[pull] develop from smartcontractkit:develop#431
Merged
Conversation
…22806) * Add support for configuring fault-tolerance (F) and node set updates in DON changesets * Update test to use 3-node
* Update solana trigger e2e tests for guaranteed delivery * bump caps * update helper * fix lint * bump cap version
…r (PRIV-458) (#22516) * Verify enclave config against onchain DON in confidentialrelay handler (PRIV-458) The handler now compares the attested EnclaveConfig in every incoming SecretsRequestParams and CapabilityRequestParams against the local node's WorkflowDON membership and fault tolerance, after Nitro attestation validation succeeds. Closes Sigma Prime CL112-01 on the relay-DON path. The relay DON runs on the same nodes as the workflow DON, so localNode.WorkflowDON.Members is the right comparison target. LocalNode is an O(1) in-memory map lookup populated by the registry syncer on a ~12s tick, so the check stays off the RPC hot path. Up to ~12s staleness applies during DON membership rotations and is acceptable given how rare those events are. Tests cover match-accepts, F mismatch, signers-count mismatch, signer value mismatch, order-independent comparison, and the secrets-get path. Existing tests updated to fill EnclaveConfig in fixtures with a matching WorkflowDON.Members in the mock registry. Bumps chainlink-common to v0.11.2-0.20260518112011-40a8e4cedaa8 to pick up the EnclaveConfig field on confidentialrelay request params (smartcontractkit/chainlink-common#2063). Companion PRs: - smartcontractkit/confidential-compute#329 (pool.go-side check). - smartcontractkit/chainlink-common#2063 (field on params). - smartcontractkit/confidential-compute#330 (enclave fills field). * Fix lint findings in confidentialrelay handler test GolangCI flagged three issues introduced by this PR's test fixtures: - gosec G115: uint32->uint8 narrowing in WorkflowDON.F assignment. Replaced with an untyped testEnclaveF const used by both EnclaveConfig.F (uint32) and WorkflowDON.F (uint8), so no conversion. - gocritic assignOp x2: badCfg.F = badCfg.F + 5 and params.EnclaveConfig.F = ... + 5 rewritten with +=. * Align chainlink-common pin across dependent submodules Root go.mod was bumped to chainlink-common b1205469 (post-#2063, adds EnclaveConfig). The deployment, integration-tests, integration-tests/load, system-tests/lib, system-tests/tests, and core/scripts modules replace chainlink => ../ and so build against the root's confidentialrelay code, but still pinned the pre-#2063 common (883689d). That skew broke "make generate" (deployment error: exit status 1) because EnclaveConfig was undefined when building root packages from those modules. Bump all six to b1205469 and tidy. * Fix gateway confidentialrelay test fixtures for mandatory EnclaveConfig The chainlink-common bump in this PR makes confidentialrelay.Validate require a non-empty EnclaveConfig (Signers, F, MasterPublicKey). The gateway aggregator test fixtures (validCapParams/validSecretsParams) didn't set it, so Hash() errored, no signed responses formed, and TestConfidentialRelayHandler_QuorumWithRealAggregator blocked on quorum until the 15m test timeout. Add a valid EnclaveConfig to both fixtures. Gateway production code is unaffected (nodes and gateway share one build, so hashing stays consistent); only the stale test fixtures needed the field. * Address review: fetch LocalNode once; gofmt test fixtures - verifyEnclaveConfigMatchesDON now takes a localNode snapshot instead of fetching it itself. handleSecretsGet fetched LocalNode twice (once for the config check, once for request metadata); now it fetches once and passes the snapshot, avoiding the redundant lookup and any inconsistency if registry state changes between calls. handleCapabilityExecute fetches once and passes it too. - gofmt the handler test: the EnclaveConfig struct literals added earlier were mis-indented. - Drop the audit tag from the doc comment, matching the chainlink-common cleanup (keep PRIV-458). * Fix err shadow in confidentialrelay handlers The LocalNode-once refactor introduced `localNode, err :=` then kept `if err := verifyEnclaveConfigMatchesDON(...)`, shadowing err (govet). Use `=` so it assigns the existing err. * Bump chainlink-common for optional EnclaveConfig; handle nil chainlink-common #2111 made EnclaveConfig optional (*EnclaveConfig). Bump common to 208ae6dd across the root and the dependent submodules that replace chainlink => ../, and adapt the relay handler: - verifyEnclaveConfigMatchesDON takes *EnclaveConfig and skips the check when nil (sender on an older protocol that omits it), verifying only when present. - Node-handler and gateway-aggregator test fixtures use the pointer form; add a node-handler subtest covering nil-config acceptance.
…e binary_url (#22809) * confidential: stop setting the deprecated outside-envelope binary_url binary_url moves back into the hash: keep WorkflowExecution.binary_url (inside PublicData, the canonical locator) and stop also setting the now-deprecated request-level ConfidentialWorkflowRequest.binary_url, which the enclave never reads. Pairs with chainlink-protos #387 / chainlink-common #2144. No behavior change for the enclave (it reads execution.BinaryUrl); this just removes the redundant copy that #2144 marks deprecated. * changeset
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )