From de976d1533de502e9614510c43608e7fab0509cf Mon Sep 17 00:00:00 2001 From: Jeff Hubbach <107570428+jeffhubCB@users.noreply.github.com> Date: Thu, 4 Apr 2024 13:48:56 -0600 Subject: [PATCH] feat(node): support execution without ecdsa key (#438) --- node/config.go | 37 +++++++++++++++++++++++++------------ node/flags/flags.go | 8 ++++---- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/node/config.go b/node/config.go index 8fe3060eaa..43271d294c 100644 --- a/node/config.go +++ b/node/config.go @@ -101,19 +101,32 @@ func NewConfig(ctx *cli.Context) (*Config, error) { testMode := ctx.GlobalBool(flags.EnableTestModeFlag.Name) - // Decrypt ECDSA key + // Configuration options that require the Node Operator ECDSA key at runtime + registerNodeAtStart := ctx.GlobalBool(flags.RegisterAtNodeStartFlag.Name) + pubIPCheckInterval := ctx.GlobalDuration(flags.PubIPCheckIntervalFlag.Name) + needECDSAKey := registerNodeAtStart || pubIPCheckInterval > 0 + if registerNodeAtStart && (ctx.GlobalString(flags.EcdsaKeyFileFlag.Name) == "" || ctx.GlobalString(flags.EcdsaKeyPasswordFlag.Name) == "") { + return nil, fmt.Errorf("%s and %s are required if %s is enabled", flags.EcdsaKeyFileFlag.Name, flags.EcdsaKeyPasswordFlag.Name, flags.RegisterAtNodeStartFlag.Name) + } + if pubIPCheckInterval > 0 && (ctx.GlobalString(flags.EcdsaKeyFileFlag.Name) == "" || ctx.GlobalString(flags.EcdsaKeyPasswordFlag.Name) == "") { + return nil, fmt.Errorf("%s and %s are required if %s is > 0", flags.EcdsaKeyFileFlag.Name, flags.EcdsaKeyPasswordFlag.Name, flags.PubIPCheckIntervalFlag.Name) + } + var ethClientConfig geth.EthClientConfig if !testMode { - keyContents, err := os.ReadFile(ctx.GlobalString(flags.EcdsaKeyFileFlag.Name)) - if err != nil { - return nil, fmt.Errorf("could not read ECDSA key file: %v", err) - } - sk, err := keystore.DecryptKey(keyContents, ctx.GlobalString(flags.EcdsaKeyPasswordFlag.Name)) - if err != nil { - return nil, fmt.Errorf("could not decrypt the ECDSA file: %s", ctx.GlobalString(flags.EcdsaKeyFileFlag.Name)) - } ethClientConfig = geth.ReadEthClientConfigRPCOnly(ctx) - ethClientConfig.PrivateKeyString = fmt.Sprintf("%x", crypto.FromECDSA(sk.PrivateKey)) + if needECDSAKey { + // Decrypt ECDSA key + keyContents, err := os.ReadFile(ctx.GlobalString(flags.EcdsaKeyFileFlag.Name)) + if err != nil { + return nil, fmt.Errorf("could not read ECDSA key file: %v", err) + } + sk, err := keystore.DecryptKey(keyContents, ctx.GlobalString(flags.EcdsaKeyPasswordFlag.Name)) + if err != nil { + return nil, fmt.Errorf("could not decrypt the ECDSA file: %s", ctx.GlobalString(flags.EcdsaKeyFileFlag.Name)) + } + ethClientConfig.PrivateKeyString = fmt.Sprintf("%x", crypto.FromECDSA(sk.PrivateKey)) + } } else { ethClientConfig = geth.ReadEthClientConfig(ctx) } @@ -155,7 +168,7 @@ func NewConfig(ctx *cli.Context) (*Config, error) { EnableMetrics: ctx.GlobalBool(flags.EnableMetricsFlag.Name), MetricsPort: ctx.GlobalString(flags.MetricsPortFlag.Name), Timeout: timeout, - RegisterNodeAtStart: ctx.GlobalBool(flags.RegisterAtNodeStartFlag.Name), + RegisterNodeAtStart: registerNodeAtStart, ExpirationPollIntervalSec: expirationPollIntervalSec, EnableTestMode: testMode, OverrideBlockStaleMeasure: ctx.GlobalInt64(flags.OverrideBlockStaleMeasureFlag.Name), @@ -169,7 +182,7 @@ func NewConfig(ctx *cli.Context) (*Config, error) { BLSOperatorStateRetrieverAddr: ctx.GlobalString(flags.BlsOperatorStateRetrieverFlag.Name), EigenDAServiceManagerAddr: ctx.GlobalString(flags.EigenDAServiceManagerFlag.Name), PubIPProvider: ctx.GlobalString(flags.PubIPProviderFlag.Name), - PubIPCheckInterval: ctx.GlobalDuration(flags.PubIPCheckIntervalFlag.Name), + PubIPCheckInterval: pubIPCheckInterval, ChurnerUrl: ctx.GlobalString(flags.ChurnerUrlFlag.Name), NumBatchValidators: ctx.GlobalInt(flags.NumBatchValidatorsFlag.Name), ClientIPHeader: ctx.GlobalString(flags.ClientIPHeaderFlag.Name), diff --git a/node/flags/flags.go b/node/flags/flags.go index 20e6388132..7da53f6867 100644 --- a/node/flags/flags.go +++ b/node/flags/flags.go @@ -100,7 +100,7 @@ var ( } EcdsaKeyFileFlag = cli.StringFlag{ Name: common.PrefixFlag(FlagPrefix, "ecdsa-key-file"), - Required: true, + Required: false, Usage: "Path to the encrypted ecdsa private key", EnvVar: common.PrefixEnvVar(EnvVarPrefix, "ECDSA_KEY_FILE"), } @@ -113,7 +113,7 @@ var ( } EcdsaKeyPasswordFlag = cli.StringFlag{ Name: common.PrefixFlag(FlagPrefix, "ecdsa-key-password"), - Required: true, + Required: false, Usage: "Password to decrypt ecdsa private key", EnvVar: common.PrefixEnvVar(EnvVarPrefix, "ECDSA_KEY_PASSWORD"), } @@ -244,9 +244,7 @@ var requiredFlags = []cli.Flag{ QuorumIDListFlag, DbPathFlag, BlsKeyFileFlag, - EcdsaKeyFileFlag, BlsKeyPasswordFlag, - EcdsaKeyPasswordFlag, BlsOperatorStateRetrieverFlag, EigenDAServiceManagerFlag, PubIPProviderFlag, @@ -266,6 +264,8 @@ var optionalFlags = []cli.Flag{ InternalRetrievalPortFlag, ClientIPHeaderFlag, ChurnerUseSecureGRPC, + EcdsaKeyFileFlag, + EcdsaKeyPasswordFlag, } func init() {