From e9d6e757877ef55772049bf527fdabaf9ebc348b Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Fri, 24 Jan 2025 14:01:49 +0100 Subject: [PATCH 1/8] chore: fix env vars in initialize script --- fhevm-engine/fhevm-db/Dockerfile | 2 +- fhevm-engine/fhevm-db/initialize_db.sh | 20 +++++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/fhevm-engine/fhevm-db/Dockerfile b/fhevm-engine/fhevm-db/Dockerfile index 9b4343db..87146d6d 100644 --- a/fhevm-engine/fhevm-db/Dockerfile +++ b/fhevm-engine/fhevm-db/Dockerfile @@ -4,7 +4,7 @@ FROM rust:1.74 # Install dependencies and tools RUN apt-get update && \ apt-get install -y --no-install-recommends libpq-dev postgresql-client xxd && \ - cargo install sqlx-cli --no-default-features --features postgres --locked && \ + cargo install sqlx-cli --version 0.7.2 --no-default-features --features postgres --locked && \ apt-get clean && rm -rf /var/lib/apt/lists/* # Copy migrations and initialization script diff --git a/fhevm-engine/fhevm-db/initialize_db.sh b/fhevm-engine/fhevm-db/initialize_db.sh index 20400c40..807f65cf 100644 --- a/fhevm-engine/fhevm-db/initialize_db.sh +++ b/fhevm-engine/fhevm-db/initialize_db.sh @@ -10,13 +10,19 @@ sqlx migrate run --source /migrations || { echo "Failed to run migrations."; exi # 3. Insert test tenant with keys echo "Start preparing tenant query..." -TENANT_API_KEY=a1503fb6-d79b-4e9e-826d-44cf262f3e05 -CHAIN_ID=12345 -ACL_CONTRACT_ADDRESS=0x339EcE85B9E11a3A3AA557582784a15d7F82AAf2 -INPUT_VERIFIER_ADDRESS=0x69dE3158643e738a0724418b21a35FAA20CBb1c5 -PKS_FILE="/fhevm-keys/pks" -SKS_FILE="/fhevm-keys/sks" -PUBLIC_PARAMS_FILE="/fhevm-keys/pp" + +# API and Chain settings +TENANT_API_KEY=${TENANT_API_KEY:-"a1503fb6-d79b-4e9e-826d-44cf262f3e05"} +CHAIN_ID=${CHAIN_ID:-"12345"} + +# Contract addresses +ACL_CONTRACT_ADDRESS=${ACL_CONTRACT_ADDRESS:-"0x339EcE85B9E11a3A3AA557582784a15d7F82AAf2"} +INPUT_VERIFIER_ADDRESS=${INPUT_VERIFIER_ADDRESS:-"0x69dE3158643e738a0724418b21a35FAA20CBb1c5"} + +# Key file paths +PKS_FILE=${PKS_FILE:-"/fhevm-keys/pks"} +SKS_FILE=${SKS_FILE:-"/fhevm-keys/sks"} +PUBLIC_PARAMS_FILE=${PUBLIC_PARAMS_FILE:-"/fhevm-keys/pp"} TMP_CSV="/tmp/tenant_data.csv" echo "tenant_api_key,chain_id,acl_contract_address,verifying_contract_address,pks_key,sks_key,public_params" > $TMP_CSV From 6116c7a3553310c86410baff0244002924fb31a7 Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Fri, 24 Jan 2025 14:58:02 +0100 Subject: [PATCH 2/8] chore: remove default values --- fhevm-engine/fhevm-db/initialize_db.sh | 28 +++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/fhevm-engine/fhevm-db/initialize_db.sh b/fhevm-engine/fhevm-db/initialize_db.sh index 807f65cf..fcef069c 100644 --- a/fhevm-engine/fhevm-db/initialize_db.sh +++ b/fhevm-engine/fhevm-db/initialize_db.sh @@ -1,8 +1,9 @@ #!/bin/bash +set -e # Exit on error # 1: Create Database echo "Creating database..." -sqlx database create +sqlx database create || { echo "Failed to create database."; exit 1; } # 2: Run sqlx migrations echo "Running migrations..." @@ -12,26 +13,39 @@ sqlx migrate run --source /migrations || { echo "Failed to run migrations."; exi echo "Start preparing tenant query..." # API and Chain settings -TENANT_API_KEY=${TENANT_API_KEY:-"a1503fb6-d79b-4e9e-826d-44cf262f3e05"} +TENANT_API_KEY=${TENANT_API_KEY:-} CHAIN_ID=${CHAIN_ID:-"12345"} # Contract addresses -ACL_CONTRACT_ADDRESS=${ACL_CONTRACT_ADDRESS:-"0x339EcE85B9E11a3A3AA557582784a15d7F82AAf2"} -INPUT_VERIFIER_ADDRESS=${INPUT_VERIFIER_ADDRESS:-"0x69dE3158643e738a0724418b21a35FAA20CBb1c5"} +ACL_CONTRACT_ADDRESS=${ACL_CONTRACT_ADDRESS:-} +INPUT_VERIFIER_ADDRESS=${INPUT_VERIFIER_ADDRESS:-} # Key file paths PKS_FILE=${PKS_FILE:-"/fhevm-keys/pks"} SKS_FILE=${SKS_FILE:-"/fhevm-keys/sks"} PUBLIC_PARAMS_FILE=${PUBLIC_PARAMS_FILE:-"/fhevm-keys/pp"} +# Verify key files +for file in "$PKS_FILE" "$SKS_FILE" "$PUBLIC_PARAMS_FILE"; do + if [[ ! -f $file ]]; then + echo "Error: Key file $file not found."; exit 1; + fi +done + +# Ensure environment variables are set +if [[ -z "$DATABASE_URL" || -z "$TENANT_API_KEY" || -z "$ACL_CONTRACT_ADDRESS" || -z "$INPUT_VERIFIER_ADDRESS" ]]; then + echo "Error: One or more required environment variables are missing."; exit 1; +fi + TMP_CSV="/tmp/tenant_data.csv" echo "tenant_api_key,chain_id,acl_contract_address,verifying_contract_address,pks_key,sks_key,public_params" > $TMP_CSV echo "$TENANT_API_KEY,$CHAIN_ID,$ACL_CONTRACT_ADDRESS,$INPUT_VERIFIER_ADDRESS,\"\\x$(cat $PKS_FILE | xxd -p | tr -d '\n')\",\"\\x$(cat $SKS_FILE | xxd -p | tr -d '\n')\",\"\\x$(cat $PUBLIC_PARAMS_FILE | xxd -p | tr -d '\n')\"" >> $TMP_CSV echo "Inserting tenant data using \COPY..." -psql $DATABASE_URL -c "\COPY tenants (tenant_api_key, chain_id, acl_contract_address, verifying_contract_address, pks_key, sks_key, public_params) FROM '$TMP_CSV' CSV HEADER;" +psql $DATABASE_URL -c "\COPY tenants (tenant_api_key, chain_id, acl_contract_address, verifying_contract_address, pks_key, sks_key, public_params) FROM '$TMP_CSV' CSV HEADER;" || { + echo "Error: Failed to insert tenant data."; exit 1; +} rm -f $TMP_CSV - -echo "Database initialization complete." \ No newline at end of file +echo "Database initialization complete." From e0fbcc68965709fc60a018d400858545ff823125 Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Wed, 29 Jan 2025 10:17:04 +0100 Subject: [PATCH 3/8] ci: add branch for test --- .github/workflows/fhevm-db-migration.yml | 1 + fhevm-engine/fhevm-db/initialize_db.sh | 9 +-------- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/fhevm-db-migration.yml b/.github/workflows/fhevm-db-migration.yml index e0026250..b564cee6 100644 --- a/.github/workflows/fhevm-db-migration.yml +++ b/.github/workflows/fhevm-db-migration.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - add-params-db-migration paths: - .github/workflows/fhevm-coprocessor.yml - .github/workflows/common-docker.yml diff --git a/fhevm-engine/fhevm-db/initialize_db.sh b/fhevm-engine/fhevm-db/initialize_db.sh index fcef069c..7a3ca51e 100644 --- a/fhevm-engine/fhevm-db/initialize_db.sh +++ b/fhevm-engine/fhevm-db/initialize_db.sh @@ -12,15 +12,8 @@ sqlx migrate run --source /migrations || { echo "Failed to run migrations."; exi # 3. Insert test tenant with keys echo "Start preparing tenant query..." -# API and Chain settings -TENANT_API_KEY=${TENANT_API_KEY:-} +# Settings CHAIN_ID=${CHAIN_ID:-"12345"} - -# Contract addresses -ACL_CONTRACT_ADDRESS=${ACL_CONTRACT_ADDRESS:-} -INPUT_VERIFIER_ADDRESS=${INPUT_VERIFIER_ADDRESS:-} - -# Key file paths PKS_FILE=${PKS_FILE:-"/fhevm-keys/pks"} SKS_FILE=${SKS_FILE:-"/fhevm-keys/sks"} PUBLIC_PARAMS_FILE=${PUBLIC_PARAMS_FILE:-"/fhevm-keys/pp"} From ebb92466268f3387d8adcfad40053f26a544b860 Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Wed, 29 Jan 2025 10:46:00 +0100 Subject: [PATCH 4/8] ci: cleanup --- .github/workflows/fhevm-db-migration.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/fhevm-db-migration.yml b/.github/workflows/fhevm-db-migration.yml index b564cee6..e0026250 100644 --- a/.github/workflows/fhevm-db-migration.yml +++ b/.github/workflows/fhevm-db-migration.yml @@ -4,7 +4,6 @@ on: push: branches: - main - - add-params-db-migration paths: - .github/workflows/fhevm-coprocessor.yml - .github/workflows/common-docker.yml From b385b6abedd14edb87b798ba354e568334664361 Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Thu, 30 Jan 2025 11:28:48 +0100 Subject: [PATCH 5/8] fix: upgrade rust to 1.83.0-slim --- fhevm-engine/fhevm-db/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fhevm-engine/fhevm-db/Dockerfile b/fhevm-engine/fhevm-db/Dockerfile index 87146d6d..b585f215 100644 --- a/fhevm-engine/fhevm-db/Dockerfile +++ b/fhevm-engine/fhevm-db/Dockerfile @@ -1,5 +1,5 @@ # Use the Rust image as the base -FROM rust:1.74 +FROM rust:1.83.0-slim # Install dependencies and tools RUN apt-get update && \ From 018e415da9689e34053b1598c5fa9b6ac1938ffe Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Thu, 30 Jan 2025 11:30:24 +0100 Subject: [PATCH 6/8] fix: apply shellcheck fixs --- fhevm-engine/fhevm-db/initialize_db.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fhevm-engine/fhevm-db/initialize_db.sh b/fhevm-engine/fhevm-db/initialize_db.sh index 7a3ca51e..75a2563d 100644 --- a/fhevm-engine/fhevm-db/initialize_db.sh +++ b/fhevm-engine/fhevm-db/initialize_db.sh @@ -33,10 +33,10 @@ fi TMP_CSV="/tmp/tenant_data.csv" echo "tenant_api_key,chain_id,acl_contract_address,verifying_contract_address,pks_key,sks_key,public_params" > $TMP_CSV -echo "$TENANT_API_KEY,$CHAIN_ID,$ACL_CONTRACT_ADDRESS,$INPUT_VERIFIER_ADDRESS,\"\\x$(cat $PKS_FILE | xxd -p | tr -d '\n')\",\"\\x$(cat $SKS_FILE | xxd -p | tr -d '\n')\",\"\\x$(cat $PUBLIC_PARAMS_FILE | xxd -p | tr -d '\n')\"" >> $TMP_CSV +echo "$TENANT_API_KEY,$CHAIN_ID,$ACL_CONTRACT_ADDRESS,$INPUT_VERIFIER_ADDRESS,\"\\x$(< "$PKS_FILE" xxd -p | tr -d '\n')\",\"\\x$(< "$SKS_FILE" xxd -p | tr -d '\n')\",\"\\x$(< "$PUBLIC_PARAMS_FILE" xxd -p | tr -d '\n')\"" >> $TMP_CSV echo "Inserting tenant data using \COPY..." -psql $DATABASE_URL -c "\COPY tenants (tenant_api_key, chain_id, acl_contract_address, verifying_contract_address, pks_key, sks_key, public_params) FROM '$TMP_CSV' CSV HEADER;" || { +psql "$DATABASE_URL" -c "\COPY tenants (tenant_api_key, chain_id, acl_contract_address, verifying_contract_address, pks_key, sks_key, public_params) FROM '$TMP_CSV' CSV HEADER;" || { echo "Error: Failed to insert tenant data."; exit 1; } From 3609bd4b742f556ba7e46a92e0a64b85da07e6af Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Thu, 30 Jan 2025 11:57:49 +0100 Subject: [PATCH 7/8] fix: remove fhevm-keys --- fhevm-engine/fhevm-db/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/fhevm-engine/fhevm-db/Dockerfile b/fhevm-engine/fhevm-db/Dockerfile index b585f215..ef00eed4 100644 --- a/fhevm-engine/fhevm-db/Dockerfile +++ b/fhevm-engine/fhevm-db/Dockerfile @@ -10,7 +10,6 @@ RUN apt-get update && \ # Copy migrations and initialization script COPY fhevm-engine/fhevm-db/initialize_db.sh /initialize_db.sh COPY fhevm-engine/fhevm-db/migrations /migrations -COPY fhevm-engine/fhevm-keys /fhevm-keys # Make the script executable RUN chmod +x /initialize_db.sh From 72d56596164a4da4691f6f90dabe7857027724fd Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Thu, 30 Jan 2025 12:16:49 +0100 Subject: [PATCH 8/8] fix: add non-root user --- fhevm-engine/fhevm-db/Dockerfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/fhevm-engine/fhevm-db/Dockerfile b/fhevm-engine/fhevm-db/Dockerfile index ef00eed4..e01c8127 100644 --- a/fhevm-engine/fhevm-db/Dockerfile +++ b/fhevm-engine/fhevm-db/Dockerfile @@ -5,14 +5,20 @@ FROM rust:1.83.0-slim RUN apt-get update && \ apt-get install -y --no-install-recommends libpq-dev postgresql-client xxd && \ cargo install sqlx-cli --version 0.7.2 --no-default-features --features postgres --locked && \ + groupadd -r zama && useradd -r -g zama zama && \ apt-get clean && rm -rf /var/lib/apt/lists/* # Copy migrations and initialization script COPY fhevm-engine/fhevm-db/initialize_db.sh /initialize_db.sh COPY fhevm-engine/fhevm-db/migrations /migrations -# Make the script executable -RUN chmod +x /initialize_db.sh +# Change ownership of the copied files to the non-root user +RUN mkdir /fhevm-keys && \ + chown -R zama:zama /initialize_db.sh /migrations /fhevm-keys && \ + chmod +x /initialize_db.sh + +# Switch to the non-root user +USER zama # Run the initialization script as the entrypoint ENTRYPOINT ["/bin/bash", "/initialize_db.sh"]