IPFS API with verification in enclave #70
Comments
|
helpful resources: How IPFs hash is created out of a DAG of 256kB chunks: IPFS node in rust: IPFS http API in rust: |
|
A first version could do the following:
fetching IPFS content is already implemented. However, passing the content as a function return value might not scale to larger files. Moreover, the contents is not verified based on its ipfs hash |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done This issue now has a funding of 400.0 DAI (400.0 USD @ $1.0/DAI) attached to it.
|
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Work has been started. These users each claimed they can complete the work by 266 years, 5 months from now. 1) developerfred has applied to start work (Funders only: approve worker | reject worker). I already have previous experience with substrate and ipfs i would like to work on this issue. Hi, I think I would follow the first version approach (since not comfortable / not sure how much work is required for using no_std for the rust-ipfs-api). High level work plan:
Learn more on the Gitcoin Issue Details page. |
|
@x5engine: could you please share your brief work plan? How would you approach this? |
|
Hey guys, I will send implementation I did after tomorrow, we made a good implementation for this. |
|
@x5engine please see above: you haven't been assigned yet, we asked you for a sketch on how you will approach this. We'd like to review your design before we approve |
|
hey @brenzi sorry for the confusion, well I would plan to query the ipfs Node directly to get the has and save the file to the system then when requested I'd check the checksum of the file with the metadata checksum. so, in other words, it should compute the checksum prior to uploading it here something like it filecoin-project/venus#1925 |
|
@Web3Foundation please assign @x5engine to work on this issue. The work plan is not very specific yet, but a more detailed design should be paid work I think. @x5engine: You mentioned "uploading". Be aware that our task asks for a read interface, not a write interface. We want to fetch IPFS content from within the enclave STF. In order to avoid frustration, please provide us with a more detailed design first before implementing it. Where in our code would you do what? |
|
Hey, @brenzi @Web3Foundation thank you for approving me, So here are two strategies to get this implemented:
The other Suggestion is verifying the file inside the enclave with either fetching the file inside it with ipfs HTTP API then generate the hash from the content fetched or we can make use of https://github.com/brenzi/rust-ipfs-verifier (which you made @brenzi ) no even downloading the file is better (but might be needed in your requirement) But a file read might be very costly when handling large files... Here is the Implementation of the CID in Rust: https://github.com/multiformats/rust-cid using this we can add test to check fetched data against their CID in the enclave: So tell me which approach you want to do? Note: keep in mind there are differences in CID version and how they get generated, |
|
My preference would be to use IPFS node http API directly without storing the content to disk. You might find inspiration in my outdated rust-verify-ipfs crate, but it isnt more than a code sample. Also, it assumes content is <256kB which you can't assume for this task. |
|
this might be interesting for you |
Awesome, so we should go with this option and I can work on what you have on the rust-verify-ipfs crate and make it work with any size we need, for the version i think we might be good and maybe handle the two versions.
This is so good :) I guess I can apply or use the work I am doing here there too? how is it done? btw do you have a discord channel? might be faster for communication. |
|
meet us on riot: https://riot.im/app/#/room/#substratee:matrix.org If you can re-use the code you write here for added functionality on substrate, I would guess that's be very welcome |
|
@x5engine Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
|
@x5engine Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
hey @gitcoinbot I am still working on this and will respond tomorrow with all I have, thanks |
|
@x5engine Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @x5engine due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
@x5engine You have showed no single line of code so far even after several reminders. You also haven't asked any questions that would indicate that you're actually working on this. I have to ask @Web3Foundation to take this issue away from you |
|
@brenzi, @whalelephant also applied to work. |
|
@whalelephant are you still interested? How would you approach the task and on what timeline? |
|
Hi @brenzi Yes still interested. Copied from the my application on gitcoin:
I have also applied to do Hackusama so I think for this bounty will be 4-6 weeks, but do let me know what you have in mind |
|
@whalelephant Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @whalelephant due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @whalelephant due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
@whalelephant Do we have to adjust the problem statement due to your reasoning on unixfs not implemented for no_std? May I ask you to conclude your current challenges and possible ways to move forward here? |
|
The initial implementation outlined was that chunks of data themselves form the multihash of the CID was incorrect. The current understanding of the multihash part of the default leave (unixfs) is the hash of a Unixfs struct with ipfs metadata, option for links to other leaves, option for data. The challenge is that unixfs lib does not currently have If the file is added using the This is my understanding at the moment. Will be grateful for feedback |
|
As we mainly need to read ipfs content that we publish ourselves it would be acceptable to use some specific ipfs options to make our lifes easier at the cost of loss of generality. Do you see a shortcut for this? |
|
I don't think this is a shortcut but I think we can use ipfs api such as |
|
but then the enclave would need to trust this list of links, right? This wouldn't be acceptable. |
|
ah ok, that makes sense, that would be placing trust outside of the enclave. Will have a look🤓 |
|
@whalelephant Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
|
@whalelephant Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @whalelephant due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
1 similar comment
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done @whalelephant due to inactivity, we have escalated this issue to Gitcoin's moderation team. Let us know if you believe this has been done in error!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
looks like there has been work on it in rust-ipfs :) |
|
@whalelephant : I was able to complete all acceptance tests in docker and you have fulfilled the problem statement entirely. @Web3Foundation please reward @whalelephant with the stated bounty. |
this implements gitcoin bounty #70 Co-authored-by: bwty <[email protected]>
|
@whalelephant if you need endorsement to push your changes on dependencies upstream, I'd be happy to support. The goal should really be to drop your forks and get all your no_std stuff upstream |
|
@brenzi that would be great, currently still waiting for feedback / review from the base 3 PRs, then we need to get the cid crate and the ipfs-unixfs merged after them: |
|
@whalelephant please check riot/element. I DM'd you |
|
@Web3Foundation please can we process this? thanks! |
|
@whalelephant thanks for the ping @brenzi this is ready to be paid out? |
|
@Web3Foundation yes it is! |
|
@whalelephant please submit your work via Gitcoin so that we can make the payout. |
|
@Web3Foundation I have, but gitcoin webui is having issues... I think we will just have to wait. 😞 |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Work for 400.0 DAI (400.0 USD @ $1.0/DAI) has been submitted by: @Web3Foundation please take a look at the submitted work:
|
|
@Web3Foundation this is ready to be paid now. thanks! |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done The funding of 400.0 DAI (400.0 USD @ $1.0/DAI) attached to this issue has been approved & issued to @whalelephant.
|
* automatic-shard-joining-and-per-shard-updates-on-block (integritee-network#160) * [enclave] update_map contains options. This is needed if a storage value needs to be deleted in the STF [enclave, stf] perform state updates per shard, auto join new shards * [worker] only feed 100 blocks at a time into the chain relay. Improved logging while syncing to keep track of sync status * [WorkerApi] Remove default protocol ws. * update ipfs version (integritee-network#165) Co-authored-by: bwty <[email protected]> * Implement Ipfs read and write with verification in enclave this implements gitcoin bounty integritee-network#70 Co-authored-by: bwty <[email protected]> * Encointer contributions upstreaming (integritee-network#174) * [enclave] ! fix: init-shard if it does not exist * back up chain relay db before update in case of file corruption * clean up chain relay sync logging * Ws server refactor (#13) * changed ws_server completely. Requests from client are now handled in the worker main event loop to prevent race conditions with on state/chain_relay access. * [ws_server] remove unwrap and send instead "invalid_client_request" to client * updating block number in stf state * [enclave/chain_relay] store only hashes of the headers instead of the headers themselves * enclave: patch log and env_logger to mesalock * worker should panic if it can't write to shard * add public getters for unpermissioned statistics (#16) * don't request key provisioning form other worker. assume its there or generate new (dangerous!) * bump version to 0.6.11 like encointer reference release Co-authored-by: clangenb <[email protected]> Co-authored-by: Marcel Frei <[email protected]> Co-authored-by: Christian Langenbacher <[email protected]> * fix integritee-network#176 and update some dependiencies * upgrade to upstream 2.0.0-rc5 fix .dispatch filtering introduced in paritytech/substrate#6318 depend on tag version for sgx-runtime * Upgrade upstream 2.0.0 (integritee-network#182) * enclave builds * worker and client builds * fix metadata module index * successfully tested shielding-unshielding example * fix merge. builds and demo works Co-authored-by: clangenb <[email protected]> Co-authored-by: bwty <[email protected]> Co-authored-by: bwty <[email protected]> Co-authored-by: bwty <[email protected]> Co-authored-by: Marcel Frei <[email protected]> Co-authored-by: Christian Langenbacher <[email protected]>
implement an API to ipfs which enables the STF to:
Gitcoin Bounty
design approach
no_stdyet!).Please describe your preferred approach in this thread prior to implementing it!
dev environment
You can use our docker to emulate SGX in SW mode, so you don't need SGX enabled HW for this task
acceptance tests:
The text was updated successfully, but these errors were encountered: