Add custom testnet chainspec inputs (#1424)

* Move TssPublicKeys type to entropy-shared so it can be accessed by the chain node

* Make it possible to give custom testnet configuration

* Rm tdx testnet config as this can now be configured by the standard testnet config

* Taplo

* Read input as json

* Handle file in testnet.rs

* Add test for JSON input chainspec parsing

* Fix imports

* Fix imports

* Fix maping measurement values

* Clippy

* Fix feature flags

* Fix feature flags

* Fix following changing account id type

* Take accepted measurement values as hex

* Add hex crate

* Use example chainspec inputs in CI checks

* Use example chainspec inputs in CI checks

* Correct filename in CI script

* Correct filename in CI script

* Add endowed accounts

* Clippy

* Clone endowed accounts

* Add schemars - to derive JSON schema for input struct

* Ditch schemars - it would need to be implemented on a bunch of foreign types - so probably it makes sense to implement JsonSchema manually - which i would do in a followup

* Error handling

* Error handling

* Error handling

* Error handling

* Error handling

* Error handling

* Error handling

* Error handling

* Error handling

* Clippy

* Rm unused import

* Changelog

* Doccomments

* Fix comment following review comments

* Suggestions from code review

* Add docs

* Improve docs

* Readme

Author: ameba23

.github/workflows/check-chainspecs.yaml

@@ -14,4 +14,4 @@ jobs:
         run: |
           cargo run -p entropy -- build-spec --raw --chain dev > chainspec-dev-raw.json
           cargo run -p entropy -- build-spec --raw --chain integration-tests > chainspec-integration-raw.json
-          cargo run -p entropy -- build-spec --raw --chain testnet > chainspec-testnet-raw.json
+          cargo run -p entropy -- build-spec --raw --chain ./node/cli/test-chainspec-inputs/example-chainspec-inputs.json > chainspec-testnet-raw.json

CHANGELOG.md

@@ -66,6 +66,10 @@ runtime
   and the network key will be lost.
 - In [#1377](https://github.com/entropyxyz/entropy-core/pull/1377) all endpoints except for the
   healthz in the TSS had a /v1 added to them.
+- In [#1424](https://github.com/entropyxyz/entropy-core/pull/1424) the `testnet` chainspec (given by
+  `--chain testnet` when starting `entropy`) was removed and replaced with a custom build function.
+  If `--chain some-filename-ending-with-chainspec-inputs.json` is passed, the testnet chainspec will
+  be built from special parameters given in that json file.
 
 ### Added
 - In [#1128](https://github.com/entropyxyz/entropy-core/pull/1128) an `/info` route was added to `entropy-tss`

Cargo.lock

@@ -172,6 +172,10 @@ To speed up running tests, some tests use pre-generated keyshares rather than ru
 
 from the project root.  For an explanation of how the test keyshare sets are structured, see [`create-test-keyshares`](./scripts/create-test-keyshares).
 
+## Chain specification (chainspec)
+
+For documentation of the chainspec for a deployment of the Entropy network see: [./node/cli/Chainspec-README.md](./node/cli/Chainspec-README.md).
+
 ## Support
 
 Need help with something not necessarily related to `entropy-core`?

README.md

@@ -17,7 +17,7 @@ use super::constants::VERIFICATION_KEY_LENGTH;
 use codec::alloc::vec::Vec;
 use codec::{Decode, Encode};
 use scale_info::TypeInfo;
-#[cfg(any(feature = "std", feature = "wasm"))]
+#[cfg(any(feature = "std", feature = "wasm", feature = "user-native"))]
 use serde::{Deserialize, Serialize};
 #[cfg(feature = "std")]
 use strum_macros::EnumIter;
@@ -103,3 +103,18 @@ pub type EncodedVerifyingKey = [u8; VERIFICATION_KEY_LENGTH as usize];
 #[cfg(not(feature = "wasm"))]
 pub type BoundedVecEncodedVerifyingKey =
     sp_runtime::BoundedVec<u8, sp_runtime::traits::ConstU32<VERIFICATION_KEY_LENGTH>>;
+
+/// Public signing and encryption keys associated with a TS server
+/// This is the output from the TSS `/info` HTTP route
+#[cfg(feature = "wasm-no-std")]
+#[derive(serde::Serialize, serde::Deserialize, Clone, Debug, Eq, PartialEq)]
+pub struct TssPublicKeys {
+    /// Indicates that all prerequisite checks have passed
+    pub ready: bool,
+    /// The TSS account ID
+    pub tss_account: sp_runtime::AccountId32,
+    /// The public encryption key
+    pub x25519_public_key: X25519PublicKey,
+    /// The Provisioning Certification Key used in TDX quotes
+    pub provisioning_certification_key: BoundedVecEncodedVerifyingKey,
+}

crates/shared/src/types.rs

@@ -43,7 +43,7 @@ sp-core           ={ version="34.0.0", default-features=false }
 sp-keyring        ="39.0.0"
 
 # Entropy
-entropy-shared={ version="0.4.0-rc.1", path="../shared" }
+entropy-shared={ version="0.4.0-rc.1", path="../shared", features=["wasm-no-std"] }
 entropy-kvdb={ version="0.4.0-rc.1", path="../kvdb", default-features=false }
 entropy-protocol={ version="0.4.0-rc.1", path="../protocol", features=["server"] }
 entropy-client={ version="0.4.0-rc.1", path="../client", default-features=false, features=[

crates/threshold-signature-server/Cargo.toml

@@ -14,10 +14,9 @@
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 use crate::{attestation::api::get_pck, node_info::errors::GetInfoError, AppState};
 use axum::{extract::State, Json};
-use entropy_shared::{types::HashingAlgorithm, BoundedVecEncodedVerifyingKey, X25519PublicKey};
+use entropy_shared::types::{HashingAlgorithm, TssPublicKeys};
 use serde::{Deserialize, Serialize};
 use strum::IntoEnumIterator;
-use subxt::utils::AccountId32;
 
 /// Version information - the output of the `/version` HTTP endpoint
 #[derive(Serialize, Deserialize, PartialEq, Debug)]
@@ -75,26 +74,13 @@ pub async fn hashes() -> Json<Vec<HashingAlgorithm>> {
     Json(hashing_algos)
 }
 
-/// Public signing and encryption keys associated with a TS server
-#[derive(Serialize, Deserialize, Clone, Debug, Eq, PartialEq)]
-pub struct TssPublicKeys {
-    /// Indicates that all prerequisite checks have passed
-    pub ready: bool,
-    /// The TSS account ID
-    pub tss_account: AccountId32,
-    /// The public encryption key
-    pub x25519_public_key: X25519PublicKey,
-    /// The Provisioning Certification Key used in TDX quotes
-    pub provisioning_certification_key: BoundedVecEncodedVerifyingKey,
-}
-
 /// Returns the TS server's public keys and HTTP endpoint
 #[tracing::instrument(skip_all)]
 pub async fn info(State(app_state): State<AppState>) -> Result<Json<TssPublicKeys>, GetInfoError> {
     Ok(Json(TssPublicKeys {
         ready: app_state.cache.is_ready(),
         x25519_public_key: app_state.x25519_public_key(),
-        tss_account: app_state.subxt_account_id(),
+        tss_account: app_state.account_id(),
         provisioning_certification_key: get_pck(app_state.subxt_account_id())?,
     }))
 }

crates/threshold-signature-server/src/node_info/api.rs

@@ -16,10 +16,10 @@
 use crate::{
     attestation::api::get_pck,
     helpers::tests::{initialize_test_logger, setup_client},
-    node_info::api::{BuildDetails, TssPublicKeys, VersionDetails},
+    node_info::api::{BuildDetails, VersionDetails},
 };
 use entropy_kvdb::clean_tests;
-use entropy_shared::types::HashingAlgorithm;
+use entropy_shared::types::{HashingAlgorithm, TssPublicKeys};
 use entropy_testing_utils::constants::{TSS_ACCOUNTS, X25519_PUBLIC_KEYS};
 use serial_test::serial;
 
@@ -80,7 +80,7 @@ async fn info_test() {
     assert_eq!(
         public_keys,
         TssPublicKeys {
-            tss_account: TSS_ACCOUNTS[0].clone(),
+            tss_account: TSS_ACCOUNTS[0].0.into(),
             x25519_public_key: X25519_PUBLIC_KEYS[0],
             ready: true,
             provisioning_certification_key: get_pck(TSS_ACCOUNTS[0].clone()).unwrap(),

crates/threshold-signature-server/src/node_info/tests.rs

@@ -31,6 +31,7 @@ pallet-im-online={ version="37.0.0" }
 rand            ="0.8.5"
 serde           ={ version="1.0.219", features=["derive"] }
 serde_json      ='1.0.140'
+hex             ={ version="0.4.3", optional=true }
 
 # Substrate Client
 
@@ -98,7 +99,6 @@ entropy-shared={ version="0.4.0-rc.1", path="../../crates/shared", default-featu
 ] }
 pallet-registry={ version="0.4.0-rc.1", path="../../pallets/registry" }
 pallet-staking-extension={ version="0.4.0-rc.1", path="../../pallets/staking" }
-project-root="0.2.2"
 
 [build-dependencies]
 clap={ version="4.5.37", optional=true }
@@ -113,7 +113,7 @@ sp-tracing={ version="17.0.1" }
 
 [features]
 default=["cli"]
-cli=["clap", "frame-benchmarking-cli", "sc-cli", "sc-service/rocksdb"]
+cli=["clap", "frame-benchmarking-cli", "sc-cli", "sc-service/rocksdb", "hex"]
 runtime-benchmarks=[
   "entropy-runtime/runtime-benchmarks",
   "frame-benchmarking-cli/runtime-benchmarks",

node/cli/Cargo.toml

@@ -0,0 +1,96 @@
+# Entropy Chain Specification (chainspec)
+
+When deploying a network, we need to define a chain specification (chainspec) containing the
+genesis configuration and various other parameters.
+
+The chainspec can be passed when starting the chain node using the `--chain` command line argument
+with either the name of a pre-set chainspec, or the path to a JSON file. The possible pre-set values
+are [documented here](https://github.com/entropyxyz/entropy-core/blob/master/node/cli/src/command.rs#L71).
+
+It is possible to give the complete chainspec configuration as a JSON object, but this may not be
+desirable for two reasons:
+
+- It is a large data structure which contains many settings for which we can define sane defaults.
+- This data structure changes when the substrate crates are updated, making it hard to maintain
+  outside of this repository - as type checking and testing becomes difficult.
+
+So for deploying test networks we have a smaller set of options which are the things we want to
+customize for a particular deployment.
+
+If you give a JSON filename ending in `-chainspec-inputs.json`, for example `entropy --chain
+my-testnet-chainspec-inputs.json` it will be parsed as the `TestnetChainspecInputs` struct defined here:
+
+https://github.com/entropyxyz/entropy-core/blob/19f34eaaadb48ad504e264c9ec91581237583be8/node/cli/src/chain_spec/testnet.rs#L57-L79
+
+For a complete example of what the JSON should look like, see the test object used in CI to check this works:
+
+https://github.com/entropyxyz/entropy-core/blob/master/node/cli/test-chainspec-inputs/example-chainspec-inputs.json
+
+This object includes the following fields:
+
+## Threshold signature server details - `tss_details`
+
+This should be given as an object mapping HTTP endpoint (hostname / IP address and port, which no
+scheme - meaning without the 'http://' part), given as a string, to a `TssPublicKeys` object. This
+object is the output of the `/info` TSS HTTP route, and has the following fields:
+
+- `ready` Boolean. Describes whether the node is ready to begin protocol sessions. This not relevant
+  in this context and is not included in the chainspec.
+- `tss_account` String. ss58 encoded TSS account ID.
+- `x25519_public_key` number array (bytes) with 32 elements.
+- `provisioning_certification_key` number array (bytes) with 32 elements.
+
+Example:
+```JSON
+"tss_details": {
+        "127.0.0.1:3001": {"ready":false,"tss_account":"5Dy7r8pTEoJJDGRrebQvFyWWfKCpTJiXxz7NxbKeh8zXE7Vk","x25519_public_key":[40,170,149,217,225,231,193,134,157,146,161,94,118,146,134,201,179,206,106,186,35,6,93,138,104,203,205,68,208,90,255,7],"provisioning_certification_key":[2,35,153,56,144,219,98,192,9,186,39,114,167,154,75,24,93,39,159,234,180,105,135,89,110,203,179,93,192,164,177,214,78]},
+        "127.0.0.1:3002": {"ready":false,"tss_account":"5Dy7r8pTEoJJDGRrebQvFyWWfKCpTJiXxz7NxbKeh8zXE7Vk","x25519_public_key":[40,170,149,217,225,231,193,134,157,146,161,94,118,146,134,201,179,206,106,186,35,6,93,138,104,203,205,68,208,90,255,7],"provisioning_certification_key":[2,35,153,56,144,219,98,192,9,186,39,114,167,154,75,24,93,39,159,234,180,105,135,89,110,203,179,93,192,164,177,214,78]},
+        "127.0.0.1:3003": {"ready":false,"tss_account":"5Dy7r8pTEoJJDGRrebQvFyWWfKCpTJiXxz7NxbKeh8zXE7Vk","x25519_public_key":[40,170,149,217,225,231,193,134,157,146,161,94,118,146,134,201,179,206,106,186,35,6,93,138,104,203,205,68,208,90,255,7],"provisioning_certification_key":[2,35,153,56,144,219,98,192,9,186,39,114,167,154,75,24,93,39,159,234,180,105,135,89,110,203,179,93,192,164,177,214,78]},
+        "127.0.0.1:3004": {"ready":false,"tss_account":"5Dy7r8pTEoJJDGRrebQvFyWWfKCpTJiXxz7NxbKeh8zXE7Vk","x25519_public_key":[40,170,149,217,225,231,193,134,157,146,161,94,118,146,134,201,179,206,106,186,35,6,93,138,104,203,205,68,208,90,255,7],"provisioning_certification_key":[2,35,153,56,144,219,98,192,9,186,39,114,167,154,75,24,93,39,159,234,180,105,135,89,110,203,179,93,192,164,177,214,78]}
+    },
+```
+
+## Accepted TDX measurement values - `accepted_measurement_values` (optional)
+This is an array of strings. These should be hex-encoded strings (32 bytes / 64 characters).
+
+The measurement value for a currently running version of the entropy-tss CVM can be
+obtained from the `/version` HTTP route.
+
+If this field is omitted, it will be assumed this is a non-production network and mock values will be
+accepted.
+
+```JSON
+"accepted_measurement_values": [
+    "a3f9c04e19d3b6a71e6f7e4d9b2573ff9c2e476d381f8a5cb02eac4d6b0f7b9c"
+],
+```
+
+## Bootnode peer IDs - `boot_nodes`
+
+This is an array of strings. These are the libp2p 'multi-addresses' of the initial chain nodes. For details
+see [the multiaddr specification](https://github.com/libp2p/specs/blob/master/addressing/README.md#multiaddr-in-libp2p).
+
+```JSON
+"boot_nodes": [
+    "/dns4/example-bootnode-0.entropy.xyz/tcp/30333/p2p/12D3KooWE5XyZm8RhsCq7LkZQ8mCDZWQcMJ1FZWYoUk6ZUgKojpL",
+    "/dns4/example-bootnode-1.entropy.xyz/tcp/30333/p2p/12D3KooWLp1KkZC6NsX2Vt3sM8j3eVr1RJCeSAvKxHvE5E6WExwR",
+    "/dns4/example-bootnode-2.entropy.xyz/tcp/30333/p2p/12D3KooWJz3vL5JzA5RL7tZczhU3NcQ2x9smvMHyrPBZBhdR35A9",
+    "/dns4/example-bootnode-3.entropy.xyz/tcp/30333/p2p/12D3KooWQm3X3FH5dD1FZRxkN8WzEzoA6uVpWi3mDsHDFeDdR7xz"
+],
+```
+
+## Endowed accounts - `endowed_accounts`
+
+This is an array of strings. This is a list of ss58-encoded account IDs which will be have funds at
+genesis. This does not need to include the initial TSS accounts, validator stash accounts or
+nominator accounts - these will all be funded even if they are not present in this list.
+
+Note that accounts added to this list may be included in the governance and technical committees.
+
+```JSON
+"endowed_accounts": [
+    "5CtViLgvdHoLDvdsSsfEPxczsF6D7FtQ59h6B4Gey5EXE47t",
+    "5EbyKpRWK9z7Efso1QYFcfAiHHkxzxMRSFAkJtmeUmuz1CGj",
+    "5E2fDSRWSVjYLP8VsvTvzHBUdC2h6xtrApqkBdAb9xqPqcNK"
+]
+```

node/cli/Chainspec-README.md

@@ -33,7 +33,6 @@
 
 pub mod dev;
 pub mod integration_tests;
-pub mod tdx_testnet;
 pub mod testnet;
 
 pub use entropy_runtime::{AccountId, Signature};