Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add snapshot instructions #224

Merged
merged 4 commits into from
Apr 29, 2022
Merged

docs: add snapshot instructions #224

merged 4 commits into from
Apr 29, 2022

Conversation

Teasel-Ian
Copy link
Contributor

No description provided.

@github-actions
Copy link

github-actions bot commented Apr 28, 2022

Visit the preview URL for this PR (updated for commit b46ba52):

https://fetch-docs-preview--pr224-docs-snapshots-r0y1j9js.web.app

(expires Tue, 03 May 2022 14:27:10 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

curl -v https://storage.googleapis.com/fetch-ai-mainnet-snapshots/fetchhub-4-pruned.tgz -o- 2>headers.out | tee >(md5sum > md5sum.out) | gunzip -c | tar -xvf - --directory=~/.fetchd

# (optional, but recommended) compare source md5 checksum provided in the headers by google, with the one calculated locally
[[ $(awk -F\" '/etag:/{ print $2 }' headers.out) == $(awk '{ print $1 }' md5sum.out) ]] && echo "OK - md5sum match" || echo "ERROR - md5sum MISMATCH"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's some cool stuff here!

To double-check, is using the etag fine here? Seeing on https://cloud.google.com/storage/docs/hashes-etags#xml-api it might not guarantee to be the md5 - maybe x-goog-hash to be preferred (they actually have the same value when I tested, but not sure it's meant to stay like this)

Also wondered if md5 was enough here given how easy is to tamper with it nowadays. But I guess it's ok, the consensus is supposed to deal with the extra validation that this state is pristine

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well spotted, thanks! I will fix...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As for md5 collisions... something they do (in a slightly different context) on Osmosis is to publish their hashes on the blockchain itself. I'll have a think about whether I can push a memo with the (assumed immutable) GCS x-goog-generation version number vs md5sum, that should give a very good confidence that a downloaded snapshot was created by my k8s pod, even in the scenario where an adversary has write access to our bucket.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

daeMOn63
daeMOn63 previously approved these changes Apr 28, 2022
@Teasel-Ian Teasel-Ian marked this pull request as draft April 28, 2022 12:54
@Teasel-Ian Teasel-Ian marked this pull request as ready for review April 29, 2022 08:37
@Teasel-Ian Teasel-Ian requested a review from daeMOn63 April 29, 2022 08:48
@Teasel-Ian Teasel-Ian merged commit e7b7407 into master Apr 29, 2022
@Teasel-Ian Teasel-Ian deleted the docs/snapshots branch April 29, 2022 09:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants