Skip to content

Commit

Permalink
Support eth2-val-tools keys (#1508)
Browse files Browse the repository at this point in the history 
* Fix Prysm genesis

* Still default to Goerli

* Add support for eth2-val-tools keys
  • Loading branch information
@yorickdowne
yorickdowne authored Sep 10, 2023
1 parent 664092b commit d6fb49f
Show file tree
Hide file tree
Showing 3 changed files with 78 additions and 18 deletions.
2 changes: 1 addition & 1 deletion prysm-vc-only.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ services:
- KEY_API_PORT=${KEY_API_PORT:-7500}
- WEB3SIGNER=${WEB3SIGNER:-false}
- CL_NODE=${CL_NODE}
- PRYSM="true"
- PRYSM=true
depends_on:
- validator
entrypoint:
Expand Down
2 changes: 1 addition & 1 deletion prysm.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ services:
- KEY_API_PORT=${KEY_API_PORT:-7500}
- WEB3SIGNER=${WEB3SIGNER:-false}
- CL_NODE=${CL_NODE}
- PRYSM="true"
- PRYSM=true
depends_on:
- validator
entrypoint:
Expand Down
92 changes: 76 additions & 16 deletions vc-utils/keymanager.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -488,13 +488,44 @@ validator-delete() {
}

validator-import() {
__num_files=$(find /validator_keys -maxdepth 1 -type f -name 'keystore*.json' | wc -l)
__eth2_val_tools=0
__depth=1
__key_root_dir=/validator_keys

__num_dirs=$(find /validator_keys -maxdepth 1 -type d -name '0x*' | wc -l)
if [ "$__pass" -eq 1 ] && [ "$__num_dirs" -gt 0 ]; then
echo "Found $__num_dirs directories starting with 0x. If these are from eth2-val-tools, please copy the keys and secrets directories into .eth/validator_keys instead."
echo
fi

if [ "$__pass" -eq 1 ] && [ -d /validator_keys/keys ]; then
if [ -d /validator_keys/secrets ]; then
echo "keys and secrets directories found, assuming keys generated by eth2-val-tools"
echo "Keystore files directly under .eth/validator_keys will be imported in a second pass"
echo
__eth2_val_tools=1
__depth=2
__key_root_dir=/validator_keys/keys
else
echo "Found a keys directory but no secrets directory. This may be an incomplete eth2-val-tools output. Skipping."
echo
fi
fi
__num_files=$(find "$__key_root_dir" -maxdepth "$__depth" -type f -name '*keystore*.json' | wc -l)
if [ "$__num_files" -eq 0 ]; then
echo "No keystore*.json files found in .eth/validator_keys/"
echo "Nothing to do"
if [ "$__pass" -eq 1 ]; then
echo "No *keystore*.json files found in .eth/validator_keys/"
echo "Nothing to do"
fi
exit 0
fi

if [ "$__pass" -eq 2 ]; then
echo
echo "Now importing keystore files directly under .eth/validator_keys"
echo
fi

__non_interactive=0
if echo "$@" | grep -q '.*--non-interactive.*' 2>/dev/null ; then
__non_interactive=1
Expand All @@ -516,7 +547,7 @@ validator-import() {
* ) echo "Please answer yes or no.";;
esac
done
if [ "$__num_files" -gt 1 ]; then
if [ "$__eth2_val_tools" -eq 0 ] && [ "$__num_files" -gt 1 ]; then
while true; do
read -rp "Do all validator keys have the same password? (y/n) " yn
case $yn in
Expand All @@ -528,7 +559,7 @@ validator-import() {
else
__justone=1
fi
if [ $__justone -eq 1 ]; then
if [ "$__eth2_val_tools" -eq 0 ] && [ $__justone -eq 1 ]; then
while true; do
read -srp "Please enter the password for your validator key(s): " __password
echo
Expand All @@ -550,10 +581,28 @@ validator-import() {
__registered=0
__reg_skipped=0
__reg_errored=0
for __keyfile in /validator_keys/keystore*.json; do
while IFS= read -r __keyfile; do
[ -f "$__keyfile" ] || continue
__pubkey=0x$(jq -r '.pubkey' < "$__keyfile")
if [ $__justone -eq 0 ]; then
__keydir=$(dirname "$__keyfile")
__pubkey=0x$(jq -r '.pubkey' "$__keyfile")
if [ "$__pubkey" = "0xnull" ]; then
echo "The file $__keyfile does not specify a pubkey. Maybe it is a Prysm wallet file?"
echo "Even for Prysm, please use the individual keystore files as generated by staking-deposit-cli, or for eth2-val-tools copy the keys and secrets directories into .eth/validator_keys."
echo "Skipping."
echo
(( __skipped+=1 ))
continue
fi
if [ $__eth2_val_tools -eq 1 ]; then
if [ -f /validator_keys/secrets/"$(basename "$__keydir")" ]; then
__password=$(</validator_keys/secrets/"$(basename "$__keydir")")
else
echo "Password file /validator_keys/secrets/$(basename "$__keydir") not found. Skipping key import."
(( __skipped+=1 ))
continue
fi
fi
if [ $__eth2_val_tools -eq 0 ] && [ $__justone -eq 0 ]; then
while true; do
read -srp "Please enter the password for your validator key stored in $__keyfile with public key $__pubkey: " __password
echo
Expand All @@ -570,7 +619,7 @@ validator-import() {
fi
__do_a_protec=0
__found_one=0
for __protectfile in /validator_keys/slashing_protection*.json; do
for __protectfile in "$__keydir"/slashing_protection*.json; do
[ -f "$__protectfile" ] || continue
if grep -q "$__pubkey" "$__protectfile"; then
__found_one=1
Expand All @@ -586,7 +635,7 @@ validator-import() {
break
fi
done
if [ "${__found_one}" -eq 0 ]; then
if [ "$__eth2_val_tools" -eq 0 ] && [ "${__found_one}" -eq 0 ]; then
echo "No viable slashing protection import file found for $__pubkey."
echo "This is expected if this is a new key."
echo "Proceeding without slashing protection import."
Expand All @@ -598,6 +647,7 @@ validator-import() {
__protect_json=""
fi
echo "$__protect_json" > /tmp/protect.json

if [ "$__do_a_protec" -eq 0 ]; then
jq --arg keystore_value "$__keystore_json" --arg password_value "$__password" '. | .keystores += [$keystore_value] | .passwords += [$password_value]' <<< '{}' >/tmp/apidata.txt
else
Expand Down Expand Up @@ -661,7 +711,11 @@ validator-import() {
__api_port=${__vc_api_port}
__api_tls=${__vc_api_tls}

jq --arg pubkey_value "$__pubkey" --arg url_value "http://web3signer:9000" '. | .remote_keys += [{"pubkey": $pubkey_value, "url": $url_value}]' <<< '{}' >/tmp/apidata.txt
if [ -z "${PRYSM:+x}" ]; then
jq --arg pubkey_value "$__pubkey" --arg url_value "http://web3signer:9000" '. | .remote_keys += [{"pubkey": $pubkey_value, "url": $url_value}]' <<< '{}' >/tmp/apidata.txt
else
jq --arg pubkey_value "$__pubkey" --arg url_value "http://web3signer:9000" '. | .remote_keys += [{"pubkey": $pubkey_value}]' <<< '{}' >/tmp/apidata.txt
fi

get-token
__api_data=@/tmp/apidata.txt
Expand All @@ -685,17 +739,14 @@ validator-import() {
error)
echo "An error was encountered trying to register the key $__pubkey:"
echo "$__result" | jq -r '.data[].message'
echo
(( __reg_errored+=1 ))
;;
imported)
echo "Validator key was successfully registered with validator client: $__pubkey"
echo
(( __registered+=1 ))
;;
duplicate)
echo "Validator key is a duplicate and registration was skipped: $__pubkey"
echo
(( __reg_skipped+=1 ))
;;
*)
Expand All @@ -705,7 +756,7 @@ validator-import() {
esac
fi
echo
done
done < <(find "$__key_root_dir" -maxdepth "$__depth" -name '*keystore*.json')

echo "Imported $__imported keys"
if [ "$WEB3SIGNER" = "true" ]; then
Expand Down Expand Up @@ -757,7 +808,11 @@ validator-register() {

__w3s_pubkeys="$(echo "$__result" | jq -r '.data[].validating_pubkey')"
while IFS= read -r __pubkey; do
jq --arg pubkey_value "$__pubkey" --arg url_value "http://web3signer:9000" '. | .remote_keys += [{"pubkey": $pubkey_value, "url": $url_value}]' <<< '{}' >/tmp/apidata.txt
if [ -z "${PRYSM:+x}" ]; then
jq --arg pubkey_value "$__pubkey" --arg url_value "http://web3signer:9000" '. | .remote_keys += [{"pubkey": $pubkey_value, "url": $url_value}]' <<< '{}' >/tmp/apidata.txt
else
jq --arg pubkey_value "$__pubkey" --arg url_value "http://web3signer:9000" '. | .remote_keys += [{"pubkey": $pubkey_value}]' <<< '{}' >/tmp/apidata.txt
fi

__api_data=@/tmp/apidata.txt
__api_path=eth/v1/remotekeys
Expand Down Expand Up @@ -941,7 +996,12 @@ case "$3" in
import)
__web3signer_check
shift 3
__pass=1
validator-import "$@"
if [ $__eth2_val_tools -eq 1 ]; then
__pass=2
validator-import "$@"
fi
;;
register)
validator-register
Expand Down

0 comments on commit d6fb49f

Please sign in to comment.