From 30c34b210ad4125f2b12e4cecd89a031e139fd3d Mon Sep 17 00:00:00 2001 From: tumberger Date: Sat, 4 Jan 2025 10:45:36 +0100 Subject: [PATCH 1/7] change prof validation response to account for blobs bundle in PBS block --- eth/block-validation/api.go | 73 +----------- eth/block-validation/api_test.go | 189 ++++++++++++++++--------------- 2 files changed, 100 insertions(+), 162 deletions(-) diff --git a/eth/block-validation/api.go b/eth/block-validation/api.go index e64748e3b..260c598ec 100644 --- a/eth/block-validation/api.go +++ b/eth/block-validation/api.go @@ -246,8 +246,8 @@ type ProfBundleRequest struct { } type ProfSimResp struct { - Value *uint256.Int - ExecutionPayload *builderApiDeneb.ExecutionPayloadAndBlobsBundle + Value *big.Int + FinalizedBlock *types.Block } func serializeBlock(block *types.Block) (string, error) { @@ -259,55 +259,6 @@ func serializeBlock(block *types.Block) (string, error) { return hex.EncodeToString(buf.Bytes()), nil } -func (api *BlockValidationAPI) AppendProfBundle(params *ProfSimReq) (*ProfSimResp, error) { - var err error - log.Info("PROF simulation called!") - log.Info(params.PbsPayload.String()) - - payload := params.PbsPayload.ExecutionPayload - blobsBundle := params.PbsPayload.BlobsBundle - profTransactionString := params.ProfBundle.Transactions - // convert hex prof transaction to bytes - profTransactionBytes := make([][]byte, len(profTransactionString)) - for i, tx := range profTransactionString { - profTransactionBytes[i], _ = hex.DecodeString(tx[2:]) // remove 0x // ignore error as it is prevalidated - } - - log.Info("blobs bundle", "blobs", len(blobsBundle.Blobs), "commits", len(blobsBundle.Commitments), "proofs", len(blobsBundle.Proofs)) - - block, err := engine.ExecutionPayloadV3ToBlockProf(payload, profTransactionBytes, blobsBundle, params.ParentBeaconBlockRoot) - if err != nil { - return nil, err - } - - // Serialize the block - blockData, err := serializeBlock(block) - if err != nil { - return nil, fmt.Errorf("failed to serialize block: %v", err) - } - - profValidationResp, err := api.ValidateProfBlock(blockData, params.ProposerFeeRecipient, params.RegisteredGasLimit) - if err != nil { - log.Error("invalid payload", "hash", block.Hash, "number", block.NumberU64(), "parentHash", block.ParentHash, "err", err) - return nil, err - } - - //TODO: this final check shouldn't be needed - profBlock, err := engine.ExecutionPayloadV3ToBlock(profValidationResp.ExecutionPayload.ExecutionPayload, profValidationResp.ExecutionPayload.BlobsBundle, params.ParentBeaconBlockRoot) - if err != nil { - log.Error("invalid profBlock", "err", err) - return nil, err - } - - log.Info("PROF Append Result", "Value", profValidationResp.Value.String(), "ExecutionPayload", profValidationResp.ExecutionPayload, "blockhash", profBlock.Hash().String(), "transactionroot", profBlock.TxHash().String()) - - // // no need to validate blobs bundle for prof block as prof transactions do not support blobs - // // ret := map[string]interface{}{} - - return profValidationResp, nil - -} - func (api *BlockValidationAPI) ValidateBuilderSubmissionV3(params *BuilderBlockValidationRequestV3) error { // TODO: fuzztest, make sure the validation is sound @@ -334,7 +285,6 @@ func (api *BlockValidationAPI) ValidateBuilderSubmissionV3(params *BuilderBlockV return nil } -// TODO : invalid profTransactions are not being filtered out currently, change the validateProfBlock method to pluck out the invalid transactions, blockhash would also change in that case func (api *BlockValidationAPI) ValidateProfBlock(blockData string, proposerFeeRecipient common.Address, registeredGasLimit uint64) (*ProfSimResp, error) { log.Info("VaPrBl: ValidateProfBlock called!") @@ -384,23 +334,10 @@ func (api *BlockValidationAPI) ValidateProfBlock(blockData string, proposerFeeRe return nil, err } profBlockFinal := profBlock.WithSeal(header) - log.Info("validated prof block", "number", profBlockFinal.NumberU64(), "parentHash", profBlockFinal.ParentHash()) - - valueBig := value.ToBig() - - log.Info("VaPrBl: valueBig", "valueBig", fmt.Sprintf("%+v", valueBig)) - - executableData := engine.BlockToExecutableData(profBlockFinal, valueBig, []*types.BlobTxSidecar{}) - - payload, err := getDenebPayload(executableData) - if err != nil { - log.Error("could not format execution payload", "err", err) - return nil, err - } - - log.Info("VaPrBl: payload", "payload", fmt.Sprintf("%+v", payload)) + log.Info("Validated prof block", "number", profBlockFinal.NumberU64(), "parentHash", profBlockFinal.ParentHash()) + log.Info("VaPrBl: valueBig", "valueBig", fmt.Sprintf("%+v", value.ToBig())) - return &ProfSimResp{value, payload}, nil + return &ProfSimResp{value.ToBig(), profBlockFinal}, nil } func (api *BlockValidationAPI) validateBlock(block *types.Block, msg *builderApiV1.BidTrace, registeredGasLimit uint64) error { diff --git a/eth/block-validation/api_test.go b/eth/block-validation/api_test.go index 35804e95a..91f355d5a 100644 --- a/eth/block-validation/api_test.go +++ b/eth/block-validation/api_test.go @@ -1117,97 +1117,98 @@ func TestValidateBuilderSubmissionV2_ExcludeWithdrawals(t *testing.T) { require.ErrorContains(t, api.ValidateBuilderSubmissionV2(req), "payment") } -func TestAppendProfBundle(t *testing.T) { - genesis, blocks := generateMergeChain(10, true) - - // Set cancun time to last block + 5 seconds - time := blocks[len(blocks)-1].Time() + 5 - genesis.Config.ShanghaiTime = &time - genesis.Config.CancunTime = &time - os.Setenv("BUILDER_TX_SIGNING_KEY", testBuilderKeyHex) - - n, ethservice := startEthService(t, genesis, blocks) - ethservice.Merger().ReachTTD() - defer n.Close() - - api := NewBlockValidationAPI(ethservice, nil, true, true) - parent := ethservice.BlockChain().CurrentHeader() - - api.eth.APIBackend.Miner().SetEtherbase(testBuilderAddr) - - statedb, _ := ethservice.BlockChain().StateAt(parent.Root) - nonce := statedb.GetNonce(testAddr) - signer := types.LatestSigner(ethservice.BlockChain().Config()) - - // Create transactions that transfer funds to the fee recipient - tx1, _ := types.SignTx(types.NewTransaction(nonce, testValidatorAddr, big.NewInt(10), 21000, big.NewInt(2*params.InitialBaseFee), nil), signer, testKey) - tx2, _ := types.SignTx(types.NewTransaction(nonce+1, testValidatorAddr, big.NewInt(20), 21000, big.NewInt(2*params.InitialBaseFee), nil), signer, testKey) - - txData1, _ := tx1.MarshalBinary() - txData2, _ := tx2.MarshalBinary() - - // Create a PBS payload - execData, err := assembleBlock(api, parent.Hash(), &engine.PayloadAttributes{ - Timestamp: parent.Time + 5, - SuggestedFeeRecipient: testValidatorAddr, - BeaconRoot: &common.Hash{42}, - }) - require.NoError(t, err) - - // Check if execData is nil - if execData == nil { - t.Fatal("execData is nil") - } - - payload, err := ExecutableDataToExecutionPayloadV3(execData) - require.NoError(t, err) - - // Check if payload is nil - if payload == nil { - t.Fatal("ExecutableDataToExecutionPayloadV3 returned nil") - } - - // Create ProfSimReq - profSimReq := &ProfSimReq{ - PbsPayload: &builderApiDeneb.ExecutionPayloadAndBlobsBundle{ - ExecutionPayload: payload, - BlobsBundle: &builderApiDeneb.BlobsBundle{ - Commitments: make([]deneb.KZGCommitment, 0), - Proofs: make([]deneb.KZGProof, 0), - Blobs: make([]deneb.Blob, 0), - }, - }, - ProfBundle: &ProfBundleRequest{ - slot: 0, - Transactions: []string{fmt.Sprintf("0x%x", txData1), fmt.Sprintf("0x%x", txData2)}, - bundleHash: phase0.Hash32{}, - }, - ParentBeaconBlockRoot: common.Hash{42}, - RegisteredGasLimit: execData.GasLimit, - ProposerFeeRecipient: testValidatorAddr, - } - - // Call AppendProfBundle - resp, err := api.AppendProfBundle(profSimReq) - require.NoError(t, err) - require.NotNil(t, resp) - - // Verify the response - require.NotNil(t, resp.Value) - require.NotNil(t, resp.ExecutionPayload) - - // Verify that the transactions were included - require.Equal(t, len(profSimReq.ProfBundle.Transactions)+len(payload.Transactions), len(resp.ExecutionPayload.ExecutionPayload.Transactions)) - - // Verify that the block hash changed - require.NotEqual(t, payload.BlockHash, resp.ExecutionPayload.ExecutionPayload.BlockHash) - - // Verify that the gas used increased - require.Greater(t, resp.ExecutionPayload.ExecutionPayload.GasUsed, payload.GasUsed) - - // Log both values - t.Logf("TEST value increase for fee recepient PROF: %s", resp.Value.String()) - - // Verify that the value is non-zero (some profit was made for the fee recipient) - require.True(t, resp.Value.Gt(uint256.NewInt(0))) -} +// TODO : Add test for ValidateProfBlock +// func TestAppendProfBundle(t *testing.T) { +// genesis, blocks := generateMergeChain(10, true) + +// // Set cancun time to last block + 5 seconds +// time := blocks[len(blocks)-1].Time() + 5 +// genesis.Config.ShanghaiTime = &time +// genesis.Config.CancunTime = &time +// os.Setenv("BUILDER_TX_SIGNING_KEY", testBuilderKeyHex) + +// n, ethservice := startEthService(t, genesis, blocks) +// ethservice.Merger().ReachTTD() +// defer n.Close() + +// api := NewBlockValidationAPI(ethservice, nil, true, true) +// parent := ethservice.BlockChain().CurrentHeader() + +// api.eth.APIBackend.Miner().SetEtherbase(testBuilderAddr) + +// statedb, _ := ethservice.BlockChain().StateAt(parent.Root) +// nonce := statedb.GetNonce(testAddr) +// signer := types.LatestSigner(ethservice.BlockChain().Config()) + +// // Create transactions that transfer funds to the fee recipient +// tx1, _ := types.SignTx(types.NewTransaction(nonce, testValidatorAddr, big.NewInt(10), 21000, big.NewInt(2*params.InitialBaseFee), nil), signer, testKey) +// tx2, _ := types.SignTx(types.NewTransaction(nonce+1, testValidatorAddr, big.NewInt(20), 21000, big.NewInt(2*params.InitialBaseFee), nil), signer, testKey) + +// txData1, _ := tx1.MarshalBinary() +// txData2, _ := tx2.MarshalBinary() + +// // Create a PBS payload +// execData, err := assembleBlock(api, parent.Hash(), &engine.PayloadAttributes{ +// Timestamp: parent.Time + 5, +// SuggestedFeeRecipient: testValidatorAddr, +// BeaconRoot: &common.Hash{42}, +// }) +// require.NoError(t, err) + +// // Check if execData is nil +// if execData == nil { +// t.Fatal("execData is nil") +// } + +// payload, err := ExecutableDataToExecutionPayloadV3(execData) +// require.NoError(t, err) + +// // Check if payload is nil +// if payload == nil { +// t.Fatal("ExecutableDataToExecutionPayloadV3 returned nil") +// } + +// // Create ProfSimReq +// profSimReq := &ProfSimReq{ +// PbsPayload: &builderApiDeneb.ExecutionPayloadAndBlobsBundle{ +// ExecutionPayload: payload, +// BlobsBundle: &builderApiDeneb.BlobsBundle{ +// Commitments: make([]deneb.KZGCommitment, 0), +// Proofs: make([]deneb.KZGProof, 0), +// Blobs: make([]deneb.Blob, 0), +// }, +// }, +// ProfBundle: &ProfBundleRequest{ +// slot: 0, +// Transactions: []string{fmt.Sprintf("0x%x", txData1), fmt.Sprintf("0x%x", txData2)}, +// bundleHash: phase0.Hash32{}, +// }, +// ParentBeaconBlockRoot: common.Hash{42}, +// RegisteredGasLimit: execData.GasLimit, +// ProposerFeeRecipient: testValidatorAddr, +// } + +// // Call AppendProfBundle +// resp, err := api.AppendProfBundle(profSimReq) +// require.NoError(t, err) +// require.NotNil(t, resp) + +// // Verify the response +// require.NotNil(t, resp.Value) +// require.NotNil(t, resp.ExecutionPayload) + +// // Verify that the transactions were included +// require.Equal(t, len(profSimReq.ProfBundle.Transactions)+len(payload.Transactions), len(resp.ExecutionPayload.ExecutionPayload.Transactions)) + +// // Verify that the block hash changed +// require.NotEqual(t, payload.BlockHash, resp.ExecutionPayload.ExecutionPayload.BlockHash) + +// // Verify that the gas used increased +// require.Greater(t, resp.ExecutionPayload.ExecutionPayload.GasUsed, payload.GasUsed) + +// // Log both values +// t.Logf("TEST value increase for fee recepient PROF: %s", resp.Value.String()) + +// // Verify that the value is non-zero (some profit was made for the fee recipient) +// require.True(t, resp.Value.Gt(uint256.NewInt(0))) +// } From 7258888e739753d5895b053e758557490a5ba1ee Mon Sep 17 00:00:00 2001 From: tumberger Date: Sat, 4 Jan 2025 12:56:44 +0100 Subject: [PATCH 2/7] serialize block before returning --- eth/block-validation/api.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/eth/block-validation/api.go b/eth/block-validation/api.go index 260c598ec..a42135920 100644 --- a/eth/block-validation/api.go +++ b/eth/block-validation/api.go @@ -247,7 +247,7 @@ type ProfBundleRequest struct { type ProfSimResp struct { Value *big.Int - FinalizedBlock *types.Block + FinalizedBlock string } func serializeBlock(block *types.Block) (string, error) { @@ -337,7 +337,12 @@ func (api *BlockValidationAPI) ValidateProfBlock(blockData string, proposerFeeRe log.Info("Validated prof block", "number", profBlockFinal.NumberU64(), "parentHash", profBlockFinal.ParentHash()) log.Info("VaPrBl: valueBig", "valueBig", fmt.Sprintf("%+v", value.ToBig())) - return &ProfSimResp{value.ToBig(), profBlockFinal}, nil + serializedBlock, err := serializeBlock(profBlockFinal) + if err != nil { + return nil, err + } + + return &ProfSimResp{value.ToBig(), serializedBlock}, nil } func (api *BlockValidationAPI) validateBlock(block *types.Block, msg *builderApiV1.BidTrace, registeredGasLimit uint64) error { From 26d7b1aef42d8d6d35b4a3c19670718a426d473a Mon Sep 17 00:00:00 2001 From: Tobias Date: Sat, 4 Jan 2025 13:51:44 +0100 Subject: [PATCH 3/7] Add MegaLinter GitHub Action --- .github/workflows/mega-linter.yaml | 56 ++++++++++++++++++++++++++++++ .mega-linter.yml | 18 ++++++++++ 2 files changed, 74 insertions(+) create mode 100644 .github/workflows/mega-linter.yaml create mode 100644 .mega-linter.yml diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml new file mode 100644 index 000000000..269161731 --- /dev/null +++ b/.github/workflows/mega-linter.yaml @@ -0,0 +1,56 @@ +--- + # MegaLinter GitHub Action configuration file + # More info at https://megalinter.io + name: MegaLinter + + on: + pull_request: + branches: [main] + + permissions: read-all + + env: # Comment env block if you don't want to apply fixes + # Apply linter fixes configuration + APPLY_FIXES: all # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool) + APPLY_FIXES_EVENT: none # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all) + APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request) + + concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + + jobs: + megalinter: + name: MegaLinter + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + pull-requests: write + steps: + # Git Checkout + - name: Checkout Code + uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} + fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances + # MegaLinter + - name: MegaLinter + id: ml + # deployed v8.3.0, https://github.com/oxsecurity/megalinter/releases/tag/v8.3.0 + uses: oxsecurity/megalinter@1fc052d03c7a43c78fe0fee19c9d648b749e0c01 + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} # Validates all source when push on main, else just the git diff with main. Override with true if you always want to lint all sources + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Upload MegaLinter artifacts + - name: Archive production artifacts + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log + \ No newline at end of file diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 000000000..3f4ba721a --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,18 @@ +--- +# Configuration file for MegaLinter +# See all available variables at https://megalinter.io/configuration/ and in linters documentation + +DISABLE_LINTERS: + - GO_GOLANGCI_LINT + - SPELL_CSPELL + - SPELL_LYCHEE + +DISABLE_ERRORS_LINTERS: + - COPYPASTE_JSCPD + - REPOSITORY_DEVSKIM + - REPOSITORY_KICS + +EMAIL_REPORTER: false +FILEIO_REPORTER: false +MARKDOWN_SUMMARY_REPORTER: true +SHOW_ELAPSED_TIME: true \ No newline at end of file From 4374b491a7b2d8e223553e96afffec6f2d109784 Mon Sep 17 00:00:00 2001 From: Tobias Date: Tue, 7 Jan 2025 13:26:10 +0100 Subject: [PATCH 4/7] Add push trigger for MegaLinter on main branch --- .github/workflows/mega-linter.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml index 269161731..ed6dd848a 100644 --- a/.github/workflows/mega-linter.yaml +++ b/.github/workflows/mega-linter.yaml @@ -4,6 +4,8 @@ name: MegaLinter on: + push: + branches: [main] pull_request: branches: [main] From 63181151502098499dc44a0a720efc12cf201af1 Mon Sep 17 00:00:00 2001 From: Tobias Date: Tue, 7 Jan 2025 16:42:36 +0100 Subject: [PATCH 5/7] Fix security linter findings --- .github/workflows/build-and-publish.yml | 2 ++ Dockerfile | 21 ++++++++++---- go.mod | 16 +++++------ go.sum | 37 ++++++++++++------------- 4 files changed, 43 insertions(+), 33 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 61796b6d7..46c023f1c 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -9,6 +9,8 @@ on: branches: - main +permissions: read-all + env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} diff --git a/Dockerfile b/Dockerfile index ed69a0478..ccf1b5200 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,18 +8,27 @@ FROM golang:1.21-alpine as builder RUN apk add --no-cache gcc musl-dev linux-headers git +# Set the working directory +WORKDIR /go-ethereum + # Get dependencies - will also be cached if we won't change go.mod/go.sum -COPY go.mod /go-ethereum/ -COPY go.sum /go-ethereum/ -RUN cd /go-ethereum && go mod download +COPY go.mod . +COPY go.sum . +RUN go mod download -ADD . /go-ethereum -RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/geth +# Add source code and build +ADD . . +RUN go run build/ci.go install -static ./cmd/geth # Pull Geth into a second stage deploy alpine container -FROM alpine:latest +FROM alpine:3.21 RUN apk add --no-cache ca-certificates + +# Create a user to run the service +RUN adduser -D -g '' appuser +USER appuser + COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/ EXPOSE 8545 8546 30303 30303/udp diff --git a/go.mod b/go.mod index b315ccdfe..3f931b4f2 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/deckarep/golang-set/v2 v2.1.0 github.com/dop251/goja v0.0.0-20230806174421-c933cf95e127 github.com/ethereum/c-kzg-4844 v0.4.0 - github.com/fatih/color v1.15.0 + github.com/fatih/color v1.16.0 github.com/ferranbt/fastssz v0.1.3 github.com/fjl/gencodec v0.0.0-20230517082657-f9840df7b83e github.com/fjl/memsize v0.0.2 @@ -36,7 +36,7 @@ require ( github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff github.com/gballet/go-verkle v0.1.1-0.20231031103413-a67434b50f46 github.com/gofrs/flock v0.8.1 - github.com/golang-jwt/jwt/v4 v4.5.0 + github.com/golang-jwt/jwt/v4 v4.5.1 github.com/golang/protobuf v1.5.4 github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb github.com/google/gofuzz v1.2.0 @@ -74,11 +74,11 @@ require ( github.com/tyler-smith/go-bip39 v1.1.0 github.com/urfave/cli/v2 v2.25.7 go.uber.org/automaxprocs v1.5.2 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.32.0 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa - golang.org/x/sync v0.8.0 - golang.org/x/sys v0.24.0 - golang.org/x/text v0.17.0 + golang.org/x/sync v0.10.0 + golang.org/x/sys v0.29.0 + golang.org/x/text v0.21.0 golang.org/x/time v0.3.0 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d google.golang.org/grpc v1.67.1 @@ -137,7 +137,7 @@ require ( github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.4 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kilic/bls12-381 v0.1.0 // indirect @@ -164,7 +164,7 @@ require ( github.com/tklauser/numcpus v0.6.1 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.28.0 // indirect + golang.org/x/net v0.34.0 // indirect google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v2 v2.4.0 // indirect rsc.io/tmplfunc v0.0.3 // indirect diff --git a/go.sum b/go.sum index 308461e97..afba46230 100644 --- a/go.sum +++ b/go.sum @@ -152,8 +152,8 @@ github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHj github.com/ethereum/c-kzg-4844 v0.4.0 h1:3MS1s4JtA868KpJxroZoepdV0ZKBp3u/O5HcZ7R3nlY= github.com/ethereum/c-kzg-4844 v0.4.0/go.mod h1:VewdlzQmpT5QSrVhbBuGoCdFJkpaJlO1aQputP83wc0= github.com/fasthttp-contrib/websocket v0.0.0-20160511215533-1f3b11f56072/go.mod h1:duJ4Jxv5lDcvg4QuQr0oowTf7dz4/CR8NtyCooz9HL8= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/ferranbt/fastssz v0.1.3 h1:ZI+z3JH05h4kgmFXdHuR1aWYsgrg7o+Fw7/NCzM16Mo= github.com/ferranbt/fastssz v0.1.3/go.mod h1:0Y9TEd/9XuFlh7mskMPfXiI2Dkw4Ddg9EyXt1W7MRvE= @@ -220,8 +220,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/gogo/status v1.1.0/go.mod h1:BFv9nrluPLmrS0EmGVvLaPNmRosr9KapBYd5/hpY1WM= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -280,11 +280,10 @@ github.com/hashicorp/go-bexpr v0.1.10 h1:9kuI5PFotCboP3dkDYFr/wi0gg0QVbSNz5oFRpx github.com/hashicorp/go-bexpr v0.1.10/go.mod h1:oxlubA2vC/gFVfX1A6JGp7ls7uCDlfJn732ehYYg+g0= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= -github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= -github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/holiman/billy v0.0.0-20240216141850-2abb0c79d3c4 h1:X4egAf/gcS1zATw6wn4Ej8vjuVGxeHdan+bRb2ebyv4= @@ -567,8 +566,8 @@ golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= @@ -606,8 +605,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211008194852-3b03d305991f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -618,8 +617,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -663,8 +662,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -675,8 +674,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= From f514a65020f3bd24aacfc6d3b391de769d920126 Mon Sep 17 00:00:00 2001 From: Tobias Date: Tue, 7 Jan 2025 16:45:32 +0100 Subject: [PATCH 6/7] Rename unused actions to disable them --- .github/workflows/{go.yml => go.yml_} | 0 .github/workflows/{release.yml => release.yml_} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{go.yml => go.yml_} (100%) rename .github/workflows/{release.yml => release.yml_} (100%) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml_ similarity index 100% rename from .github/workflows/go.yml rename to .github/workflows/go.yml_ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml_ similarity index 100% rename from .github/workflows/release.yml rename to .github/workflows/release.yml_ From 9b18fb2c0370632d69313f6b891b448759bd741b Mon Sep 17 00:00:00 2001 From: Tobias Date: Tue, 7 Jan 2025 17:23:40 +0100 Subject: [PATCH 7/7] Fix Dockerfile linter warnings --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index ccf1b5200..fd5f4ba63 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,16 +17,16 @@ COPY go.sum . RUN go mod download # Add source code and build -ADD . . +COPY . . RUN go run build/ci.go install -static ./cmd/geth # Pull Geth into a second stage deploy alpine container FROM alpine:3.21 -RUN apk add --no-cache ca-certificates +# Install ca-certificates, create a user to run the service +RUN apk add --no-cache ca-certificates && \ + adduser -D -g '' appuser -# Create a user to run the service -RUN adduser -D -g '' appuser USER appuser COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/