfigurationBuilder builder = new SignerConfigurationBuilder();
-    builder
-        .withKeyStoreDirectory(testDirectory)
-        .withMode("eth2")
-        .withNetwork(NETWORK_CONFIG_PATH)
-        .withTrustedSetup(TRUSTED_SETUP_PATH);
+    builder.withKeyStoreDirectory(testDirectory).withMode("eth2").withNetwork(NETWORK_CONFIG_PATH);
     startSigner(builder.build());
   }
 
@@ -79,8 +69,7 @@ void signAndVerifyBlockV2SignatureForAllEnabledMilestones() throws Exception {
         SpecFactory.create(
             NETWORK_CONFIG_PATH.toString(),
             specConfigBuilder ->
-                specConfigBuilder.denebBuilder(
-                    denebBuilder -> denebBuilder.trustedSetupPath(TRUSTED_SETUP_PATH)));
+                specConfigBuilder.denebBuilder(denebBuilder -> denebBuilder.kzgNoop(true)));
     final List<ForkAndSpecMilestone> enabledMilestones = spec.getEnabledMilestones();
     assertThat(enabledMilestones.size()).isEqualTo(5);
 

build.gradle

@@ -166,6 +166,12 @@ allprojects {
     skipProjects = [
       ':acceptance-tests'
     ]
+    analyzers {
+      retirejs {
+        enabled = false
+      }
+      assemblyEnabled = false
+    }
   }
 
   tasks.withType(JavaCompile) {

commandline/src/main/java/tech/pegasys/web3signer/commandline/subcommands/Eth2SubCommand.java

@@ -126,15 +126,6 @@ private static class NetworkCliCompletionCandidates extends ArrayList<String> {
       converter = UInt64Converter.class)
   private UInt64 denebForkEpoch;
 
-  @CommandLine.Option(
-      names = {"--Xtrusted-setup"},
-      hidden = true,
-      paramLabel = "<STRING>",
-      description =
-          "The trusted setup which is needed for KZG commitments. Only required when creating a custom network. This value should be a file or URL pointing to a trusted setup.",
-      arity = "1")
-  private String trustedSetup = null; // Depends on network configuration
-
   @CommandLine.Option(
       names = {"--key-manager-api-enabled", "--enable-key-manager-api"},
       paramLabel = "<BOOL>",
@@ -193,7 +184,7 @@ private void logNetworkSpecInformation() {
 
   private Eth2NetworkConfiguration createEth2NetworkConfig() {
     Eth2NetworkConfiguration.Builder builder = Eth2NetworkConfiguration.builder();
-    builder.applyNetworkDefaults(network);
+    builder.applyNetworkDefaults(network).kzgNoop(true);
     if (altairForkEpoch != null) {
       builder.altairForkEpoch(altairForkEpoch);
     }
@@ -206,9 +197,6 @@ private Eth2NetworkConfiguration createEth2NetworkConfig() {
     if (denebForkEpoch != null) {
       builder.denebForkEpoch(denebForkEpoch);
     }
-    if (trustedSetup != null) {
-      builder.trustedSetup(trustedSetup);
-    }
     return builder.build();
   }
 

gradle/versions.gradle

@@ -90,7 +90,7 @@ dependencyManagement {
 
     dependency 'org.xipki.iaik:sunpkcs11-wrapper:1.4.10'
 
-    dependencySet(group: 'tech.pegasys.teku.internal', version: '23.9.1') {
+    dependencySet(group: 'tech.pegasys.teku.internal', version: '23.10.0') {
       entry ('bls') {
         exclude group: 'org.bouncycastle', name: 'bcprov-jdk15on'
       }