Feature/private key management

geth-poa/.env.example

@@ -4,3 +4,4 @@ NODE2_PRIVATE_KEY=
 RELAYER_PRIVATE_KEY=
 NEXT_PUBLIC_WALLET_CONNECT_ID=
 DD_KEY=
+MEV_COMMIT_GETH_PASSWORD=

geth-poa/Makefile

@@ -9,17 +9,21 @@ up-dev:
 	@if [ ! -f .env ]; then echo "Error: .env file not found. Please populate the .env file before running this command."; exit 1; fi
 	DD_KEY=nil docker compose --profile settlement up -d --build
 
+up-dev-keystore:
+	@if [ ! -f .env ]; then echo "Error: .env file not found. Please populate the .env file before running this command."; exit 1; fi
+	DD_KEY=nil docker compose --profile settlement-keystore up -d --build
+
 up-dev-local-l1:
 	@if [ ! -f .env ]; then echo "Error: .env file not found. Please populate the .env file before running this command."; exit 1; fi
 	DD_KEY=nil docker compose --profile settlement --profile local_l1 up -d
 
 down:
-	docker compose --profile settlement --profile prod_agents --profile local_l1 down
+	docker compose --profile settlement --profile settlement-keystore --profile prod_agents --profile local_l1 down
 
 clean-dbs:
 	@read -p "WARNING: This command will wipe all persistent disk data relevant to the containers. Press enter to continue or Ctrl+C to cancel." _ 
-	-docker compose --profile settlement --profile local_l1 down --rmi all --volumes
-	-docker compose --profile settlement --profile local_l1 rm -fv
+	-docker compose --profile settlement --profile local_l1 --profile settlement-keystore down --rmi all --volumes
+	-docker compose --profile settlement --profile local_l1 --profile settlement-keystore rm -fv
 	docker image prune -f
 
 pull-image:

geth-poa/README.md

@@ -39,4 +39,9 @@ NODE1_PRIVATE_KEY=0xpk1
 NODE2_PRIVATE_KEY=0xpk2
 ```
 
+Or if you will use keystore to store private keys, you will need to submit password in .env file:
+```
+MEV_COMMIT_GETH_PASSWORD=primev
+```
+
 To get a standard starter .env file from primev internal development, [click here.](https://www.notion.so/Private-keys-and-env-for-settlement-layer-245a4f3f4fe040a7b72a6be91131d9c2?pvs=4), populate only the `NODE1_PRIVATE_KEY` and `NODE2_PRIVATE_KEY` fields.

geth-poa/SignerNode1Dockerfile

@@ -0,0 +1,28 @@
+FROM golang:1.21-alpine AS builder
+
+RUN apk add --no-cache gcc musl-dev linux-headers git make
+
+COPY ../go.mod /go-ethereum/
+COPY ../go.sum /go-ethereum/
+RUN cd /go-ethereum && go mod download
+
+ADD .. /go-ethereum
+RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/geth
+
+FROM alpine:latest
+
+RUN apk add --no-cache jq
+
+COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/
+
+COPY geth-poa/genesis.json /genesis.json
+
+COPY geth-poa/entrypoint.sh /entrypoint.sh
+
+COPY geth-poa/signer-node1/keystore /data/keystore
+
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 8545 6060 60601
+
+ENTRYPOINT ["/entrypoint.sh"] 

geth-poa/SignerNode2Dockerfile

@@ -0,0 +1,28 @@
+FROM golang:1.21-alpine AS builder
+
+RUN apk add --no-cache gcc musl-dev linux-headers git make
+
+COPY ../go.mod /go-ethereum/
+COPY ../go.sum /go-ethereum/
+RUN cd /go-ethereum && go mod download
+
+ADD .. /go-ethereum
+RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/geth
+
+FROM alpine:latest
+
+RUN apk add --no-cache jq
+
+COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/
+
+COPY geth-poa/genesis.json /genesis.json
+
+COPY geth-poa/entrypoint.sh /entrypoint.sh
+
+COPY geth-poa/signer-node2/keystore /data/keystore
+
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 8545 6060 60601
+
+ENTRYPOINT ["/entrypoint.sh"] 

geth-poa/docker-compose.yml

@@ -21,6 +21,7 @@ services:
       - geth-data-bootnode:/data
     profiles:
       - settlement
+      - settlement-keystore
     labels:
       com.datadoghq.ad.check_names: '["openmetrics"]'
       com.datadoghq.ad.init_configs: '[{}]'
@@ -42,6 +43,47 @@ services:
           }
         ]
 
+  sl-node1-keystore:
+    build: 
+      context: ..
+      dockerfile: geth-poa/SignerNode1Dockerfile
+    environment:
+      - GETH_NODE_TYPE=signer
+      - BOOTNODE_ENDPOINT=enode://34a2a388ad31ca37f127bb9ffe93758ee711c5c2277dff6aff2e359bcf2c9509ea55034196788dbd59ed70861f523c1c03d54f1eabb2b4a5c1c129d966fe1e65@172.29.0.98:30301
+      - MEV_COMMIT_GETH_PASSWORD=${MEV_COMMIT_GETH_PASSWORD}
+      - NET_RESTRICT=172.29.0.0/16
+    networks:
+      primev_net:
+        ipv4_address: '172.29.0.99'
+    ports:
+      - 60602:60601
+    volumes:
+      - geth-data-node1:/data
+    profiles:
+      - settlement-keystore
+    labels:
+      com.datadoghq.ad.check_names: '["openmetrics"]'
+      com.datadoghq.ad.init_configs: '[{}]'
+      com.datadoghq.ad.instances: |
+        [
+          {
+            "openmetrics_endpoint": "http://%%host%%:6060/debug/metrics/prometheus",
+            "namespace": "geth-poa",
+            "metrics": [
+              "txpool*",
+              "trie*",
+              "system*",
+              "state*",
+              "rpc*",
+              "p2p*",
+              "eth*",
+              "chain*",
+              "clique*"
+              "vm*"
+            ]
+          }
+        ]
+
   sl-node1:
     build: 
       context: ..
@@ -84,6 +126,47 @@ services:
           }
         ]
 
+  sl-node2-keystore:
+    build: 
+      context: ..
+      dockerfile: geth-poa/SignerNode2Dockerfile
+    environment:
+      - GETH_NODE_TYPE=signer
+      - BOOTNODE_ENDPOINT=enode://34a2a388ad31ca37f127bb9ffe93758ee711c5c2277dff6aff2e359bcf2c9509ea55034196788dbd59ed70861f523c1c03d54f1eabb2b4a5c1c129d966fe1e65@172.29.0.98:30301
+      - NET_RESTRICT=172.29.0.0/16
+      - MEV_COMMIT_GETH_PASSWORD=${MEV_COMMIT_GETH_PASSWORD}
+    networks:
+      primev_net:
+        ipv4_address: '172.29.0.100'
+    ports:
+      - 60603:60601
+    volumes:
+      - geth-data-node2:/data
+    profiles:
+      - settlement-keystore
+    labels:
+      com.datadoghq.ad.check_names: '["openmetrics"]'
+      com.datadoghq.ad.init_configs: '[{}]'
+      com.datadoghq.ad.instances: |
+        [
+          {
+            "openmetrics_endpoint": "http://%%host%%:6060/debug/metrics/prometheus",
+            "namespace": "geth-poa",
+            "metrics": [
+              "txpool*",
+              "trie*",
+              "system*",
+              "state*",
+              "rpc*",
+              "p2p*",
+              "eth*",
+              "chain*",
+              "clique*"
+              "vm*"
+            ]
+          }
+        ]
+
   sl-node2:
     build: 
       context: ..

geth-poa/entrypoint.sh

@@ -7,24 +7,37 @@ VERBOSITY=${VERBOSITY:-3}
 GETH_DATA_DIR=${GETH_DATA_DIR:-/data}
 GETH_CHAINDATA_DIR="$GETH_DATA_DIR/geth/chaindata"
 GETH_KEYSTORE_DIR="$GETH_DATA_DIR/keystore"
+MEV_COMMIT_GETH_PASSWORD=${MEV_COMMIT_GETH_PASSWORD:-"pwd"}
 CHAIN_ID=$(cat "$GENESIS_L1_PATH" | jq -r .config.chainId)
 RPC_PORT="${RPC_PORT:-8545}"
 WS_PORT="${WS_PORT:-8546}"
+BLOCK_SIGNER_PRIVATE_KEY=${BLOCK_SIGNER_PRIVATE_KEY:-""}
 
 # Generate signer key if needed
-if [ ! -d "$GETH_KEYSTORE_DIR" ] && [ "$GETH_NODE_TYPE" = "signer" ]; then
-
-	echo "$GETH_KEYSTORE_DIR missing, running account import"
-	echo -n "pwd" > "$GETH_DATA_DIR"/password
-	echo -n "$BLOCK_SIGNER_PRIVATE_KEY" | sed 's/0x//' > "$GETH_DATA_DIR"/block-signer-key
-	"$GETH_BIN_PATH" --verbosity="$VERBOSITY" \
-		--nousb \
-		account import \
-		--datadir="$GETH_DATA_DIR" \
-		--password="$GETH_DATA_DIR"/password \
-		"$GETH_DATA_DIR"/block-signer-key
-else
-	echo "$GETH_KEYSTORE_DIR exists."
+if [ "$GETH_NODE_TYPE" = "signer" ]; then
+	if [ ! -f "$GETH_DATA_DIR/password" ]; then
+		echo -n "$MEV_COMMIT_GETH_PASSWORD" > "$GETH_DATA_DIR"/password
+	fi
+	if [ ! -d "$GETH_KEYSTORE_DIR" ]; then
+		if [ -n "$BLOCK_SIGNER_PRIVATE_KEY" ]; then
+			echo "$GETH_KEYSTORE_DIR missing, running account import"
+			echo -n "$BLOCK_SIGNER_PRIVATE_KEY" | sed 's/0x//' > "$GETH_DATA_DIR"/block-signer-key
+			"$GETH_BIN_PATH" --verbosity="$VERBOSITY" \
+				--nousb \
+				account import \
+				--datadir="$GETH_DATA_DIR" \
+				--password="$GETH_DATA_DIR"/password \
+				"$GETH_DATA_DIR"/block-signer-key
+		fi
+	else
+		echo "$GETH_KEYSTORE_DIR exists."
+		if [ -z "$BLOCK_SIGNER_PRIVATE_KEY" ]; then
+			GETH_ACCOUNT_LIST=$("$GETH_BIN_PATH" --verbosity="$VERBOSITY" account list --datadir "$GETH_DATA_DIR")
+			BLOCK_SIGNER_ADDRESS_WITHOUT_PREFIX=$(echo "$GETH_ACCOUNT_LIST" | grep -oE '[0-9a-fA-F]{40}$')
+			BLOCK_SIGNER_ADDRESS="0x$BLOCK_SIGNER_ADDRESS_WITHOUT_PREFIX"
+			echo "Block signer address with 0x prefix: $BLOCK_SIGNER_ADDRESS"
+		fi
+	fi
 fi
 
 # Init geth if needed

geth-poa/signer-node1/keystore/UTC--2024-02-03T07-18-17.146938000Z--d9cd8e5de6d55f796d980b818d350c0746c25b97

@@ -0,0 +1 @@
+{"address":"d9cd8e5de6d55f796d980b818d350c0746c25b97","crypto":{"cipher":"aes-128-ctr","ciphertext":"f8f88d0de59efea1eec9acaacf98d4211a499fe6aac0eb61a3e45b7fcd4e751b","cipherparams":{"iv":"0c4e70f29fafde6e8607e9265518b416"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"142f4d4c26efb1804723958ebc10cb10fb183070dc344f69bf604fca524bd853"},"mac":"2434542be8af5d2abac8265f16b4b52fb1d7a2d97e6e956a43b8f899ac752b48"},"id":"67714586-3ee9-461f-82ba-bb58387b7901","version":3}

geth-poa/signer-node2/keystore/UTC--2024-02-03T07-19-47.890792000Z--788ebabe5c3dd422ef92ca6714a69e2eabce1ee4

@@ -0,0 +1 @@
+{"address":"788ebabe5c3dd422ef92ca6714a69e2eabce1ee4","crypto":{"cipher":"aes-128-ctr","ciphertext":"58e511febc3a44bc200c62e85284cb2a8476e031ab972f4bff117cde250a30c9","cipherparams":{"iv":"138d64720343ab84b7c92bb961c6e262"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"fb3f34a5f9decf423103a6797d560c6c83da12d850892a6230331eafac02be00"},"mac":"5a09c59119f266db94a47221b21651b8445698a8a0b93cdcaaf00b0ad0d6e513"},"id":"2cc4da0a-dcbc-4ea9-9131-de8a680f0cf1","version":3}