Add --trusted-validator support for snapshot hash validation (#8390)
This commit is contained in:
sakridge
GitHub
@ -28,33 +28,37 @@ impl SnapshotPackagerService {
|
||||
let cluster_info = cluster_info.clone();
|
||||
let t_snapshot_packager = Builder::new()
|
||||
.name("solana-snapshot-packager".to_string())
|
||||
.spawn(move || loop {
|
||||
.spawn(move || {
|
||||
let mut hashes = vec![];
|
||||
if exit.load(Ordering::Relaxed) {
|
||||
break;
|
||||
}
|
||||
|
||||
match snapshot_package_receiver.recv_timeout(Duration::from_secs(1)) {
|
||||
Ok(mut snapshot_package) => {
|
||||
hashes.push((snapshot_package.root, snapshot_package.hash));
|
||||
// Only package the latest
|
||||
while let Ok(new_snapshot_package) = snapshot_package_receiver.try_recv() {
|
||||
snapshot_package = new_snapshot_package;
|
||||
hashes.push((snapshot_package.root, snapshot_package.hash));
|
||||
}
|
||||
if let Err(err) = archive_snapshot_package(&snapshot_package) {
|
||||
warn!("Failed to create snapshot archive: {}", err);
|
||||
}
|
||||
while hashes.len() > MAX_SNAPSHOT_HASHES {
|
||||
hashes.remove(0);
|
||||
}
|
||||
cluster_info
|
||||
.write()
|
||||
.unwrap()
|
||||
.push_snapshot_hashes(hashes.clone());
|
||||
loop {
|
||||
if exit.load(Ordering::Relaxed) {
|
||||
break;
|
||||
}
|
||||
|
||||
match snapshot_package_receiver.recv_timeout(Duration::from_secs(1)) {
|
||||
Ok(mut snapshot_package) => {
|
||||
hashes.push((snapshot_package.root, snapshot_package.hash));
|
||||
// Only package the latest
|
||||
while let Ok(new_snapshot_package) =
|
||||
snapshot_package_receiver.try_recv()
|
||||
{
|
||||
snapshot_package = new_snapshot_package;
|
||||
hashes.push((snapshot_package.root, snapshot_package.hash));
|
||||
}
|
||||
if let Err(err) = archive_snapshot_package(&snapshot_package) {
|
||||
warn!("Failed to create snapshot archive: {}", err);
|
||||
}
|
||||
while hashes.len() > MAX_SNAPSHOT_HASHES {
|
||||
hashes.remove(0);
|
||||
}
|
||||
cluster_info
|
||||
.write()
|
||||
.unwrap()
|
||||
.push_snapshot_hashes(hashes.clone());
|
||||
}
|
||||
Err(RecvTimeoutError::Disconnected) => break,
|
||||
Err(RecvTimeoutError::Timeout) => (),
|
||||
}
|
||||
Err(RecvTimeoutError::Disconnected) => break,
|
||||
Err(RecvTimeoutError::Timeout) => (),
|
||||
}
|
||||
})
|
||||
.unwrap();
|
||||
|
||||
@ -344,8 +344,36 @@ impl Validator {
|
||||
.set_entrypoint(entrypoint_info.clone());
|
||||
}
|
||||
|
||||
// If the node was loaded from a snapshot, advertise it in gossip
|
||||
if let Some(snapshot_hash) = snapshot_hash {
|
||||
if let Some(ref trusted_validators) =
|
||||
config.snapshot_config.as_ref().unwrap().trusted_validators
|
||||
{
|
||||
let mut trusted = false;
|
||||
for _ in 0..10 {
|
||||
trusted = cluster_info
|
||||
.read()
|
||||
.unwrap()
|
||||
.get_snapshot_hash(snapshot_hash.0)
|
||||
.iter()
|
||||
.any(|(pubkey, hash)| {
|
||||
trusted_validators.contains(pubkey) && snapshot_hash.1 == *hash
|
||||
});
|
||||
if trusted {
|
||||
break;
|
||||
}
|
||||
sleep(Duration::from_secs(1));
|
||||
}
|
||||
|
||||
if !trusted {
|
||||
error!(
|
||||
"The snapshot hash for slot {} is not published by your trusted validators: {:?}",
|
||||
snapshot_hash.0, trusted_validators
|
||||
);
|
||||
process::exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
// If the node was loaded from a snapshot, advertise it in gossip
|
||||
cluster_info
|
||||
.write()
|
||||
.unwrap()
|
||||
|
||||
@ -55,6 +55,7 @@ mod tests {
|
||||
snapshot_interval_slots,
|
||||
snapshot_package_output_path: PathBuf::from(snapshot_output_path.path()),
|
||||
snapshot_path: PathBuf::from(snapshot_dir.path()),
|
||||
trusted_validators: None,
|
||||
};
|
||||
bank_forks.set_snapshot_config(Some(snapshot_config.clone()));
|
||||
SnapshotTestConfig {
|
||||
|
||||
Reference in New Issue
Block a user