As discovered during investigation of
https://github.com/paritytech/polkadot-sdk/issues/3314 and
https://github.com/paritytech/polkadot-sdk/issues/3673 there are active
validators which accidentally might change their network key during
restart, that's not a safe operation when you are in the active set
because of distributed nature of DHT, so the old records would still
exist in the network until they expire 36h, so unless they have a good
reason validators should avoid changing their key when they restart
their nodes.
There is an effort in parallel to improve this situation
https://github.com/paritytech/polkadot-sdk/pull/3786, but those changes
are way more intrusive and will need more rigorous testing, additionally
they will reduce the time to less than 36h, but the propagation won't be
instant anyway, so not changing your network during restart should be
the safest way to run your node, unless you have a really good reason to
change it.
## Proposal
1. Do not auto-generate the network if the network file does not exist
in the provided path. Nodes where the key file does not exist will get
the following error:
```
Error:
0: Starting an authorithy without network key in /home/alexggh/.local/share/polkadot/chains/ksmcc3/network/secret_ed25519.
This is not a safe operation because the old identity still lives in the dht for 36 hours.
Because of it your node might suffer from not being properly connected to other nodes for validation purposes.
If it is the first time running your node you could use one of the following methods.
1. Pass --unsafe-force-node-key-generation and make sure you remove it for subsequent node restarts
2. Separetly generate the key with: polkadot key generate-node-key --file <YOUR_PATH_TO_NODE_KEY>
```
2. Add an explicit parameters for nodes that do want to change their
network despite the warnings or if they run the node for the first time.
`--unsafe-force-node-key-generation`
3. For `polkadot key generate-node-key` add two new mutually exclusive
parameters `base_path` and `default_base_path` to help with the key
generation in the same path the polkadot main command would expect it.
4. Modify the installation scripts to auto-generate a key in default
path if one was not present already there, this should help with making
the executable work out of the box after an instalation.
## Notes
Nodes that do not have already the key persisted will fail to start
after this change, however I do consider that better than the current
situation where they start but they silently hide that they might not be
properly connected to their peers.
## TODO
- [x] Make sure only nodes that are authorities on producation chains
will be affected by this restrictions.
- [x] Proper PRDOC, to make sure node operators are aware this is
coming.
---------
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Co-authored-by: Dmitry Markin <dmitry@markin.tech>
Co-authored-by: s0me0ne-unkn0wn <48632512+s0me0ne-unkn0wn@users.noreply.github.com>
Co-authored-by: Bastian Köcher <git@kchr.de>
* client/network: upgrade to libp2p 0.51.0
* make discovery.rs compile
* make peer_info.rs compile
* changes to notifications and request-response proto
* make service.rs compile
* towards making request_responses.rs compile
* make request_responses.rs compile
* make request_responses.rs compile
* fix notifications/behaviour.rs tests
* fix warnings
* remove old code
* allow deprecated code (temporary)
* upgrade to libp2p 0.51.1
* add TODO for behaviour tests
* return empty vec if peer_id is absent
https://github.com/paritytech/substrate/pull/13587#discussion_r1141695167
fyi: I don't really know what the old behaviour was.
* update comment to reflect new defaults
Closes#13338
* Revert "update comment to reflect new defaults"
This reverts commit 7a981abd69308e9d522ec94905f181439a1b1dba.
* remove config.rs (from wrong merge)
* upgrade to libp2p 0.51.2
* fix formatting
* use handle_pending_outbound_connection in networt_state RPC
* update deps
* use re-exports when we use other libp2p packages
* Apply suggestions from code review
Co-authored-by: Dmitry Markin <dmitry@markin.tech>
* format code
* handle potential errors in network_state RPC
* only update libp2p crate
* update libp2p-core
* fix docs
* use libp2p-identity instead of libp2p
where it's possible. libp2p-identity is much smaller, hence makes sense
to use it instead of larger libp2p crate.
* Update client/network/src/discovery.rs
Co-authored-by: Aaro Altonen <48052676+altonen@users.noreply.github.com>
* update Cargo.lock
* add comment for per_connection_event_buffer_size
current value is somewhat arbitrary and needs to be tweaked depending on
memory usage and network worker sleep stats.
* fix link format
* update Cargo.lock
* upgrade to libp2p 0.51.3
* deprecate mplex
* Revert "deprecate mplex"
This reverts commit 9e25820e706e464a0e962a8604861fcb2a7641eb.
* Revert "upgrade to libp2p 0.51.3"
This reverts commit 6544dd4138e2f89517bd7c7281fc78a638ec7040.
* use new libp2p version in `statement` crate
* pin version temporarily
* libp2p 0.51.3
* deprecate mplex
* deprecate legacy noise handshake
* fix build error
* update libp2p-identity
* enable libp2p-identity:ed25519 feature in sc-consensus
* enable ed25519 for peerset as well
---------
Co-authored-by: Dmitry Markin <dmitry@markin.tech>
Co-authored-by: Aaro Altonen <48052676+altonen@users.noreply.github.com>
Co-authored-by: parity-processbot <>
* Change copyright year to 2023 from 2022
* Fix incorrect update of copyright year
* Remove years from copy right header
* Fix remaining files
* Fix typo in a header and remove update-copyright.sh
* Bump clap to 3.2.22
* Replace `from_os_str` with `value_parser`
* Replace `from_str` and `try_from_str` with `value_parser`
* Move possible_values to the new format
* Remove unwanted print
* Add missing match branch
* Update clap to 4.0.9 and make it compile
* Replace deprecated `clap` macro with `command` and `value`
* Move remaining `clap` attributes to `arg`
* Remove no-op value_parsers
* Adjust value_parser for state_version
* Remove "deprecated" feature flag and bump to 4.0.11
* Improve range
Co-authored-by: Bastian Köcher <git@kchr.de>
* Apply suggestions
* Trigger CI
* Fix unused error warning
* Fix doc errors
* Fix ArgGroup naming conflict
* Change default_value to default_value_t
* Use 1.. instead of 0..
Co-authored-by: Bastian Köcher <git@kchr.de>
* Use `array-bytes` for All Array/Bytes/Hex Operations
Signed-off-by: Xavier Lau <xavier@inv.cafe>
* Reorder
* Self Review
* Format
* Fix Tests
* Bump `array-bytes`
* Optimize large test res
Signed-off-by: Xavier Lau <xavier@inv.cafe>
Co-authored-by: parity-processbot <>
* Run cargo fmt on the whole code base
* Second run
* Add CI check
* Fix compilation
* More unnecessary braces
* Handle weights
* Use --all
* Use correct attributes...
* Fix UI tests
* AHHHHHHHHH
* 🤦
* Docs
* Fix compilation
* 🤷
* Please stop
* 🤦 x 2
* More
* make rustfmt.toml consistent with polkadot
Co-authored-by: André Silva <andrerfosilva@gmail.com>
This pr makes the `--file` argument optional to `generate-node-key`.
If the argument is not given, the secret node key will be printed to
`stdout`. The public node key will always be printed to `stderr`.
* Fix printing of subkey when using the `--network` override
This fixes a bug where `--network` did not printed the account ss58 address for the
requested network. Basically we now always print all account ss58 addresses using the
requested network.
* Review comments
* Fixes test
* Update client/cli/src/commands/inspect.rs
Co-authored-by: André Silva <123550+andresilva@users.noreply.github.com>
* Update client/cli/src/commands/utils.rs
Co-authored-by: André Silva <123550+andresilva@users.noreply.github.com>
* Fix more tests
Co-authored-by: André Silva <123550+andresilva@users.noreply.github.com>
* draft
* revert
* WIP
* all that remains is tests
* update Cargo.lock
* tests WIP
* WIP refactor node-template-runtime and node-runtime
* implments sc_cli::RuntimeAdapter for node_template_runtime::Runtime
* final draft
* fix update_config for subcommands
* proper AccountId decoding
* test-runtime tests
* revert
* move RuntimeAdapter to cli-utils
* use &'static str for TryFrom::<&'a str>::Error for Ss58AddressFormat
* tests
* add frame-system to sc-cli dev-dependencies
* add frame-system to sc-cli dev-dependencies
* fix ui test
* wip
* fixed inspect test
* bump impl version
* bump impl version, fixx spaces remove todos
* pallet-balances-cli, rustc for some reason cannot resolve pallet_balances_cli in node-cli 😩
* wip
* Subcommand::run takes &self
* can't believe i missed that 🤦🏾♂️
* bump wasm-bindgen for some reason
* adds key subcommand, rename generate-node-key to generate-node-id
* cargo update and crossed fingers 🤞🏽
* update ui test
* update more ui tests
* should be all good now
* revert subkey change
* revert subkey change
* adds frame-utilities-cli
* Apply suggestions from code review
Co-authored-by: Benjamin Kampmann <ben@gnunicorn.org>
* removes frame from sc-cli, fix license
* my editor and ci disagrees on line width
* bump spec version
* turn off default features for parity-scale-codec
* enable full_crypto feature for sp-core in cli-utils
* merge frame-utilities-cli with pallet-balances-cli
* remove full_crypto feature from sp_core in cli-utils
* bump Cargo.lock
* cli-utils -> frame-utils
* rename BlockNumber to GenericNumber, fix spaces
* fix spaces
* construct additional_signed manually
* sign test
* remove unused vars
* implement subkey with frame-utilities-cli and sc_cli
* fix moduleid test
* CI and clion disagree on line widths
* adds associated Params type to SignedExtensionProvider
* Apply suggestions from code review
Co-authored-by: Benjamin Kampmann <ben@gnunicorn.org>
* move some code around
* removes unneccesary generic params
* moves module_id back to frame_utilities_cli
* Apply suggestions from code review
Co-authored-by: Benjamin Kampmann <ben@gnunicorn.org>
Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
* remove print_ext
* remove MaybeDisplay from pallet_balances::Trait::Balance
* a lot of stuff tbh
* adds ExtrasParamsBuilder
* remove tests for ModuleIdCmd
* address comments from PR
* bump Cargo.lock
* manually insert key into keystore
* remove unnecessary SharedParams
* add validation to vanity pattern, remove unused arg
* remove SharedParams from Sign, Vanity, Verify
* remove SharedParams from ModuleIdCmd, remove expect from Verify, new line to Cargo.toml
* remove SharedParams from InsertCmd
* 🤦🏾♂️
* deleted prometheus.yml
* move a few things around
* fix vanity test
Co-authored-by: Benjamin Kampmann <ben@gnunicorn.org>
Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
Co-authored-by: Benjamin Kampmann <ben@parity.io>
Alexandru Gheorghe