From bd86f0d2fa38837f311f8e9fbdbd1214b5c714df Mon Sep 17 00:00:00 2001 From: ASuciuX Date: Mon, 13 May 2024 16:26:51 +0300 Subject: [PATCH 1/6] warn for not using local stacks node with the signer --- stacks-signer/src/main.rs | 11 +++++++++-- stacks-signer/src/runloop.rs | 1 + 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/stacks-signer/src/main.rs b/stacks-signer/src/main.rs index 9d6f9c2931..14bea4d8f5 100644 --- a/stacks-signer/src/main.rs +++ b/stacks-signer/src/main.rs @@ -35,10 +35,10 @@ use clap::Parser; use clarity::vm::types::QualifiedContractIdentifier; use libsigner::{RunningSigner, Signer, SignerEventReceiver, SignerSession, StackerDBSession}; use libstackerdb::StackerDBChunkData; -use slog::{slog_debug, slog_info}; +use slog::{slog_debug, slog_info, slog_warn}; use stacks_common::util::hash::to_hex; use stacks_common::util::secp256k1::{MessageSignature, Secp256k1PublicKey}; -use stacks_common::{debug, info}; +use stacks_common::{debug, info, warn}; use stacks_signer::cli::{ Cli, Command, GenerateStackingSignatureArgs, GetChunkArgs, GetLatestChunkArgs, PutChunkArgs, RunSignerArgs, StackerDBArgs, @@ -81,6 +81,13 @@ fn write_chunk_to_stdout(chunk_opt: Option>) { fn spawn_running_signer(path: &PathBuf) -> SpawnedSigner { let config = GlobalConfig::try_from(path).unwrap(); let endpoint = config.endpoint; + // TODO: check if config.node_host is in a given list of possible local hosts and only if it now, then display the message? + warn!( + "The signer is primarily designed for use with a local stacks node. + It's important to exercise caution if you are communicating with an external node, + as this could potentially expose sensitive data or functionalities to security risks + if additional proper security checks are not in place." + ); info!("Starting signer with config: {}", config); let (cmd_send, cmd_recv) = channel(); let (res_send, res_recv) = channel(); diff --git a/stacks-signer/src/runloop.rs b/stacks-signer/src/runloop.rs index 905b4f307c..bc544337a6 100644 --- a/stacks-signer/src/runloop.rs +++ b/stacks-signer/src/runloop.rs @@ -121,6 +121,7 @@ impl From for RunLoop { /// Creates new runloop from a config fn from(config: GlobalConfig) -> Self { let stacks_client = StacksClient::from(&config); + // TODO: or insert the warn related to stacks-node used by the stacks-signer here? Self { config, stacks_client, From 26e5570f343990703fea69c9977a154642653588 Mon Sep 17 00:00:00 2001 From: ASuciuX Date: Tue, 14 May 2024 01:38:20 +0300 Subject: [PATCH 2/6] removes annotations and keep warn as 1 displayed line --- stacks-signer/src/main.rs | 9 ++++----- stacks-signer/src/runloop.rs | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/stacks-signer/src/main.rs b/stacks-signer/src/main.rs index 14bea4d8f5..4ecbc12ae6 100644 --- a/stacks-signer/src/main.rs +++ b/stacks-signer/src/main.rs @@ -81,12 +81,11 @@ fn write_chunk_to_stdout(chunk_opt: Option>) { fn spawn_running_signer(path: &PathBuf) -> SpawnedSigner { let config = GlobalConfig::try_from(path).unwrap(); let endpoint = config.endpoint; - // TODO: check if config.node_host is in a given list of possible local hosts and only if it now, then display the message? warn!( - "The signer is primarily designed for use with a local stacks node. - It's important to exercise caution if you are communicating with an external node, - as this could potentially expose sensitive data or functionalities to security risks - if additional proper security checks are not in place." + "The signer is primarily designed for use with a local stacks node. \ + It's important to exercise caution if you are communicating with an external node, \ + as this could potentially expose sensitive data or functionalities to security risks \ + if additional proper security checks are not integrated in place." ); info!("Starting signer with config: {}", config); let (cmd_send, cmd_recv) = channel(); diff --git a/stacks-signer/src/runloop.rs b/stacks-signer/src/runloop.rs index bc544337a6..905b4f307c 100644 --- a/stacks-signer/src/runloop.rs +++ b/stacks-signer/src/runloop.rs @@ -121,7 +121,6 @@ impl From for RunLoop { /// Creates new runloop from a config fn from(config: GlobalConfig) -> Self { let stacks_client = StacksClient::from(&config); - // TODO: or insert the warn related to stacks-node used by the stacks-signer here? Self { config, stacks_client, From 6e373a10603114d693f41d221ed5041a79de24de Mon Sep 17 00:00:00 2001 From: ASuciuX Date: Tue, 14 May 2024 18:11:25 +0300 Subject: [PATCH 3/6] update message as reminder --- stacks-signer/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stacks-signer/src/main.rs b/stacks-signer/src/main.rs index 4ecbc12ae6..8ce737308d 100644 --- a/stacks-signer/src/main.rs +++ b/stacks-signer/src/main.rs @@ -82,7 +82,7 @@ fn spawn_running_signer(path: &PathBuf) -> SpawnedSigner { let config = GlobalConfig::try_from(path).unwrap(); let endpoint = config.endpoint; warn!( - "The signer is primarily designed for use with a local stacks node. \ + "Reminder: The signer is primarily designed for use with a local or subnet network stacks node. \ It's important to exercise caution if you are communicating with an external node, \ as this could potentially expose sensitive data or functionalities to security risks \ if additional proper security checks are not integrated in place." From b18e6601c246f4cc687bde30646fd42b6ac7767f Mon Sep 17 00:00:00 2001 From: ASuciuX Date: Fri, 17 May 2024 16:29:31 +0300 Subject: [PATCH 4/6] add link to documentation --- stacks-signer/src/main.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stacks-signer/src/main.rs b/stacks-signer/src/main.rs index 8ce737308d..0b5f767e00 100644 --- a/stacks-signer/src/main.rs +++ b/stacks-signer/src/main.rs @@ -85,7 +85,8 @@ fn spawn_running_signer(path: &PathBuf) -> SpawnedSigner { "Reminder: The signer is primarily designed for use with a local or subnet network stacks node. \ It's important to exercise caution if you are communicating with an external node, \ as this could potentially expose sensitive data or functionalities to security risks \ - if additional proper security checks are not integrated in place." + if additional proper security checks are not integrated in place. \ + For more information, check [the documentation here](https://docs.stacks.co/nakamoto-upgrade/signing-and-stacking/faq#what-should-the-networking-setup-for-my-signer-look-like)." ); info!("Starting signer with config: {}", config); let (cmd_send, cmd_recv) = channel(); From b1c08162711277cd408745ee6aae0d619ea5f9d3 Mon Sep 17 00:00:00 2001 From: ASuciuX Date: Fri, 17 May 2024 17:09:32 +0300 Subject: [PATCH 5/6] update to latest dev with warn signer network --- stacks-signer/src/v1/mod.rs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/stacks-signer/src/v1/mod.rs b/stacks-signer/src/v1/mod.rs index 7c2477cf2d..4d02ea4258 100644 --- a/stacks-signer/src/v1/mod.rs +++ b/stacks-signer/src/v1/mod.rs @@ -25,8 +25,8 @@ use std::sync::mpsc::{channel, Receiver, Sender}; use libsigner::v1::messages::SignerMessage; use libsigner::SignerEventReceiver; -use slog::slog_info; -use stacks_common::info; +use slog::{slog_info, slog_warn}; +use stacks_common::{info, warn}; use wsts::state_machine::OperationResult; use crate::config::GlobalConfig; @@ -53,6 +53,14 @@ pub struct SpawnedSigner { impl From for SpawnedSigner { fn from(config: GlobalConfig) -> Self { let endpoint = config.endpoint; + warn!( + "Reminder: The signer is primarily designed for use with a local or subnet network stacks node. \ + It's important to exercise caution if you are communicating with an external node, \ + as this could potentially expose sensitive data or functionalities to security risks \ + if additional proper security checks are not integrated in place. \ + For more information, check \ + [the documentation here](https://docs.stacks.co/nakamoto-upgrade/signing-and-stacking/faq#what-should-the-networking-setup-for-my-signer-look-like)." + ); info!("Starting signer with config: {}", config); let (cmd_send, cmd_recv) = channel(); let (res_send, res_recv) = channel(); From 396bf427eca25ddbfdfaf1ac927406a92851d78c Mon Sep 17 00:00:00 2001 From: ASuciuX Date: Fri, 17 May 2024 17:17:27 +0300 Subject: [PATCH 6/6] update link, no markdown supported on stderr out --- stacks-signer/src/v1/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stacks-signer/src/v1/mod.rs b/stacks-signer/src/v1/mod.rs index 4d02ea4258..21e7be7e73 100644 --- a/stacks-signer/src/v1/mod.rs +++ b/stacks-signer/src/v1/mod.rs @@ -58,8 +58,8 @@ impl From for SpawnedSigner { It's important to exercise caution if you are communicating with an external node, \ as this could potentially expose sensitive data or functionalities to security risks \ if additional proper security checks are not integrated in place. \ - For more information, check \ - [the documentation here](https://docs.stacks.co/nakamoto-upgrade/signing-and-stacking/faq#what-should-the-networking-setup-for-my-signer-look-like)." + For more information, check the documentation at \ + https://docs.stacks.co/nakamoto-upgrade/signing-and-stacking/faq#what-should-the-networking-setup-for-my-signer-look-like." ); info!("Starting signer with config: {}", config); let (cmd_send, cmd_recv) = channel();