Enclave images for JS bundles

[martijnlammers]

I've been following the documentation provided by ccf buildapp and im desperately attempting to put the js-app-bundle library into an enclave through proposal. However I don't understand how I need to use cmake in order to link and create the new enclave image out of the js_generic application. What exact steps would I need to perform in order to achieve this?

Using ccf-version1.0.13 with a js_generic.cpp file from the repository.

[achamayou]

@mAlyanak installing a js app bundle is done by proposal, which is a transaction against an existing network running js_generic. All it does is store the JS bundle in the in-memory key value store of the node. You can use the js_generic enclave as provided in the release, you do not need to build you own unless you are planning to add native/C++ code to js_generic.

[martijnlammers]

@achamayou so does this mean you're not supposed to write a proposal prior to starting up libjs_generic.enclave.so.signed, but rather that you need to propose one after startup, in a secondary terminal, and substitute the library that way?

[achamayou]

Yes, and you can do that however many times you like, which means that you can update the JS application without having to replace the nodes in the network. If you are using the sandbox, you can use "--js-app-bundle" to specify an initial value, and the script will automatically create an execute a proposal with that value on startup.

[martijnlammers]

This is my current methology of putting the math module in an enclave @achamayou

[eddyashton]

@mAlyanak I tried to answer a similar question here.

If you want to deploy a JS application with the js_generic enclave, you do not need to use CMake at all. We include a build of js_generic in each release. If you start a CCF network using that enclave image, you should then deploy the JS bundle using the standard governance procedure documented here.

That process would look something like:

# Start a network with the libjs_generic enclave
   ...
   You can now issue business transactions to the libjs_generic.enclave.so.signed application
   ...
# (NB: If that's started with sandbox.sh, leave it running in another terminal, or in the background, or...)

# Use the Python CCF package to build appropriate JSON request bodies
$ python -m ccf.proposal_generator set_js_app my-app/
SUCCESS | Writing proposal to ./set_js_app_proposal.json
...

# Submit that proposal to the network, as an member identity, signing the request with scurl
$ scurl.sh https://<ccf-node-address>/gov/proposals --cacert network_cert.pem --key member1_privk.pem --cert member1_cert.pem --data-binary @set_js_app_proposal.json -H "content-type: application/json"
{
  ...
  "proposal_id": "d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd",
  ...
}

# Vote for that proposal as other members, again signing with scurl
$ scurl.sh https://<ccf-node-address>/gov/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd/ballots --cacert network_cert.pem --key member1_privk.pem --cert member1_cert.pem --data-binary @set_js_app_vote_for.json -H "content-type: application/json"
# Note that which members and how many votes depends on the constitution:
# - If you're using the sandbox constitution, it is accepted already automatically
# - If you use the standard sample constitution, it needs a majority of members
# - If you have an operator-based constitution, it may require a single operator's vote

If you inspect the generated proposal and vote, you'll see they're just a JSON-embedding of the application bundle, and a trivial return true function - you could build those by hand rather than using the generator, if desired. And the interpretation of that proposal is determined again by the constitution, a set_js_app function in actions.js which defines what JSON object is expected, and where that's written to the KV.

[martijnlammers]

@achamayou @eddyashton Thanks for the responses. I've been running into myself with this problem for the past week or so. The replies are incredibly insightful and I really appreciate the help. I'll try my best to figure out the rest. 😊