sirosfoundation
diff --git a/‎Makefile‎
Lines changed: 1 addition & 16 deletions b/‎Makefile‎
Lines changed: 1 addition & 16 deletions
diff --git a/‎dockerfiles/verifier.Dockerfile‎
Lines changed: 15 additions & 20 deletions b/‎dockerfiles/verifier.Dockerfile‎
Lines changed: 15 additions & 20 deletions
diff --git a/‎go.mod‎
Lines changed: 3 additions & 0 deletions b/‎go.mod‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎pkg/model/config.go‎
Lines changed: 9 additions & 0 deletions b/‎pkg/model/config.go‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎vendor/modules.txt‎
Lines changed: 4 additions & 2 deletions b/‎vendor/modules.txt‎
Lines changed: 4 additions & 2 deletions
@@ -394,22 +394,7 @@ ZK_DST := internal/verifier/zk
 ZK_LIB_DST := internal/verifier/zk/lib
 DOCKER_TAG_VERIFIER		:= docker.sunet.se/dc4eu/verifier:$(VERSION)
 
-# Fetch ZK libraries
-zk:
-	$(info Fetching Longfellow ZK)
-	mkdir -p build
-	if [ -d build/longfellow-zk ]; then \
-		cd build/longfellow-zk && git pull; \
-	else \
-		git clone https://github.com/google/longfellow-zk.git build/longfellow-zk; \
-	fi
-	rm -rf $(ZK_DST)
-	cp -r $(ZK_SRC) $(ZK_DST)
-	cp -r $(ZK_LIB_SRC) $(ZK_LIB_DST)
-	cp -r $(ZK_CERT_SRC) $(ZK_DST)
-
-
-docker-build-verifier: zk
+docker-build-verifier:
 	$(info Building Docker image 'verifier')
 	docker build -f dockerfiles/verifier.Dockerfile -t verifier .
 	docker tag verifier ${DOCKER_TAG_VERIFIER}
 
@@ -5,43 +5,38 @@
         clang cmake libssl-dev libzstd-dev libgtest-dev \
         libbenchmark-dev zlib1g-dev build-essential git
 
-    WORKDIR /app/vc/internal/verifier/zk
-    COPY ../internal/verifier/zk/lib ./lib
-    COPY ../internal/verifier/zk/lib/circuits/mdoc/circuits ./server/circuits/LONGFELLOW_V1
+    # 1. Clone the external dependency
+    RUN git clone https://github.com/google/longfellow-zk.git /tmp/longfellow-zk
 
+    WORKDIR /tmp/longfellow-zk
     RUN CXX=clang++ cmake -D CMAKE_BUILD_TYPE=Release -S lib -B build \
-        --install-prefix /app/vc/internal/verifier/zk/install && \
+        --install-prefix /usr/local/zk-install && \
         cd build && make -j$(nproc) install
 
     WORKDIR /app
     COPY . .
-    
-    
-    RUN find /app -name "mdoc_zk.h" && find /app -name "*.a"
+    # Ensure 'vendor' was created on host via `go mod vendor`
+    COPY vendor/ ./vendor/
 
     RUN --mount=type=cache,target=/root/.cache/go-build \
         CGO_ENABLED=1 \
-        CGO_CFLAGS="-I/app/vc/internal/verifier/zk/install/include" \
-        CGO_LDFLAGS="-L/app/vc/internal/verifier/zk/install/lib -lmdoc_static -lcrypto -lzstd -lstdc++" \
-        GOOS=linux GOARCH=amd64 \
-        go build -v -o /app/bin/vc_verifier ./cmd/verifier/main.go
-        
+        CGO_CFLAGS="-I/usr/local/zk-install/include" \
+        CGO_LDFLAGS="-L/usr/local/zk-install/lib -lmdoc_static -lcrypto -lzstd -lstdc++" \
+        go build -mod=vendor -v -o /app/bin/vc_verifier ./cmd/verifier/main.go
+    
     # --- Stage 2: Final Runtime Image ---
     FROM docker.sunet.se/dc4eu/verifier:latest
 
     USER root
     RUN apt update -y && apt install -y libssl3 libzstd1 zlib1g && rm -rf /var/lib/apt/lists/*
 
+    # Copy the binary
     COPY --from=builder /app/bin/vc_verifier /usr/local/bin/verifier
-    COPY --from=builder /app/vc/internal/verifier/zk/server/circuits /app/vc/internal/verifier/zk/circuits/
-    
-    COPY --from=builder /app/vc/internal/verifier/zk/install/lib /usr/local/lib/
-    COPY ../internal/verifier/zk/certs.pem /app/vc/internal/verifier/zk/certs.pem
+    COPY --from=builder /tmp/longfellow-zk/lib/circuits /app/vc/internal/verifier/zk/circuits/
 
+    # Copy compiled libraries
+    COPY --from=builder /usr/local/zk-install/lib /usr/local/lib/
     RUN ldconfig
 
-    
     WORKDIR /
-    
-    ENTRYPOINT ["/usr/local/bin/verifier"]
-    
+    ENTRYPOINT ["/usr/local/bin/verifier"]
@@ -64,6 +64,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	gorm.io/gorm v1.31.1
 	gotest.tools/v3 v3.5.2
+	proofs/server/v2 v2.0.0
 )
 
 require (
@@ -215,3 +216,5 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	nhooyr.io/websocket v1.8.17 // indirect
 )
+
+replace proofs/server/v2 => /tmp/longfellow-zk/reference/verifier-service/server
@@ -468,6 +468,15 @@ type Verifier struct {
 	CredentialDisplay CredentialDisplayConfig `yaml:"credential_display,omitempty"`
 	// Trust holds the trust evaluation configuration
 	Trust TrustConfig `yaml:"trust,omitempty"`
+	// ZKConfig is the longfellow-zk configuration
+	ZK ZKConfig `yaml:"zk" validate:"required"`
+}
+
+type ZKConfig struct {
+	// Note the envconfig tags - this is how the loader finds them!
+	CACertsPath  string `yaml:"ca_certs_path" envconfig:"VERIFIER_ZK_CA_CERTS" validate:"required"`
+	CircuitsPath string `yaml:"circuits_path" envconfig:"VERIFIER_ZK_CIRCUITS" validate:"required"`
+	LibPath      string `yaml:"lib_path" envconfig:"VERIFIER_ZK_LIB" validate:"required"`
 }
 
 // TrustConfig holds configuration for key resolution and trust evaluation via go-trust.
 
@@ -1196,5 +1196,7 @@ gotest.tools/v3/internal/assert
 gotest.tools/v3/internal/difflib
 gotest.tools/v3/internal/format
 gotest.tools/v3/internal/source
-# nhooyr.io/websocket v1.8.17
-## explicit; go 1.19
+# proofs/server/v2 v2.0.0 => /tmp/longfellow-zk/reference/verifier-service/server
+## explicit; go 1.24
+proofs/server/v2/zk
+# proofs/server/v2 => /tmp/longfellow-zk/reference/verifier-service/server
Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ require (`
`64`	`64`	`gopkg.in/yaml.v2 v2.4.0`
`65`	`65`	`gorm.io/gorm v1.31.1`
`66`	`66`	`gotest.tools/v3 v3.5.2`
	`67`	`+ proofs/server/v2 v2.0.0`
`67`	`68`	`)`
`68`	`69`
`69`	`70`	`require (`
`@@ -215,3 +216,5 @@ require (`
`215`	`216`	`gopkg.in/yaml.v3 v3.0.1 // indirect`
`216`	`217`	`nhooyr.io/websocket v1.8.17 // indirect`
`217`	`218`	`)`
	`219`	`+`
	`220`	`+replace proofs/server/v2 => /tmp/longfellow-zk/reference/verifier-service/server`