-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate privval gRPC server and provide a high-level pluggable default implementation #1134
Open
1 of 2 tasks
Labels
enhancement
New feature or request
Comments
This is definitely something I'm interested in, although there is presently no integration with |
tomtau
added a commit
to tomtau/tendermint-rs
that referenced
this issue
May 30, 2022
…ions - `proto-compiler` uses `tonic-build` - tendermint-proto can be compiled with std for the `grpc` feature (as required by the generated `tonic` code) - the primary motivation is the new gRPC-based PrivVal interface in Tendermint 0.35 (see informalsystems#1134)
5 tasks
tomtau
added a commit
to tomtau/tendermint-rs
that referenced
this issue
Jun 10, 2022
a proposed follow-up after informalsystems#1137 is merged. ref: informalsystems#1134
tomtau
added a commit
to tomtau/tendermint-rs
that referenced
this issue
Jun 27, 2022
5 tasks
tomtau
added a commit
to tomtau/tendermint-rs
that referenced
this issue
Jun 28, 2022
5 tasks
The work here depends on cometbft/cometbft#476 right? |
that's right |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version(s) of tendermint-rs: v0.24.0-pre.2
Description
"privval" is an interface used by a Tendermint process (on validator nodes) to communicate with a signing backend (e.g. YubiHSM).
Previously, "privval" was over a custom socket protocol (implemented e.g. in tmkms) that leveraged Unix domain sockets or Tendermint P2P over TCP where Tendermint acted as a server, and a signing backend connected to it as a client.
In Tendermint 0.35, a new method for "privval" was introduced: the signer is a standard gRPC server/service, and Tendermint connects to it as a client.
In Tendermint 0.36, we expect the old "privval" custom socket protocol will be removed and only the gRPC-based "privval" interface will be provided.
Given these circumstances, I think it makes sense for tendermint-rs to support this interface via the following features:
build_server(true)
in tonic_build, probably via a feature-flag (as not every usage of tendermint-proto needs it)update_consensus_state
in tmkms https://github.com/iqlusioninc/tmkms/blob/main/src/chain/state.rs#L66 )Here's a sketch of the potential interface:
load_state
andpersist_state
could potentially be in a separate trait, so that one can e.g. have a default file-based state persistence, but different signer backends are free to implement what makes sense in their context (e.g. write to CPU monotonic counters or an external service).Definition of "done"
PrivValidatorApi
,PrivValidatorApiServer
...): tendermint-proto: Add a feature flag and generate gRPC server definitions #1137PrivValidatorApi
implementation (validation of types via domain types, basic double signing checking, chain-id verification) with basic common constructors or configurations (e.g. to load the certificates for TLS) and an extensible way to plug in different signer providers (with a software signer given as a sample implementation)Related issues:
The text was updated successfully, but these errors were encountered: