Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: In keybase writeInfo, enforce one name for address #3221

Conversation

jefft0
Copy link
Contributor

@jefft0 jefft0 commented Nov 27, 2024

The Keybase interface was written with the assumption of a one-to-one correspondence between a key's name and address. But this needs to be enforced by the code. PR #2685 updated writeInfo for the case of inserting a new key (address) with the same name as an existing key with a different address. In this case, writeInfo uses the name to look up the existing address and deletes the address entry.

This PR does the same for the other case: Inserting a key with the same address as an existing key, but a new name. In this case, writeInfo uses the address to look up the existing key's name, and deletes the name entry.

This is not a breaking change because none of the production code expects to add a key a second time with the same address but a different name. We update the Keybase doc comments to this effect. However, some of the tests in keybase_test.go make this assumption, so this PR fixes them:

  • TestSignVerify creates a key with name n2 and exports its public key. It wants to re-import the public key with name n3 and get the public key to check that it is the same public key as n2. We change this test to re-import the public key into a fresh in-memory key store.
  • TestExportImportPubKey creates a key with name "john", exports its public key, then re-imports it with the new name "john-pubkey-only" (but the same address). The current test checks that the key can still be fetched under the old name "john". But this breaks the one-to-one correspondence of key name and address. So the test is changed to confirm that the key with the old name is replaced by the new name.
Contributors' checklist...
  • Added new tests, or not needed, or not feasible
  • Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory
  • Updated the official documentation or not needed
  • No breaking changes were made, or a BREAKING CHANGE: xxx message was included in the description
  • Added references to related issues and PRs
  • Provided any useful hints for running manual tests

@github-actions github-actions bot added the 📦 🌐 tendermint v2 Issues or PRs tm2 related label Nov 27, 2024
Copy link

codecov bot commented Nov 27, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

@jefft0 jefft0 added the review/triage-pending PRs opened by external contributors that are waiting for the 1st review label Nov 27, 2024
@jefft0 jefft0 removed the review/triage-pending PRs opened by external contributors that are waiting for the 1st review label Nov 27, 2024
@jefft0
Copy link
Contributor Author

jefft0 commented Nov 27, 2024

Removed the review/triage-pending label because core dev thehowl approved.

@zivkovicmilos zivkovicmilos merged commit f9c4f2a into gnolang:master Dec 6, 2024
99 checks passed
omarsy pushed a commit to TERITORI/gno that referenced this pull request Dec 7, 2024
The `Keybase` interface was written with the assumption of a one-to-one
correspondence between a key's name and address. But this needs to be
enforced by the code. PR gnolang#2685
updated `writeInfo` for the case of inserting a new key (address) with
the same name as an existing key with a different address. In this case,
`writeInfo` uses the name to look up the existing address and deletes
the address entry.

This PR does the same for the other case: Inserting a key with the same
address as an existing key, but a new name. In this case, `writeInfo`
uses the address to look up the existing key's name, and deletes the
name entry.

This is not a breaking change because none of the production code
expects to add a key a second time with the same address but a different
name. We update the `Keybase` doc comments to this effect. However, some
of the tests in keybase_test.go make this assumption, so this PR fixes
them:

* `TestSignVerify` creates a key with name n2 and exports its public
key. It wants to re-import the public key with name n3 and get the
public key to check that it is the same public key as n2. We change this
test to re-import the public key into a fresh in-memory key store.
* `TestExportImportPubKey` creates a key with name "john", exports its
public key, then re-imports it with the new name "john-pubkey-only" (but
the same address). The current test checks that the key can still be
fetched under the old name "john". But this breaks the one-to-one
correspondence of key name and address. So the test is changed to
confirm that the key with the old name is replaced by the new name.

<details><summary>Contributors' checklist...</summary>

- [x] Added new tests, or not needed, or not feasible
- [x] Provided an example (e.g. screenshot) to aid review or the PR is
self-explanatory
- [x] Updated the official documentation or not needed
- [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message
was included in the description
- [x] Added references to related issues and PRs
- [ ] Provided any useful hints for running manual tests
</details>

Signed-off-by: Jeff Thompson <[email protected]>
Villaquiranm pushed a commit to Villaquiranm/gno that referenced this pull request Dec 9, 2024
The `Keybase` interface was written with the assumption of a one-to-one
correspondence between a key's name and address. But this needs to be
enforced by the code. PR gnolang#2685
updated `writeInfo` for the case of inserting a new key (address) with
the same name as an existing key with a different address. In this case,
`writeInfo` uses the name to look up the existing address and deletes
the address entry.

This PR does the same for the other case: Inserting a key with the same
address as an existing key, but a new name. In this case, `writeInfo`
uses the address to look up the existing key's name, and deletes the
name entry.

This is not a breaking change because none of the production code
expects to add a key a second time with the same address but a different
name. We update the `Keybase` doc comments to this effect. However, some
of the tests in keybase_test.go make this assumption, so this PR fixes
them:

* `TestSignVerify` creates a key with name n2 and exports its public
key. It wants to re-import the public key with name n3 and get the
public key to check that it is the same public key as n2. We change this
test to re-import the public key into a fresh in-memory key store.
* `TestExportImportPubKey` creates a key with name "john", exports its
public key, then re-imports it with the new name "john-pubkey-only" (but
the same address). The current test checks that the key can still be
fetched under the old name "john". But this breaks the one-to-one
correspondence of key name and address. So the test is changed to
confirm that the key with the old name is replaced by the new name.

<details><summary>Contributors' checklist...</summary>

- [x] Added new tests, or not needed, or not feasible
- [x] Provided an example (e.g. screenshot) to aid review or the PR is
self-explanatory
- [x] Updated the official documentation or not needed
- [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message
was included in the description
- [x] Added references to related issues and PRs
- [ ] Provided any useful hints for running manual tests
</details>

Signed-off-by: Jeff Thompson <[email protected]>
r3v4s pushed a commit to gnoswap-labs/gno that referenced this pull request Dec 10, 2024
The `Keybase` interface was written with the assumption of a one-to-one
correspondence between a key's name and address. But this needs to be
enforced by the code. PR gnolang#2685
updated `writeInfo` for the case of inserting a new key (address) with
the same name as an existing key with a different address. In this case,
`writeInfo` uses the name to look up the existing address and deletes
the address entry.

This PR does the same for the other case: Inserting a key with the same
address as an existing key, but a new name. In this case, `writeInfo`
uses the address to look up the existing key's name, and deletes the
name entry.

This is not a breaking change because none of the production code
expects to add a key a second time with the same address but a different
name. We update the `Keybase` doc comments to this effect. However, some
of the tests in keybase_test.go make this assumption, so this PR fixes
them:

* `TestSignVerify` creates a key with name n2 and exports its public
key. It wants to re-import the public key with name n3 and get the
public key to check that it is the same public key as n2. We change this
test to re-import the public key into a fresh in-memory key store.
* `TestExportImportPubKey` creates a key with name "john", exports its
public key, then re-imports it with the new name "john-pubkey-only" (but
the same address). The current test checks that the key can still be
fetched under the old name "john". But this breaks the one-to-one
correspondence of key name and address. So the test is changed to
confirm that the key with the old name is replaced by the new name.

<details><summary>Contributors' checklist...</summary>

- [x] Added new tests, or not needed, or not feasible
- [x] Provided an example (e.g. screenshot) to aid review or the PR is
self-explanatory
- [x] Updated the official documentation or not needed
- [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message
was included in the description
- [x] Added references to related issues and PRs
- [ ] Provided any useful hints for running manual tests
</details>

Signed-off-by: Jeff Thompson <[email protected]>
albttx pushed a commit that referenced this pull request Jan 10, 2025
The `Keybase` interface was written with the assumption of a one-to-one
correspondence between a key's name and address. But this needs to be
enforced by the code. PR #2685
updated `writeInfo` for the case of inserting a new key (address) with
the same name as an existing key with a different address. In this case,
`writeInfo` uses the name to look up the existing address and deletes
the address entry.

This PR does the same for the other case: Inserting a key with the same
address as an existing key, but a new name. In this case, `writeInfo`
uses the address to look up the existing key's name, and deletes the
name entry.

This is not a breaking change because none of the production code
expects to add a key a second time with the same address but a different
name. We update the `Keybase` doc comments to this effect. However, some
of the tests in keybase_test.go make this assumption, so this PR fixes
them:

* `TestSignVerify` creates a key with name n2 and exports its public
key. It wants to re-import the public key with name n3 and get the
public key to check that it is the same public key as n2. We change this
test to re-import the public key into a fresh in-memory key store.
* `TestExportImportPubKey` creates a key with name "john", exports its
public key, then re-imports it with the new name "john-pubkey-only" (but
the same address). The current test checks that the key can still be
fetched under the old name "john". But this breaks the one-to-one
correspondence of key name and address. So the test is changed to
confirm that the key with the old name is replaced by the new name.

<details><summary>Contributors' checklist...</summary>

- [x] Added new tests, or not needed, or not feasible
- [x] Provided an example (e.g. screenshot) to aid review or the PR is
self-explanatory
- [x] Updated the official documentation or not needed
- [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message
was included in the description
- [x] Added references to related issues and PRs
- [ ] Provided any useful hints for running manual tests
</details>

Signed-off-by: Jeff Thompson <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
📦 🌐 tendermint v2 Issues or PRs tm2 related
Projects
Development

Successfully merging this pull request may close these issues.

3 participants