This repository has been archived by the owner on Jun 3, 2020. It is now read-only.
tmkms v0.6.0 #329
Merged
tmkms v0.6.0 #329
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This release is tested against tendermint v0.31 and known to be compatible with tendermint v0.32.
Upgrade Notes
state_filesyntax changesThe validator state files use an incompatible syntax from Tendermint KMS v0.5. It has been changed to match the conventions used by the rest of Tendermint, where integer values are stored in strings rather than JSON integers.
When upgrading, you will need to either delete existing state files (they will be recreated automatically), or ensure the integer
heightandroundfields contained within these files are quoted in strings, e.g.{"height":"123456","round":"0",...}.Unknown fields now disallowed in
tmkms.tomlThe previous parser for
tmkms.tomlignored unknown attributes in the config file. This means it would often ignore syntax errors, spelling mistakes, or attributes in the wrong location when parsing files.This has been changed to explicitly reject such fields, however please be aware if your config file contained invalid syntax, it will now be rejected by the parser and the KMS will no longer boot.
We suggest validating the configuration in a staging or other noncritical deployment of the KMS in order to ensure your configuration does not contain accidental misconfigurations which were previously uncaught.
See #282 for more information.
YubiHSM improvements
This release contains many improvements for users of the
yubihsmbackend:yubihsm-serverfeature: this release includes support for the KMS exposing an HTTP service which is compatible with Yubico'syubihsm-connectorservice. This allows for concurrently administering a YubiHSM2 while the KMS is running, either throughtmkms yubihsm(see additional notes below) or via Yubico'syubihsm-shell.tmkms yubihsm: the CLI functionality in the KMS for administering YubiHSMs can now be configured to connect to the KMS's ownyubihsm-server. Additionally it can also be configured to use a different authentication key, and to prompt for a password as opposed to using one in the configuration file.For more information on these changes, please see the "yubihsm-server feature" section in the Tendermint KMS YubiHSM docs:
https://github.com/tendermint/kms/blob/master/README.yubihsm.md#yubihsm-server-feature
Detailed Changes
tendermintcrate v0.10.0 (tendermint-rs v0.10.0 #328)tendermint::consensus::Stateheight/round/step (Display tendermint::consensus::State height/round/step #316)yubihsm keys import: base64 support (yubihsm keys import: base64 support #306)yubihsm: Support for reading password from a file (yubihsm: Support for reading password from a file #305)softsign: Fix private key decoding +importcommand (softsign: Fix private key decoding + import command (closes #290) #304)softsign: Add subcommand; movekeygenunder it (softsign: Add subcommand; move keygen under it #303)yubihsm setup: usehkd32crate to derive key hierarchy (yubihsm setup: use hkd32 crate to derive key hierarchy #302)yubihsm setup: Collect 256-bits entropy from both RNGs (yubihsm setup: Collect 256-bits entropy from both RNGs #300)abscissacrate v0.2 (Upgrade to abscissa v0.2.0 #294)serde(deny_unknown_fields)to all config structs (Add serde(deny_unknown_fields) to all config structs #282)tmkms yubihsm keys list: Use chain-specific formatters (yubihsm keys list: Use chain-specific formatters (fixes #253) #275)yubihsm-server: Allow CLI commands to use loopback connection (yubihsm-server: Allow CLI commands to use loopback connection #274)yubihsm-server: Optionalyubihsm-connectorcompatibility (yubihsm-server: Provide optional yubihsm-connector compatibility #273)RemoteSignerErrorresponse to validator on double sign (Errors when connecting to multiple validators with same chain-id #249)priv_validator.jsonkeys as re-exportable (Mark imported priv_validator keys as exportable #248)max_heightsupport for stopping chains at specific heights (Zaki/max height #238)ledger-tendermintbackend (Feat/ledger #225)