Mb/test gha

.github/workflows/ci.yml

@@ -33,4 +33,6 @@ jobs:
         uses: actions/checkout@v4
       - name: Install stable toolchain
         uses: dtolnay/rust-toolchain@stable
-      - run: cargo test --all-features
+      - run: cargo test --all-features
+        env:
+          CB_TESTS_DIR: ${{ runner.temp }}

Cargo.toml

@@ -55,6 +55,8 @@ toml = "0.8.13"
 serde = { version = "1.0.202", features = ["derive"] }
 serde_json = "1.0.117"
 serde_yaml = "0.9.33"
+base64 = "0.22.1"
+unicode-normalization = "0.1.24"
 
 # telemetry
 tracing = "0.1.40"
@@ -68,6 +70,11 @@ tree_hash = "0.8"
 tree_hash_derive = "0.8"
 eth2_keystore = { git = "https://github.com/sigp/lighthouse", rev = "9e12c21f268c80a3f002ae0ca27477f9f512eb6f" }
 k256 = "0.13"
+aes = "0.8"
+ctr = "0.9.2"
+cipher = "0.4"
+pbkdf2 = "0.12.2"
+sha2 = "0.10.8"
 
 # docker
 docker-compose-types = "0.12.0"

config.example.toml

@@ -3,7 +3,7 @@
 
 # Chain spec ID. Supported values:
 # A network ID. Supported values: Mainnet, Holesky, Sepolia, Helder.
-# A path to a chain spec file, either in .json format (e.g., as returned by the beacon endpoint /eth/v1/config/spec), or in .yml format (see examples in tests/data).
+# A custom object, e.g., chain = { genesis_time_secs = 1695902400, path = "/path/to/spec.json" }, with a path to a chain spec file, either in .json format (e.g., as returned by the beacon endpoint /eth/v1/config/spec), or in .yml format (see examples in tests/data).
 # A custom object, e.g., chain = { genesis_time_secs = 1695902400, slot_time_secs = 12, genesis_fork_version = "0x01017000" }.
 chain = "Holesky"
 
@@ -97,6 +97,32 @@ target_first_request_ms = 200
 # OPTIONAL
 frequency_get_header_ms = 300
 
+# Configuration for the PBS multiplexers, which enable different configs to be used for get header requests, depending on validator pubkey
+# Note that:
+# - multiple sets of keys can be defined by adding multiple [[mux]] sections. The validator pubkey sets need to be disjoint
+# - the mux is only used for get header requests
+# - if any value is missing from the mux config, the default value from the main config will be used
+[[mux]]
+# Unique ID for the mux config
+id = "test_mux"
+# Which validator pubkeys to match against this mux config. This can be empty or omitted if a loader is specified. 
+# Any keys loaded via the loader will be added to this list.
+validator_pubkeys = [
+    "0x80c7f782b2467c5898c5516a8b6595d75623960b4afc4f71ee07d40985d20e117ba35e7cd352a3e75fb85a8668a3b745",
+    "0xa119589bb33ef52acbb8116832bec2b58fca590fe5c85eac5d3230b44d5bc09fe73ccd21f88eab31d6de16194d17782e",
+]
+# Path to a file containing a list of validator pubkeys
+# OPTIONAL
+loader = "./mux_keys.example.json"
+timeout_get_header_ms = 900
+late_in_slot_time_ms = 1500
+# For each mux, one or more [[pbs_mux.relays]] can be defined, which will be used for the matching validator pubkeys
+# Only the relays defined here will be used, and the rest of the relays defined in the main config will be ignored
+# Any field defined here will override the default value from the relay config with the same id in [[relays]]
+[[mux.relays]]
+id = "example-relay"
+headers = { X-MyCustomHeader = "ADifferentCustomValue" }
+
 # Configuration for the Signer Module, only required if any `commit` module is present, or if `pbs.with_signer = true`
 # OPTIONAL
 [signer]
@@ -105,20 +131,35 @@ frequency_get_header_ms = 300
 docker_image = "ghcr.io/commit-boost/signer:latest"
 # Configuration for how the Signer module should load validator keys. Currently two types of loaders are supported:
 #   - File: load keys from a plain text file (unsafe, use only for testing purposes)
-#   - ValidatorsDir: load keys from a `keys` and `secrets` folder (ERC-2335 style keystores as used in Lighthouse)
+#   - ValidatorsDir: load keys from a `keys` and `secrets` file/folder (ERC-2335 style keystores). More details can be found in the docs (https://commit-boost.github.io/commit-boost-client/get_started/configuration/)
 [signer.loader]
 # File: path to the keys file
 key_path = "./keys.example.json"
-# ValidatorsDir: path to the keys directory
+# ValidatorsDir: format of the keystore (lighthouse, prysm, teku or lodestar)
+# format = "lighthouse"
+# ValidatorsDir: full path to the keys directory
+# For lighthouse, it's de path to the directory where the `<pubkey>/voting-keystore.json` directories are located.
+# For prysm, it's the path to the `all-accounts.keystore.json` file.
+# For teku, it's the path to the directory where all `<pubkey>.json` files are located.
+# For lodestar, it's the path to the directory where all `<pubkey>.json` files are located.
 # keys_path = ""
-# ValidatorsDir: path to the secrets directory
+# ValidatorsDir: full path to the secrets file/directory
+# For lighthouse, it's de path to the directory where the `<pubkey>.json` files are located.
+# For prysm, it's the path to the file containing the wallet decryption password.
+# For teku, it's the path to the directory where all `<pubkey>.txt` files are located.
+# For lodestar, it's the path to the file containing the decryption password.
 # secrets_path = ""
-# Configuration for how the Signer module should store proxy delegations. Currently one type of store is supported:
+# Configuration for how the Signer module should store proxy delegations. Supported types of store are:
 #   - File: store keys and delegations from a plain text file (unsafe, use only for testing purposes)
+#   - ERC2335: store keys and delegations safely using ERC-2335 style keystores. More details can be found in the docs (https://commit-boost.github.io/commit-boost-client/get_started/configuration#proxy-keys-store)
 # OPTIONAL, if missing proxies are lost on restart
 [signer.store]
 # File: path to the keys file
 proxy_dir = "./proxies"
+# ERC2335: path to the keys directory
+# keys_path = ""
+# ERC2335: path to the secrets directory
+# secrets_path = ""
 
 # Commit-Boost can optionally run "modules" which extend the capabilities of the sidecar.
 # Currently, two types of modules are supported:

configs/custom_chain.toml

@@ -0,0 +1,11 @@
+# PBS config with a custom chain spec file
+
+# genesis time in seconds needs to be specified
+chain = { genesis_time_secs = 100, path = "tests/data/holesky_spec.json" }
+
+[pbs]
+port = 18550
+
+[[relays]]
+id = "example-relay"
+url = "http://0xa1cec75a3f0661e99299274182938151e8433c61a19222347ea1313d839229cb4ce4e3e5aa2bdeb71c8fcf1b084963c2@abc.xyz"

configs/pbs-mux.toml

@@ -0,0 +1,31 @@
+# PBS config with a mux for a single validator
+
+chain = "Holesky"
+
+[pbs]
+port = 18550
+timeout_get_header_ms = 950
+late_in_slot_time_ms = 2000
+
+[[relays]]
+id = "relay-1"
+url = "http://0xa1cec75a3f0661e99299274182938151e8433c61a19222347ea1313d839229cb4ce4e3e5aa2bdeb71c8fcf1b084963c2@abc.xyz"
+
+[[relays]]
+id = "relay-2"
+url = "http://0xa119589bb33ef52acbb8116832bec2b58fca590fe5c85eac5d3230b44d5bc09fe73ccd21f88eab31d6de16194d17782e@def.xyz"
+enable_timing_games = true
+target_first_request_ms = 200
+
+[[mux]]
+id = "test_mux"
+validator_pubkeys = [
+    "0x80c7f782b2467c5898c5516a8b6595d75623960b4afc4f71ee07d40985d20e117ba35e7cd352a3e75fb85a8668a3b745",
+]
+loader = "./mux_keys.example.json"
+timeout_get_header_ms = 900
+late_in_slot_time_ms = 1500
+
+[[mux.relays]]
+id = "relay-2"
+enable_timing_games = false

crates/cli/src/docker_init.rs

@@ -9,7 +9,8 @@ use cb_common::{
         CommitBoostConfig, LogsSettings, ModuleKind, BUILDER_PORT_ENV, BUILDER_URLS_ENV,
         CHAIN_SPEC_ENV, CONFIG_DEFAULT, CONFIG_ENV, JWTS_ENV, LOGS_DIR_DEFAULT, LOGS_DIR_ENV,
         METRICS_PORT_ENV, MODULE_ID_ENV, MODULE_JWT_ENV, PBS_ENDPOINT_ENV, PBS_MODULE_NAME,
-        PROXY_DIR_DEFAULT, PROXY_DIR_ENV, SIGNER_DEFAULT, SIGNER_DIR_KEYS_DEFAULT,
+        PROXY_DIR_DEFAULT, PROXY_DIR_ENV, PROXY_DIR_KEYS_DEFAULT, PROXY_DIR_KEYS_ENV,
+        PROXY_DIR_SECRETS_DEFAULT, PROXY_DIR_SECRETS_ENV, SIGNER_DEFAULT, SIGNER_DIR_KEYS_DEFAULT,
         SIGNER_DIR_KEYS_ENV, SIGNER_DIR_SECRETS_DEFAULT, SIGNER_DIR_SECRETS_ENV, SIGNER_KEYS_ENV,
         SIGNER_MODULE_NAME, SIGNER_PORT_ENV, SIGNER_URL_ENV,
     },
@@ -219,6 +220,17 @@ pub fn handle_docker_init(config_path: String, output_dir: String) -> Result<()>
     }
 
     let mut pbs_envs = IndexMap::from([get_env_val(CONFIG_ENV, CONFIG_DEFAULT)]);
+    let mut pbs_volumes = vec![config_volume.clone()];
+
+    if let Some(mux_config) = cb_config.muxes {
+        for mux in mux_config.muxes.iter() {
+            if let Some((env_name, actual_path, internal_path)) = mux.loader_env() {
+                let (key, val) = get_env_val(&env_name, &internal_path);
+                pbs_envs.insert(key, val);
+                pbs_volumes.push(Volumes::Simple(format!("{}:{}:ro", actual_path, internal_path)));
+            }
+        }
+    }
 
     if let Some((key, val)) = chain_spec_env.clone() {
         pbs_envs.insert(key, val);
@@ -251,7 +263,6 @@ pub fn handle_docker_init(config_path: String, output_dir: String) -> Result<()>
     pbs_envs.insert(key, val);
 
     // volumes
-    let mut pbs_volumes = vec![config_volume.clone()];
     pbs_volumes.extend(chain_spec_volume.clone());
     pbs_volumes.extend(get_log_volume(&cb_config.logs, PBS_MODULE_NAME));
 
@@ -319,7 +330,7 @@ pub fn handle_docker_init(config_path: String, output_dir: String) -> Result<()>
                     let (k, v) = get_env_val(SIGNER_KEYS_ENV, SIGNER_DEFAULT);
                     signer_envs.insert(k, v);
                 }
-                SignerLoader::ValidatorsDir { keys_path, secrets_path } => {
+                SignerLoader::ValidatorsDir { keys_path, secrets_path, format: _ } => {
                     volumes.push(Volumes::Simple(format!(
                         "{}:{}:ro",
                         keys_path.display(),
@@ -349,6 +360,23 @@ pub fn handle_docker_init(config_path: String, output_dir: String) -> Result<()>
                         let (k, v) = get_env_val(PROXY_DIR_ENV, PROXY_DIR_DEFAULT);
                         signer_envs.insert(k, v);
                     }
+                    ProxyStore::ERC2335 { keys_path, secrets_path } => {
+                        volumes.push(Volumes::Simple(format!(
+                            "{}:{}:rw",
+                            keys_path.display(),
+                            PROXY_DIR_KEYS_DEFAULT
+                        )));
+                        let (k, v) = get_env_val(PROXY_DIR_KEYS_ENV, PROXY_DIR_KEYS_DEFAULT);
+                        signer_envs.insert(k, v);
+
+                        volumes.push(Volumes::Simple(format!(
+                            "{}:{}:rw",
+                            secrets_path.display(),
+                            PROXY_DIR_SECRETS_DEFAULT
+                        )));
+                        let (k, v) = get_env_val(PROXY_DIR_SECRETS_ENV, PROXY_DIR_SECRETS_DEFAULT);
+                        signer_envs.insert(k, v);
+                    }
                 }
             }