-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: improve multisig utility and usability #5027
Conversation
Genesis needs to be updated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this change is great improvement to usability of multisigs.
Updates:
Notes:
|
44105ac
to
35c6e2a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updates:
- re-export as
iroha::multisig_data_model
- add multisig data model into schema
default_executor
inwasm/libs
- early panic with unexpected events
- rustdoc-compliant warning
- empty arg to build all wasms
- fix
genesis_block_builder_example
test
All changes since the last update contained.
Notes:
-
genesis_block_builder_example
is failing to compile for some reason. Left to another PRThanks to @mversic , fixed
e7ea539
to
4e534e8
Compare
Updates:
Notes:
|
8812567
to
20cba30
Compare
b2971f4
to
fddbee0
Compare
BREAKING CHANGES: - (api-changes) `CanRegisterAnyTrigger` `CanUnregisterAnyTrigger` permissions for system authority - (api-changes) `GenesisWasmTrigger` in `RawGenesisTransaction` for `genesis.json` readability - (api-changes) `Multisig*Args` for multi-signature operations - (config-changes) `genesis.json` assumes `wasm_triggers[*].action.executable` is prebuilt under `wasm_dir` - (config-changes) docker-compose service generates `genesis.json` by oneself instead of reading bind-mounted one Major commits: - feat: support multisig recursion - feat: introduce multisig quorum and weights - feat: add multisig subcommand to client CLI - feat: introduce multisig transaction time-to-live - feat: predefine multisig world-level trigger in genesis - feat: allow accounts in domain to register multisig accounts Signed-off-by: Shunkichi Sato <[email protected]>
Afterword: I think it was not a good practice to keep a single commit during review, which was remnants of our |
BREAKING CHANGES:
CanRegisterAnyTrigger
CanUnregisterAnyTrigger
permissions for system authorityGenesisWasmTrigger
inRawGenesisTransaction
forgenesis.json
readabilityMultisig*Args
for multi-signature operationsgenesis.json
assumeswasm_triggers[*].action.executable
is prebuilt underwasm_dir
genesis.json
by oneself instead of reading bind-mounted oneMajor commits:
Context
Opens:
genesis.json
#5178Solution
Each commit is explained below, starting with the most recent. You can see the commit history here
feat: support multisig recursion
Allows multisig to function hierarchically, expected to be useful for e.g. automating organizational approval flows.
Tests:
cargo test -p iroha integration::multisig::multisig_recursion bash scripts/tests/multisig.recursion.sh
feat: introduce multisig quorum and weights
Inspired by Sui's multisig. Allows for flexible, if not completely free, authentication policies beyond "m of n". For example, weight equivalent to quorum represents administrative privileges
feat: add multisig subcommand to client CLI
You can see more usage in the testing script
feat: introduce multisig transaction time-to-live
Considers the latest block timestamp as the current time and determines timeout, when the transactions registry is called
feat: predefine multisig world-level trigger in genesis
Defines a global trigger in genesis that exercises authority over all domains. There will be three types of triggers on the system side related to multisig:
feat: allow accounts in domain to register multisig accounts
Accounts registry has authority of the domain owner, so access was previously restricted. This commit allows anyone to organize any multisig account within the domain.
This may be too lenient. Discussion
Review notes
To get an overview,
cargo test -p iroha integration::multisig::multisig bash scripts/tests/multisig.sh
The dotted line indicates an automatic process
Checklist
CONTRIBUTING.md
.