cosmos · julienrbrt · Jun 13, 2023 · Jun 12, 2023 · Jun 12, 2023 · Jun 12, 2023
@@ -41,10 +41,6 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * [#12457](https://github.com/cosmos/cosmos-sdk/issues/12457) Add `cosmovisor pre-upgrade` command to manually add an upgrade to cosmovisor.
 * [#15361](https://github.com/cosmos/cosmos-sdk/pull/15361) Add `cosmovisor config` command to display the configuration used by cosmovisor.
 
-## Client Breaking Changes
-
-* [#14881](https://github.com/cosmos/cosmos-sdk/pull/14881) Cosmovisor supports only upgrade plan with a checksum. This is enforced by the `x/upgrade` module for better security.
-
 ## Improvements
 
 * [#14881](https://github.com/cosmos/cosmos-sdk/pull/14881) Refactor Cosmovisor to use `x/upgrade` validation logic.

@@ -87,6 +87,7 @@ Use of `cosmovisor` without one of the action arguments is deprecated. For backw
 * `DAEMON_HOME` is the location where the `cosmovisor/` directory is kept that contains the genesis binary, the upgrade binaries, and any additional auxiliary files associated with each binary (e.g. `$HOME/.gaiad`, `$HOME/.regend`, `$HOME/.simd`, etc.).
 * `DAEMON_NAME` is the name of the binary itself (e.g. `gaiad`, `regend`, `simd`, etc.).
 * `DAEMON_ALLOW_DOWNLOAD_BINARIES` (*optional*), if set to `true`, will enable auto-downloading of new binaries (for security reasons, this is intended for full nodes rather than validators). By default, `cosmovisor` will not auto-download new binaries.
+* `DAEMON_DOWNLOAD_MUST_HAVE_CHECKSUM` (*optional*, default = `false`), if `true` cosmovisor will require that a checksum is provided in the upgrade plan for the binary to be downloaded. If `false`, cosmovisor will not require a checksum to be provided, but still check the checksum if one is provided.
 * `DAEMON_RESTART_AFTER_UPGRADE` (*optional*, default = `true`), if `true`, restarts the subprocess with the same command-line arguments and flags (but with the new binary) after a successful upgrade. Otherwise (`false`), `cosmovisor` stops running after an upgrade and requires the system administrator to manually restart it. Note restart is only after the upgrade and does not auto-restart the subprocess after an error occurs.
 * `DAEMON_RESTART_DELAY` (*optional*, default none), allow a node operator to define a delay between the node halt (for upgrade) and backup by the specified time. The value must be a duration (e.g. `1s`).
 * `DAEMON_POLL_INTERVAL` (*optional*, default 300 milliseconds), is the interval length for polling the upgrade plan file. The value must be a duration (e.g. `1s`).

@@ -18,16 +18,17 @@ import (
 
 // environment variable names
 const (
-	EnvHome                 = "DAEMON_HOME"
-	EnvName                 = "DAEMON_NAME"
-	EnvDownloadBin          = "DAEMON_ALLOW_DOWNLOAD_BINARIES"
-	EnvRestartUpgrade       = "DAEMON_RESTART_AFTER_UPGRADE"
-	EnvRestartDelay         = "DAEMON_RESTART_DELAY"
-	EnvSkipBackup           = "UNSAFE_SKIP_BACKUP"
-	EnvDataBackupPath       = "DAEMON_DATA_BACKUP_DIR"
-	EnvInterval             = "DAEMON_POLL_INTERVAL"
-	EnvPreupgradeMaxRetries = "DAEMON_PREUPGRADE_MAX_RETRIES"
-	EnvDisableLogs          = "COSMOVISOR_DISABLE_LOGS"
+	EnvHome                     = "DAEMON_HOME"
+	EnvName                     = "DAEMON_NAME"
+	EnvDownloadBin              = "DAEMON_ALLOW_DOWNLOAD_BINARIES"
+	EnvDownloadMustHaveChecksum = "DAEMON_DOWNLOAD_MUST_HAVE_CHECKSUM"
+	EnvRestartUpgrade           = "DAEMON_RESTART_AFTER_UPGRADE"
+	EnvRestartDelay             = "DAEMON_RESTART_DELAY"
+	EnvSkipBackup               = "UNSAFE_SKIP_BACKUP"
+	EnvDataBackupPath           = "DAEMON_DATA_BACKUP_DIR"
+	EnvInterval                 = "DAEMON_POLL_INTERVAL"
+	EnvPreupgradeMaxRetries     = "DAEMON_PREUPGRADE_MAX_RETRIES"
+	EnvDisableLogs              = "COSMOVISOR_DISABLE_LOGS"
 )
 
 const (
@@ -42,16 +43,17 @@ const defaultFilename = "upgrade-info.json"
 
 // Config is the information passed in to control the daemon
 type Config struct {
-	Home                  string
-	Name                  string
-	AllowDownloadBinaries bool
-	RestartAfterUpgrade   bool
-	RestartDelay          time.Duration
-	PollInterval          time.Duration
-	UnsafeSkipBackup      bool
-	DataBackupPath        string
-	PreupgradeMaxRetries  int
-	DisableLogs           bool
+	Home                     string
+	Name                     string
+	AllowDownloadBinaries    bool
+	DownloadMustHaveChecksum bool
+	RestartAfterUpgrade      bool
+	RestartDelay             time.Duration
+	PollInterval             time.Duration
+	UnsafeSkipBackup         bool
+	DataBackupPath           string
+	PreupgradeMaxRetries     int
+	DisableLogs              bool
 
 	// currently running upgrade
 	currentUpgrade upgradetypes.Plan
@@ -153,6 +155,9 @@ func GetConfigFromEnv() (*Config, error) {
 	if cfg.AllowDownloadBinaries, err = booleanOption(EnvDownloadBin, false); err != nil {
 		errs = append(errs, err)
 	}
+	if cfg.DownloadMustHaveChecksum, err = booleanOption(EnvDownloadMustHaveChecksum, false); err != nil {
+		errs = append(errs, err)
+	}
 	if cfg.RestartAfterUpgrade, err = booleanOption(EnvRestartUpgrade, true); err != nil {
 		errs = append(errs, err)
 	}
@@ -367,6 +372,7 @@ func (cfg Config) DetailString() string {
 		{EnvHome, cfg.Home},
 		{EnvName, cfg.Name},
 		{EnvDownloadBin, fmt.Sprintf("%t", cfg.AllowDownloadBinaries)},
+		{EnvDownloadMustHaveChecksum, fmt.Sprintf("%t", cfg.DownloadMustHaveChecksum)},
 		{EnvRestartUpgrade, fmt.Sprintf("%t", cfg.RestartAfterUpgrade)},
 		{EnvRestartDelay, cfg.RestartDelay.String()},
 		{EnvInterval, cfg.PollInterval.String()},