ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-11-20 11:05:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into ximinez/fixed-ledger-entries

Browse Source
This commit is contained in:
Ed Hennis
2025-09-25 13:27:21 -04:00
committed by GitHub
parent 14d4cff530 a12f5de68d
commit 8450970b80
8 changed files with 50 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build-test.yml vendored
View File

@@ -63,7 +63,7 @@ jobs:
matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
max-parallel: 10 max-parallel: 10
runs-on: ${{ matrix.architecture.runner }} runs-on: ${{ matrix.architecture.runner }}
container: ${{ inputs.os == 'linux' && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version) || null }} container: ${{ inputs.os == 'linux' && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-5dd7158', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version) || null }}
steps: steps:
- name: Check strategy matrix - name: Check strategy matrix
run: | run: |

2
.github/workflows/notify-clio.yml vendored
View File

@@ -40,7 +40,7 @@ jobs:
upload: upload:
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/xrplf/ci/ubuntu-noble:gcc-13 container: ghcr.io/xrplf/ci/ubuntu-noble:gcc-13-sha-5dd7158
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0

3
.github/workflows/pre-commit.yml vendored
View File

@@ -7,8 +7,9 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
# Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks.
run-hooks: run-hooks:
uses: XRPLF/actions/.github/workflows/pre-commit.yml@af1b0f0d764cda2e5435f5ac97b240d4bd4d95d3 uses: XRPLF/actions/.github/workflows/pre-commit.yml@af1b0f0d764cda2e5435f5ac97b240d4bd4d95d3
with: with:
runs_on: ubuntu-latest runs_on: ubuntu-latest
container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit" }' container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-d1496b8" }'

2
.github/workflows/publish-docs.yml vendored
View File

@@ -27,7 +27,7 @@ env:
jobs: jobs:
publish: publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/xrplf/ci/tools-rippled-documentation container: ghcr.io/xrplf/ci/tools-rippled-documentation:sha-d1496b8
permissions: permissions:
contents: write contents: write
steps: steps:

2
.github/workflows/upload-conan-deps.yml vendored
View File

@@ -56,7 +56,7 @@ jobs:
matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
max-parallel: 10 max-parallel: 10
runs-on: ${{ matrix.architecture.runner }} runs-on: ${{ matrix.architecture.runner }}
container: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version) || null }} container: ${{ contains(matrix.architecture.platform, 'linux') && format('ghcr.io/xrplf/ci/{0}-{1}:{2}-{3}-sha-5dd7158', matrix.os.distro_name, matrix.os.distro_version, matrix.os.compiler_name, matrix.os.compiler_version) || null }}
steps: steps:
- name: Cleanup workspace - name: Cleanup workspace

18
src/test/app/ValidatorList_test.cpp
View File

@@ -768,6 +768,24 @@ private:
expectUntrusted(lists.at(7)); expectUntrusted(lists.at(7));
expectTrusted(lists.at(2)); expectTrusted(lists.at(2));
// try empty or mangled manifest
checkResult(
trustedKeys->applyLists(
"", version, {{blob7, sig7, {}}, {blob6, sig6, {}}}, siteUri),
publisherPublic,
ListDisposition::invalid,
ListDisposition::invalid);
checkResult(
trustedKeys->applyLists(
base64_encode("not a manifest"),
version,
{{blob7, sig7, {}}, {blob6, sig6, {}}},
siteUri),
publisherPublic,
ListDisposition::invalid,
ListDisposition::invalid);
// do not use list from untrusted publisher // do not use list from untrusted publisher
auto const untrustedManifest = base64_encode(makeManifestString( auto const untrustedManifest = base64_encode(makeManifestString(
randomMasterKey(), randomMasterKey(),

2
src/xrpld/app/misc/ValidatorList.h
View File

@@ -877,7 +877,7 @@ private:
verify( verify(
lock_guard const&, lock_guard const&,
Json::Value& list, Json::Value& list,
std::string const& manifest, Manifest manifest,
std::string const& blob, std::string const& blob,
std::string const& signature); std::string const& signature);

40
src/xrpld/app/misc/detail/ValidatorList.cpp
View File

@@ -1149,21 +1149,33 @@ ValidatorList::applyList(
Json::Value list; Json::Value list;
auto const& manifest = localManifest ? *localManifest : globalManifest; auto const& manifest = localManifest ? *localManifest : globalManifest;
auto [result, pubKeyOpt] = verify(lock, list, manifest, blob, signature); auto m = deserializeManifest(base64_decode(manifest));
if (!m)
{
JLOG(j_.warn()) << "UNL manifest cannot be deserialized";
return PublisherListStats{ListDisposition::invalid};
}
auto [result, pubKeyOpt] =
verify(lock, list, std::move(*m), blob, signature);
if (!pubKeyOpt) if (!pubKeyOpt)
{ {
JLOG(j_.info()) << "ValidatorList::applyList unable to retrieve the " JLOG(j_.warn())
"master public key from the verify function\n"; << "UNL manifest is signed with an unrecognized master public key";
return PublisherListStats{result}; return PublisherListStats{result};
} }
if (!publicKeyType(*pubKeyOpt)) if (!publicKeyType(*pubKeyOpt))
{ { // LCOV_EXCL_START
JLOG(j_.info()) << "ValidatorList::applyList Invalid Public Key type" // This is an impossible situation because we will never load an
" retrieved from the verify function\n "; // invalid public key type (see checks in `ValidatorList::load`) however
// we can only arrive here if the key used by the manifest matched one of
// the loaded keys
UNREACHABLE(
"ripple::ValidatorList::applyList : invalid public key type");
return PublisherListStats{result}; return PublisherListStats{result};
} } // LCOV_EXCL_STOP
PublicKey pubKey = *pubKeyOpt; PublicKey pubKey = *pubKeyOpt;
if (result > ListDisposition::pending) if (result > ListDisposition::pending)
@@ -1356,19 +1368,17 @@ std::pair<ListDisposition, std::optional<PublicKey>>
ValidatorList::verify( ValidatorList::verify(
ValidatorList::lock_guard const& lock, ValidatorList::lock_guard const& lock,
Json::Value& list, Json::Value& list,
std::string const& manifest, Manifest manifest,
std::string const& blob, std::string const& blob,
std::string const& signature) std::string const& signature)
{ {
auto m = deserializeManifest(base64_decode(manifest)); if (!publisherLists_.count(manifest.masterKey))
if (!m || !publisherLists_.count(m->masterKey))
return {ListDisposition::untrusted, {}}; return {ListDisposition::untrusted, {}};
PublicKey masterPubKey = m->masterKey; PublicKey masterPubKey = manifest.masterKey;
auto const revoked = m->revoked(); auto const revoked = manifest.revoked();
auto const result = publisherManifests_.applyManifest(std::move(*m)); auto const result = publisherManifests_.applyManifest(std::move(manifest));
if (revoked && result == ManifestDisposition::accepted) if (revoked && result == ManifestDisposition::accepted)
{ {
@@ -1796,7 +1806,7 @@ ValidatorList::getAvailable(
if (!keyBlob || !publicKeyType(makeSlice(*keyBlob))) if (!keyBlob || !publicKeyType(makeSlice(*keyBlob)))
{ {
JLOG(j_.info()) << "Invalid requested validator list publisher key: " JLOG(j_.warn()) << "Invalid requested validator list publisher key: "
<< pubKey; << pubKey;
return {}; return {};
} }