libyubihsm2 upgrade & YubiHSM 2.1 support

.buildkite/pipeline.yml

@@ -17,7 +17,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -38,7 +38,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -59,7 +59,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -80,10 +80,31 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux1"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux1_2-1"
         workdir: /data/job
     timeout: 60
 
+  # - command: |
+  #       echo "+++ :hammer: Building" && \
+  #       ./scripts/eosio_build.sh -y && \
+  #       echo "--- :compression: Compressing build directory" && \
+  #       tar -pczf build.tar.gz build/
+  #   label: ":aws: 2 Build"
+  #   agents:
+  #     queue: "automation-large-builder-fleet"
+  #   artifact_paths: "build.tar.gz"
+  #   plugins:
+  #     ecr#v1.1.4:
+  #       login: true
+  #       account_ids: "436617320021"
+  #       no-include-email: true
+  #       region: "us-west-2"
+  #     docker#v2.1.0:
+  #       debug: true
+  #       image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux2_2-1"
+  #       workdir: /data/job
+  #   timeout: 60
+
   - command: |
         echo "+++ :hammer: Building" && \
         ./scripts/eosio_build.sh -y && \
@@ -101,7 +122,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -114,7 +135,7 @@ steps:
       tar -pczf build.tar.gz build/
     label: ":darwin: Mojave Build"
     agents:
-      - "role=builder-v2"
+      - "role=builder-v2-1"
       - "os=mojave"
     artifact_paths: "build.tar.gz"
     timeout: 60
@@ -128,7 +149,7 @@ steps:
       tar -pczf build.tar.gz build/
     label: ":darwin: High Sierra Build"
     agents:
-      - "role=builder-v2"
+      - "role=builder-v2-1"
       - "os=high-sierra"
     artifact_paths: "build.tar.gz"
     timeout: 60
@@ -158,7 +179,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -185,7 +206,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -212,7 +233,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -239,7 +260,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -267,7 +288,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -294,7 +315,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -321,7 +342,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux1"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux1_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -348,10 +369,64 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux1"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux1_2-1"
         workdir: /data/job
     timeout: 60
 
+  # - command: |
+  #       echo "--- :arrow_down: Downloading build directory" && \
+  #       buildkite-agent artifact download "build.tar.gz" . --step ":aws: 2 Build" && \
+  #       tar -zxf build.tar.gz && \
+  #       echo "--- :m: Starting MongoDB" && \
+  #       ~/bin/mongod --fork --dbpath ~/data/mongodb -f ~/etc/mongod.conf --logpath "$(pwd)"/mongod.log && \
+  #       echo "+++ :microscope: Running tests" && \
+  #       cd /data/job/build && PATH=\$PATH:~/opt/mongodb/bin ~/bin/ctest -j8 -LE _tests --output-on-failure
+  #   label: ":aws: 2 Tests"
+  #   agents:
+  #     queue: "automation-large-builder-fleet"
+  #   artifact_paths:
+  #     - "mongod.log"
+  #     - "build/genesis.json"
+  #     - "build/config.ini"
+  #   plugins:
+  #     ecr#v1.1.4:
+  #       login: true
+  #       account_ids: "436617320021"
+  #       no-include-email: true
+  #       region: "us-west-2"
+  #     docker#v2.1.0:
+  #       debug: true
+  #       image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux2_2-1"
+  #       workdir: /data/job
+  #   timeout: 60
+
+  # - command: |
+  #       echo "--- :arrow_down: Downloading build directory" && \
+  #       buildkite-agent artifact download "build.tar.gz" . --step ":aws: 2 Build" && \
+  #       tar -zxf build.tar.gz && \
+  #       echo "--- :m: Starting MongoDB" && \
+  #       ~/bin/mongod --fork --dbpath ~/data/mongodb -f ~/etc/mongod.conf --logpath "$(pwd)"/mongod.log && \
+  #       echo "+++ :microscope: Running tests" && \
+  #       cd /data/job/build && PATH=\$PATH:~/opt/mongodb/bin ~/bin/ctest -L nonparallelizable_tests --output-on-failure
+  #   label: ":aws: 2 NP Tests"
+  #   agents:
+  #     queue: "automation-large-builder-fleet"
+  #   artifact_paths:
+  #     - "mongod.log"
+  #     - "build/genesis.json"
+  #     - "build/config.ini"
+  #   plugins:
+  #     ecr#v1.1.4:
+  #       login: true
+  #       account_ids: "436617320021"
+  #       no-include-email: true
+  #       region: "us-west-2"
+  #     docker#v2.1.0:
+  #       debug: true
+  #       image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:amazonlinux2_2-1"
+  #       workdir: /data/job
+  #   timeout: 60
+
   - command: |
         echo "--- :arrow_down: Downloading build directory" && \
         buildkite-agent artifact download "build.tar.gz" . --step ":fedora: 27 Build" && \
@@ -375,7 +450,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -402,7 +477,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27_2-1"
         workdir: /data/job
     timeout: 60
 
@@ -416,7 +491,7 @@ steps:
         ln -s "$(pwd)" /data/job && cd /data/job/build && PATH=\$PATH:~/opt/mongodb/bin ctest -j8 -LE _tests --output-on-failure
     label: ":darwin: High Sierra Tests"
     agents:
-      - "role=tester-v2"
+      - "role=tester-v2-1"
       - "os=high-sierra"
     artifact_paths:
       - "mongod.log"
@@ -434,7 +509,7 @@ steps:
         ln -s "$(pwd)" /data/job && cd /data/job/build && PATH=\$PATH:~/opt/mongodb/bin ctest -L nonparallelizable_tests --output-on-failure
     label: ":darwin: High Sierra NP Tests"
     agents:
-      - "role=tester-v2"
+      - "role=tester-v2-1"
       - "os=high-sierra"
     artifact_paths:
       - "mongod.log"
@@ -452,7 +527,7 @@ steps:
         ln -s "$(pwd)" /data/job && cd /data/job/build && PATH=\$PATH:~/opt/mongodb/bin ctest -j8 -LE _tests --output-on-failure
     label: ":darwin: Mojave Tests"
     agents:
-      - "role=tester-v2"
+      - "role=tester-v2-1"
       - "os=mojave"
     artifact_paths:
       - "mongod.log"
@@ -470,7 +545,7 @@ steps:
         ln -s "$(pwd)" /data/job && cd /data/job/build && PATH=\$PATH:~/opt/mongodb/bin ctest -L nonparallelizable_tests --output-on-failure
     label: ":darwin: Mojave NP Tests"
     agents:
-      - "role=tester-v2"
+      - "role=tester-v2-1"
       - "os=mojave"
     artifact_paths:
       - "mongod.log"
@@ -488,7 +563,7 @@ steps:
         ln -s "$(pwd)" /data/job && cd /data/job/build/packages && bash generate_package.sh brew
     label: ":darwin: High Sierra Package Builder"
     agents:
-      - "role=builder-v2"
+      - "role=builder-v2-1"
       - "os=high-sierra"
     artifact_paths:
       - "build/packages/*.tar.gz"
@@ -503,7 +578,7 @@ steps:
         ln -s "$(pwd)" /data/job && cd /data/job/build/packages && bash generate_package.sh brew
     label: ":darwin: Mojave Package Builder"
     agents:
-      - "role=builder-v2"
+      - "role=builder-v2-1"
       - "os=mojave"
     artifact_paths:
       - "build/packages/*.tar.gz"
@@ -529,7 +604,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu16_2-1"
         workdir: /data/job
     env:
       OS: "ubuntu-16.04"
@@ -555,7 +630,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:ubuntu18_2-1"
         workdir: /data/job
     env:
       OS: "ubuntu-18.04"
@@ -588,7 +663,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:fedora27_2-1"
         workdir: /data/job
     env:
       OS: "fc27"
@@ -621,7 +696,7 @@ steps:
         region: "us-west-2"
       docker#v2.1.0:
         debug: true
-        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7"
+        image: "436617320021.dkr.ecr.us-west-2.amazonaws.com/ci:centos7_2-1"
         workdir: /data/job
     env:
       OS: "el7"

.gitmodules

@@ -15,3 +15,6 @@
 [submodule "libraries/wabt"]
 	path = libraries/wabt
 	url = https://github.com/EOSIO/wabt
+[submodule "libraries/yubihsm"]
+	path = libraries/yubihsm
+	url = https://github.com/Yubico/yubihsm-shell

CMakeLists.txt

@@ -262,19 +262,25 @@ configure_file(${CMAKE_SOURCE_DIR}/libraries/fc/secp256k1/upstream/COPYING
                ${CMAKE_BINARY_DIR}/licenses/eosio/LICENSE.secp256k1 COPYONLY)
 configure_file(${CMAKE_SOURCE_DIR}/libraries/fc/src/network/LICENSE.go 
                ${CMAKE_BINARY_DIR}/licenses/eosio/LICENSE.go COPYONLY)
+configure_file(${CMAKE_SOURCE_DIR}/libraries/yubihsm/LICENSE
+               ${CMAKE_BINARY_DIR}/licenses/eosio/LICENSE.yubihsm COPYONLY)
 
 install(FILES LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ COMPONENT base)
 install(FILES libraries/wabt/LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.wabt COMPONENT base)
 install(FILES libraries/softfloat/COPYING.txt DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.softfloat COMPONENT base)
 install(FILES libraries/wasm-jit/LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.wavm COMPONENT base)
 install(FILES libraries/fc/secp256k1/upstream/COPYING DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.secp256k1 COMPONENT base)
 install(FILES libraries/fc/src/network/LICENSE.go DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ COMPONENT base)
+install(FILES libraries/yubihsm/LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.yubihsm COMPONENT base)
 
 add_custom_target(base-install
   COMMAND "${CMAKE_COMMAND}" --build "${CMAKE_BINARY_DIR}"
   COMMAND "${CMAKE_COMMAND}" -DCMAKE_INSTALL_COMPONENT=base -P "${CMAKE_BINARY_DIR}/cmake_install.cmake"
   USES_TERMINAL
 )
 
+get_property(_CTEST_CUSTOM_TESTS_IGNORE GLOBAL PROPERTY CTEST_CUSTOM_TESTS_IGNORE)
+file(WRITE "${CMAKE_BINARY_DIR}/CTestCustom.cmake" "SET(CTEST_CUSTOM_TESTS_IGNORE ${_CTEST_CUSTOM_TESTS_IGNORE})")
+
 include(package)
 include(doxygen)

libraries/CMakeLists.txt

@@ -13,3 +13,17 @@ set(BUILD_TOOLS OFF CACHE BOOL "Build wabt tools")
 set(RUN_RE2C OFF CACHE BOOL "Run re2c")
 set(WITH_EXCEPTIONS ON CACHE BOOL "Build with exceptions enabled" FORCE)
 add_subdirectory( wabt )
+
+set(ENABLE_STATIC ON)
+set(CMAKE_MACOSX_RPATH OFF)
+set(BUILD_ONLY_LIB ON CACHE BOOL "Library only build")
+message(STATUS "Starting yubihsm configuration...")
+add_subdirectory( yubihsm EXCLUDE_FROM_ALL )
+set_target_properties(yubihsm_static PROPERTIES COMPILE_OPTIONS "-fno-lto")
+message(STATUS "yubihsm configuration complete")
+
+get_property(_CTEST_CUSTOM_TESTS_IGNORE GLOBAL PROPERTY CTEST_CUSTOM_TESTS_IGNORE)
+set_property(GLOBAL PROPERTY CTEST_CUSTOM_TESTS_IGNORE
+  "change_authkey import_ed decrypt_ec decrypt_rsa ssh logs generate_rsa import_ec echo\
+  yubico_otp wrap_data wrap info import_rsa import_authkey generate_hmac generate_ec\
+  attest pbkdf2 parsing ${_CTEST_CUSTOM_TESTS_IGNORE}")

plugins/wallet_plugin/CMakeLists.txt

@@ -22,5 +22,8 @@ add_library( wallet_plugin
              yubihsm_wallet.cpp
              ${HEADERS} )
 
-target_link_libraries( wallet_plugin eosio_chain appbase ${security_framework} ${corefoundation_framework} ${localauthentication_framework} ${cocoa_framework})
+target_link_libraries( wallet_plugin yubihsm_static eosio_chain appbase ${security_framework} ${corefoundation_framework} ${localauthentication_framework} ${cocoa_framework})
 target_include_directories( wallet_plugin PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/include" )
+
+#sadly old cmake 2.8 support in yubihsm cmake prevents usage of target_include_directories there
+target_include_directories( wallet_plugin PRIVATE "${CMAKE_SOURCE_DIR}/libraries/yubihsm/lib" )