Merge pull request #104 from OffchainLabs/mock_external_signer_

[NIT-2799] Add mock external signer

Author: Tristan-Wilson

.github/workflows/ci.yml

@@ -20,6 +20,7 @@ jobs:
         l3node: [l3node, l3node-token-6, no-l3node]
         tokenbridge: [tokenbridge, no-tokenbridge]
         simple: [simple, no-simple]
+        externalsigner: [externalsigner, no-externalsigner]
 
     steps:
       - name: Checkout
@@ -40,7 +41,7 @@ jobs:
           restore-keys: ${{ runner.os }}-buildx-
 
       - name: Startup Nitro testnode
-        run: ${{ github.workspace }}/.github/workflows/testnode.bash --init-force ${{ (matrix.l3node == 'l3node' && '--l3node') || (matrix.l3node == 'l3node-token-6' && '--l3node --l3-fee-token --l3-token-bridge --l3-fee-token-decimals 6') || '' }} ${{ matrix.tokenbridge == 'tokenbridge' && '--tokenbridge' || '--no-tokenbridge' }} --detach ${{ matrix.pos == 'pos' && '--pos' || '' }} --simple ${{ (matrix.simple == 'simple' && '--simple') || (matrix.simple == 'no-simple' && '--no-simple') || '' }}
+        run: ${{ github.workspace }}/.github/workflows/testnode.bash --init-force ${{ (matrix.l3node == 'l3node' && '--l3node') || (matrix.l3node == 'l3node-token-6' && '--l3node --l3-fee-token --l3-token-bridge --l3-fee-token-decimals 6') || '' }} ${{ matrix.tokenbridge == 'tokenbridge' && '--tokenbridge' || '--no-tokenbridge' }} --detach ${{ matrix.pos == 'pos' && '--pos' || '' }} --simple ${{ (matrix.simple == 'simple' && '--simple') || (matrix.simple == 'no-simple' && '--no-simple') || '' }} ${{ matrix.externalsigner == 'externalsigner' && '--externalsigner' || '' }}
 
   bold_upgrade:
     runs-on: ubuntu-8

docker-compose.yaml

@@ -397,6 +397,11 @@ services:
       - "das-mirror-data:/das-mirror"
     command:
 
+  externalsigner:
+    image: nitro-node-dev-testnode
+    entrypoint: /usr/local/bin/mockexternalsigner
+    command:
+
   das-committee-a:
     pid: host # allow debugging
     image: nitro-node-dev-testnode

scripts/config.ts

@@ -204,6 +204,21 @@ function writeConfigs(argv: any) {
                 "staker-interval": "10s",
                 "make-assertion-interval": "10s",
                 "strategy": "MakeNodes",
+                "data-poster": {
+                    "redis-signer": {
+                        "signing-key": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+                    },
+                    "wait-for-l1-finality": false,
+                    "external-signer": {
+                        "url": "",
+                        "address": "",
+                        "method": "eth_signTransaction",
+                        "root-ca": "",
+                        "client-cert": "",
+                        "client-private-key": "",
+                        "insecure-skip-verify": false
+                    }
+                }
             },
             "sequencer": false,
             "dangerous": {
@@ -237,7 +252,16 @@ function writeConfigs(argv: any) {
                     "redis-signer": {
                         "signing-key": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
                     },
-                    "wait-for-l1-finality": false
+                    "wait-for-l1-finality": false,
+                    "external-signer": {
+                        "url": "",
+                        "address": "",
+                        "method": "eth_signTransaction",
+                        "root-ca": "",
+                        "client-cert": "",
+                        "client-private-key": "",
+                        "insecure-skip-verify": false
+                    }
                 }
             },
             "block-validator": {
@@ -279,6 +303,27 @@ function writeConfigs(argv: any) {
 
     baseConfig.node["data-availability"]["sequencer-inbox-address"] = ethers.utils.hexlify(getChainInfo()[0]["rollup"]["sequencer-inbox"]);
 
+    if (argv.externalSignerUrl != "") {
+        baseConfig.node.staker["data-poster"]["external-signer"] = {
+            "url": argv.externalSignerUrl,
+            "address": argv.externalSignerAddress,
+            "method": argv.externalSignerMethod,
+            "root-ca": argv.externalSignerRootCA,
+            "client-cert": argv.externalSignerClientCert,
+            "client-private-key": argv.externalSignerClientPrivateKey,
+            "insecure-skip-verify": argv.externalSignerInsecureSkipVerify
+        }
+        baseConfig.node["batch-poster"]["data-poster"]["external-signer"] = {
+            "url": argv.externalSignerUrl,
+            "address": argv.externalSignerAddress,
+            "method": argv.externalSignerMethod,
+            "root-ca": argv.externalSignerRootCA,
+            "client-cert": argv.externalSignerClientCert,
+            "client-private-key": argv.externalSignerClientPrivateKey,
+            "insecure-skip-verify": argv.externalSignerInsecureSkipVerify
+        }
+    }
+
     const baseConfJSON = JSON.stringify(baseConfig)
 
     if (argv.simple) {
@@ -541,6 +586,41 @@ export const writeConfigCommand = {
             describe: "DAS committee member B BLS pub key",
             default: ""
         },
+        externalSignerUrl: {
+            string: true,
+            describe: "external signer URL",
+            default: ""
+        },
+        externalSignerAddress: {
+            string: true,
+            describe: "external signer address",
+            default: ""
+        },
+        externalSignerMethod: {
+            string: true,
+            describe: "external signer method",
+            default: ""
+        },
+        externalSignerRootCA: {
+            string: true,
+            describe: "external signer root CA",
+            default: ""
+        },
+        externalSignerClientCert: {
+            string: true,
+            describe: "external signer client cert",
+            default: ""
+        },
+        externalSignerClientPrivateKey: {
+            string: true,
+            describe: "external signer client private key",
+            default: ""
+        },
+        externalSignerInsecureSkipVerify: {
+            boolean: true,
+            describe: "external signer insecure skip verify",
+            default: false
+        }
 
       },
     handler: (argv: any) => {

test-node.bash

@@ -59,6 +59,7 @@ devprivkey=b6b15c8cb491557369f3c7d2c287b053eb229daa9c22138887752191c9520659
 l1chainid=1337
 simple=true
 l2anytrust=false
+externalsigner=false
 
 # Use the dev versions of nitro/blockscout
 dev_nitro=false
@@ -251,6 +252,10 @@ while [[ $# -gt 0 ]]; do
             l2anytrust=true
             shift
             ;;
+         --externalsigner)
+            externalsigner=true
+            shift
+            ;;
         --redundantsequencers)
             simple=false
             redundantsequencers=$2
@@ -508,13 +513,21 @@ if $l2anytrust; then
     fi
 fi
 
+externalsignerConfigLine=""
+
+if $externalsigner; then
+    echo == Generating External Signer Config
+    sequencerPrivateKey=$(docker compose run scripts print-private-key --account sequencer | tail -n 1 | tr -d '\r\n')
+    externalsignerConfigLine=$(docker compose run --entrypoint sh externalsigner "$sequencerPrivateKey")
+fi
+
 if $force_init; then
     if $simple; then
         echo == Writing configs
-        docker compose run scripts write-config --simple $anytrustNodeConfigLine
+        docker compose run scripts write-config --simple $anytrustNodeConfigLine $externalsignerConfigLine
     else
         echo == Writing configs
-        docker compose run scripts write-config $anytrustNodeConfigLine
+        docker compose run scripts write-config $anytrustNodeConfigLine $externalsignerConfigLine
 
         echo == Initializing redis
         docker compose up --wait redis