diff --git a/README.md b/README.md index ec655f764..f4f6e2c1b 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ Secret Network is secured by the SCRT coin (Secret), which is used for fees, sta - [Ledger Nano S and Ledger Nano X](/docs/ledger-nano-s.md) - [Math Wallet](https://mathwallet.org/web/enigma) +- [Kepler](https://wallet.keplr.app) # Implementation Discussions diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js index c1a555c6b..657a21ce5 100644 --- a/docs/.vuepress/config.js +++ b/docs/.vuepress/config.js @@ -28,13 +28,14 @@ module.exports = { ] }, { - title: 'App Developers', // required + title: 'Developers', // required path: '/dev/developers', // optional, link of the title, which should be an absolute path and must exist collapsable: true, // optional, defaults to true sidebarDepth: 0, // optional, defaults to 1 children: [ + '/secretcli', '/dev/contract-dev-guide', - '/secretcli' + '/dev/secret-js', ] }, { diff --git a/docs/.vuepress/public/images/docker-run.png b/docs/.vuepress/public/images/docker-run.png new file mode 100644 index 000000000..de109ca73 Binary files /dev/null and b/docs/.vuepress/public/images/docker-run.png differ diff --git a/docs/.vuepress/public/images/secretcli_keys_list.png b/docs/.vuepress/public/images/secretcli_keys_list.png new file mode 100644 index 000000000..5ae6fe992 Binary files /dev/null and b/docs/.vuepress/public/images/secretcli_keys_list.png differ diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md new file mode 100644 index 000000000..ee8c20d17 --- /dev/null +++ b/docs/CONTRIBUTING.md @@ -0,0 +1,84 @@ +# Contributing to Secret Network + +First of all, thanks for being here! Our intention is to be as transparent and collaborative as possible, and we hope you enjoy building secret contracts and secret apps. We are so grateful to the amazing people who make invaluable contributions to this open-source project and its ecosystem. + +The following is a set of guidelines for contributing to Secret Network and its resources, which are hosted in the [Enigma Organization](https://github.com/enigmampc) on GitHub. Use your best judgment, and feel free to propose changes to this document in a pull request. + +## How May I Contribute? + +### Follow the Code of Conduct + +This open-source project is governed by the [Secret Network Code of Conduct](https://github.com/enigmampc/SecretNetwork/blob/master/CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code. + +### Participate in the Community + +We have a [forum](https://forum.scrt.network) and a [wiki](https://learn.scrt.network), plus a [RocketChat](https://chat.scrt.network) where members of the community might offer helpful advice if you have ideas or questions. + +### Report Bugs + +This section walks you through submitting a bug report for Secret Network. Following these guidelines helps maintainers and other members of the community understand your report :pencil:, reproduce the behavior :computer:, and find related reports :mag_right:. + +Before creating bug reports, please check [this list](#before-submitting-a-bug-report) as you might find out that you don't need to create one. When you are creating a bug report, please [include as many details as possible](#how-do-i-submit-a-good-bug-report). Fill out [the required template](ISSUE_TEMPLATES/bug_report.md), the information it asks for helps us resolve issues faster. + +> **Note:** If you find a **Closed** issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one. + +#### Before Submitting A Bug Report + +* **Check [the FAQs](https://learn.scrt.network/questions)** for a list of commonly asked questions and our best answers. +* **Look through recent posts on [the forum](https://forum.scrt.network)** to see any relevant discussions. +* **Perform a [search](https://github.com/search?q=+is%3Aissue+user%3Aenigmampc)** to see if the problem has already been reported. + +#### How Do I Submit A (Good) Bug Report? + +Bugs are tracked as [GitHub issues](https://guides.github.com/features/issues/). After you've determined which repository the bug is related to, create an issue in that repository using [the template](ISSUE_TEMPLATES/bug_report.md). + +Explain the problem and include additional details to help maintainers reproduce the problem: + +* **Use a clear and descriptive title** for the issue to identify the problem. +* **Describe the exact steps which reproduce the problem** in as many details as possible. +* **Provide specific examples to demonstrate the steps**. Include links to files or GitHub projects, or copy/pasteable snippets, which you use in those examples. +* **Describe the behavior you observed after following the steps** and point out what exactly is the problem with that behavior. +* **Explain which behavior you expected to see instead and why.** +* **Include screenshots** which clearly demonstrate the problem. +* **If the problem wasn't triggered by a specific action**, describe what you were doing before the problem happened. + +### Suggest Enhancements + +This section guides you through submitting an enhancement suggestion for Secret Network, including completely new features and minor improvements to existing functionality. Following these guidelines helps maintainers and the community understand your suggestion :pencil: and find related suggestions :mag_right:. + +When you are creating your enhancement suggestion, please [include as many details as possible](#how-do-i-submit-a-good-enhancement-suggestion). Please use [this template](ISSUE_TEMPLATES/feature_request.md), including the steps that you would take if the feature existed. + +#### How Do I Submit A (Good) Enhancement Suggestion? + +Enhancement suggestions are tracked as [issues](https://guides.github.com/features/issues) in our [GitHub project boards](https://github.com/enigmampc/SecretNetwork/projects). Create an issue in [this repository](https://github.com/enigmampc/SecretNetwork) and follow these guidelines: + +* **Use a clear and descriptive title** for the issue to identify the suggestion. +* **Provide a step-by-step description of the suggested enhancement** with as many details of the benefits and requirements as possible. +* **Provide specific examples to demonstrate the steps**. Include snippets which you use in those examples, as [Markdown code blocks](https://help.github.com/articles/markdown-basics/#multiple-lines). +* **Describe the current behavior** and **explain which behavior you expected to see instead** and why. +* **Include screenshots** which help you demonstrate the steps or point out the relevant part of Secret Network that is affected. +* **Explain why this enhancement would be useful** to most Secret Network users and isn't something that can or should be implemented as a community project. + +### Your First Code Contribution + +Unsure where to begin contributing to Secret Network? + +You can start by looking through the [open issues labeled `help-wanted`](https://github.com/enigmampc/SecretNetwork/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22+). + +If you want to learn more about Secret Network and how to build secret contracts and secret apps, the [full documentation](https://build.scrt.network) is available online. You can find the source to the docs in [this repository](https://github.com/enigmampc/SecretNetwork/docs). + +### Submit Pull Requests + +The process described here has several goals: + +- Maintain Secret Network's quality. +- Fix problems that are important to users. +- Engage the community in working toward the best possible Secret Network. +- Enable a sustainable system for Secret Network's maintainers to review contributions. + +Please follow these steps to have your contribution considered by the maintainers: + +1. Choose from the list of [templates](PULL_REQUEST_TEMPLATES/PULL_REQUEST_TEMPLATE.md) and follow all instructions. +2. After you submit your pull request, verify that all [status checks](https://help.github.com/articles/about-status-checks) are passing. + +Keep in mind, the reviewer(s) may ask you to complete additional changes before your pull request can be accepted. \ No newline at end of file diff --git a/docs/ISSUE_TEMPLATES/bug_report.md b/docs/ISSUE_TEMPLATES/bug_report.md new file mode 100644 index 000000000..67e00f56d --- /dev/null +++ b/docs/ISSUE_TEMPLATES/bug_report.md @@ -0,0 +1,45 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + + + +### Prerequisites + +* [Ask questions in the RocketChat](https://chat.scrt.network) +* [Look through recent posts on the forum](https://forum.scrt.network) +* [Check issues that have already been filed](https://github.com/issues?utf8=✓&q=is%3Aissue+user%3Aenigmampc) + +### Description + + + +### Steps to Reproduce + +1. +2. +3. + +**Expected behavior:** + + + +**Actual behavior:** + + + +**Reproduces how often:** + + + +### Additional Information + + \ No newline at end of file diff --git a/docs/ISSUE_TEMPLATES/feature_request.md b/docs/ISSUE_TEMPLATES/feature_request.md new file mode 100644 index 000000000..5844396ce --- /dev/null +++ b/docs/ISSUE_TEMPLATES/feature_request.md @@ -0,0 +1,29 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + + + +## Summary + + + +## Motivation + + + +## Describe alternatives you've considered + + + +## Additional context + + \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATES/PULL_REQUEST_TEMPLATE.md b/docs/PULL_REQUEST_TEMPLATES/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 000000000..95553a02a --- /dev/null +++ b/docs/PULL_REQUEST_TEMPLATES/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,10 @@ +👋 Hello there! Welcome. Please follow the steps below to tell us about your contribution. + +1. Use the correct template for your contribution: + - 🐛 [Fixing a Bug](bug_fix.md) + - 📈 [Improving Performance](improve_performance.md) + - 📝 [Updating Documentation](update_docs.md) + - 💻 [Changing Functionality](change_functionality.md) +2. Replace text with the contents of the template +3. Fill in all sections of the template +4. Click "Create pull request" \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATES/bug_fix.md b/docs/PULL_REQUEST_TEMPLATES/bug_fix.md new file mode 100644 index 000000000..ced45b5e4 --- /dev/null +++ b/docs/PULL_REQUEST_TEMPLATES/bug_fix.md @@ -0,0 +1,49 @@ +### Requirements for Contributing a Bug Fix + +* Fill out the template below. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion. +* The pull request must only fix an existing bug. To contribute other changes, you must use a different template. You can see all templates [here](PULL_REQUEST_TEMPLATE.md). + +### Identify the Bug + + + +### Description of the Change + + + +### Alternate Designs + + + +### Possible Drawbacks + + + +### Verification Process + + + +### Release Notes + + \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATES/change_functionality.md b/docs/PULL_REQUEST_TEMPLATES/change_functionality.md new file mode 100644 index 000000000..9d50f4e02 --- /dev/null +++ b/docs/PULL_REQUEST_TEMPLATES/change_functionality.md @@ -0,0 +1,44 @@ +### Requirements for Adding, Changing, or Removing a Feature + +* Fill out the template below. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion. All templates [here](PULL_REQUEST_TEMPLATE.md). +* After you create the pull request, all status checks must pass before a maintainer reviews your contribution. + +### Description of the Change + + + +### Alternate Designs + + + +### Possible Drawbacks + + + +### Verification Process + + + +### Release Notes + + \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATES/improve_performance.md b/docs/PULL_REQUEST_TEMPLATES/improve_performance.md new file mode 100644 index 000000000..136a696d0 --- /dev/null +++ b/docs/PULL_REQUEST_TEMPLATES/improve_performance.md @@ -0,0 +1,46 @@ +### Requirements for Contributing a Performance Improvement + +* Fill out the template below. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion. +* The pull request must only affect performance of existing functionality. To contribute other changes, you must use a different template. You can see all templates [here](PULL_REQUEST_TEMPLATE.md). + +### Description of the Change + + + +### Quantitative Performance Benefits + + + +### Possible Drawbacks + + + +### Verification Process + + + +### Applicable Issues + + + +### Release Notes + + \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATES/update_docs.md b/docs/PULL_REQUEST_TEMPLATES/update_docs.md new file mode 100644 index 000000000..0b0671b24 --- /dev/null +++ b/docs/PULL_REQUEST_TEMPLATES/update_docs.md @@ -0,0 +1,22 @@ +### Requirements for Contributing Documentation + +* Fill out the template below. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion. +* The pull request must only contribute documentation (for example, markdown files or API docs). To contribute other changes, you must use a different template. You can see all templates [here](PULL_REQUEST_TEMPLATE.md). + +### Description of the Change + + + +### Release Notes + + \ No newline at end of file diff --git a/docs/compute-module.md b/docs/compute-module.md index e69de29bb..74cb657ac 100644 --- a/docs/compute-module.md +++ b/docs/compute-module.md @@ -0,0 +1,213 @@ +# Wasm Module + +This should be a brief overview of the functionality + +## Configuration + +You can add the following section to `config/app.toml`. Below is shown with defaults: + +```toml +[wasm] +# This is the maximum sdk gas (wasm and storage) that we allow for any x/compute "smart" queries +query_gas_limit = 300000 +# This is the number of wasm vm instances we keep cached in memory for speed-up +# Warning: this is currently unstable and may lead to crashes, best to keep for 0 unless testing locally +lru_size = 0 +``` + +## Events + +A number of events are returned to allow good indexing of the transactions from smart contracts. + +Every call to Instantiate or Execute will be tagged with the info on the contract that was executed and who executed it. +It should look something like this (with different addresses). The module is always `wasm`, and `code_id` is only present +when Instantiating a contract, so you can subscribe to new instances, it is omitted on Execute. There is also an `action` tag +which is auto-added by the Cosmos SDK and has a value of either `store-code`, `instantiate` or `execute` depending on which message +was sent: + +```json +{ + "Type": "message", + "Attr": [ + { + "key": "module", + "value": "wasm" + }, + { + "key": "action", + "value": "instantiate" + }, + { + "key": "signer", + "value": "cosmos1vx8knpllrj7n963p9ttd80w47kpacrhuts497x" + }, + { + "key": "code_id", + "value": "1" + }, + { + "key": "contract_address", + "value": "cosmos18vd8fpwxzck93qlwghaj6arh4p7c5n89uzcee5" + } + ] +} +``` + +If any funds were transferred to the contract as part of the message, or if the contract released funds as part of it's executions, +it will receive the typical events associated with sending tokens from bank. In this case, we instantiate the contract and +provide a initial balance in the same `MsgInstantiateContract`. We see the following events in addition to the above one: + +```json +[ + { + "Type": "transfer", + "Attr": [ + { + "key": "recipient", + "value": "cosmos18vd8fpwxzck93qlwghaj6arh4p7c5n89uzcee5" + }, + { + "key": "sender", + "value": "cosmos1ffnqn02ft2psvyv4dyr56nnv6plllf9pm2kpmv" + }, + { + "key": "amount", + "value": "100000denom" + } + ] + } +] +``` + +Finally, the contract itself can emit a "custom event" on Execute only (not on Init). +There is one event per contract, so if one contract calls a second contract, you may receive +one event for the original contract and one for the re-invoked contract. All attributes from the contract are passed through verbatim, +and we add a `contract_address` attribute that contains the actual contract that emitted that event. +Here is an example from the escrow contract successfully releasing funds to the destination address: + +```json +{ + "Type": "wasm", + "Attr": [ + { + "key": "contract_address", + "value": "cosmos18vd8fpwxzck93qlwghaj6arh4p7c5n89uzcee5" + }, + { + "key": "action", + "value": "release" + }, + { + "key": "destination", + "value": "cosmos14k7v7ms4jxkk2etmg9gljxjm4ru3qjdugfsflq" + } + ] +} +``` + +### Pulling this all together + +We will invoke an escrow contract to release to the designated beneficiary. +The escrow was previously loaded with `100000denom` (from the above example). +In this transaction, we send `5000denom` along with the `MsgExecuteContract` +and the contract releases the entire funds (`105000denom`) to the beneficiary. + +We will see all the following events, where you should be able to reconstruct the actions +(remember there are two events for each transfer). We see (1) the initial transfer of funds +to the contract, (2) the contract custom event that it released funds (3) the transfer of funds +from the contract to the beneficiary and (4) the generic x/compute event stating that the contract +was executed (which always appears, while 2 is optional and has information as reliable as the contract): + +```json +[ + { + "Type": "transfer", + "Attr": [ + { + "key": "recipient", + "value": "cosmos18vd8fpwxzck93qlwghaj6arh4p7c5n89uzcee5" + }, + { + "key": "sender", + "value": "cosmos1zm074khx32hqy20hlshlsd423n07pwlu9cpt37" + }, + { + "key": "amount", + "value": "5000denom" + } + ] + }, + { + "Type": "wasm", + "Attr": [ + { + "key": "contract_address", + "value": "cosmos18vd8fpwxzck93qlwghaj6arh4p7c5n89uzcee5" + }, + { + "key": "action", + "value": "release" + }, + { + "key": "destination", + "value": "cosmos14k7v7ms4jxkk2etmg9gljxjm4ru3qjdugfsflq" + } + ] + }, + { + "Type": "transfer", + "Attr": [ + { + "key": "recipient", + "value": "cosmos14k7v7ms4jxkk2etmg9gljxjm4ru3qjdugfsflq" + }, + { + "key": "sender", + "value": "cosmos18vd8fpwxzck93qlwghaj6arh4p7c5n89uzcee5" + }, + { + "key": "amount", + "value": "105000denom" + } + ] + }, + { + "Type": "message", + "Attr": [ + { + "key": "module", + "value": "wasm" + }, + { + "key": "action", + "value": "execute" + }, + { + "key": "signer", + "value": "cosmos1zm074khx32hqy20hlshlsd423n07pwlu9cpt37" + }, + { + "key": "contract_address", + "value": "cosmos18vd8fpwxzck93qlwghaj6arh4p7c5n89uzcee5" + } + ] + } +] +``` + +A note on this format. This is what we return from our module. However, it seems to me that many events with the same `Type` +get merged together somewhere along the stack, so in this case, you _may_ end up with one "transfer" event with the info for +both transfers. Double check when evaluating the event logs, I will document better with more experience, especially when I +find out the entire path for the events. + +## Messages + +TODO + +## CLI + +TODO - working, but not the nicest interface (json + bash = bleh). Use to upload, but I suggest to focus on frontend / js tooling + +## Rest + +TODO - main supported interface, under rapid change \ No newline at end of file diff --git a/docs/dev/contract-dev-guide.md b/docs/dev/contract-dev-guide.md index 779ea2840..9a8cc9ba7 100644 --- a/docs/dev/contract-dev-guide.md +++ b/docs/dev/contract-dev-guide.md @@ -1,104 +1,61 @@ -# Contract Development Guide +# Secret Contract Dev Guide -This repository can be used to get up and running on a local developer testnet (enigmadev) to start working with the cosmwasm-based smart contracts (soon to be secret contracts!). +This repository can be used to get up and running on a local Secret Network developer testnet (secretdev) to start working with CosmWasm-based smart contracts (soon to be secret contracts). A few important notes: -- smart contracts in this repo are a precursor to Secret Contracts, which enable data privacy -- smart contracts are written in Rust and based on cosmwasm, and the module is referred to as `compute` in the Secret Network. This will be also true of Secret Contracts! -- these cosmwasm-based smart contracts should be reusable and easily modified once we incorporate data privacy +- smart contracts in this repo are a precursor to secret contracts, which enable data privacy +- smart contracts are written in Rust and based on CosmWasm, and the module is referred to as `compute` in the Secret Network +- these CosmWasm-based smart contracts should be reusable and easily modified once we incorporate data privacy ## Setup the Local Developer Testnet The developer blockchain is configured to run inside a docker container. Install [Docker](https://docs.docker.com/install/) for your environment (Mac, Windows, Linux). -Open a terminal window and change to your project directory. Then clone the Secret Network repository: +Open a terminal window and change to your project directory. +Then start SecretNetwork, labelled _secretdev_ from here on: ``` -$ git clone https://github.com/enigmampc/SecretNetwork.git -``` - -Change directory: - -``` -$ cd SecretNetwork -``` - -In the same terminal, create the docker image by issuing the build command and tagging it as _enigmadev_. We'll use that tag later instead of the container id, which can be a bit cryptic and hard to remember. - -The command below tells Docker to follow the instructions in the Dockerfile_devnet file to build the image. - -``` -# Checkout and build with the compute module enabled, so we can deploy contracts. -git checkout 168d64f5b5bd5b998a171cd24bba5d405e3a8229 - -docker build -f Dockerfile_devnet -t enigmadev . -``` - -![](docker-build.png) - -To verify the _enigmadev_ docker image was created: - -``` -docker image ls enigmadev -``` - -Now that we've created the local SecretNetwork docker image we can run it as a container: - -``` -docker run -d \ +$ docker run -it --rm \ -p 26657:26657 -p 26656:26656 -p 1317:1317 \ - --name enigmadev enigmadev + --name secretdev enigmampc/secret-network-bootstrap-sw:latest ``` -**NOTE**: The _enigmadev_ docker container can be stopped by using (in a separate terminal) `docker stop enigmadev` and re-started -using `docker start enigmadev`. +**NOTE**: The _secretdev_ docker container can be stopped by CTRL+C + +![](/images/docker-run.png) -![](docker-run.png) +At this point you're running a local SecretNetwork full-node. Let's connect to the container so we can view and manage the secret keys: -At this point you're running a local SecretNetwork full-node. Let's connect to the container so we can view and manage the enigma keys: +**NOTE**: In a new terminal ``` -docker exec -it enigmadev /bin/bash +docker exec -it secretdev /bin/bash ``` The local blockchain has a couple of keys setup for you (similar to accounts if you're familiar with Truffle Ganache). The keys are stored in the `test` keyring backend, which makes it easier for local development and testing. ``` -enigmacli keys list --keyring-backend test -```` +secretcli keys list --keyring-backend test +``` -![](enigmacli-keys-list.png) +![](images/secretcli_keys_list.png) `exit` when you are done +## Setup Secret Contracts (CosmWasm) -At this point you've: - -1. Created the local developer testnet - -2. Started the Secret Network - -3. Listed the keys/accounts - - -This process is similar to the old `discovery init` and `discovery start` and may be streamlined in the future. - - -## Setup Smart Contracts (cosmwasm) - -These smart contracts are based on [CosmWasm](https://www.cosmwasm.com) which is an implementation on the Cosmos network. The CosmWasm smart contracts are like Ethereum's smart contracts except they can be used on other blockchains using the [Inter Blockchain Protocol](https://cosmos.network/ibc) (IBC). CosmWasm smart contracts are written in the Rust language. +Secret Contracts are based on [CosmWasm](https://www.cosmwasm.com) which is implementated on various Cosmos SDK blockchains. The CosmWasm smart contracts are like Ethereum's smart contracts except they can be used on other networks using the [Inter-Blockchain Protocol](https://cosmos.network/ibc) (IBC). CosmWasm smart contracts are written in the Rust language. The Secret Network has a _compute_ module that we'll use to store, query and instantiate the smart contract. Once stored on the blockchain the smart contract has to be created (or instantiated) in order to execute its methods. This is similar to doing an Ethereum `migrate` using truffle which handles the deployment and creation of a smart contract. Eventually the smart contracts will become secret contracts (in a future blockchain upgrade) running in an SGX enclave (Trusted Execution Environment) where computations are performed on the encrypted contract data (i.e. inputs, state). Next we'll walkthrough steps to: -- install Rust (you can check out the Rust book, rustlings course, examples and more at https://www.rust-lang.org/learn) +- install Rust - install the Rust dependencies - create your first project -The Rust dependencies include the Rust compiler, cargo (_package manager_), toolchain and a package to generate projects (you can check out the Rust book, rustlings course, examples and more at https://www.rust-lang.org/learn). - +The Rust dependencies include the Rust compiler, cargo (_package manager_), toolchain and a package to generate projects. You can check out the Rust book, rustlings course, examples and more [here](https://www.rust-lang.org/learn). 1. Install Rust @@ -127,7 +84,7 @@ apt install build-essential 4. Run cargo install cargo-generate -Cargo generate is the tool you'll use to create a smart contract project (https://doc.rust-lang.org/cargo). +[Cargo generate](https://doc.rust-lang.org/cargo) is the tool you'll use to create a smart contract project. ``` cargo install cargo-generate --features vendored-openssl @@ -146,7 +103,7 @@ To create the smart contract you'll: Generate the smart contract project ``` -cargo generate --git https://github.com/confio/cosmwasm-template.git --name mysimplecounter +cargo generate --git https://github.com/enigmampc/secret-template --name mysimplecounter ``` The git project above is a cosmwasm smart contract template that implements a simple counter. The contract is created with a parameter for the initial count and allows subsequent incrementing. @@ -172,7 +129,7 @@ Use the following command to compile the smart contract which produces the wasm cargo wasm ``` -## Unit Tests +## Unit Tests (NB Tests in this template currently fail unless you have SGX enabled) Run unit tests @@ -206,10 +163,10 @@ Before deploying or storing the contract on the testnet, need to run the cosmwas ### Optimize compiled wasm ``` -docker run --rm -v $(pwd):/code \ - --mount type=volume,source=$(basename $(pwd))_cache,target=/code/target \ +docker run --rm -v "$(pwd)":/code \ + --mount type=volume,source="$(basename "$(pwd)")_cache",target=/code/target \ --mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \ - confio/cosmwasm-opt:0.7.3 + cosmwasm/rust-optimizer:0.8.0 ``` The contract wasm needs to be optimized to get a smaller footprint. Cosmwasm notes state the contract would be too large for the blockchain unless optimized. This example contract.wasm is 1.8M before optimizing, 90K after. @@ -221,37 +178,27 @@ The optimization creates two files: ``` # First lets start it up again, this time mounting our project's code inside the container. -docker run -d -p 26657:26657 -p 26656:26656 -p 1317:1317 \ +docker run -it --rm \ + -p 26657:26657 -p 26656:26656 -p 1317:1317 \ -v $(pwd):/root/code \ - --name enigmadev enigmadev + --name secretdev enigmampc/secret-network-bootstrap-sw:latest ``` -Upload the optimized contract.wasm to the enigma-testnet: +Upload the optimized contract.wasm to _secretdev_ : ``` -docker exec -it enigmadev /bin/bash +docker exec -it secretdev /bin/bash cd code -enigmacli tx compute store contract.wasm --from a --gas auto -y --keyring-backend test -``` - -You can also store [verified code](https://www.cosmwasm.com/docs/tooling/verify) - -Uploading verified code requires 2 additional params, source of the crate, and the builder that optimized the compiled wasm. - -``` -enigmacli tx compute store contract.wasm \ ---builder="confio/cosmwasm-opt:0.7.3" \ ---source="https://crates.io/api/v1/crates//0.0.1/download" \ ---from a --gas auto -y +secretcli tx compute store contract.wasm --from a --gas auto -y --keyring-backend test ``` ### Querying the Smart Contract and Code -12. List current smart contract code +List current smart contract code ``` -enigmacli query compute list-code +secretcli query compute list-code [ { "id": 1, @@ -265,7 +212,7 @@ enigmacli query compute list-code ### Instantiate the Smart Contract -At this point the contract's been uploaded and stored on the testnet, but there's no "instance." +At this point the contract's been uploaded and stored on the testnet, but there's no "instance." This is like `discovery migrate` which handles both the deploying and creation of the contract instance, except in Cosmos the deploy-execute process consists of 3 steps rather than 2 in Ethereum. You can read more about the logic behind this decision, and other comparisons to Solidity, in the [cosmwasm documentation](https://www.cosmwasm.com/docs/getting-started/smart-contracts). These steps are: 1. Upload Code - Upload some optimized wasm code, no state nor contract address (example Standard ERC20 contract) 2. Instantiate Contract - Instantiate a code reference with some initial state, creates new address (example set token name, max issuance, etc for my ERC20 token) @@ -276,24 +223,24 @@ To create an instance of this project we must also provide some JSON input data, ```bash INIT="{\"count\": 100000000}" CODE_ID=1 -enigmacli tx compute instantiate $CODE_ID "$INIT" --from a --label "my counter" -y --keyring-backend test +secretcli tx compute instantiate $CODE_ID "$INIT" --from a --label "my counter" -y --keyring-backend test ``` With the contract now initialized, we can find its address ```bash -enigmacli query compute list-contract-by-code 1 +secretcli query compute list-contract-by-code 1 ``` -Our instance is enigma18vd8fpwxzck93qlwghaj6arh4p7c5n89d2p9uk +Our instance is secret18vd8fpwxzck93qlwghaj6arh4p7c5n8978vsyg We can query the contract state ```bash -CONTRACT=enigma18vd8fpwxzck93qlwghaj6arh4p7c5n89d2p9uk -enigmacli query compute contract-state smart $CONTRACT "{\"get_count\": {}}" +CONTRACT=secret18vd8fpwxzck93qlwghaj6arh4p7c5n8978vsyg +secretcli query compute contract-state smart $CONTRACT "{\"get_count\": {}}" ``` And we can increment our counter ```bash -enigmacli tx compute execute $CONTRACT "{\"increment\": {}}" --from a --keyring-backend test +secretcli tx compute execute $CONTRACT "{\"increment\": {}}" --from a --keyring-backend test ``` ## Smart Contract @@ -305,16 +252,21 @@ The source directory (`src/`) has these files: contract.rs lib.rs msg.rs state.rs ``` -The `contract.rs` file is the one that developers modify, though I found smart contract-specific code in `state.rs` and `msg.rs`. My understanding is that the developer will modify `contract.rs` for the logic, `state.rs` for the data the contract will use as state, and `msg.rs` to define the messages handled by the contract. +The developer modifies `contract.rs` for contract logic, contract entry points are `init`, `handle` and `query` functions. -``` -state.rs -msg.rs -``` +`init` in the Counter contract initializes the storage, specifically the current count and the signer/owner of the instance being initialized. + +We also define `handle`, a generic handler for all functions writing to storage, the counter can be incremented and reset. These functions are provided the storage and the environment, the latter's used by the `reset` function to compare the signer with the contract owner. + +Finally we have `query` for all functions reading state, we only have `query_count`, returning the counter state. + +The rest of the contract file is unit tests so you can confidently change the contract logic. + +The `state.rs` file defines the State struct, used for storing the contract data, the only information persisted between multiple contract calls. The `msg.rs` file is where the InitMsg parameters are specified (like a constructor), the types of Query (GetCount) and Handle[r] (Increment) messages, and any custom structs for each query response. -``` +```rs use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -349,7 +301,7 @@ pub struct CountResponse { Unit tests are coded in the `contract.rs` file itself: -``` +```rs #[cfg(test)] mod tests { use super::*; @@ -376,7 +328,6 @@ mod tests { } ``` - ## Resources Smart Contracts on the Secret Network use cosmwasm. Therefore, for troubleshooting and additional context, cosmwasm documentation may be very useful. Here are some of the links we relied on in putting together this guide: diff --git a/docs/dev/developers.md b/docs/dev/developers.md index e95c42a6d..94cf10c4d 100644 --- a/docs/dev/developers.md +++ b/docs/dev/developers.md @@ -1,3 +1,39 @@ -# Developers +# Secret Contract Devs -Developers can currently write contracts for the network using CosmWasm. Once secret contracts have been included in the Secret Network, developers will be able to use private data in these contracts. We currently have a [walkthrough for developers](/dev/contract-dev-guide) that demonstrates how to get the Secret Network up and running on a local deployment using Docker, as well as how to write simple contracts in Rust using CosmWasm. The walkthrough also demonstrates how to interact with these contracts and how to write tests for them. In the future, once we have enabled secret contracts with data privacy for the testnet, developers will be able to write secret contracts using this guide. \ No newline at end of file +Developers can write secret contracts for CosmWasm running inside secure enclaves with encryption capabilities. Once the network upgrade integrating secret contract functionality has been completed, developers will be able to use private data in contracts running on the live Secret Network. Currently, we have a [contract development guide for developers](/dev/contract-dev-guide) that demonstrates how to get the Secret Network up and running on a local deployment using Docker, as well as how to write simple contracts in Rust using CosmWasm. The walkthrough also demonstrates how to interact with these contracts and how to write tests for them. + +## Getting Started + +### 1. Start a Node Locally + +#### 1.1 Make sure to [install SGX](/validators-and-full-nodes/setup-sgx.md) +#### 1.2 Download the [secret node package](testnet/testnet-docs.md) and follow the instructions + +### 2. Get Your Testnet Account + +#### 2.1 Create a [local scrt address](secretcli.md) +#### 2.2 Get some test SCRT from the [faucet](https://faucet.testnet.enigma.co) + +### 3. Start a [Node on Testnet](/testnet/run-full-node-testnet.md) + +#### 3.1 Make sure you can access the IP and DNS address you created +#### 3.2 Try to add it as a validator +#### 3.3 Use this node as the gateway node you use to deploy your contracts + +### 4. Create a Development Environment +checkout the tag v0.5.0-alpha2 +``` +make cli +docker run -p 26657:26657 enigmampc/secret-network-bootstrap-sw:latest +``` +#### 4.1 make sure the node is listening on port 26657 +#### 4.2 make sure cli works when using --node :26657 + +### 5. Write a Secret Contract +### [CosmWasm GitHub Repository](https://github.com/CosmWasm/cosmwasm) - [Template](https://github.com/CosmWasm/cosmwasm-template) + +#### 5.1 Deploy it to your local dev environment +#### 5.2 Call it using the secretcli +#### 5.3 Deploy it to the testnet +#### 5.4 Check how the deployment transaction looks on the explorer +#### 5.5 Test your function on the testnet \ No newline at end of file diff --git a/docs/dev/frontend.md b/docs/dev/frontend.md index 0d2372bdf..f30999633 100644 --- a/docs/dev/frontend.md +++ b/docs/dev/frontend.md @@ -1,6 +1,4 @@ -# Building a Frontend - -So far we've got a [local Secret Network developer testnet running](/dev/contract-dev-guide.md), and we've [exposed a rest API to interact with contracts with CosmWasm JS](/dev/cosmwasm-js.md). +So far we've got a [local Secret Network developer testnet running](docs/dev/contract-dev-guide.md), and we've [exposed a rest API to interact with contracts with SecretJS](docs/dev/secret-js.md). In this guide we'll build a React application, you can roll your own or clone the [CosmWasm full stack example `name-app`](https://github.com/CosmWasm/name-app) to follow along. @@ -37,7 +35,7 @@ export async function burnerWallet(): Promise { const mnemonic = loadOrCreateMnemonic(); const pen = await Secp256k1Pen.fromMnemonic(mnemonic); const pubkey = encodeSecp256k1Pubkey(pen.pubkey); - const address = pubkeyToAddress(pubkey, "enigma"); + const address = pubkeyToAddress(pubkey, "secret"); const signer = (signBytes: Uint8Array): Promise => pen.sign(signBytes); return { address, signer }; } @@ -58,9 +56,7 @@ export function BurnerWalletProvider(props: WalletProviderProps): JSX.Element { # Connect to the server -Reading contract state is free so if our user only needs to know the current count, we can connect using the CosmWasmClient, and not need a wallet. - -We want to increment the counter, so we need the SigningCosmWasmClient, note that fees are in uscrt. +Reading contract state is free so if our user only needs to know the current count, we can connect using the CosmWasmClient, and not need a wallet. We want to increment the counter, so we need the SigningCosmWasmClient, note that fees are in uscrt. ```ts export async function connect(httpUrl: string, { address, signer }: Wallet): Promise { @@ -101,7 +97,7 @@ A [wallet service](https://github.com/CosmWasm/name-app/blob/master/src/service/ In the browser's network tab we can see this play out, the account is queried but has no funds initially, then the faucet is hit, `/credit` -![faucet](/images/faucet.png) +![](images/faucet.png) With this connection in hand we can now focus on the [contract logic](https://github.com/CosmWasm/name-app/blob/master/src/components/ContractLogic/index.tsx), starting with a list of all the instances of the Counter contract. @@ -124,7 +120,7 @@ With this connection in hand we can now focus on the [contract logic](https://gi ``` -![contract-items](/images/contract-items.png) +![](images/contract-items.png) Selecting an instance [queries it's current count](https://github.com/levackt/devx2/blob/cb9b9206a77f9deed4f16f7b4d5a614cb38c392d/client/src/components/ContractLogic/Counter.tsx#L42) @@ -206,7 +202,7 @@ Add the ResetForm to [the Counter component](https://github.com/levackt/devx2/bl ``` -![reset](/images/reset.png) +![](images/reset.png) All that's left is to [execute the reset](https://github.com/levackt/devx2/blob/cb9b9206a77f9deed4f16f7b4d5a614cb38c392d/client/src/components/ContractLogic/Counter.tsx#L85) when the user submits. @@ -244,7 +240,7 @@ We could query the contract owner and only show the ResetForm if the current acc } ``` -![unauthorized](/images/unauthorized.png) +![](images/unauthorized.png) # Resources diff --git a/docs/dev/secret-apps.md b/docs/dev/secret-apps.md new file mode 100644 index 000000000..df273ce66 --- /dev/null +++ b/docs/dev/secret-apps.md @@ -0,0 +1,15 @@ +# Secret Apps + +Here is a list of applications built on the Secret Network testnet. We are planning to have a full catalog of example secret contracts. + +## Secret Hold 'Em Poker + +https://github.com/enigmampc/SecretHoldEm + +## Secret Voting + +https://github.com/levackt/voting-app + +## Secret Access Control - "Padlock" + +https://github.com/PadlockApp \ No newline at end of file diff --git a/docs/dev/secret-js.md b/docs/dev/secret-js.md new file mode 100644 index 000000000..96965b048 --- /dev/null +++ b/docs/dev/secret-js.md @@ -0,0 +1,139 @@ +# SecretJS and CosmWasm + +Throughout the [Secret Network Contract Dev Guide](/dev/contract-dev-guide.md) we interacted with the blockchain using secretcli, we can also run a rest server and expose the api to any rest client. + +In this guide we'll use SecretJS, which is based on [CosmJS](hhttps://github.com/CosmWasm/cosmjs), the Swiss Army knife to power JavaScript based client solutions ranging from Web apps/explorers over browser extensions to server-side clients like faucets/scrapers in the Cosmos ecosystem. + +# Resources +- [cosmwasmclient-part-1](https://medium.com/confio/cosmwasmclient-part-1-reading-e0313472a158) +- [cosmwasmclient-part-2](https://medium.com/confio/cosmwasmclient-part-2-writing-dfb608f1a7f9) +- [Introduction to CosmWasm JS](https://medium.com/confio/introduction-to-cosmwasm-js-548f58d9f6af) + +## Start the node + +```bash +# Start enigmachain from your project directory so it's mounted at /code in the container +docker run -it --rm \ + -p 26657:26657 -p 26656:26656 -p 1317:1317 \ + -v $(pwd):/code \ + --name enigmadev enigmadev +``` + +## Start the rest server +This allows API access to the Secret Network + +**NOTE**: In a new terminal +```bash +docker exec enigmadev \ + enigmacli rest-server \ + --node tcp://localhost:26657 \ + --trust-node \ + --laddr tcp://0.0.0.0:1317 +``` + +## Install CosmWasm CLI +[Also see installation guide](https://github.com/CosmWasm/cosmwasm-js/tree/master/packages/cli#installation-and-first-run) + +Installing the CLI / REPL (read–eval–print loop) is optional, but does provide a handy playground for development. The script below can be executed from any Node.js script, web app or browser extension. + +```bash +# Install the cli local to your new Counter project +yarn add @cosmwasm/cli --dev + +# start cosmwasm-cli +npx @cosmwasm/cli +``` + +## CosmWasmClient Part 1: Reading + +```ts +// connect to rest server +// For reading, CosmWasmClient will suffice, we don't need to sign any transactions +const client = new CosmWasmClient("http://localhost:1317") + +// query chain ID +await client.getChainId() + +// query chain height +await client.getHeight() + +// Get deployed code +await client.getCodes() + +// Get the contracts for our simple counter +const contracts = await client.getContracts(1) + +const contractAddress = contracts[0].address + +// Query the current count +let count = await client.queryContractSmart(contractAddress, { "get_count": {}}) + +// Note the result is JSON, so we have to parse it + +JSON.parse(fromUtf8(count)) +``` + +## CosmWasmClient Part 2: Writing + +To increment our counter and change state, we have to connect our wallet + +Start cosmwasm-cli + +This time we initialize with [helpers from cosmwasm-cli examples](https://github.com/levackt/cosmwasm-js/blob/master/packages/cli/examples/helpers.ts), and easily configure fees, create random accounts etc + +```bash +npx @cosmwasm/cli --init helpers.ts +``` + +```ts +.editor +// These options are needed to configure the SigningCosmWasmClient to use enigma-testnet + +const enigmaOptions = { + httpUrl: "http://localhost:1317", + networkId: "enigma-testnet", + feeToken: "uscrt", + gasPrice: 0.025, + bech32prefix: "enigma", +} +^D + +// Either load or create a mnemonic key from file foo.key +const mnemonic = loadOrCreateMnemonic("foo.key"); + +// connect the wallet, this time client is a SigningCosmWasmClient, in order to sign and broadcast transactions. +const {address, client} = await connect(mnemonic, enigmaOptions); + +// Check account +await client.getAccount(); + +// If the result is `undefined` it means the account hasn't been funded. + +// Upload the contract +const wasm = fs.readFileSync("contract.wasm"); +const uploadReceipt = await client.upload(wasm, {}); + +// Get the code ID from the receipt +const codeId = uploadReceipt.codeId; + +// Create an instance +const initMsg = {"count": 0} + +const contract = await client.instantiate(codeId, initMsg, "My Counter") + +const contractAddress = contract.contractAddress + +// and because we imported the helpers, we can use smartQuery instead of client.queryContractSmart +smartQuery(client, contractAddress, { get_count: {} }) + +// The message to increment the counter requires no params +const handleMsg = { increment: {} } + +// execute the message +client.execute(contractAddress, handleMsg); + +// Query again to confirm it worked +smartQuery(client, contractAddress, { get_count: {} }) + +``` +![](cosmwasm-cli.png) \ No newline at end of file diff --git a/docs/index.md b/docs/index.md index 69a9e052c..29ca289f1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -12,31 +12,31 @@ Secret Network is a blockchain-based, open-source protocol that lets anyone perf Mainnet is out! Get the latest release at https://github.com/enigmampc/SecretNetwork/releases/latest. -[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0) [![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg)](CODE_OF_CONDUCT.md) [![Contributor Covenant](https://chat.scrt.network/api/v1/shield.svg)](https://chat.scrt.network/home) +[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0) +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg)](https://github.com/enigmampc/SecretNetwork/CODE_OF_CONDUCT.md) # Community -- Homepage: https://scrt.network -- Forum: https://forum.scrt.network -- Wiki: https://learn.scrt.network -- Discord: https://discord.com/invite/SJK32GY -- Blog: https://blog.scrt.network -- Twitter: https://twitter.com/SecretNetwork -- Main Chat: https://chat.scrt.network/channel/general -- Telegram Channel: https://t.me/SCRTnetwork -- Community Secret Nodes Telegram: https://t.me/secretnodes +- [Homepage](https://scrt.network) +- [Forum](https://forum.scrt.network) +- [Wiki](https://learn.scrt.network) +- [Discord](https://discord.com/invite/SJK32GY) +- [Blog](https://blog.scrt.network) +- [Twitter](https://twitter.com/SecretNetwork) +- [Main Chat](https://chat.scrt.network/channel/general) +- [Telegram Channel](https://t.me/SCRTnetwork) # Block Explorers Secret Network is secured by the SCRT coin (Secret), which is used for fees, staking, and governance. Transactions, validators, governance proposals, and more can be viewed using the following Secret Network block explorers: -- [Secret Explorer](https://explorer.cashmaney.com) +- [Cashmaney](https://explorer.cashmaney.com) - [SecretScan](https://secretscan.io) - [Puzzle](https://puzzle.report/secret/chains/secret-1) # Wallets -- [Ledger Nano S and Ledger Nano X](/docs/ledger-nano-s.md) +- [Ledger Nano S and Ledger Nano X](/ledger-nano-s.md) - [Math Wallet](https://mathwallet.org/web/enigma) # Blockchain REST Providers diff --git a/docs/lcd-server-example.md b/docs/lcd-server-example.md new file mode 100644 index 000000000..39c427411 --- /dev/null +++ b/docs/lcd-server-example.md @@ -0,0 +1,52 @@ +1. Put this file in `/etc/systemd/system/secret-lcd.service` +2. Make sure `/bin/secretcli` is the right path for secretcli +3. Make sure port 443 is open +4. Make sure `secret-1` is the right chain ID +5. Make sure `ubuntu` is the right user +6. Enable on startup: `sudo systemctl enable secret-lcd` +7. Start now: `sudo systemctl start secret-lcd` + +``` +[Unit] +Description=Secret LCD server +After=network.target + +[Service] +Type=simple +ExecStart=/bin/secretcli rest-server --chain-id secret-1 --laddr tcp://0.0.0.0:1337 +User=ubuntu +Restart=always +StartLimitInterval=0 +RestartSec=3 +LimitNOFILE=65535 + +[Install] +WantedBy=multi-user.target +``` + +Then, install caddy: https://caddyserver.com/docs/download#debian-ubuntu-raspbian +Edit /etc/caddy/Caddyfile to have this inside (Replace `bootstrap.int.testnet.enigma.co` with your domain name): +``` +bootstrap.int.testnet.enigma.co + +header { + Access-Control-Allow-Origin * + Access-Control-Allow-Methods * + Access-Control-Allow-Headers * +} + +@corspreflight { + method OPTIONS + path * +} + +respond @corspreflight 204 + +reverse_proxy 127.0.0.1:1337 +``` + +And then: +```bash +sudo systemctl enable caddy.service +sudo systemctl start caddy.service +``` diff --git a/docs/lcd-server-example.service b/docs/lcd-server-example.service deleted file mode 100644 index 7f5b10f1c..000000000 --- a/docs/lcd-server-example.service +++ /dev/null @@ -1,45 +0,0 @@ -# 1. Put this file in /etc/systemd/system/secret-lcd.service -# 2. Make sure "/bin/secretcli" is the right path for secretcli -# 3. Make sure port 1337 is open -# 4. Make sure "secret-1" is the right chain ID -# 5. Enable on startup: sudo systemctl enable secret-lcd -# 6. Start now: sudo systemctl start secret-lcd - -[Unit] -Description=Secret LCD server -After=network.target - -[Service] -Type=simple -ExecStart=/bin/secretcli rest-server --chain-id secret-1 --laddr tcp://0.0.0.0:1337 -User=ubuntu -Restart=always -StartLimitInterval=0 -RestartSec=3 -LimitNOFILE=65535 - -[Install] -WantedBy=multi-user.target - -# Then, install caddy: https://caddyserver.com/docs/download#debian-ubuntu-raspbian -# Edit /etc/caddy/Caddyfile to have this inside: - -bootstrap.int.testnet.enigma.co - -header { - Access-Control-Allow-Origin * - Access-Control-Allow-Methods * - Access-Control-Allow-Headers * -} - -@corspreflight { - method OPTIONS - path * -} - -respond @corspreflight 204 - -reverse_proxy 127.0.0.1:1337 - -# And then sudo systemctl enable caddy.service -# And then sudo systemctl start caddy.service \ No newline at end of file diff --git a/docs/light-client-mainnet.md b/docs/light-client-mainnet.md index 3c2f535f1..c1b829ea3 100644 --- a/docs/light-client-mainnet.md +++ b/docs/light-client-mainnet.md @@ -1,6 +1,6 @@ -# Install the `secretcli` Secret Blockchain light client +# Install the `secretcli` Secret Network light client -1. Get the latest release of `secretcli` for your OS: https://github.com/enigmampc/SecretNetwork/releases/tag/v0.2.1. +1. Get the latest release of `secretcli` for your OS: https://github.com/enigmampc/SecretNetwork/releases/latest. ([How to verify releases](/verify-releases.md)) @@ -38,4 +38,4 @@ ```bash secretcli status - ``` + ``` \ No newline at end of file diff --git a/docs/overview.md b/docs/overview.md index b54d4a008..8e68e813e 100644 --- a/docs/overview.md +++ b/docs/overview.md @@ -1,12 +1,16 @@ +--- +title: 'Overview' +--- + # General Overview -The Secret Network is a blockchain protocol that enables decentralized applications to use private or sensitive data. On the Secret Network, the code that enables applications to use this private data is referred to as a “secret contract”. Secret contracts are similar to smart contracts, such as those used with Ethereum. The key difference is that secret contracts can take encrypted inputs and produce encrypted outputs, without exposing any data while it is in-use. In addition, a contract state (its internal, persisted database), remains encrypted throughout executions. +Secret Network is a blockchain protocol that enables decentralized applications to perform encrypted computations. The Rust code that enables applications to use private data is referred to as a “secret contract” on Secret Network. Secret contracts are similar to smart contracts, such as those used with Ethereum. The key difference is that secret contracts can take encrypted inputs and produce encrypted outputs, without exposing any data while it is in-use. In addition, a contract state (its internal, persisted database), remains encrypted throughout executions. Data on blockchains is public by default. This is a problem for applications which make use of sensitive information, such as user data, personally identifiable information (PII), votes, or moves in a game like rock-paper-scissors or poker. The Secret Network aims to solve this problem by enabling data-in-use privacy through private computation for decentralized applications. For example, a developer could create a voting application where individual votes are never revealed, but the overall results are provably correct. Additionally, a credit scoring application could generate a score based on verified data submitted by users, without ever seeing that sensitive data (or storing it on-chain). Many applications require data privacy, which is especially difficult to achieve in blockchain-based applications. -The Secret Network is decentralized, so governance decisions are made collectively through votes conducted by the community. The network is run by validators (Secret Nodes), who propose blocks according to a delegated proof-of-stake model. Validators are rewarded for proposing new blocks in SCRT. Users pay SCRT to the network as fees in order to have their transactions included. +The Secret Network is decentralized, so governance decisions are made collectively through votes conducted by the community. The network is run by delegators and validators who propose blocks according to a delegated proof-of-stake model. Node operators earn SCRT rewards for proposing new blocks. Users pay SCRT to the network as fees in order to have their transactions included. The Secret Network was built with the Cosmos SDK using Tendermint for consensus. Enigma is a company introducing a privacy-preserving applications and ecrypted computation services. As part of this work, Enigma is a core contributor to the Secret Network. diff --git a/docs/protocol/architecture.md b/docs/protocol/architecture.md index f779c6b8a..f69e2b729 100644 --- a/docs/protocol/architecture.md +++ b/docs/protocol/architecture.md @@ -19,7 +19,7 @@ The following process describes, step by step, how a contract is submitted and a - Outputs are encrypted. - In summary, at all times, data is carefully always encrypted when outside the Trusted Compute Base (TCB) of the TEE. 6. The Block-proposing validator proposes a block containing the encrypted outputs and updated encrypted state. -7. At least 2/3s participating validators achieve consensus on the encrypted output and state. +7. At least 2/3 participating validators achieve consensus on the encrypted output and state. 8. The encrypted output and state is committed on-chain. A secret contract’s code is always deployed publicly on-chain, so that users and developers know exactly what code will be executed on data that they submit. This is important: without knowing what that code does, users cannot trust it with their encrypted data. However, the data that is submitted is encrypted, so it cannot be read by a developer, anyone observing the chain, or anyone running a node. If the behavior of the code is also trusted (which is possible to achieve because it is recorded on chain), a user of secret contracts obtains strong privacy guarantees. diff --git a/docs/protocol/roadmap.md b/docs/protocol/roadmap.md index 63199e9c5..e95f88eea 100644 --- a/docs/protocol/roadmap.md +++ b/docs/protocol/roadmap.md @@ -7,5 +7,7 @@ The next version of Secret Network is expected to offer secret contract function - [X] Enable cosmwasm-based contracts to be deployed within Intel SGX enclaves (the TEE that the Secret Network will initially use) on the Secret Network testnet - [X] Enable key-sharing protocol for encryption and decryption of state, as well as encryption and decryption of input/output data between clients and Validators. This is referred to as the `compute` module, which is specific to the Secret Network. -The above milestones constitute the R&D work required to enable secret contracts. When these steps are completed, Enigma will submit a proposal to the Secret Network blockchain that proposes to upgrade the network to enable secret contracts. Validators will have to vote on this submission and approve it prior to implementation. +Read more about the completion of [milestone 3 of 3](https://blog.scrt.network/secret-contracts-update-milestone-3-of-3-is-complete)! + +The above milestones constitute the R&D work required to enable secret contracts. After these steps are completed, Enigma will submit a proposal to the Secret Network blockchain that proposes to upgrade the network to enable secret contracts. Validators will have to vote on this submission and approve it prior to implementation. - [ ] Proposal submitted to Secret Network \ No newline at end of file diff --git a/docs/secretcli.md b/docs/secretcli.md index 409809049..2649eff88 100644 --- a/docs/secretcli.md +++ b/docs/secretcli.md @@ -1,10 +1,8 @@ -# Secret Blockchain Light Client +# Secret Network Light Client ## Secret CLI -`secretcli` is the command-line tool that enables you to interact with a node that runs on the Secret Blockchain. - -[How to install and use `secretcli`](/light-client-mainnet.md). +`secretcli` is the command-line interface tool that enables you to interact with a node that runs on the Secret Network. [How to install and use `secretcli`](/light-client-mainnet.md). ## `secretcli` Guide @@ -69,7 +67,7 @@ If you check your private keys, you'll now see ``: secretcli keys show ``` -If you want to just see your enigma address: +If you want to just see your secret address: ```bash secretcli keys show -a @@ -175,10 +173,10 @@ On a testnet, getting tokens is usually done via a faucet. After receiving tokens to your address, you can view your account's balance by typing: ```bash -secretcli q account +secretcli q account ``` -Get your `` using: +Get your `` using: ```bash secretcli keys show -a @@ -193,7 +191,7 @@ secretcli q account $(secretcli keys show -a ) ``` ::: warning Note -When you query an account balance with zero tokens, you will get this error: `No account with address was found in the state.` This can also happen if you fund the account before your node has fully synced with the chain. These are both normal. +When you query an account balance with zero tokens, you will get this error: `No account with address was found in the state.` This can also happen if you fund the account before your node has fully synced with the chain. These are both normal. ### Send Tokens @@ -220,14 +218,14 @@ Gas estimate might be inaccurate as state changes could occur in between the end Now, view the updated balances of the origin and destination accounts: ```bash -secretcli q account +secretcli q account secretcli q account ``` You can also check your balance at a given block by using the `--block` flag: ```bash -secretcli q account --block= +secretcli q account --block= ``` You can simulate a transaction without actually broadcasting it by appending the @@ -442,7 +440,7 @@ secretcli q staking validator ##### Bond Tokens -On the Secret Network, we delegate `uscrt`, where `1scrt = 1000000uscrt`. Here's how you can bond tokens to a validator (_i.e._ delegate): +On the Secret Network mainnet, we delegate `uscrt`, where `1scrt = 1000000uscrt`. Here's how you can bond tokens to a validator (_i.e._ delegate): ```bash secretcli tx staking delegate \ @@ -650,7 +648,10 @@ secretcli status ### Governance -Governance is the process by which users in the Secret Blockchain can come to consensus on software upgrades, parameters of the mainnet or signals through text proposals. This is done through voting on proposals, which will be submitted by `SCRT` holders on the mainnet. +Governance is the process from which users in the Secret Network can come to consensus +on software upgrades, parameters of the mainnet or signaling mechanisms through +text proposals. This is done through voting on proposals, which will be submitted +by `SCRT` holders on the mainnet. [How to participate in on-chain governance](/protocol/governance.md). @@ -829,4 +830,4 @@ echo '. secretcli_completion' >> ~/.bashrc Refer to the user's manual of your interpreter provided by your operating system for information on how to enable shell autocompletion. -::: +::: \ No newline at end of file diff --git a/docs/testnet/azure-quickstart-guide.md b/docs/testnet/azure-quickstart-guide.md new file mode 100644 index 000000000..a5f183ddf --- /dev/null +++ b/docs/testnet/azure-quickstart-guide.md @@ -0,0 +1,91 @@ +# Azure Image Guide + +This file is a copy of the file [here](https://github.com/enigmampc/SecretNetwork/blob/develop/packaging_docker/testnet/azure/secret-node-azure-template/Usage.md) and is mainly here for visibility. +The files you need to run this guide are [here](https://github.com/enigmampc/SecretNetwork/tree/develop/packaging_docker/testnet/azure/secret-node-azure-template) + +## Requirements + +* An Azure account (you should be able to use a free-trial account for this) + +## General info + +This folder contains templates which are used to create an Azure marketplace offering of a 1-click secret node. +Possibly in the future we will add more complex architectures, but at the moment it is just a single node. + +To make things 1-clicky and simple the node setup and registration is performed automatically, with all you need to do is configure the parameters of your node. + +There are 2 variants in this folder - the marketplace template and the quickstart template. The quickstart template is basically a DIY version of the marketplace image which you +can customize or deploy yourself via the azure command-line. + +Now lets go over how to do that, and how to use the image once it's deployed. + +## Installation - Quickstart Template + +__Note: This image is preconfigured to work with the incentivized testnet__ + +Download this directory. + +Using Azure CLI login to enigmampc using + +`az login` + +Then, create a resource group for the new secret node + +`az group create --name --location "UK South"` + +Note: Only UK south, East US and Central Canada are available for SGX machines + +Finally, deploy the secret node using: +`az deployment group create --resource-group --template-file azuredeploy.json` + +(or `az group deployment create --resource-group --template-file azuredeploy.json` on newer az cli versions) + +By default the node will try to connect to our testnet node/registration service, so configure the parameters +accordingly to what you want + +Note: When asked to enter a `adminPasswordOrKey` You can enter either your SSH public key, or a password. _However_, only using an SSH key is properly tested. So use a password at your own risk. + +## Installation - Azure Marketplace + +__Not available publicly yet. Will update this section once it is released__ + +## Usage + +The actual node runs in a docker image on the machine that is created. However, it will come with some handy aliases to help you use it easily. + +### SSH into your machine + +```ssh @..cloudapp.azure.com``` + +(you can also find this string in the output of the group deployment command under the key `sshCommand`) + +### Commands + +`secretd`, `secretcli` - will work as you would normally expect + +`show-node-id` - will print out the p2p address of the node +`show-validator` - will print out the validator consensus public key, which is used when creating a validator + +`stop-secret-node` - will stop the node +`start-secret-node` - will start the node + +### Debugging + +After creating the machine a healthy status of the node will have 2 containers active: + +```docker ps``` + +``` +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +bf9ba8dd0802 enigmampc/secret-network-node:pubtestnet "/bin/bash startup.sh" 13 minutes ago Up 13 minutes (healthy) 0.0.0.0:26656-26657->26656-26657/tcp secret-node_node_1 +2405b23aa1bd cashmaney/aesm "/bin/sh -c './aesm_…" 13 minutes ago Up 13 minutes secret-node_aesm_1 +``` + +You can see the logs of the node by checking the docker logs of the node container: + +```docker logs secret-node_node_1``` + +If you want to debug/do other stuff with your node you can exec into the actual node using + +```docker exec -it secret-node_node_1 /bin/bash``` + diff --git a/docs/testnet/install_cli.md b/docs/testnet/install_cli.md new file mode 100644 index 000000000..cdf30a995 --- /dev/null +++ b/docs/testnet/install_cli.md @@ -0,0 +1,26 @@ +# Installing the CLI & Creating a new address + +## Download the appropriate version + +* Linux +``` +https://github.com/enigmampc/SecretNetwork/releases/download/v0.5.0-rc1/secretcli +``` + +* MacOS +``` +https://github.com/enigmampc/SecretNetwork/releases/download/v0.5.0-rc1/secretcli_macos +``` + +* Windows +``` +https://github.com/enigmampc/SecretNetwork/releases/download/v0.5.0-rc1/secretcli.exe +``` + +## Create a new address + +``` +./secretcli keys add +``` + +See more details on how to use the CLI [here](https://github.com/enigmampc/SecretNetwork/blob/master/docs/secretcli.md) diff --git a/docs/testnet/run-full-node-docker.md b/docs/testnet/run-full-node-docker.md new file mode 100644 index 000000000..c48142219 --- /dev/null +++ b/docs/testnet/run-full-node-docker.md @@ -0,0 +1,195 @@ +# SGX-enabled Secret Node in Docker + +So you don't want to fiddle with the .deb file, and just want to run your node? We got you, with this quick and easy guide to getting a node started without much tinkering. + +This guide will help you set up a node, but you will need to maintain it, or change the default setup. We recommend being familiar with Linux, docker, and docker-compose. + +The scripts in the guide will be for Linux (tested on Ubuntu 18.04), but you could get this working on Windows if you swing that way too. + + +## Requirements + +- A public IP address +- Open ports `TCP 26656 & 26657` _Note: If you're behind a router or firewall then you'll need to port forward on the network device._ +- Reading https://docs.tendermint.com/master/tendermint-core/running-in-production.html +- Outbound network connection (you will need to connect to a remote service for this setup) + +### Minimum requirements + +- 1GB RAM +- 100GB HDD +- 1 dedicated core of any Intel Skylake processor (Intel® 6th generation) or better + +### Recommended requirements + +- 2GB RAM +- 256GB SSD +- 2 dedicated cores of any Intel Skylake processor (Intel® 6th generation) or better +- Motherboard with support for SGX in the BIOS + +Refer to https://ark.intel.com/content/www/us/en/ark.html#@Processors if unsure if your processor supports SGX + +## Installation + +### 0. Step up SGX on your local machine + +See instructions [here](/docs/validators-and-full-nodes/setup-sgx.md) + +### 1. Make sure you have the SGX device installed + +If you're using Linux either `/dev/sgx` or `/dev/isgx` should exist depending on the driver and hardware you're using. + +### 2. Install docker & docker-compose + +Either install yourself, or use this script for Ubuntu + +Run as root + +```bash +#! /bin/bash + +# Run as root + +apt update +apt install apt-transport-https ca-certificates curl software-properties-common -y +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + +add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" +apt update +apt install docker-ce -y + +# systemctl status docker +curl -L https://github.com/docker/compose/releases/download/1.26.0/docker-compose-"$(uname -s)"-"$(uname -m)" -o /usr/local/bin/docker-compose + + +chmod +x /usr/local/bin/docker-compose + +docker-compose --version +``` + +### 3. Set up `/tmp/aesmd` folder + +We use this folder to communicate with the aesm (architectural enclave service manager) service. You can use any other folder you want, just change the paths in the scripts + +You may have to run this after a reboot, as well, since the /tmp/ folders are volatile. + +```bash +#! /bin/bash + +# Aesm service relies on this folder and having write permissions +# shellcheck disable=SC2174 +mkdir -p -m 777 /tmp/aesmd +chmod -R -f 777 /tmp/aesmd || sudo chmod -R -f 777 /tmp/aesmd || true +``` + +### 4. Create the docker-compose file `docker-compose.yaml` + +Edit the path under `devices` to match to your device from step 1 + +```yaml +version: '3.4' + +services: + aesm: + image: cashmaney/aesm + devices: + - /dev/isgx + volumes: + - /tmp/aesmd:/var/run/aesmd + stdin_open: true + tty: true + + node: + image: enigmampc/secret-network-node:pubtestnet + devices: + - /dev/isgx + volumes: + - /tmp/aesmd:/var/run/aesmd + - /tmp/.secretd:/root/.secretd + - /tmp/.secretcli:/root/.secretcli + - /tmp/.sgx_secrets:/root/.sgx_secrets + environment: + - SGX_MODE=HW + - MONIKER + - RPC_URL + - CHAINID + - PERSISTENT_PEERS + - REGISTRATION_SERVICE + healthcheck: + test: ["CMD", "curl", "-f", "http://127.0.0.1:26657"] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 40s + ports: + - "26656:26656" + - "26657:26657" +``` + +NOTE: If you want to persist the node beyond a reboot, change the paths + +``` + - /tmp/.secretd:/root/.secretd + - /tmp/.secretcli:/root/.secretcli + - /tmp/.sgx_secrets:/root/.sgx_secrets +``` + +To something persistent (e.g. in your home directory) like: + +``` + - /home/bob/.secretd:/root/.secretd + - /home/bob/.secretcli:/root/.secretcli + - /home/bob/.sgx_secrets:/root/.sgx_secrets +``` + +Note: If you delete or lose either the .secretd or the .sgx_secrets folder your node will have to reset and resync itself. + +### 5. Set up environment variables + +* MONIKER - your network name +* RPC_URL - address of a node with an open RPC service (you can use `bootstrap.pub.testnet.enigma.co:26657`) +* CHAINID - chain-id of the network +* PERSISTENT_PEERS - List of peers to connect to initially (for this testnet use `115aa0a629f5d70dd1d464bc7e42799e00f4edae@51.132.233.98:26656`) +* REGISTRATION_SERVICE - Address of registration service (this will help the node start automatically without going through all the manual steps in the other guide) - `reg-pubtestnet.uksouth.azurecontainer.io:8081` + +You can set an environment variable using the `export` syntax + +`export RPC_URL=bootstrap.pub.testnet.enigma.co:26657` + +### 6. Start your node + +`docker-compose up -d` + +After creating the machine a healthy status of the node will have 2 containers active: + +```docker ps``` + +``` +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +bf9ba8dd0802 enigmampc/secret-network-node:pubtestnet "/bin/bash startup.sh" 13 minutes ago Up 13 minutes (healthy) 0.0.0.0:26656-26657->26656-26657/tcp secret-node_node_1 +2405b23aa1bd cashmaney/aesm "/bin/sh -c './aesm_…" 13 minutes ago Up 13 minutes secret-node_aesm_1 +``` + +### 7. Helpful aliases + +We recommend setting the following aliases, which will allow you to transparently use the `secretd` and `secretcli` commands from the host (rather than having to exec into the container) + +``` +echo 'alias secretcli="docker exec -it secret-node_node_1 secretcli"' >> $HOME/.bashrc +echo 'alias secretd="docker exec -it secret-node_node_1 secretd"' >> $HOME/.bashrc +``` + +Where `secret-node_node_1` should be the name of the node container (but it may be different, you can check with `docker ps`) + +### 8. Troubleshooting + +You can see the logs of the node by checking the docker logs of the node container: + +```docker logs secret-node_node_1``` + +If you want to debug/do other stuff with your node you can exec into the actual node using + +```docker exec -it secret-node_node_1 /bin/bash``` + + + diff --git a/docs/testnet/run-full-node-testnet.md b/docs/testnet/run-full-node-testnet.md new file mode 100644 index 000000000..50c3cb578 --- /dev/null +++ b/docs/testnet/run-full-node-testnet.md @@ -0,0 +1,214 @@ +# How To Join Secret Network as a Full Node on Testnet + +This document details how to join the Secret Network `testnet` as a validator. + +## Requirements + +- Ubuntu/Debian host (with ZFS or LVM to be able to add more storage easily) +- A public IP address +- Open ports `TCP 26656 & 26657` _Note: If you're behind a router or firewall then you'll need to port forward on the network device._ +- Reading https://docs.tendermint.com/master/tendermint-core/running-in-production.html +- RPC address of an already active node. You can use `bootstrap.pub.testnet.enigma.co:26657`, or any other node that exposes RPC services. +- Account with at least 1 SCRT + +### Minimum requirements + +- 1GB RAM +- 100GB HDD +- 1 dedicated core of any Intel Skylake processor (Intel® 6th generation) or better + +### Recommended requirements + +- 2GB RAM +- 256GB SSD +- 2 dedicated cores of any Intel Skylake processor (Intel® 6th generation) or better +- Motherboard with support for SGX in the BIOS + +Refer to https://ark.intel.com/content/www/us/en/ark.html#@Processors if unsure if your processor supports SGX + +## Installation + +### 0. Step up SGX on your local machine + +See instructions [here](/docs/validators-and-full-nodes/setup-sgx.md) + +### 1. Download the Secret Network package installer for Debian/Ubuntu: + +```bash +wget https://github.com/enigmampc/SecretNetwork/releases/download/v0.5.0-rc1/secretnetwork_0.5.0-rc1_amd64.deb +``` + +([How to verify releases](/testnet/verify-sgx.md)) + +### 2. Install the package: + +```bash +sudo dpkg -i secretnetwork_0.5.0-rc1_amd64.deb +``` + +### 3. Initialize your installation of the Secret Network. Choose a **moniker** for yourself that will be public, and replace `` with your moniker below + +```bash +secretd init --chain-id enigma-pub-testnet-1 +``` + +### 4. Download a copy of the Genesis Block file: `genesis.json` + +```bash +wget -O ~/.secretd/config/genesis.json "https://github.com/enigmampc/SecretNetwork/releases/download/v0.5.0-rc1/genesis.json" +``` + +### 5. Validate the checksum for the `genesis.json` file you have just downloaded in the previous step: + +```bash +echo "d12a38c37d7096b0c0d59a56af12de2e4e5eca598d53699119344b26a6794026 $HOME/.secretd/config/genesis.json" | sha256sum --check +``` + +### 6. Validate that the `genesis.json` is a valid genesis file: + +```bash +secretd validate-genesis +``` + +### 7. The rest of the commands should be ran from the `~/` folder (`/home/`) + +```bash +cd ~/ +``` + +### 8. Initialize secret enclave + +Make sure SGX is enabled and running or this step might fail. + +```bash +export SCRT_ENCLAVE_DIR=/usr/lib +``` + +```bash +secretd init-enclave +``` + +### 9. Check that initialization was successful + +Attestation certificate should have been created by the previous step + +```bash +ls -lh ./attestation_cert.der +``` + +### 10. Check your certificate is valid + +Should print your 64 character registration key if it was successful. + +```bash +PUBLIC_KEY=$(secretd parse attestation_cert.der 2> /dev/null | cut -c 3-) +echo $PUBLIC_KEY +``` + +### 11. Config `secretcli` + +```bash +secretcli config chain-id enigma-pub-testnet-1 +secretcli config node tcp://bootstrap.pub.testnet.enigma.co:26657 +secretcli config broadcast-mode block +secretcli config output json +secretcli config indent true +``` + +### 12. Register your node on-chain + +This step can be run from any location (doesn't have to be from the same node) + +```bash +secretcli tx register auth --from +``` + +### 13. Pull & check your node's encrypted seed from the network + +```bash +SEED=$(secretcli query register seed "$PUBLIC_KEY" | cut -c 3-) +echo $SEED +``` + +### 14. Get additional network parameters + +These are necessary to configure the node before it starts + +```bash +secretcli query register secret-network-params +ls -lh ./io-master-cert.der ./node-master-cert.der +``` + +### 15. Configure your secret node + +```bash +mkdir -p ~/.secretd/.node +secretd configure-secret node-master-cert.der "$SEED" +``` + +### 16. Add persistent peers to your configuration file. + +You can also use Enigma's node: + +``` +perl -i -pe 's/persistent_peers = ""/persistent_peers = "115aa0a629f5d70dd1d464bc7e42799e00f4edae\@bootstrap.pub.testnet.enigma.co:26656"/' ~/.secretd/config/config.toml +``` + +### 17. Listen for incoming RPC requests so that light nodes can connect to you: + +```bash +perl -i -pe 's/laddr = .+?26657"/laddr = "tcp:\/\/0.0.0.0:26657"/' ~/.secretd/config/config.toml +``` + +### 18. Enable `secret-node` as a system service: + +``` +sudo systemctl enable secret-node +``` + +### 19. Start `secret-node` as a system service: + +``` +sudo systemctl start secret-node +``` + +### 20. If everything above worked correctly, the following command will show your node streaming blocks (this is for debugging purposes only, kill this command anytime with Ctrl-C): + +```bash +journalctl -f -u secret-node +``` + +``` +-- Logs begin at Mon 2020-02-10 16:41:59 UTC. -- +Feb 10 21:18:34 ip-172-31-41-58 secretd[8814]: I[2020-02-10|21:18:34.307] Executed block module=state height=2629 validTxs=0 invalidTxs=0 +Feb 10 21:18:34 ip-172-31-41-58 secretd[8814]: I[2020-02-10|21:18:34.317] Committed state module=state height=2629 txs=0 appHash=34BC6CF2A11504A43607D8EBB2785ED5B20EAB4221B256CA1D32837EBC4B53C5 +Feb 10 21:18:39 ip-172-31-41-58 secretd[8814]: I[2020-02-10|21:18:39.382] Executed block module=state height=2630 validTxs=0 invalidTxs=0 +Feb 10 21:18:39 ip-172-31-41-58 secretd[8814]: I[2020-02-10|21:18:39.392] Committed state module=state height=2630 txs=0 appHash=17114C79DFAAB82BB2A2B67B63850864A81A048DBADC94291EB626F584A798EA +Feb 10 21:18:44 ip-172-31-41-58 secretd[8814]: I[2020-02-10|21:18:44.458] Executed block module=state height=2631 validTxs=0 invalidTxs=0 +Feb 10 21:18:44 ip-172-31-41-58 secretd[8814]: I[2020-02-10|21:18:44.468] Committed state module=state height=2631 txs=0 appHash=D2472874A63CE166615E5E2FDFB4006ADBAD5B49C57C6B0309F7933CACC24B10 +^C +``` + +You are now a full node. :tada: + +### 21. Get your node ID with: + +```bash +secretd tendermint show-node-id +``` + +And publish yourself as a node with this ID: + +``` +@:26656 +``` + +So if someone wants to add you as a peer, have them add the above address to their `persistent_peers` in their `~/.secretd/config/config.toml`. +And if someone wants to use you from their `secretcli` then have them run: + +```bash +secretcli config chain-id enigma-pub-testnet-1 +secretcli config output json +secretcli config indent true +secretcli config node tcp://:26657 +``` diff --git a/docs/testnet/verify-sgx.md b/docs/testnet/verify-sgx.md new file mode 100644 index 000000000..79429492f --- /dev/null +++ b/docs/testnet/verify-sgx.md @@ -0,0 +1,124 @@ +# Verify your SGX setup + +# Background + +To make sure the entire network runs on SGX nodes we use a process called _registration_. This process, performed by each node runner, involves authenticating the local enclave both with Intel Attestation Services and on-chain. + +This process not only verifies that the local node is running a genuine enclave, but that it is patched, and not vulnerable to any known exploits. This means that you may be running SGX-enabled hardware, but may be missing microcode, or firmware which affect SGX-security. + +For this reason it is recommended to check ahead of time the result of the attestation process, which can tell you if an update is required. + +__Note:__ for the incentivized testnet we are going to run with more relaxed requirements than mainnet - be aware that your incentivized testnet setup may not work on mainnet if you do not verify it + +## Instructions + +These instructions refer to an installation using: +* Ubuntu 18.04 or 20.04 +* SGX driver [sgx_linux_x64_driver_2.6.0_95eaa6f.bin](https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/sgx_linux_x64_driver_2.6.0_95eaa6f.bin "sgx_linux_x64_driver_2.6.0_95eaa6f.bin") +* Intel SGX PSW 2.9.101.2 + +See SGX installation instructions [here](/docs/validators-and-full-nodes/setup-sgx.md) + +Other driver/OS combinations are not guaranteed to work with these instructions. Let us know on `chat.scrt.network` if you intend to run on a different setup. + +### 1. Download the test package + +`wget https://github.com/enigmampc/SecretNetwork/releases/download/v0.5.0-rc1/secretnetwork_0.5.0-rc1_amd64.deb` + +### 2. Unpack +#### This will install `secretd` +`sudo dpkg -i secretnetwork_0.5.0-rc1_amd64.deb` + +### 3. Initialize the enclave + +Create the `.sgx_secrets` directory if it doesn't already exist +```bash +mkdir .sgx_secrets +``` + +Then initialize the enclave + +```bash +SCRT_ENCLAVE_DIR=/usr/lib secretd init-enclave +``` + +(or `SCRT_ENCLAVE_DIR=/usr/lib secretd init-enclave | grep -Po 'isvEnclaveQuoteStatus":".+?"'`) + +This step, if successful, will create an output similar to this - +``` +INFO [wasmi_runtime_enclave::registration::attestation] Attestation report: {"id":"183845695958032083367610248637243990718","timestamp":"2020-07-12T09:43:12.297820","version":4,"advisoryURL":"https://security-center.intel.com","advisoryIDs":["INTEL-SA-00334"],"isvEnclaveQuoteStatus":"SW_HARDENING_NEEDED","isvEnclaveQuoteBody":"AgAAAMYLAAALAAoAAAAAABf93MlHcUSizYTifNzpi+QD9Lqdmd+k62/B9e4nOc4sDw8DBf+ABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAAAAAAO40oSBNM9hG2mHlwrSwAbMCmy87uJSAiGpez88uqJlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnnferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADv56xwUqy2HPiT/uxTSwg1LQmFPJa2sD0Q2YwuzlJuLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} +``` + +(or `isvEnclaveQuoteStatus":"SW_HARDENING_NEEDED"`) + +Where the important field is __isvEnclaveQuoteStatus__. This is the field that marks trust level of our platform. The acceptable values for this field are: + +* OK +* SW_HARDENING_NEEDED + +With the following value accepted for __incentivized testnet only__: +* GROUP_OUT_OF_DATE + +Consult with the [Intel API](https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf#page=21) for more on these values. + +If you do not see such an output, look for a file called `attestation_cert.der` which should have been created in your `$HOME` directory. You can then use the command `secretd parse ` to check the result a successful result should be a 64 byte hex string (e.g. `0x9efe0dc689447514d6514c05d1161cea15c461c62e6d72a2efabcc6b85ed953b`. + +### 4. What to do if this didn't work? + +1. Running `secretd init-enclave` should have created a file called `attestation_cert.der`. This file contains the attestation report from above. +2. Contact us on the proper channels on `chat.scrt.network` +3. The details we will need to investigate will include: + * Hardware specs + * SGX PSW/driver versions + * BIOS versions + * The file `attestation_cert.der` + +### 5. Troubleshooting + +* Output is: +``` +secretd init-enclave +2020-07-12 13:21:31,864 INFO [go_cosmwasm] Hello from right before key_gen +2020-07-12 13:21:31,864 INFO [cosmwasm_sgx_vm::seed] Hello from just before initializing - untrusted_key_gen +2020-07-12 13:21:31,864 ERROR [go_cosmwasm] Error :( +ERROR: failed to initialize enclave: Error calling the VM: SGX_ERROR_ENCLAVE_FILE_ACCESS +``` + + Make sure you have the environment variable `SCRT_ENCLAVE_DIR=/usr/lib` set before you run `secretd`. + +* Output is: +``` +secretd init-enclave +2020-07-12 13:37:26,549 INFO [go_cosmwasm] Hello from right before key_gen +2020-07-12 13:37:26,549 INFO [cosmwasm_sgx_vm::seed] Hello from just before initializing - untrusted_key_gen +2020-07-12 13:37:26,689 INFO [cosmwasm_sgx_vm::seed] Hello from just after initializing - untrusted_key_gen +DEBUG [wasmi_runtime_enclave::crypto::key_manager] Seed not initialized! Cannot derive enclave keys +ERROR [wasmi_runtime_enclave::crypto::key_manager] Error sealing registration key +ERROR [wasmi_runtime_enclave::registration::offchain] Failed to create registration key +2020-07-12 13:37:26,690 ERROR [go_cosmwasm] Error :( +ERROR: failed to initialize enclave: Error calling the VM: SGX_ERROR_UNEXPECTED +``` + +Make sure the directory `~/.sgx_secrets/` is created. If that still doesn't work, try to create `/root/.sgx_secrets` + +* Output is: +``` +secretd init-enclave +2020-07-12 13:46:34,463 INFO [go_cosmwasm] Hello from right before key_gen +2020-07-12 13:46:34,463 INFO [cosmwasm_sgx_vm::seed] Hello from just before initializing - untrusted_key_gen +2020-07-12 13:46:34,609 INFO [cosmwasm_sgx_vm::seed] Hello from just after initializing - untrusted_key_gen +DEBUG [wasmi_runtime_enclave::crypto::key_manager] Seed not initialized! Cannot derive enclave keys +INFO [wasmi_runtime_enclave::registration::offchain] ecall_key_gen key pk: [216, 167, 170, 152, 151, 228, 78, 162, 141, 2, 6, 132, 35, 245, 214, 206, 128, 29, 141, 28, 42, 185, 186, 181, 122, 84, 172, 21, 78, 17, 106, 85] +2020-07-12 13:46:34,617 INFO [cosmwasm_sgx_vm::attestation] Hello from just before initializing - create_attestation_report_u +2020-07-12 13:46:34,617 INFO [cosmwasm_sgx_vm::attestation] Hello from just after initializing - create_attestation_report_u +2020-07-12 13:46:34,617 INFO [cosmwasm_sgx_vm::attestation] Entered produce report +DEBUG [wasmi_runtime_enclave::crypto::key_manager] Seed not initialized! Cannot derive enclave keys +INFO [wasmi_runtime_enclave::registration::offchain] ecall_get_attestation_report key pk: [216, 167, 170, 152, 151, 228, 78, 162, 141, 2, 6, 132, 35, 245, 214, 206, 128, 29, 141, 28, 42, 185, 186, 181, 122, 84, 172, 21, 78, 17, 106, 85] +2020-07-12 13:46:34,618 INFO [cosmwasm_sgx_vm::attestation] Entering ocall_sgx_init_quote +DEBUG [wasmi_runtime_enclave::registration::attestation] EPID group = [0, 0, 0, 0] +ERROR [wasmi_runtime_enclave::registration::attestation] Error in create_attestation_report: SGX_ERROR_SERVICE_UNAVAILABLE +ERROR [wasmi_runtime_enclave::registration::offchain] Error in create_attestation_certificate: SGX_ERROR_SERVICE_UNAVAILABLE +ERROR: failed to create attestation report: Error calling the VM: SGX_ERROR_SERVICE_UNAVAILABLE +``` + +Make sure the `aesmd-service` is running `systemctl status aesmd.service` diff --git a/docs/validators-and-full-nodes/join-validator-mainnet.md b/docs/validators-and-full-nodes/join-validator-mainnet.md index 8bff0b5d9..9947873da 100644 --- a/docs/validators-and-full-nodes/join-validator-mainnet.md +++ b/docs/validators-and-full-nodes/join-validator-mainnet.md @@ -4,7 +4,20 @@ ### 1. [Run a new full node](/validators-and-full-nodes/run-full-node-mainnet.md) on a new machine. -### 2. Generate a new key pair for yourself (change `` with any word of your choice, this is just for your internal/personal reference): +### 2. Set your `minimum-gas-price` parameter + +We recommend starting with `0.1uscrt` per gas unit: + +```bash +perl -i -pe 's/^minimum-gas-prices = .+?$/minimum-gas-prices = "0.1uscrt"/' ~/.secretd/config/app.toml +sudo systemctl restart secret-node +``` + +Your validator will not propose transactions that specify `--gas-price` lower than the `minimun-gas-price` you set here. + +This is the main parameter the affects your ROI, so you should adjust it with time. + +### 3. Generate a new key pair for yourself (change `` with any word of your choice, this is just for your internal/personal reference): ```bash secretcli keys add @@ -15,18 +28,24 @@ secretcli keys add **Note**: If you already have a key you can import it with the bip39 mnemonic with `secretcli keys add --recover` or with `secretcli keys export` (exports to `stderr`!!) & `secretcli keys import`. -### 3. Output your node address: +### 4. Transfer tokens to your delegator's address: + +This is the `secret` wallet from which you delegate your funds to you own validator. You must delegate at least 1 SCRT (1000000uscrt) from this wallet to your validator. + +To create a `secret` wallet, run: ```bash -secretcli keys show -a +secretcli keys add ``` -### 4. Transfer tokens to the address displayed above. +Make sure to backup the mnemonic you got from the above command! + +Then transfer funds to address you just created. -### 5. Check that you have the requested tokens: +### 5. Check that you have the funds: ```bash -secretcli q account $(secretcli keys show -a ) +secretcli q account $(secretcli keys show -a ) ``` If you get the following message, it means that you have no tokens yet: @@ -35,20 +54,18 @@ If you get the following message, it means that you have no tokens yet: ERROR: unknown address: account secret1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx does not exist ``` -### 6. Join the network as a new validator: replace `` with your own from step 3 above, and adjust the amount you want to stake +### 6. Join the network as a new validator: replace `` with the moniker you configured in step 3 of [creating a full-node](https://github.com/enigmampc/SecretNetwork/blob/develop/docs/validators-and-full-nodes/run-full-node-mainnet.md), and adjust the amount you want to stake (remember 1 SCRT = 1,000,000 uSCRT, and so the command below stakes 100k SCRT). ```bash secretcli tx staking create-validator \ - --amount=100000000000uscrt \ + --amount=uscrt \ --pubkey=$(secretd tendermint show-validator) \ --commission-rate="0.10" \ --commission-max-rate="0.20" \ --commission-max-change-rate="0.01" \ --min-self-delegation="1" \ - --gas=200000 \ - --gas-prices="0.025uscrt" \ --moniker= \ --from= ``` @@ -61,7 +78,6 @@ secretcli q staking validators | jq '.[] | select(.description.moniker == " ``` + +## Unjailing your validator + +Using the following command you can unjail your node.: + +``` +secretcli tx slashing unjail --from = +``` diff --git a/docs/validators-and-full-nodes/run-full-node-mainnet.md b/docs/validators-and-full-nodes/run-full-node-mainnet.md index 91305aba8..e49e21ba2 100644 --- a/docs/validators-and-full-nodes/run-full-node-mainnet.md +++ b/docs/validators-and-full-nodes/run-full-node-mainnet.md @@ -1,6 +1,6 @@ # Run a Full Node -This document details how to join the Secret Network mainnet as a validator. +This document details how to join the Secret Network `mainnet` as a validator. ## Requirements @@ -9,25 +9,24 @@ This document details how to join the Secret Network mainnet as a validator. - Open ports `TCP 26656 & 26657` _Note: If you're behind a router or firewall then you'll need to port forward on the network device._ - Reading https://docs.tendermint.com/master/tendermint-core/running-in-production.html -### While actual specs vary depending on the load and validators count, minimal requirements are: +### Minimum requirements -1GB RAM -25GB of disk space -1.4 GHz CPU -SSD disks are preferable for applications with high transaction throughput. +- 1GB RAM +- 100GB HDD +- 1 dedicated core of any Intel Skylake processor (Intel® 6th generation) or better -### Recommended: +### Recommended requirements -2GB RAM -100GB SSD -x64 2.0 GHz 2v CPU +- 2GB RAM +- 256GB SSD +- 2 dedicated cores of any Intel Skylake processor (Intel® 6th generation) or better ## Installation -### 1. Download the Secret Blockchain package installer for Debian/Ubuntu: +### 1. Download the Secret Network package installer for Debian/Ubuntu: ```bash -wget https://github.com/chainofsecrets/TheRomulusUpgrade/releases/download/v0.2.0/secretnetwork_0.2.0_amd64.deb +wget https://github.com/enigmampc/SecretNetwork/releases/download/v0.2.1/secretnetwork_0.2.1_amd64.deb ``` ([How to verify releases](/verify-releases.md)) @@ -35,10 +34,10 @@ wget https://github.com/chainofsecrets/TheRomulusUpgrade/releases/download/v0.2. ### 2. Install the package: ```bash -sudo dpkg -i secretnetwork_0.2.0_amd64.deb +sudo dpkg -i secretnetwork_0.2.1_amd64.deb ``` -### 3. Initialize your installation of the Secret Blockchain. Choose a **moniker** for yourself that will be public, and replace `` with your moniker below +### 3. Initialize your installation of the Secret Network. Choose a **moniker** for yourself that will be public, and replace `` with your moniker below ```bash secretd init --chain-id secret-1 @@ -74,8 +73,6 @@ perl -i -pe 's/persistent_peers = ""/persistent_peers = "201cff36d13c6352acfc4a3 perl -i -pe 's/seeds = ""/seeds = "201cff36d13c6352acfc4a373b60e83211cd3102\@bootstrap.mainnet.enigma.co:26656"/' ~/.secretd/config/config.toml ``` -This configuration updates automatically by your node when it learns of new nodes in the network. - ### 8. Listen for incoming RPC requests so that light nodes can connect to you: ```bash diff --git a/docs/validators-and-full-nodes/secret-nodes.md b/docs/validators-and-full-nodes/secret-nodes.md index 8d8a45537..023364c0d 100644 --- a/docs/validators-and-full-nodes/secret-nodes.md +++ b/docs/validators-and-full-nodes/secret-nodes.md @@ -1,6 +1,8 @@ # Validators -It is possible for anyone who holds SCRT to become a Secret Network Validator or Delegator, and thus participate in both staking and governance processes. Currently, no special hardware is required. If and when the network votes to include secret contracts, validators will be required to run nodes with the latest version of Intel SGX. For information on running a validator, joining the network, staking, and voting, please see the walkthrough below and our [governance documentation](/protocol/governance.md). For a partial list of compatible hardware, see [this list](https://github.com/ayeks/SGX-hardware) (this guide is not maintained by Enigma or the Secret Network community). +Secret Network is secured by a coordinated group of validators (current maximum: 50) using a Byzantine fault tolerant delegated proof-of-stake consensus engine, [Tendermint](https://tendermint.com). These validators stake their own SCRT coins and coins from delegators in order to earn rewards by successfully running the protocol, verifying transactions, and proposing blocks to the chain. If they fail to maintain a consistent and honest node, they will be slashed and coins will be deducted from their account. + +It is possible for anyone who holds SCRT to become a Secret Network validator or delegator, and thus participate in both staking and governance processes. If and when the network upgrades to integrate secret contract functionality, validators will be required to run nodes equipped with the latest version of Intel SGX. For information on running a node, delegating, staking, and voting, please see the walkthrough below and visit our [governance documentation](/protocol/governance.md). Here is a [list of compatible hardware](https://github.com/ayeks/SGX-hardware) (not maintained by Enigma or the Secret Network community). ## Walkthrough diff --git a/docs/validators-and-full-nodes/setup-sgx.md b/docs/validators-and-full-nodes/setup-sgx.md index e5e078ca5..78e1c80e6 100644 --- a/docs/validators-and-full-nodes/setup-sgx.md +++ b/docs/validators-and-full-nodes/setup-sgx.md @@ -1,17 +1,94 @@ -# SGX Requirements +# Prepare your Hardware -## Hardware +If you're running a local machine and not a cloud-based VM - 1. Go to your BIOS menu 2. Enable SGX (Software controlled is not enough) 3. Disable Secure Boot -## Software +# Installation -First, have the latest microcode from Intel installed: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases -`sudo apt install intel-microcode -y` may also work. +## For Node Runners -Then, make sure you have Rust installed: https://www.rust-lang.org/tools/install +### Install SGX + +Note: `sgx_linux_x64_driver_2.6.0_602374c.bin` is the latest driver as of July 13, 2020. Please check under https://download.01.org/intel-sgx/sgx-linux/ that this is still the case. If not, please send us a PR or notify us. + +```bash +UBUNTUVERSION=$(lsb_release -r -s | cut -d '.' -f 1) +PSW_PACKAGES='libsgx-enclave-common libsgx-urts sgx-aesm-service libsgx-uae-service autoconf libtool' + +if (($UBUNTUVERSION < 16)); then + echo "Your version of Ubuntu is not supported. Must have Ubuntu 16.04 and up. Aborting installation script..." + exit 1 +elif (($UBUNTUVERSION < 18)); then + DISTRO='xenial' + OS='ubuntu16.04-server' +else + DISTRO='bionic' + OS='ubuntu18.04-server' +fi + +echo "\n\n###############################################" +echo "##### Installing Intel SGX driver #####" +echo "###############################################\n\n" + +# download SGX driver +wget "https://download.01.org/intel-sgx/sgx-linux/2.10/distro/${OS}/sgx_linux_x64_driver_2.6.0_602374c.bin" + +# Make the driver installer executable +chmod +x ./sgx_linux_x64_driver_*.bin + +# Install the driver +sudo ./sgx_linux_x64_driver_*.bin + +# Remount /dev as exec, also at system startup +sudo tee /etc/systemd/system/remount-dev-exec.service >/dev/null < 18)); then + sudo apt install -y gdebi + # Install all the additional necessary dependencies (besides the driver and the SDK) + # for building a rust enclave + wget -O /tmp/libprotobuf10_3.0.0-9_amd64.deb http://ftp.br.debian.org/debian/pool/main/p/protobuf/libprotobuf10_3.0.0-9_amd64.deb + (sleep 3 ; echo y) | sudo gdebi /tmp/libprotobuf10_3.0.0-9_amd64.deb +else + PSW_PACKAGES+=' libprotobuf-dev' +fi + +sudo apt install -y $PSW_PACKAGES +``` + +## For Enclave Developers + +### Prerequisites + +First, make sure you have Rust installed: https://www.rust-lang.org/tools/install - Once Rust is installed, install the `nightly` toolchain: @@ -19,7 +96,9 @@ Then, make sure you have Rust installed: https://www.rust-lang.org/tools/install rustup toolchain install nightly ``` -Then you can use this script (or run the commands one-by-one), which was tested on Ubuntu 20.04 with SGX driver/sdk version 2.9 intended for Ubuntu 18.04: +Then you can use this script (or run the commands one-by-one), which was tested on Ubuntu 20.04 with SGX driver/sdk version 2.10 intended for Ubuntu 18.04: + +### Install SGX SDK + Driver ```bash UBUNTUVERSION=$(lsb_release -r -s | cut -d '.' -f 1) @@ -38,7 +117,7 @@ echo "##### Installing missing packages #####" echo "#######################################\n\n" # Install needed packages for script -sudo apt install -y lynx parallel gdebi make +sudo apt install -y lynx parallel gdebi # Create a working directory to download and install the SDK inside mkdir -p "$HOME/.sgxsdk" @@ -58,11 +137,11 @@ mkdir -p "$HOME/.sgxsdk" # 4. Download `sgx_linux_x64_driver_*.bin` and `sgx_linux_x64_sdk_*.bin` lynx -dump -listonly -nonumbers https://download.01.org/intel-sgx/sgx-linux/ | grep -P 'sgx-linux/(\d\.?)+/' | - sort | + sort -V | tail -1 | parallel --bar --verbose lynx -dump -listonly -nonumbers "{}/distro" | grep -P 'ubuntu\d\d' | - sort | + sort -V | tail -1 | parallel --bar --verbose lynx -dump -listonly -nonumbers | grep -P '\.bin$' | @@ -129,49 +208,65 @@ sudo $HOME/.sgxsdk/sgx_linux_x64_driver_*.bin # Testing your SGX setup -1. For node runners, by using `sgx-detect`: +## For Node Runners + +### Run `secretd init-enclave` + +See https://github.com/enigmampc/SecretNetwork/blob/master/docs/testnet/verify-sgx.md for a guide how to test your setup - ```bash - sudo apt install -y libssl-dev protobuf-compiler pkg-config - cargo +nightly install fortanix-sgx-tools sgxs-tools +## For Contract Developers - sgx-detect - ``` +### using `sgx-detect`: - Should print at the end: +First, make sure you have Rust installed: https://www.rust-lang.org/tools/install - ``` - ✔ Able to launch enclaves - ✔ Debug mode - ✔ Production mode (Intel whitelisted) +- Once Rust is installed, install the `nightly` toolchain: + +```bash +rustup toolchain install nightly +``` + +```bash +sudo apt install -y libssl-dev protobuf-compiler +cargo +nightly install fortanix-sgx-tools sgxs-tools + +sgx-detect +``` - You're all set to start running SGX programs! - ``` +Should print at the end: -2. For enclave developers, by compiling a `hello-rust` project: +``` +✔ Able to launch enclaves + ✔ Debug mode + ✔ Production mode (Intel whitelisted) + +You're all set to start running SGX programs! +``` + +### Compiling a `hello-rust` project: - ```bash - git clone --depth 1 -b v1.1.1-testing git@github.com:apache/incubator-teaclave-sgx-sdk.git +```bash +git clone --depth 1 -b v1.1.2 git@github.com:apache/incubator-teaclave-sgx-sdk.git - cd incubator-teaclave-sgx-sdk/samplecode/hello-rust - perl -i -pe 's/SGX_SDK \?=.+/SGX_SDK ?= \$(HOME)\/.sgxsdk\/sgxsdk/' Makefile - make - cd bin - ./app - ``` +cd incubator-teaclave-sgx-sdk/samplecode/hello-rust +perl -i -pe 's/SGX_SDK \?=.+/SGX_SDK ?= \$(HOME)\/.sgxsdk\/sgxsdk/' Makefile +make +cd bin +./app +``` - Should print somting similar to this: +Should print somting similar to this: - ``` - [+] Init Enclave Successful 2! - This is a normal world string passed into Enclave! - This is a in-Enclave Rust string! - gd: 1 0 0 1 - static: 1 eremove: 0 dyn: 0 - EDMM: 0, feature: 9007268790009855 - supported sgx - [+] say_something success... - ``` +``` +[+] Init Enclave Successful 2! +This is a normal world string passed into Enclave! +This is a in-Enclave Rust string! +gd: 1 0 0 1 +static: 1 eremove: 0 dyn: 0 +EDMM: 0, feature: 9007268790009855 +supported sgx +[+] say_something success... +``` # Uninstall @@ -202,7 +297,7 @@ sudo apt purge -y libsgx-enclave-common libsgx-enclave-common-dev libsgx-urts sg # Refs -1. [https://github.com/apache/incubator-teaclave-sgx-sdk/wiki/Environment-Setup](https://github.com/apache/incubator-teaclave-sgx-sdk/wiki/Environment-Setup) -2. [https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_18.04.md](https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_18.04.md) -3. [https://github.com/apache/incubator-teaclave-sgx-sdk/blob/783f04c002e243d1022c5af8a982f9c2a7138f32/dockerfile/Dockerfile.1804.nightly](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/783f04c002e243d1022c5af8a982f9c2a7138f32/dockerfile/Dockerfile.1804.nightly) -4. [https://edp.fortanix.com/docs/installation/guide](https://edp.fortanix.com/docs/installation/guide) +1. https://github.com/apache/incubator-teaclave-sgx-sdk/wiki/Environment-Setup +2. https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_18.04.md +3. https://github.com/apache/incubator-teaclave-sgx-sdk/blob/783f04c002e243d1022c5af8a982f9c2a7138f32/dockerfile/Dockerfile.1804.nightly +4. https://edp.fortanix.com/docs/installation/guide/