-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a bundle auditing tool (endo unbundle) #1656
Comments
I prototyped a web-based tool for exploring bundles after they are put on chain: |
stretch goal: bundle diff... it would be nice if I went from marshal 0.6.1 to 0.6.2, it told me what the differences are, rather than saying "only in b2: 0.6.2" |
More motivation:
|
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
I just discovered:
|
Here’s an “endo unbundle” implementation that will work on Mac. function undo() {
mkdir -p "$1" && jq -r .endoZipBase64 | base64 -d | tar xC "$1"
} Usage: undo bundle < bundle.json |
refs: #1656 ## Description Spike on endojs/endo#1656 @kriskowal , similar to https://github.com/Agoric/agoric-sdk/discussions/8416 @dckc Makes the core-eval metadata available to `agoric run` so it can report more to the user. cc @michaelfig Adds a `--verbose` flag to report: <img width="687" alt="Screenshot 2024-06-13 at 1 46 28 PM" src="https://github.com/Agoric/agoric-sdk/assets/21505/b76b4d14-2fbd-45c2-b7a5-d94f964f2461"> Also a `scripts/stat-bundle.js` to stat a known bundle path. ### Security Considerations ### Scaling Considerations ### Documentation Considerations ### Testing Considerations ### Upgrade Considerations
refs: #1656 ## Description Spike on endojs/endo#1656 @kriskowal , similar to #8416 @dckc Makes the core-eval metadata available to `agoric run` so it can report more to the user. cc @michaelfig Adds a `--verbose` flag to report: <img width="687" alt="Screenshot 2024-06-13 at 1 46 28 PM" src="https://github.com/Agoric/agoric-sdk/assets/21505/b76b4d14-2fbd-45c2-b7a5-d94f964f2461"> Also a `scripts/stat-bundle.js` to stat a known bundle path. ### Security Considerations ### Scaling Considerations ### Documentation Considerations ### Testing Considerations ### Upgrade Considerations
refs: #1656 ## Description Spike on endojs/endo#1656 @kriskowal , similar to #8416 @dckc Makes the core-eval metadata available to `agoric run` so it can report more to the user. cc @michaelfig Adds a `--verbose` flag to report: <img width="687" alt="Screenshot 2024-06-13 at 1 46 28 PM" src="https://github.com/Agoric/agoric-sdk/assets/21505/b76b4d14-2fbd-45c2-b7a5-d94f964f2461"> Also a `scripts/stat-bundle.js` to stat a known bundle path. ### Security Considerations ### Scaling Considerations ### Documentation Considerations ### Testing Considerations ### Upgrade Considerations
refs: #9900 ## Description This uses the new `--elide-comments` option in Endo bundle-source to… elide comments. Always. Measured with: ``` cd a3p-integration rm -f **/b1-*.json* yarn build:submissions du -csh **/b1-*.json gzip **/b1-*.json du -csh **/b1-*.json.gz ``` Before: 26M (6.7M gz) After: 19M (4.1M gz) ### Security Considerations No change in runtime. Does affect code auditability. Existing bundles are base64 encoded so readers will have to find the sources anyway. Either way we will need to invest in special tooling: endojs/endo#1656 ### Scaling Considerations reduces on-chain storage ### Documentation Considerations End users who base64 decode the on-chain bundles will no longer see comments… I don't expect anyone was doing this. ### Testing Considerations existing coverage ### Upgrade Considerations won't affect any existing deployments
For the purposes of verifying the content and integrity of a bundle, as motivated by the need to audit governance proposals with Agoric chains, we need a tool that can verify the integrity of a bundle and extract it to the file system so an auditor can inspect the full working set of sources, without the distraction of adjacent files from the original source tree, notably in the absence of source maps.
Currently, we have
@endo/check-package
which provides the implementation of the integrity check. We also have most of the tools necessary for extraction between@endo/zip
andJSON.parse
. We just need a CLI veneer. That could be anendo subcommand
.This would be a substitute for the manual advice for validating a bundle:
jq -r .moduleFormat bundle.json
isendoZipBase64
jq -r .endoZipBase64 bundle.json | base64 -d > bundle.zip
(or the governance proposal can just refer to a zip file, or even a tarball)unzip bundle.zip
sha512sum compartmetn-map.json
must match the proposed bundle identifier!compartment-map.json
, every module description must include asha512
that matches thesha512sum
of the corresponding.js.pre.json
module file.jq -r '.__syncModuleProgram__' compartment/module.pre.js.json
The text was updated successfully, but these errors were encountered: