Buffer authority must match upgrade authority for deploys and upgrades (#14923)
This commit is contained in:
Jack May
GitHub
@ -177,8 +177,8 @@ fn test_cli_program_deploy_no_authority() {
|
||||
config.signers = vec![&keypair];
|
||||
process_command(&config).unwrap();
|
||||
|
||||
// Deploy a program with no authority
|
||||
config.signers = vec![&keypair];
|
||||
// Deploy a program
|
||||
config.signers = vec![&keypair, &upgrade_authority];
|
||||
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
|
||||
program_location: Some(pathbuf.to_str().unwrap().to_string()),
|
||||
program_signer_index: None,
|
||||
@ -186,9 +186,8 @@ fn test_cli_program_deploy_no_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: None,
|
||||
upgrade_authority_pubkey: None,
|
||||
is_final: false,
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: true,
|
||||
max_len: None,
|
||||
});
|
||||
let response = process_command(&config);
|
||||
@ -211,8 +210,7 @@ fn test_cli_program_deploy_no_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: Some(1),
|
||||
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: false,
|
||||
max_len: None,
|
||||
});
|
||||
@ -272,8 +270,7 @@ fn test_cli_program_deploy_with_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: Some(1),
|
||||
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: false,
|
||||
max_len: Some(max_len),
|
||||
});
|
||||
@ -319,8 +316,7 @@ fn test_cli_program_deploy_with_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: Some(1),
|
||||
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: false,
|
||||
max_len: Some(max_len),
|
||||
});
|
||||
@ -361,8 +357,7 @@ fn test_cli_program_deploy_with_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: Some(1),
|
||||
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: false,
|
||||
max_len: Some(max_len),
|
||||
});
|
||||
@ -416,8 +411,7 @@ fn test_cli_program_deploy_with_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: Some(1),
|
||||
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: false,
|
||||
max_len: None,
|
||||
});
|
||||
@ -486,8 +480,7 @@ fn test_cli_program_deploy_with_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: Some(1),
|
||||
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: false,
|
||||
max_len: None,
|
||||
});
|
||||
@ -502,8 +495,7 @@ fn test_cli_program_deploy_with_authority() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: Some(1),
|
||||
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: true,
|
||||
max_len: None,
|
||||
});
|
||||
@ -598,7 +590,6 @@ fn test_cli_program_write_buffer() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
buffer_authority_signer_index: None,
|
||||
is_final: false,
|
||||
max_len: None,
|
||||
});
|
||||
let response = process_command(&config);
|
||||
@ -632,7 +623,6 @@ fn test_cli_program_write_buffer() {
|
||||
buffer_signer_index: Some(1),
|
||||
buffer_pubkey: Some(buffer_keypair.pubkey()),
|
||||
buffer_authority_signer_index: None,
|
||||
is_final: false,
|
||||
max_len: Some(max_len),
|
||||
});
|
||||
let response = process_command(&config);
|
||||
@ -689,7 +679,6 @@ fn test_cli_program_write_buffer() {
|
||||
buffer_signer_index: Some(1),
|
||||
buffer_pubkey: Some(buffer_keypair.pubkey()),
|
||||
buffer_authority_signer_index: Some(2),
|
||||
is_final: false,
|
||||
max_len: None,
|
||||
});
|
||||
let response = process_command(&config);
|
||||
@ -727,7 +716,6 @@ fn test_cli_program_write_buffer() {
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
buffer_authority_signer_index: Some(2),
|
||||
is_final: false,
|
||||
max_len: None,
|
||||
});
|
||||
let response = process_command(&config);
|
||||
@ -753,35 +741,6 @@ fn test_cli_program_write_buffer() {
|
||||
program_data[..]
|
||||
);
|
||||
|
||||
// Specify final
|
||||
let buffer_keypair = Keypair::new();
|
||||
let authority_keypair = Keypair::new();
|
||||
config.signers = vec![&keypair, &buffer_keypair, &authority_keypair];
|
||||
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
|
||||
program_location: pathbuf.to_str().unwrap().to_string(),
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: None,
|
||||
buffer_authority_signer_index: Some(2),
|
||||
is_final: true,
|
||||
max_len: None,
|
||||
});
|
||||
let response = process_command(&config);
|
||||
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
|
||||
let buffer_pubkey_str = json
|
||||
.as_object()
|
||||
.unwrap()
|
||||
.get("Buffer")
|
||||
.unwrap()
|
||||
.as_str()
|
||||
.unwrap();
|
||||
let buffer_pubkey = Pubkey::from_str(&buffer_pubkey_str).unwrap();
|
||||
let buffer_account = rpc_client.get_account(&buffer_pubkey).unwrap();
|
||||
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
|
||||
assert_eq!(authority_address, None);
|
||||
} else {
|
||||
panic!("not a buffer account");
|
||||
}
|
||||
|
||||
// Get buffer authority
|
||||
config.signers = vec![&keypair];
|
||||
config.command = CliCommand::Program(ProgramCliCommand::GetAuthority {
|
||||
@ -796,7 +755,10 @@ fn test_cli_program_write_buffer() {
|
||||
.unwrap()
|
||||
.as_str()
|
||||
.unwrap();
|
||||
assert_eq!("None", authority_pubkey_str);
|
||||
assert_eq!(
|
||||
authority_keypair.pubkey(),
|
||||
Pubkey::from_str(&authority_pubkey_str).unwrap()
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
@ -846,7 +808,6 @@ fn test_cli_program_set_buffer_authority() {
|
||||
buffer_signer_index: Some(1),
|
||||
buffer_pubkey: Some(buffer_keypair.pubkey()),
|
||||
buffer_authority_signer_index: None,
|
||||
is_final: false,
|
||||
max_len: None,
|
||||
});
|
||||
process_command(&config).unwrap();
|
||||
@ -863,7 +824,7 @@ fn test_cli_program_set_buffer_authority() {
|
||||
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
|
||||
buffer_pubkey: buffer_keypair.pubkey(),
|
||||
buffer_authority_index: Some(0),
|
||||
new_buffer_authority: Some(new_buffer_authority.pubkey()),
|
||||
new_buffer_authority: new_buffer_authority.pubkey(),
|
||||
});
|
||||
let response = process_command(&config);
|
||||
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
|
||||
@ -890,7 +851,7 @@ fn test_cli_program_set_buffer_authority() {
|
||||
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
|
||||
buffer_pubkey: buffer_keypair.pubkey(),
|
||||
buffer_authority_index: Some(1),
|
||||
new_buffer_authority: Some(buffer_keypair.pubkey()),
|
||||
new_buffer_authority: buffer_keypair.pubkey(),
|
||||
});
|
||||
let response = process_command(&config);
|
||||
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
|
||||
@ -911,28 +872,94 @@ fn test_cli_program_set_buffer_authority() {
|
||||
} else {
|
||||
panic!("not a buffer account");
|
||||
}
|
||||
}
|
||||
|
||||
// Set authority to None
|
||||
config.signers = vec![&keypair, &buffer_keypair];
|
||||
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
|
||||
buffer_pubkey: buffer_keypair.pubkey(),
|
||||
buffer_authority_index: Some(1),
|
||||
new_buffer_authority: None,
|
||||
});
|
||||
let response = process_command(&config);
|
||||
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
|
||||
let buffer_authority_str = json
|
||||
.as_object()
|
||||
.unwrap()
|
||||
.get("Authority")
|
||||
.unwrap()
|
||||
.as_str()
|
||||
#[test]
|
||||
fn test_cli_program_mismatch_buffer_authority() {
|
||||
solana_logger::setup();
|
||||
|
||||
let mut pathbuf = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
|
||||
pathbuf.push("tests");
|
||||
pathbuf.push("fixtures");
|
||||
pathbuf.push("noop");
|
||||
pathbuf.set_extension("so");
|
||||
|
||||
let mint_keypair = Keypair::new();
|
||||
let test_validator = TestValidator::with_no_fees(mint_keypair.pubkey());
|
||||
let faucet_addr = run_local_faucet(mint_keypair, None);
|
||||
|
||||
let rpc_client =
|
||||
RpcClient::new_with_commitment(test_validator.rpc_url(), CommitmentConfig::processed());
|
||||
|
||||
let mut file = File::open(pathbuf.to_str().unwrap()).unwrap();
|
||||
let mut program_data = Vec::new();
|
||||
file.read_to_end(&mut program_data).unwrap();
|
||||
let max_len = program_data.len();
|
||||
let minimum_balance_for_buffer = rpc_client
|
||||
.get_minimum_balance_for_rent_exemption(
|
||||
UpgradeableLoaderState::programdata_len(max_len).unwrap(),
|
||||
)
|
||||
.unwrap();
|
||||
assert_eq!(buffer_authority_str, "None");
|
||||
|
||||
let mut config = CliConfig::recent_for_tests();
|
||||
let keypair = Keypair::new();
|
||||
config.json_rpc_url = test_validator.rpc_url();
|
||||
config.signers = vec![&keypair];
|
||||
config.command = CliCommand::Airdrop {
|
||||
faucet_host: None,
|
||||
faucet_port: faucet_addr.port(),
|
||||
pubkey: None,
|
||||
lamports: 100 * minimum_balance_for_buffer,
|
||||
};
|
||||
process_command(&config).unwrap();
|
||||
|
||||
// Write a buffer
|
||||
let buffer_authority = Keypair::new();
|
||||
let buffer_keypair = Keypair::new();
|
||||
config.signers = vec![&keypair, &buffer_keypair, &buffer_authority];
|
||||
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
|
||||
program_location: pathbuf.to_str().unwrap().to_string(),
|
||||
buffer_signer_index: Some(1),
|
||||
buffer_pubkey: Some(buffer_keypair.pubkey()),
|
||||
buffer_authority_signer_index: Some(2),
|
||||
max_len: None,
|
||||
});
|
||||
process_command(&config).unwrap();
|
||||
let buffer_account = rpc_client.get_account(&buffer_keypair.pubkey()).unwrap();
|
||||
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
|
||||
assert_eq!(authority_address, None);
|
||||
assert_eq!(authority_address, Some(buffer_authority.pubkey()));
|
||||
} else {
|
||||
panic!("not a buffer account");
|
||||
}
|
||||
|
||||
// Attempt to deploy with mismatched authority
|
||||
let upgrade_authority = Keypair::new();
|
||||
config.signers = vec![&keypair, &upgrade_authority];
|
||||
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
|
||||
program_location: Some(pathbuf.to_str().unwrap().to_string()),
|
||||
program_signer_index: None,
|
||||
program_pubkey: None,
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: Some(buffer_keypair.pubkey()),
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: true,
|
||||
max_len: None,
|
||||
});
|
||||
process_command(&config).unwrap_err();
|
||||
|
||||
// Attempt to deploy matched authority
|
||||
config.signers = vec![&keypair, &buffer_authority];
|
||||
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
|
||||
program_location: Some(pathbuf.to_str().unwrap().to_string()),
|
||||
program_signer_index: None,
|
||||
program_pubkey: None,
|
||||
buffer_signer_index: None,
|
||||
buffer_pubkey: Some(buffer_keypair.pubkey()),
|
||||
allow_excessive_balance: false,
|
||||
upgrade_authority_signer_index: 1,
|
||||
is_final: true,
|
||||
max_len: None,
|
||||
});
|
||||
process_command(&config).unwrap();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user