Skip to content

Commit

Permalink
Merge pull request #6921 from cosmos/backport/v0.39.x
Browse files Browse the repository at this point in the history
Release v0.39.1
  • Loading branch information
Alessio Treglia authored Aug 11, 2020
2 parents 89ceb62 + 3e263c8 commit 6a624c3
Show file tree
Hide file tree
Showing 21 changed files with 1,090 additions and 290 deletions.
9 changes: 8 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ Ref: https://keepachangelog.com/en/1.0.0/

# Changelog

## [v0.39.1]

* (x/auth) [\#6861](https://github.com/cosmos/cosmos-sdk/pull/6861) Remove public key Bech32 encoding for all account types for JSON serialization, instead relying on direct Amino encoding. In addition, JSON serialization utilizes Amino instead of the Go stdlib, so integers are treated as strings.
* (client) [\#6853](https://github.com/cosmos/cosmos-sdk/pull/6853) Add --unsafe-cors flag.

## [v0.39.0]

### Improvements
Expand Down Expand Up @@ -2949,7 +2954,9 @@ BUG FIXES:

<!-- Release links -->

[Unreleased]: https://github.com/cosmos/cosmos-sdk/compare/v0.38.2...HEAD
[Unreleased]: https://github.com/cosmos/cosmos-sdk/compare/v0.39.1...HEAD
[v0.39.1]: https://github.com/cosmos/cosmos-sdk/releases/tag/v0.39.1
[v0.39.0]: https://github.com/cosmos/cosmos-sdk/releases/tag/v0.39.0
[v0.38.2]: https://github.com/cosmos/cosmos-sdk/releases/tag/v0.38.2
[v0.38.1]: https://github.com/cosmos/cosmos-sdk/releases/tag/v0.38.1
[v0.38.0]: https://github.com/cosmos/cosmos-sdk/releases/tag/v0.38.0
Expand Down
135 changes: 12 additions & 123 deletions RELEASE_NOTES.md
Original file line number Diff line number Diff line change
@@ -1,131 +1,20 @@
# Cosmos SDK v0.39.0 Release Notes
# Cosmos SDK v0.39.1 Release Notes

This is the inaugural release of the **Cosmos SDK 0.39 «Launchpad»** release series.
This release fixes the [issue affecting the accounts migration](https://github.com/cosmos/cosmos-sdk/issues/6828) from v0.38 to v0.39.

See the [Cosmos SDK 0.39.0 milestone](https://github.com/cosmos/cosmos-sdk/milestone/27?closed=1) on our issue tracker for details.
See the [Cosmos SDK 0.39.1 milestone](https://github.com/cosmos/cosmos-sdk/milestone/29?closed=1) on our issue tracker for details.

## Changes to IAVL and store pruning
## Remove custom JSON serialization for account types

The pruning features introduced in the `0.38` release series are buggy and might lead to data loss,
even after upgrading to `v0.39.0`. When upgrading from `0.38` it is important to follow the instructions
below, to prevent data loss and database corruption.
Account types JSON serialization has now changed to Amino. Changes are significant (e.g. integers are treated
as strings) thus it is required to migrate the exported state of an application before restarting the node
with a more recent version of the Cosmos SDK.

**Note: there are are several breaking changes with regard to IAVL, stores, and pruning settings that affect command line clients, server configuration, and Golang API.**
## REST server's --unsafe-cors mode

### Migrate an application from 0.38.5 to 0.39.0
This a UX improvement [back ported from master](https://github.com/cosmos/cosmos-sdk/pull/6853) that allows developers to disable CORS
restrictions during app development and testing by passing the `--unsafe-cors` option to the client's `rest-server` command.

The IAVL's `v0.13.0` release introduced a pruning functionality that turned out to be buggy and flawed.
IAVL's new `v0.14.0` release now commits and flushes every state to disk as it did in pre-`v0.13.0` release.
The SDK's multi-store will track and ensure the proper heights are pruned. The operator can now set the pruning
options by passing a `pruning` configuration via command line option or `app.toml`. The `pruning` flag supports the following
options: `default`, `everything`, `nothing`, `custom` - see docs for further details. If the operator chooses `custom`, they
may want to provide either of the granular pruning values:
- `pruning-keep-recent`
- `pruning-keep-every`
- `pruning-interval`
## Tendermint 0.33.7

The former two options dictate how many recent versions are kept on disk and the offset of what versions are kept after that
respectively, and the latter defines the height interval in which versions are deleted in a batch. **Note: there are are some
client application breaking changes with regard to IAVL, stores, and pruning settings.** An example patch follows:

```patch
From 5884171ba73c3054e98564c39adc9cbbab8d4646 Mon Sep 17 00:00:00 2001
From: Alessio Treglia <[email protected]>
Date: Tue, 14 Jul 2020 14:54:19 +0100
Subject: [PATCH 2/4] use new pruning options

---
cmd/cnd/main.go | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cmd/cnd/main.go b/cmd/cnd/main.go
index b0c86f4a..4a3a8518 100644
--- a/cmd/cnd/main.go
+++ b/cmd/cnd/main.go
@@ -23,7 +23,6 @@ import (
comgenutilcli "github.com/commercionetwork/commercionetwork/x/genutil/client/cli"
"github.com/cosmos/cosmos-sdk/baseapp"
"github.com/cosmos/cosmos-sdk/server"
- "github.com/cosmos/cosmos-sdk/store"
genutilcli "github.com/cosmos/cosmos-sdk/x/genutil/client/cli"
"github.com/cosmos/cosmos-sdk/x/staking"
)
@@ -87,9 +86,14 @@ func main() {
}

func newApp(logger log.Logger, db dbm.DB, traceStore io.Writer) abci.Application {
+ pruningOpts, err := server.GetPruningOptionsFromFlags()
+ if err != nil {
+ panic(err)
+ }
+
return app.NewCommercioNetworkApp(
logger, db, traceStore, true, invCheckPeriod,
- baseapp.SetPruning(store.NewPruningOptionsFromString(viper.GetString("pruning"))),
+ baseapp.SetPruning(pruningOpts),
baseapp.SetMinGasPrices(viper.GetString(server.FlagMinGasPrices)),
baseapp.SetHaltHeight(uint64(viper.GetInt(server.FlagHaltHeight))),
)
```

### Migrate a node from 0.38.5 to 0.39.0

Note: **do not modify pruning settings with any release prior to `v0.39.0` as that may cause data corruption**.

The following instructions assume that **pruning settings have not been modified since the node started using 0.38.x. Note: the default pruning setting `syncable` used `KeepEvery:100`.

#### Chain Hard Fork (also know as The Tested Upgrade Path)

This strategy entails performing a hard fork of your chain.
It takes time, coordination and a few technical steps that the validators of the network must follow. Note: a software upgrade guide for `gaia`, the application that powers the Cosmos Hub, is [available too](https://hub.cosmos.network/master/gaia-tutorials/upgrade-node.html). It contains detailed instructions on how to upgrade network nodes that apply to the vast majority of Cosmos SDK applications.

In preparation of the upgrade, you need to export the current state. This operation should be be performed on one node:

* Stop the node and export the current state, e.g.: `appd export --for-zero-height > export_genesis.json`.
* Manually replace the chain id and genesis time fields in `export_genesis.json` with the values that the network had agreed upon.

Follow these steps to perform the upgrade:

* Make a backup copy of the old `genesis.json` file in your server application's config directory (e.g. `$HOME/.appd/config/genesis.json`) and replace it with `export_genesis.json`. Note: do rename `export_genesis.json` to `genesis.json`.
* Replace the old binary with the new one and restart the service using the new binary.

#### Alternative strategies

Alternatively, you can follow *one of* the following strategies:

* Replace the application server's binary and perform a full sync of the node from scratch.

* If your node had started with using `KeepEvery:1` (e.g. pruning settings `nothing` or `everything`), upgrading to `v0.39.0` should be simple and safe.

* Do halt block processing with `--halt-height` after committing a height divisible by `KeepEvery` - e.g. at block 147600 with `KeepEvery:100`. The **node must never have processed a height beyond that at any time in its past**. Upgrading to `v0.39.0` is then safe.

* Set the `KeepEvery` setting to the same as the previous `KeepEvery` setting (both `<=v0.38.5` and `v0.39.0` default to `KeepEvery:100`). Upgrade to `v0.39.0` is then safe as long as you wait one `KeepEvery` interval plus one `KeepRecent` interval **plus** one pruning `Interval` before changing pruning settings or deleting the last `<=v0.38.5` height (so wait *210* heights with the default configuration).

* Otherwise, make sure the last version persisted with `<=v0.38.5` is never deleted after upgrading to `v0.39.0`, as doing so may cause data loss and data corruption.

## Regression in the signature verification when multiple transactions in the same block are sent from the same account

When multiple transactions in the same block are sent (and correctly signed) by the same account, chances are that some of them could be rejected and the error `unauthorized: signature verification failed` would be returned due to the account's sequence (*nonce*) getting stuck and not being incremented by the ante handler. This behaviour was [a regression](https://github.com/cosmos/cosmos-sdk/issues/6287) introduced in the `v0.38` release series, it did not occur in the `v0.37` release series and is now fixed in this release.

## Changes to ABCI Query's "app/simulate" path

The `app/simulate` query path is used to simulate the execution transactions in order to obtain an estimate
of the gas consumption that would be required to actually execute them. The response used to return only
the amount of gas, it now returns the result of the transaction as well.

## bank.send event comes with sender information

The `bank.send` event used to carry only the recipient and amount. It was assumed that the sender of the funds was `message.sender`.
This is often not true when a module call the bank keeper directly. This may be due to staking distribution, or via a cosmwasm contract that released funds (where I discovered the issue).

`bank.send` now contains the entire triple `(sender, recipient, amount)`.

## trace option is no longer ignored

The `--trace` option is reintroduced. It comes in very handy for debugging as it causes the full stack trace to be included in the ABCI error logs.

## appcli keys parse command didn't honor client application's bech32 prefixes

The `key parse` command ignored the application-specific address bech32
prefixes and used to return `cosmos*1`-prefixed addresses regardless
of the client application's configuration.
Tendermint 0.33.7 brings an important regression fix. Please refer to [this bug report](https://github.com/tendermint/tendermint/issues/5112) for more information.
2 changes: 2 additions & 0 deletions client/flags/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ const (
FlagKeyringBackend = "keyring-backend"
FlagPage = "page"
FlagLimit = "limit"
FlagUnsafeCORS = "unsafe-cors"
)

// LineBreak can be included in a command list to provide a blank line
Expand Down Expand Up @@ -141,6 +142,7 @@ func RegisterRestServerFlags(cmd *cobra.Command) *cobra.Command {
cmd.Flags().Uint(FlagMaxOpenConnections, 1000, "The number of maximum open connections")
cmd.Flags().Uint(FlagRPCReadTimeout, 10, "The RPC read timeout (in seconds)")
cmd.Flags().Uint(FlagRPCWriteTimeout, 10, "The RPC write timeout (in seconds)")
cmd.Flags().Bool(FlagUnsafeCORS, false, "Allows CORS requests from all domains. For development purposes only, use it at your own risk.")

return cmd
}
Expand Down
12 changes: 10 additions & 2 deletions client/lcd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"os"
"time"

"github.com/gorilla/handlers"
"github.com/gorilla/mux"
"github.com/rakyll/statik/fs"
"github.com/spf13/cobra"
Expand Down Expand Up @@ -46,7 +47,7 @@ func NewRestServer(cdc *codec.Codec) *RestServer {
}

// Start starts the rest server
func (rs *RestServer) Start(listenAddr string, maxOpen int, readTimeout, writeTimeout uint) (err error) {
func (rs *RestServer) Start(listenAddr string, maxOpen int, readTimeout, writeTimeout uint, cors bool) (err error) {
server.TrapSignal(func() {
err := rs.listener.Close()
rs.log.Error("error closing listener", "err", err)
Expand All @@ -68,7 +69,13 @@ func (rs *RestServer) Start(listenAddr string, maxOpen int, readTimeout, writeTi
),
)

return tmrpcserver.Serve(rs.listener, rs.Mux, rs.log, cfg)
var h http.Handler = rs.Mux
if cors {
allowAllCORS := handlers.CORS(handlers.AllowedHeaders([]string{"Content-Type"}))
h = allowAllCORS(h)
}

return tmrpcserver.Serve(rs.listener, h, rs.log, cfg)
}

// ServeCommand will start the application REST service as a blocking process. It
Expand All @@ -90,6 +97,7 @@ func ServeCommand(cdc *codec.Codec, registerRoutesFn func(*RestServer)) *cobra.C
viper.GetInt(flags.FlagMaxOpenConnections),
uint(viper.GetInt(flags.FlagRPCReadTimeout)),
uint(viper.GetInt(flags.FlagRPCWriteTimeout)),
viper.GetBool(flags.FlagUnsafeCORS),
)

return err
Expand Down
33 changes: 22 additions & 11 deletions docs/interfaces/rest.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ synopsis: "This document describes how to create a REST interface for an SDK **a

## Prerequisites {hide}

* [Query Lifecycle](./query-lifecycle.md) {prereq}
* [Application CLI](./cli.md) {prereq}
- [Query Lifecycle](./query-lifecycle.md) {prereq}
- [Application CLI](./cli.md) {prereq}

## Application REST Interface
## Application REST Interface

Building the REST Interface for an application is done by [aggregating REST Routes](#registering-routes) defined in the application's modules. This interface is served by a REST Server [REST server](#rest-server), which route requests and output responses in the application itself. The SDK comes with its own REST Server by default. To enable it, the `rest.ServeCommand` command needs to be added as a subcommand of the `rootCmd` in the `main()` function of the [CLI interface](./cli.md):

Expand All @@ -24,27 +24,27 @@ Users will then be able to use the application CLI to start a new REST server, a
appcli rest-server --chain-id <chainID> --trust-node
```

Note that if `trust-node` is set to `false`, the REST server will verify the query proof against the merkle root (contained in the block header).
Note that if `trust-node` is set to `false`, the REST server will verify the query proof against the merkle root (contained in the block header).

## REST Server

A REST Server is used to receive and route HTTP Requests, obtain the results from the application, and return a response to the user. The REST Server defined by the SDK `rest` package contains the following:

* **Router:** A router for HTTP requests. A new router can be instantiated for an application and used to match routes based on path, request method, headers, etc. The SDK uses the [Gorilla Mux Router](https://github.com/gorilla/mux).
* **CLIContext:** A [`CLIContext`](./query-lifecycle.md#clicontext) created for a user interaction.
* **Keybase:** A [Keybase](../basics/accounts.md#keybase) is a key manager.
* **Logger:** A logger from Tendermint `Log`, a log package structured around key-value pairs that allows logging level to be set differently for different keys. The logger takes `Debug()`, `Info()`, and `Error()`s.
* **Listener:** A [listener](https://golang.org/pkg/net/#Listener) from the net package.
- **Router:** A router for HTTP requests. A new router can be instantiated for an application and used to match routes based on path, request method, headers, etc. The SDK uses the [Gorilla Mux Router](https://github.com/gorilla/mux).
- **CLIContext:** A [`CLIContext`](./query-lifecycle.md#clicontext) created for a user interaction.
- **Keybase:** A [Keybase](../basics/accounts.md#keybase) is a key manager.
- **Logger:** A logger from Tendermint `Log`, a log package structured around key-value pairs that allows logging level to be set differently for different keys. The logger takes `Debug()`, `Info()`, and `Error()`s.
- **Listener:** A [listener](https://golang.org/pkg/net/#Listener) from the net package.

Of the five, the only attribute that application developers need interact with is the `router`: they need to add routes to it so that the REST server can properly handle queries. See the next section for more information on registering routes.
Of the five, the only attribute that application developers need interact with is the `router`: they need to add routes to it so that the REST server can properly handle queries. See the next section for more information on registering routes.

In order to enable the REST Server in an SDK application, the `rest.ServeCommand` needs to be added to the application's command-line interface. See the [above section](#application-rest-interface) for more information.

## Registering Routes

To include routes for each module in an application, the CLI must have some kind of function to register routes in its REST Server. This function is called `RegisterRoutes()`, and is utilized by the `ServeCommand` and must include routes for each of the application's modules. Since each module used by an SDK application implements a [`RegisterRESTRoutes`](../building-modules/module-interfaces.md#rest) function, application developers simply use the [Module Manager](../building-modules/module-manager.md) to call this function for each module (this is done in the [application's constructor](../basics/app-anatomy.md#constructor-function)).

At the bare minimum, a `RegisterRoutes()` function should use the SDK client package `RegisterRoutes()` function to be able to route RPC calls, and instruct the application Module Manager to call `RegisterRESTRoutes()` for all of its modules. This is done in the `main.go` file of the CLI (typically located in `./cmd/appcli/main.go`).
At the bare minimum, a `RegisterRoutes()` function should use the SDK client package `RegisterRoutes()` function to be able to route RPC calls, and instruct the application Module Manager to call `RegisterRESTRoutes()` for all of its modules. This is done in the `main.go` file of the CLI (typically located in `./cmd/appcli/main.go`).

```go
func registerRoutes(rs *rest.RestServer) {
Expand All @@ -58,3 +58,14 @@ This function is specific to the application and passed in to the `ServeCommand`
```go
rootCmd.AddCommand(rest.ServeCommand(cdc, registerRoutes))
```

## Cross-Origin Resource Sharing (CORS)

[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `unsafe_cors` flag that can be passed to the cmd to enable accepting cors from everyone.

```sh
gaiacli rest-server --chain-id=test \
--laddr=tcp://localhost:1317 \
--node tcp://localhost:26657 \
--trust-node=true --unsafe-cors
```
5 changes: 3 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ require (
github.com/cosmos/ledger-cosmos-go v0.11.1
github.com/gogo/protobuf v1.3.1
github.com/golang/mock v1.3.1-0.20190508161146-9fa652df1129
github.com/gorilla/mux v1.7.3
github.com/gorilla/handlers v1.4.2
github.com/gorilla/mux v1.7.4
github.com/hashicorp/golang-lru v0.5.4
github.com/mattn/go-isatty v0.0.12
github.com/pelletier/go-toml v1.6.0
Expand All @@ -27,7 +28,7 @@ require (
github.com/tendermint/crypto v0.0.0-20191022145703-50d29ede1e15
github.com/tendermint/go-amino v0.15.1
github.com/tendermint/iavl v0.14.0
github.com/tendermint/tendermint v0.33.6
github.com/tendermint/tendermint v0.33.7
github.com/tendermint/tm-db v0.5.1
google.golang.org/grpc v1.30.0 // indirect
gopkg.in/yaml.v2 v2.3.0
Expand Down
Loading

0 comments on commit 6a624c3

Please sign in to comment.