Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC: Add --sign-only flag to solana program deploy #23975

Closed
qpwo opened this issue Mar 28, 2022 · 6 comments · Fixed by #33860
Closed

RFC: Add --sign-only flag to solana program deploy #23975

qpwo opened this issue Mar 28, 2022 · 6 comments · Fixed by #33860
Labels
good first issue Good for newcomers

Comments

@qpwo
Copy link

qpwo commented Mar 28, 2022

Problem

The update authority for a contract is one of the most important secret values in any solana project. To deploy or update a contract, the authority key currently has to be stored on an internet-connected computer during deployment.

If a malicious actor ever gets access to a contract's update authority then they can update the contract to e.g. transfer all assets out to the hacker's wallet.

Proposed Solution

Add a --sign-only and a --signers argument to solana program deploy so that contract authorities can be kept on offline cold laptops. (Similar to e.g. spl-token mint.)

See also

@giogam
Copy link
Contributor

giogam commented Apr 4, 2022

I'd like to work on that, I'm relatively new to the project so I might need some guidance but I'm up for the challenge!

@joncinque joncinque added the good first issue Good for newcomers label Apr 5, 2022
@pakkeiC
Copy link

pakkeiC commented Apr 13, 2022

Hello, this is Jayden. I would like to work on that too. I am pretty new to the project so I would need some guidance on the task.

@qpwo I guess the starting point will be here to add the flag
https://github.com/solana-labs/solana/blob/master/cli/src/cli.rs#L161

@qpwo
Copy link
Author

qpwo commented Apr 14, 2022

Hope you can get it but i think it's going to very tricky because when i deploy rn it takes like four minutes and seems to go back and forth with the computer a few times (maybe multiple sigs?) but i can't really tell

@github-actions github-actions bot added the stale [bot only] Added to stale content; results in auto-close after a week. label Apr 14, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 24, 2023
@joncinque joncinque reopened this Apr 24, 2023
@github-actions github-actions bot removed the stale [bot only] Added to stale content; results in auto-close after a week. label Apr 25, 2023
@norwnd
Copy link
Contributor

norwnd commented Oct 17, 2023

Hi @joncinque, I'd like to implement this feature (if it's still desirable),

I've noticed there is also program-v4 being currently developed (but is barely mentioned in the docs, as of now), so should I implement offline signing for program, program-v4, or both ? For program-v4 looks like write-buffer and set-buffer-authority sub-commands are missing though, probably need to add these (or equivalent) first.

cc @pgarg66 JFYI

Update: I've been thinking about it some more ... and starting to doubt the usefulness of this feature (especially for large programs) given blockhash expires pretty rapidly, WDYT ? Never mind, looks like it's just 1 final transaction that needs to be "signed offline" (and broadcasted later) - because program data is uploaded into buffer ahead of time - so, overall sounds reasonable.

@joncinque
Copy link
Contributor

Hi there, it's definitely still desirable! To answer your questions:

should I implement offline signing for program, program-v4, or both?

I'd say start with program and program-v4 can come later

Never mind, looks like it's just 1 final transaction that needs to be "signed offline" (and broadcasted later)

That's exactly it

@norwnd
Copy link
Contributor

norwnd commented Oct 25, 2023

Hi @joncinque I've got a mostly working PR (for creating/upgrading program, while signing offline) - #33860 - things that are left to do are:

  • need to add constraints binding different params user can input (because otherwise he might encounter random errors/panics if some params but not others are specified)
  • looks like there is related functionality (such as "making program final", "setting upgrade authority", etc) that needs to be compatible with offline signing, I currently left it out, but can easily add it on top of what I have
  • I probably need to add some auto-tests (just discovered solana/cli/tests/program.rs dedicated to testing), tested manually so far

PR is in Draft because of it, but is ready for initial review otherwise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Good for newcomers
Projects
None yet
5 participants