-
Notifications
You must be signed in to change notification settings - Fork 721
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optionally support lightweight checkpointing #6048
base: master
Are you sure you want to change the base?
Conversation
7323965
to
7aceb49
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This all looks great to me, thanks. I'm not Approving since I'm not a code reviewer for this repository.
|
||
pure $ WrapCheckpointsMap $ CheckpointsMap $ Map.fromList checkpoints | ||
where | ||
parseCardanoHash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe some genesis hash config field parser already has this logic somewhere?
parseJSON = Aeson.withObject "CheckpointsMap" $ \o -> do | ||
checkpointList :: [Aeson.Object] <- o Aeson..: "checkpoints" | ||
|
||
checkpoints :: [(BlockNo, HeaderHash (CardanoBlock StandardCrypto))] <- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally I'd consider a {blockNoHashPairs: [[3, "abcdef"], [100, "32cdef"]]}
format, to avoid the obnoxious per-entry repetition of the field names. But I don't have a lot of experience regarding the widely-expected UX for this sort of thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah 👍, I have no strong opinions here; one tiny advantage of the current format is that it is impossible to forgot that the numbers are referring to block numbers (and not e.g. slot numbers), even when looking at individual checkpoints only; but that is not a major thing.
7aceb49
to
b65350a
Compare
This PR is stale because it has been open 45 days with no activity. |
see the PR description for details
b65350a
to
040cb70
Compare
@amesgen That's a good idea. But to do that you'd have to decide about block hashes before starting the network, then spin up the testnet and check the hashes of the blocks. |
Yeah, though at least, one could test that whatever chain is created by the testnet is considered invalid when one configures a bogus checkpoint. (I currently don't have time to work on this, but maybe someone else from the Consensus team does. Up to the node team whether this should block this PR.) |
Description
Closes #5730
This PR adds optional support for lightweight checkpointing. Concretely, a file can contain a list of checkpoints (each consisting of a block number and a corresponding block hash). When validating a header/block with a block number with a corresponding checkpoint, we consider the header/block to be invalid if their actual hash does not coincide with the hash from the checkpoint.
This is only expected to be used in certain disaster recovery scenarios, so ideally never. See CIP-0135 for more details.
Warning
Specifying a checkpoints file requires great care; incorrect entries can lead the node to be stuck on adversarial chains forever!
Concretely, the node configuration file has two new optional entries:
The
checkpoints.json
file has the following format:Testing
Component-level tests for this feature already exist in Consensus, but end-to-end tests might still be useful. I manually tested this PR locally, but a test in CI would be nice. I am not familiar with the various tests in this repo; maybe a test under
Cardano.Testnet.Test
could work?Checklist
See Runnings tests for more details
CHANGELOG.md
for affected package.cabal
files are updatedhlint
. See.github/workflows/check-hlint.yml
to get thehlint
versionstylish-haskell
. See.github/workflows/stylish-haskell.yml
to get thestylish-haskell
versionghc-8.10.7
andghc-9.2.7
Note on CI
If your PR is from a fork, the necessary CI jobs won't trigger automatically for security reasons.
You will need to get someone with write privileges. Please contact IOG node developers to do this
for you.