provision: default to fake provision dns name

Author: phlip9

common/src/cli.rs

@@ -209,7 +209,7 @@ pub struct ProvisionArgs {
 
     /// the DNS name the node enclave should include in its remote attestation
     /// certificate and the client will expect in its connection
-    #[argh(option, default = "String::from(\"localhost\")")]
+    #[argh(option, default = "String::from(\"provision.lexe.tech\")")]
     pub node_dns_name: String,
 
     /// protocol://host:port of the node backend.
@@ -231,7 +231,7 @@ impl Default for ProvisionArgs {
         Self {
             user_pk: UserPk::from_i64(1), // Test user
             machine_id: enclave::machine_id(),
-            node_dns_name: "localhost".to_owned(),
+            node_dns_name: "provision.lexe.tech".to_owned(),
             port: None,
             backend_url: DEFAULT_BACKEND_URL.to_owned(),
             runner_url: DEFAULT_RUNNER_URL.to_owned(),

common/src/root_seed.rs

@@ -115,9 +115,7 @@ impl RootSeed {
             .ckd_priv(&secp_ctx, child_number)
             .expect("should never fail")
             .private_key;
-        let node_key_pair = KeyPair::from_secret_key(&secp_ctx, node_sk);
-
-        node_key_pair
+        KeyPair::from_secret_key(&secp_ctx, node_sk)
     }
 
     #[cfg(test)]

node/src/lexe/persister.rs

@@ -19,7 +19,7 @@ use lightning::routing::scoring::{
 };
 use lightning::util::persist::Persister;
 use lightning::util::ser::{ReadableArgs, Writeable};
-use once_cell::sync::{Lazy, OnceCell};
+use once_cell::sync::Lazy;
 use tokio::runtime::{Builder, Handle, Runtime};
 use tracing::{debug, error};
 
@@ -321,14 +321,13 @@ impl InnerPersister {
 
 /// A Tokio runtime which can be used to run async closures in sync fns
 /// downstream of thread::spawn()
-static PERSISTER_RUNTIME: Lazy<OnceCell<Runtime>> = Lazy::new(|| {
+static PERSISTER_RUNTIME: Lazy<Runtime> = Lazy::new(|| {
     Builder::new_current_thread()
         .enable_io()
         // Because our reqwest::Client has a configured timeout
         .enable_time()
         .build()
         .unwrap()
-        .into()
 });
 
 /// This trait is defined in lightning::util::Persist.
@@ -369,8 +368,6 @@ impl<'a>
 
         // Run an async fn inside a sync fn downstream of thread::spawn()
         PERSISTER_RUNTIME
-            .get()
-            .unwrap()
             .block_on(async move { self.api.upsert_file(cm_file).await })
             .map(|_| ())
             .map_err(|api_err| {
@@ -397,8 +394,6 @@ impl<'a>
 
         // Run an async fn inside a sync fn downstream of thread::spawn()
         PERSISTER_RUNTIME
-            .get()
-            .unwrap()
             .block_on(async move { self.api.upsert_file(file).await })
             .map(|_| ())
             .map_err(|api_err| {
@@ -428,7 +423,7 @@ impl<'a>
             )
         };
 
-        PERSISTER_RUNTIME.get().unwrap().block_on(async move {
+        PERSISTER_RUNTIME.block_on(async move {
             self.api
                 .upsert_file(scorer_file)
                 .await

node/src/provision.rs

@@ -366,7 +366,12 @@ mod test {
     async fn test_provision() {
         logger::init_for_testing();
 
-        let args = ProvisionArgs::default();
+        let args = ProvisionArgs {
+            // we're not going through a proxy and can't change DNS resolution
+            // here (yet), so just bind cert to "localhost".
+            node_dns_name: "localhost".to_owned(),
+            ..ProvisionArgs::default()
+        };
         let user_pk = args.user_pk;
 
         let mut rng = SysRng::new();