From 18bb07a4f72030a9fac0bdec7bd45183311ca72d Mon Sep 17 00:00:00 2001 From: Jason Frame Date: Thu, 4 Apr 2024 11:47:46 +1000 Subject: [PATCH 1/7] Update readme to make it clear ethsigner is no longer supported --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 016a8d1a..b6bdfd1f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,11 @@ -# EthSigner +# EthSigner [DEPRECATED] A transaction signing application to be used with a web3 provider. All questions, queries and other discussion can be found on [Discord]. ## ⚠️ Project Deprecation ⚠️ +EthSigner is no longer supported. Please migrate to Web3Signer, which includes all EthSigner functionality. + +--- + As part of our ongoing commitment to deliver the best remote signing solutions, we are announcing a change in our product offerings. We have decided to deprecate our EthSigner product to focus our efforts on enhancing [Web3Signer](https://github.com/ConsenSys/web3signer), our newly comprehensive remote signing solution. This is rooted in our strategy to streamline our offerings and focus on a single, robust product that will provide functionality for both transaction and Ethereum validator signing. We hope this makes it applicable to all your use-cases like public Ethereum signing, staking infrastructure offerings, and in private network contexts. From 2fd16f910b4631eb7dfc3f7d0c538cefce11e763 Mon Sep 17 00:00:00 2001 From: Jason Frame Date: Thu, 4 Apr 2024 11:48:11 +1000 Subject: [PATCH 2/7] Remove circleCI build config --- .circleci/config.yml | 287 ------------------------------------------- 1 file changed, 287 deletions(-) delete mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index e80b50ed..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,287 +0,0 @@ ---- -version: 2.1 - -executors: - executor_med: # 2cpu, 4G ram - docker: - - image: cimg/openjdk:17.0 - auth: - username: $DOCKER_USER_RO - password: $DOCKER_PASSWORD_RO - resource_class: medium - working_directory: ~/project - environment: - JAVA_TOOL_OPTIONS: -Xmx2048m - GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=2 -Xmx2048m - - executor_large: # 4cpu, 8G ram - docker: - - image: cimg/openjdk:17.0 - auth: - username: $DOCKER_USER_RO - password: $DOCKER_PASSWORD_RO - resource_class: large - working_directory: ~/project - environment: - JAVA_TOOL_OPTIONS: -Xmx4096m - GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=4 -Xmx4096m - - trivy_executor: - docker: - - image: docker:stable-git - auth: - username: $DOCKER_USER_RO - password: $DOCKER_PASSWORD_RO - resource_class: small - working_directory: ~/project - -commands: - prepare: - description: "Prepare" - steps: - - checkout - - restore_cache: - name: Restore cached gradle dependencies - keys: - - deps-{{ checksum "build.gradle" }}-{{ .Branch }}-{{ .Revision }} - - deps-{{ checksum "build.gradle" }} - - deps- - - capture_test_results: - description: "Capture test results" - steps: - - run: - name: Gather test results - when: always - command: | - FILES=`find . -name test-results` - for FILE in $FILES - do - MODULE=`echo "$FILE" | sed -e 's@./\(.*\)/build/test-results@\1@'` - TARGET="build/test-results/$MODULE" - mkdir -p "$TARGET" - cp -rf ${FILE}/*/* "$TARGET" - done - - store_test_results: - path: build/test-results - - capture_test_reports: - description: "Capture test reports" - steps: - - run: - name: Gather test results - when: always - command: | - FILES=`find . -name reports -not -path './build/reports'` - for FILE in $FILES - do - MODULE=`echo "$FILE" | sed -e 's@./\(.*\)/build/reports@\1@'` - TARGET="build/test-reports/$MODULE" - SOURCE="${FILE}/tests/test" - mkdir -p "$TARGET" - if [[ -d "$SOURCE" ]]; then - cp -rf "$SOURCE" "$TARGET" - fi - done - if [[ -f 'build/reports/dependency-check-report.html' ]]; then - cp 'build/reports/dependency-check-report.html' 'build/test-reports' - fi - - store_artifacts: - path: build/test-reports - destination: test-reports - -jobs: - build: - executor: executor_large - steps: - - prepare - - run: - name: Build - command: | - ./gradlew --no-daemon --parallel build - - run: - name: Dependency vulnerability scan - no_output_timeout: 40m - command: | - ./gradlew --no-daemon -Dorg.gradle.parallel=false dependencyCheckAggregate - - run: - name: Test - no_output_timeout: 20m - command: | - ./gradlew --no-daemon --parallel test - - run: - name: Integration Test - no_output_timeout: 20m - command: | - ./gradlew --no-daemon --parallel integrationTest --info - - capture_test_results - - capture_test_reports - - save_cache: - name: Caching gradle dependencies - key: deps-{{ checksum "build.gradle" }}-{{ .Branch }}-{{ .Revision }} - paths: - - .gradle - - ~/.gradle - - persist_to_workspace: - root: ~/project - paths: - - ./ - - acceptanceTests: - executor: executor_large - steps: - - prepare - - run: - name: Acceptance Test - no_output_timeout: 20m - command: | - ./gradlew --no-daemon --parallel acceptanceTest - - capture_test_results - - capture_test_reports - - buildDocker: - executor: executor_med - steps: - - prepare - - setup_remote_docker - - attach_workspace: - at: ~/project - - run: - name: build image - command: | - ./gradlew --no-daemon distDocker - - run: - name: test image - command: | - mkdir -p docker/reports - ./gradlew --no-daemon testDocker - - publish: - executor: executor_med - steps: - - prepare - - run: - name: Install Python3 - command: | - sudo apt update - sudo apt install python3 python3-pip python3-venv - - attach_workspace: - at: ~/project - - run: - name: Publish - command: | - ./gradlew --no-daemon --parallel cloudSmithUpload publish - - publishDocker: - executor: executor_med - steps: - - prepare - - setup_remote_docker - - attach_workspace: - at: ~/project - - run: - name: Publish Docker - command: | - docker login --username "${DOCKER_USER_RW}" --password "${DOCKER_PASSWORD_RW}" - - # dct signing setup - mkdir -p $HOME/.docker/trust/private - echo $DCT_KEY | base64 --decode > $HOME/.docker/trust/private/$DCT_HASH.key - chmod 600 $HOME/.docker/trust/private/$DCT_HASH.key - docker trust key load $HOME/.docker/trust/private/$DCT_HASH.key --name ecosystem - - ./gradlew --no-daemon --parallel "-Pbranch=${CIRCLE_BRANCH}" dockerUpload - - dockerScan: - executor: trivy_executor - steps: - - prepare - - setup_remote_docker: - docker_layer_caching: false - - run: - name: Install trivy - command: | - apk add --update-cache --upgrade curl bash - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin - - run: - name: Scan with trivy - shell: /bin/sh - command: | - trivy -q image --exit-code 1 --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m "consensys/ethsigner:develop" - -workflows: - version: 2 - nightly: - triggers: - - schedule: - cron: "0 17 * * *" - filters: - branches: - only: - - master - jobs: - - build: - context: - - protocols-dockerhub - - dockerScan: - context: - - protocols-dockerhub - - acceptanceTests: - requires: - - build - context: - - protocols-dockerhub - - protocols-signers - default: - jobs: - - build: - context: - - protocols-dockerhub - filters: - tags: &filters-release-tags - only: /^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+)?/ - - acceptanceTests: - requires: - - build - context: - - protocols-dockerhub - - protocols-signers - filters: - tags: - <<: *filters-release-tags - - buildDocker: - requires: - - build - context: - - protocols-dockerhub - filters: - tags: - <<: *filters-release-tags - - publish: - filters: - branches: - only: - - master - - /^release-.*/ - tags: - <<: *filters-release-tags - requires: - - build - - acceptanceTests - context: - - protocols-dockerhub - - protocols-cloudsmith - - publishDocker: - filters: - branches: - only: - - master - - /^release-.*/ - tags: - <<: *filters-release-tags - requires: - - build - - acceptanceTests - - buildDocker - context: - - protocols-dockerhub From c42935cd988fac9d965273b2b2159a378bc55af0 Mon Sep 17 00:00:00 2001 From: Jason Frame Date: Thu, 4 Apr 2024 11:48:53 +1000 Subject: [PATCH 3/7] Uppdate readme with web3signer link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b6bdfd1f..1079575c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A transaction signing application to be used with a web3 provider. All questions, queries and other discussion can be found on [Discord]. ## ⚠️ Project Deprecation ⚠️ -EthSigner is no longer supported. Please migrate to Web3Signer, which includes all EthSigner functionality. +EthSigner is no longer supported. Please migrate to [Web3Signer](https://github.com/ConsenSys/web3signer), which includes all EthSigner functionality. --- From 8eef7d56d3fcccdf57854bd28aab0d86254183a0 Mon Sep 17 00:00:00 2001 From: Jason Frame Date: Thu, 4 Apr 2024 11:53:38 +1000 Subject: [PATCH 4/7] Revert "Remove circleCI build config" This reverts commit 2fd16f910b4631eb7dfc3f7d0c538cefce11e763. Signed-off-by: Jason Frame --- .circleci/config.yml | 287 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 287 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..e80b50ed --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,287 @@ +--- +version: 2.1 + +executors: + executor_med: # 2cpu, 4G ram + docker: + - image: cimg/openjdk:17.0 + auth: + username: $DOCKER_USER_RO + password: $DOCKER_PASSWORD_RO + resource_class: medium + working_directory: ~/project + environment: + JAVA_TOOL_OPTIONS: -Xmx2048m + GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=2 -Xmx2048m + + executor_large: # 4cpu, 8G ram + docker: + - image: cimg/openjdk:17.0 + auth: + username: $DOCKER_USER_RO + password: $DOCKER_PASSWORD_RO + resource_class: large + working_directory: ~/project + environment: + JAVA_TOOL_OPTIONS: -Xmx4096m + GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=4 -Xmx4096m + + trivy_executor: + docker: + - image: docker:stable-git + auth: + username: $DOCKER_USER_RO + password: $DOCKER_PASSWORD_RO + resource_class: small + working_directory: ~/project + +commands: + prepare: + description: "Prepare" + steps: + - checkout + - restore_cache: + name: Restore cached gradle dependencies + keys: + - deps-{{ checksum "build.gradle" }}-{{ .Branch }}-{{ .Revision }} + - deps-{{ checksum "build.gradle" }} + - deps- + + capture_test_results: + description: "Capture test results" + steps: + - run: + name: Gather test results + when: always + command: | + FILES=`find . -name test-results` + for FILE in $FILES + do + MODULE=`echo "$FILE" | sed -e 's@./\(.*\)/build/test-results@\1@'` + TARGET="build/test-results/$MODULE" + mkdir -p "$TARGET" + cp -rf ${FILE}/*/* "$TARGET" + done + - store_test_results: + path: build/test-results + + capture_test_reports: + description: "Capture test reports" + steps: + - run: + name: Gather test results + when: always + command: | + FILES=`find . -name reports -not -path './build/reports'` + for FILE in $FILES + do + MODULE=`echo "$FILE" | sed -e 's@./\(.*\)/build/reports@\1@'` + TARGET="build/test-reports/$MODULE" + SOURCE="${FILE}/tests/test" + mkdir -p "$TARGET" + if [[ -d "$SOURCE" ]]; then + cp -rf "$SOURCE" "$TARGET" + fi + done + if [[ -f 'build/reports/dependency-check-report.html' ]]; then + cp 'build/reports/dependency-check-report.html' 'build/test-reports' + fi + - store_artifacts: + path: build/test-reports + destination: test-reports + +jobs: + build: + executor: executor_large + steps: + - prepare + - run: + name: Build + command: | + ./gradlew --no-daemon --parallel build + - run: + name: Dependency vulnerability scan + no_output_timeout: 40m + command: | + ./gradlew --no-daemon -Dorg.gradle.parallel=false dependencyCheckAggregate + - run: + name: Test + no_output_timeout: 20m + command: | + ./gradlew --no-daemon --parallel test + - run: + name: Integration Test + no_output_timeout: 20m + command: | + ./gradlew --no-daemon --parallel integrationTest --info + - capture_test_results + - capture_test_reports + - save_cache: + name: Caching gradle dependencies + key: deps-{{ checksum "build.gradle" }}-{{ .Branch }}-{{ .Revision }} + paths: + - .gradle + - ~/.gradle + - persist_to_workspace: + root: ~/project + paths: + - ./ + + acceptanceTests: + executor: executor_large + steps: + - prepare + - run: + name: Acceptance Test + no_output_timeout: 20m + command: | + ./gradlew --no-daemon --parallel acceptanceTest + - capture_test_results + - capture_test_reports + + buildDocker: + executor: executor_med + steps: + - prepare + - setup_remote_docker + - attach_workspace: + at: ~/project + - run: + name: build image + command: | + ./gradlew --no-daemon distDocker + - run: + name: test image + command: | + mkdir -p docker/reports + ./gradlew --no-daemon testDocker + + publish: + executor: executor_med + steps: + - prepare + - run: + name: Install Python3 + command: | + sudo apt update + sudo apt install python3 python3-pip python3-venv + - attach_workspace: + at: ~/project + - run: + name: Publish + command: | + ./gradlew --no-daemon --parallel cloudSmithUpload publish + + publishDocker: + executor: executor_med + steps: + - prepare + - setup_remote_docker + - attach_workspace: + at: ~/project + - run: + name: Publish Docker + command: | + docker login --username "${DOCKER_USER_RW}" --password "${DOCKER_PASSWORD_RW}" + + # dct signing setup + mkdir -p $HOME/.docker/trust/private + echo $DCT_KEY | base64 --decode > $HOME/.docker/trust/private/$DCT_HASH.key + chmod 600 $HOME/.docker/trust/private/$DCT_HASH.key + docker trust key load $HOME/.docker/trust/private/$DCT_HASH.key --name ecosystem + + ./gradlew --no-daemon --parallel "-Pbranch=${CIRCLE_BRANCH}" dockerUpload + + dockerScan: + executor: trivy_executor + steps: + - prepare + - setup_remote_docker: + docker_layer_caching: false + - run: + name: Install trivy + command: | + apk add --update-cache --upgrade curl bash + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin + - run: + name: Scan with trivy + shell: /bin/sh + command: | + trivy -q image --exit-code 1 --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m "consensys/ethsigner:develop" + +workflows: + version: 2 + nightly: + triggers: + - schedule: + cron: "0 17 * * *" + filters: + branches: + only: + - master + jobs: + - build: + context: + - protocols-dockerhub + - dockerScan: + context: + - protocols-dockerhub + - acceptanceTests: + requires: + - build + context: + - protocols-dockerhub + - protocols-signers + default: + jobs: + - build: + context: + - protocols-dockerhub + filters: + tags: &filters-release-tags + only: /^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+)?/ + - acceptanceTests: + requires: + - build + context: + - protocols-dockerhub + - protocols-signers + filters: + tags: + <<: *filters-release-tags + - buildDocker: + requires: + - build + context: + - protocols-dockerhub + filters: + tags: + <<: *filters-release-tags + - publish: + filters: + branches: + only: + - master + - /^release-.*/ + tags: + <<: *filters-release-tags + requires: + - build + - acceptanceTests + context: + - protocols-dockerhub + - protocols-cloudsmith + - publishDocker: + filters: + branches: + only: + - master + - /^release-.*/ + tags: + <<: *filters-release-tags + requires: + - build + - acceptanceTests + - buildDocker + context: + - protocols-dockerhub From 254ad43b9495ed90346a9fa61cc20bfac5d491b6 Mon Sep 17 00:00:00 2001 From: Jason Frame Date: Thu, 4 Apr 2024 11:55:03 +1000 Subject: [PATCH 5/7] Remove nightly job --- .circleci/config.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e80b50ed..3f13aa79 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -211,27 +211,6 @@ jobs: workflows: version: 2 - nightly: - triggers: - - schedule: - cron: "0 17 * * *" - filters: - branches: - only: - - master - jobs: - - build: - context: - - protocols-dockerhub - - dockerScan: - context: - - protocols-dockerhub - - acceptanceTests: - requires: - - build - context: - - protocols-dockerhub - - protocols-signers default: jobs: - build: From c1136240cd70accd828fe182cb77efd6611423c7 Mon Sep 17 00:00:00 2001 From: Jason Frame Date: Thu, 4 Apr 2024 11:56:37 +1000 Subject: [PATCH 6/7] remove comma --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1079575c..986f3794 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A transaction signing application to be used with a web3 provider. All questions, queries and other discussion can be found on [Discord]. ## ⚠️ Project Deprecation ⚠️ -EthSigner is no longer supported. Please migrate to [Web3Signer](https://github.com/ConsenSys/web3signer), which includes all EthSigner functionality. +EthSigner is no longer supported. Please migrate to [Web3Signer](https://github.com/ConsenSys/web3signer) which includes all EthSigner functionality. --- From 9d7cc8a7221e72edc733ab41ef96273666ca27d0 Mon Sep 17 00:00:00 2001 From: Jason Frame Date: Thu, 4 Apr 2024 12:24:06 +1000 Subject: [PATCH 7/7] update suppression dates --- gradle/owasp-suppression.xml | 8 ++++---- gradle/versions.gradle | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/gradle/owasp-suppression.xml b/gradle/owasp-suppression.xml index 0fcb7658..3e8d6f06 100644 --- a/gradle/owasp-suppression.xml +++ b/gradle/owasp-suppression.xml @@ -1,7 +1,7 @@ - + CVE-2020-8908 - + ^pkg:maven/com\.azure/azure*@*.*$ CVE-2023-36052 - + ^pkg:maven/io\.grpc/grpc\-.*$ CVE-2023-44487 - + diff --git a/gradle/versions.gradle b/gradle/versions.gradle index 1c883c6f..6c3bf6fb 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -35,7 +35,7 @@ dependencyManagement { dependency 'io.rest-assured:rest-assured:4.4.0' - dependencySet(group: 'io.vertx', version: '4.4.6') { + dependencySet(group: 'io.vertx', version: '4.4.9') { entry 'vertx-codegen' entry 'vertx-core' entry 'vertx-unit'