Create a bundle auditing tool (endo unbundle) #1656
Assignees
Labels
kriskowal-review-2024-01
Issues that kriskowal wants to bring to the attention of the team for review as of January, 2024
Comments
|
I prototyped a web-based tool for exploring bundles after they are put on chain: |
kriskowal
added
the
kriskowal-review-2024-01
kriskowal
changed the title
|
stretch goal: bundle diff... it would be nice if I went from marshal 0.6.1 to 0.6.2, it told me what the differences are, rather than saying "only in b2: 0.6.2" |
|
More motivation:
|
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
I just discovered:
|
|
Here’s an “endo unbundle” implementation that will work on Mac. function undo() {
mkdir -p "$1" && jq -r .endoZipBase64 | base64 -d | tar xC "$1"
}Usage: undo bundle < bundle.json |
mergify bot
added a commit
to Agoric/agoric-sdk
that referenced
this issue
Jun 17, 2024
refs: #1656 ## Description Spike on endojs/endo#1656 @kriskowal , similar to https://github.com/Agoric/agoric-sdk/discussions/8416 @dckc Makes the core-eval metadata available to `agoric run` so it can report more to the user. cc @michaelfig Adds a `--verbose` flag to report: <img width="687" alt="Screenshot 2024-06-13 at 1 46 28 PM" src="https://github.com/Agoric/agoric-sdk/assets/21505/b76b4d14-2fbd-45c2-b7a5-d94f964f2461"> Also a `scripts/stat-bundle.js` to stat a known bundle path. ### Security Considerations ### Scaling Considerations ### Documentation Considerations ### Testing Considerations ### Upgrade Considerations
mhofman
pushed a commit
to Agoric/agoric-sdk
that referenced
this issue
Jun 20, 2024
refs: #1656 ## Description Spike on endojs/endo#1656 @kriskowal , similar to #8416 @dckc Makes the core-eval metadata available to `agoric run` so it can report more to the user. cc @michaelfig Adds a `--verbose` flag to report: <img width="687" alt="Screenshot 2024-06-13 at 1 46 28 PM" src="https://github.com/Agoric/agoric-sdk/assets/21505/b76b4d14-2fbd-45c2-b7a5-d94f964f2461"> Also a `scripts/stat-bundle.js` to stat a known bundle path. ### Security Considerations ### Scaling Considerations ### Documentation Considerations ### Testing Considerations ### Upgrade Considerations
mhofman
pushed a commit
to Agoric/agoric-sdk
that referenced
this issue
Jun 22, 2024
refs: #1656 ## Description Spike on endojs/endo#1656 @kriskowal , similar to #8416 @dckc Makes the core-eval metadata available to `agoric run` so it can report more to the user. cc @michaelfig Adds a `--verbose` flag to report: <img width="687" alt="Screenshot 2024-06-13 at 1 46 28 PM" src="https://github.com/Agoric/agoric-sdk/assets/21505/b76b4d14-2fbd-45c2-b7a5-d94f964f2461"> Also a `scripts/stat-bundle.js` to stat a known bundle path. ### Security Considerations ### Scaling Considerations ### Documentation Considerations ### Testing Considerations ### Upgrade Considerations
This was referenced Aug 16, 2024
mergify bot
added a commit
to Agoric/agoric-sdk
that referenced
this issue
Aug 31, 2024
refs: #9900 ## Description This uses the new `--elide-comments` option in Endo bundle-source to… elide comments. Always. Measured with: ``` cd a3p-integration rm -f **/b1-*.json* yarn build:submissions du -csh **/b1-*.json gzip **/b1-*.json du -csh **/b1-*.json.gz ``` Before: 26M (6.7M gz) After: 19M (4.1M gz) ### Security Considerations No change in runtime. Does affect code auditability. Existing bundles are base64 encoded so readers will have to find the sources anyway. Either way we will need to invest in special tooling: endojs/endo#1656 ### Scaling Considerations reduces on-chain storage ### Documentation Considerations End users who base64 decode the on-chain bundles will no longer see comments… I don't expect anyone was doing this. ### Testing Considerations existing coverage ### Upgrade Considerations won't affect any existing deployments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For the purposes of verifying the content and integrity of a bundle, as motivated by the need to audit governance proposals with Agoric chains, we need a tool that can verify the integrity of a bundle and extract it to the file system so an auditor can inspect the full working set of sources, without the distraction of adjacent files from the original source tree, notably in the absence of source maps.
Currently, we have
@endo/check-packagewhich provides the implementation of the integrity check. We also have most of the tools necessary for extraction between@endo/zipandJSON.parse. We just need a CLI veneer. That could be anendo subcommand.This would be a substitute for the manual advice for validating a bundle:
jq -r .moduleFormat bundle.jsonisendoZipBase64jq -r .endoZipBase64 bundle.json | base64 -d > bundle.zip(or the governance proposal can just refer to a zip file, or even a tarball)unzip bundle.zipsha512sum compartmetn-map.jsonmust match the proposed bundle identifier!compartment-map.json, every module description must include asha512that matches thesha512sumof the corresponding.js.pre.jsonmodule file.jq -r '.__syncModuleProgram__' compartment/module.pre.js.jsonThe text was updated successfully, but these errors were encountered: