refactor pvf security module (#3047)

resolve https://github.com/paritytech/polkadot-sdk/issues/2321

- [x] refactor `security` module into a conditionally compiled
- [x] rename `amd64` into x86-64 for consistency with conditional
compilation guards and remove reference to a particular vendor
- [x] run unit tests and zombienet

---------

Co-authored-by: s0me0ne-unkn0wn <48632512+s0me0ne-unkn0wn@users.noreply.github.com>
This commit is contained in:
maksimryndin
2024-02-11 10:59:10 +01:00
committed by GitHub
parent edd95b3749
commit 4883e14482
6 changed files with 132 additions and 112 deletions
+24 -2
View File
@@ -24,7 +24,7 @@ use crate::{
artifacts::{ArtifactId, ArtifactPathId, ArtifactState, Artifacts},
execute::{self, PendingExecutionRequest},
metrics::Metrics,
prepare, security, Priority, SecurityStatus, ValidationError, LOG_TARGET,
prepare, Priority, SecurityStatus, ValidationError, LOG_TARGET,
};
use always_assert::never;
use futures::{
@@ -225,10 +225,32 @@ pub async fn start(
// Run checks for supported security features once per host startup. If some checks fail, warn
// if Secure Validator Mode is disabled and return an error otherwise.
let security_status = match security::check_security_status(&config).await {
#[cfg(target_os = "linux")]
let security_status = match crate::security::check_security_status(&config).await {
Ok(ok) => ok,
Err(err) => return Err(SubsystemError::Context(err)),
};
#[cfg(not(target_os = "linux"))]
let security_status = if config.secure_validator_mode {
gum::error!(
target: LOG_TARGET,
"{}{}{}",
crate::SECURE_MODE_ERROR,
crate::SECURE_LINUX_NOTE,
crate::IGNORE_SECURE_MODE_TIP
);
return Err(SubsystemError::Context(
"could not enable Secure Validator Mode for non-Linux; check logs".into(),
));
} else {
gum::warn!(
target: LOG_TARGET,
"{}{}",
crate::SECURE_MODE_WARNING,
crate::SECURE_LINUX_NOTE,
);
SecurityStatus::default()
};
let (to_host_tx, to_host_rx) = mpsc::channel(HOST_MESSAGE_QUEUE_SIZE);