Featuure/84 bootstrap test

.github/workflows/deploy-staging.yaml

@@ -47,7 +47,10 @@ jobs:
     runs-on: ubuntu-20.04
     container: tonomy/antelope
     env:
-      ID_TONOMY_PRIVATE_KEY: ${{ secrets.ID_TONOMY_PRIVATE_KEY }}
+      TONOMY_OPS_PRIVATE_KEY: ${{ secrets.TONOMY_OPS_PRIVATE_KEY }}
+      TONOMY_BOARD1_PRIVATE_KEY: ${{ secrets.TONOMY_BOARD1_PRIVATE_KEY }}
+      TONOMY_BOARD2_PRIVATE_KEY: ${{ secrets.TONOMY_BOARD2_PRIVATE_KEY }}
+      TONOMY_BOARD3_PRIVATE_KEY: ${{ secrets.TONOMY_BOARD2_PRIVATE_KEY }}
 
     steps:
       - name: Get built contracts from cache
@@ -59,9 +62,12 @@ jobs:
       - name: Deploy tonomy contract
         run: |
           cleos wallet create --file ./wallet.txt
-          cleos wallet import --private-key $ID_TONOMY_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_OPS_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_BOARD1_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_BOARD2_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_BOARD3_PRIVATE_KEY
           ls ./contracts/tonomy
-          cleos -u "https://blockchain-api-staging.tonomy.foundation" set contract tonomy ./contracts/tonomy tonomy.wasm tonomy.abi
+          cleos -u "https://blockchain-api-staging.tonomy.foundation" set contract tonomy ./contracts/tonomy tonomy.wasm tonomy.abi -p tonomy@owner -p tonomy@active
 
   push-docker:
     name: Builds docker image and push to Docker Hub

.github/workflows/deploy-testnet.yaml

@@ -47,7 +47,11 @@ jobs:
     runs-on: ubuntu-20.04
     container: tonomy/antelope
     env:
-      ID_TONOMY_PRIVATE_KEY: ${{ secrets.ID_TONOMY_PRIVATE_KEY }}
+      TONOMY_OPS_PRIVATE_KEY: ${{ secrets.TONOMY_OPS_PRIVATE_KEY }}
+      TONOMY_BOARD1_PRIVATE_KEY: ${{ secrets.TONOMY_BOARD1_PRIVATE_KEY }}
+      TONOMY_BOARD2_PRIVATE_KEY: ${{ secrets.TONOMY_BOARD2_PRIVATE_KEY }}
+      TONOMY_BOARD3_PRIVATE_KEY: ${{ secrets.TONOMY_BOARD2_PRIVATE_KEY }}
+
 
     steps:
       - name: Get built contracts from cache
@@ -59,9 +63,12 @@ jobs:
       - name: Deploy tonomy contract
         run: |
           cleos wallet create --file ./wallet.txt
-          cleos wallet import --private-key $ID_TONOMY_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_OPS_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_BOARD1_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_BOARD2_PRIVATE_KEY
+          cleos wallet import --private-key $TONOMY_BOARD3_PRIVATE_KEY
           ls ./contracts/tonomy
-          cleos -u "https://blockchain-api-testnet.pangea.web4.world" set contract tonomy ./contracts/tonomy tonomy.wasm tonomy.abi
+          cleos -u "https://blockchain-api-staging.tonomy.foundation" set contract tonomy ./contracts/tonomy tonomy.wasm tonomy.abi -p tonomy@owner -p tonomy@active
 
   push-docker:
     name: Builds docker image and push to Docker Hub

.github/workflows/test.yaml

@@ -25,7 +25,7 @@ jobs:
         run: ./contracts/eosio.boot/build.sh local
 
       - name: Compile eosio.msig
-        run: ./contracts/eosio.boot/build.sh local
+        run: ./contracts/eosio.msig/build.sh local
 
       - name: Compile eosio.token
         run: ./contracts/eosio.token/build.sh local

build-contracts.sh

@@ -31,3 +31,5 @@ do
         ./build.sh "${ARG1}"
     fi
 done
+
+echo "All contracts built or skipped sucessfully"

contracts/tonomy/.gitignore

@@ -0,0 +1 @@
+include/eosio.tonomy

contracts/tonomy/build.sh

@@ -17,6 +17,9 @@ BUILD_COMMAND="cdt-cpp -abigen -I ${WORKING_DIR}/include -R ${WORKING_DIR}/ricar
 
 echo $BUILD_COMMAND
 
+mkdir -p "${PARENT_PATH}/include/eosio.tonomy"
+cp "${PARENT_PATH}/../eosio.tonomy/include/eosio.tonomy/eosio.tonomy.hpp" "${PARENT_PATH}/include/eosio.tonomy/eosio.tonomy.hpp"
+
 if [ "$BUILD_METHOD" == "local" ]; then
     bash -c "${BUILD_COMMAND}"
 else

contracts/tonomy/include/tonomy/native.hpp

@@ -8,6 +8,7 @@
 #include <eosio/producer_schedule.hpp>
 #include <eosio/asset.hpp>
 #include <eosio/singleton.hpp>
+#include <eosio.tonomy/eosio.tonomy.hpp>
 
 namespace tonomysystem
 {
@@ -23,58 +24,11 @@ namespace tonomysystem
    using eosio::singleton;
    using std::string;
 
-   struct permission_level_weight
-   {
-      permission_level permission;
-      uint16_t weight;
-
-      // explicit serialization macro is not necessary, used here only to improve compilation time
-      EOSLIB_SERIALIZE(permission_level_weight, (permission)(weight))
-   };
-
-   struct key_weight
-   {
-      eosio::public_key key;
-      uint16_t weight;
-
-      // explicit serialization macro is not necessary, used here only to improve compilation time
-      EOSLIB_SERIALIZE(key_weight, (key)(weight))
-   };
-
-   struct wait_weight
-   {
-      uint32_t wait_sec;
-      uint16_t weight;
-
-      // explicit serialization macro is not necessary, used here only to improve compilation time
-      EOSLIB_SERIALIZE(wait_weight, (wait_sec)(weight))
-   };
-
-   struct authority
-   {
-      uint32_t threshold = 0;
-      std::vector<key_weight> keys;
-      std::vector<permission_level_weight> accounts;
-      std::vector<wait_weight> waits;
-
-      // explicit serialization macro is not necessary, used here only to improve compilation time
-      EOSLIB_SERIALIZE(authority, (threshold)(keys)(accounts)(waits))
-   };
-
-   struct block_header
-   {
-      uint32_t timestamp;
-      name producer;
-      uint16_t confirmed = 0;
-      checksum256 previous;
-      checksum256 transaction_mroot;
-      checksum256 action_mroot;
-      uint32_t schedule_version = 0;
-      std::optional<eosio::producer_schedule> new_producers;
-
-      // explicit serialization macro is not necessary, used here only to improve compilation time
-      EOSLIB_SERIALIZE(block_header, (timestamp)(producer)(confirmed)(previous)(transaction_mroot)(action_mroot)(schedule_version)(new_producers))
-   };
+   using eosiotonomy::authority;
+   using eosiotonomy::block_header;
+   using eosiotonomy::key_weight;
+   using eosiotonomy::permission_level_weight;
+   using eosiotonomy::wait_weight;
 
    /**
     * The `eosio.tonomy` is the first sample of system contract provided by `block.one` through the EOSIO platform. It is a minimalist system contract because it only supplies the actions that are absolutely critical to bootstrap a chain and nothing more. This allows for a chain agnostic approach to bootstrapping a chain.
@@ -111,12 +65,14 @@ namespace tonomysystem
        * @param account - the account for which the permission is updated,
        * @param pemission - the permission name which is updated,
        * @param parem - the parent of the permission which is updated,
-       * @param aut - the json describing the permission authorization.
+       * @param auth - the json describing the permission authorization,
+       * @param auth_parent - true if the parent permission should be checked, otherwise the "permission" will be used to authorize
        */
       [[eosio::action]] void updateauth(name account,
                                         name permission,
                                         name parent,
-                                        authority auth);
+                                        authority auth,
+                                        bool auth_parent);
 
       /**
        * Delete authorization action deletes the authorization for an account's permission.

contracts/tonomy/include/tonomy/tonomy.hpp

@@ -10,7 +10,6 @@
 #include <eosio/singleton.hpp>
 
 #include "native.hpp"
-// #include "resources.hpp"
 
 namespace tonomysystem
 {

contracts/tonomy/src/native.cpp

@@ -2,37 +2,63 @@
 #include <eosio/symbol.hpp>
 #include <eosio/transaction.hpp>
 #include <vector>
+#include <eosio.tonomy/eosio.tonomy.hpp>
 
 namespace tonomysystem
 {
 
-   // This action can only be called by inline action from the {sender} account
-   void check_sender(name sender)
+   // Requires the governance active permission authorization
+   void require_governance_active()
    {
-      check(eosio::get_sender() == sender, "You cannot call this eosio action directly, call from the " + sender.to_string() + " contract");
+      eosio::require_auth({native::governance_name, "active"_n});
+   }
+
+   // Requires the governance owner permission authorization
+   void require_governance_owner()
+   {
+      eosio::require_auth({native::governance_name, "owner"_n});
+   }
+
+   // Used to protect governance actions
+   void special_governance_check(name account)
+   {
+      if (account == "eosio"_n || account == "tonomy"_n)
+      {
+         require_governance_owner();
+      }
+      else
+      {
+         require_governance_active();
+      }
    }
 
    void native::newaccount(name creator, name name, authority owner, authority active)
    {
-      require_auth(governance_name); // gov only, till we implement this
-      native::newaccount_action action("eosio"_n, {creator, "active"_n});
+      require_governance_owner();
+      native::newaccount_action action("eosio"_n, {creator, "owner"_n});
       action.send(creator, name, owner, active);
    }
 
    void native::updateauth(name account,
                            name permission,
                            name parent,
-                           authority auth)
-   {
-      require_auth(governance_name); // gov only, till we implement this
-      native::updateauth_action action("eosio"_n, {account, permission});
+                           authority auth,
+                           bool auth_parent)
+   {
+      special_governance_check(account);
+      eosio::name auth_permission = permission;
+      if (auth_parent)
+      {
+         auth_permission = parent;
+      }
+      eosiotonomy::bios::updateauth_action action("eosio"_n, {account, auth_permission});
       action.send(account, permission, parent, auth);
    }
 
    void native::deleteauth(name account,
                            name permission)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      special_governance_check(account);
       native::deleteauth_action action("eosio"_n, {account, permission});
       action.send(account, permission);
    }
@@ -51,89 +77,89 @@ namespace tonomysystem
                            name code,
                            name type)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      special_governance_check(account);
       native::unlinkauth_action action("eosio"_n, {account, "active"_n});
       action.send(account, code, type);
    }
 
    void native::canceldelay(permission_level canceling_auth, checksum256 trx_id)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::canceldelay_action action("eosio"_n, {governance_name, "active"_n});
       action.send(canceling_auth, trx_id);
    }
 
    void native::setcode(name account, uint8_t vmtype, uint8_t vmversion, const std::vector<char> &code)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      special_governance_check(account);
       native::setcode_action action("eosio"_n, {account, "active"_n});
       action.send(account, vmtype, vmversion, code);
    }
 
    void native::setabi(name account, const std::vector<char> &abi)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      special_governance_check(account);
       native::setabi_action action("eosio"_n, {account, "active"_n});
       action.send(account, abi);
    }
 
    void native::setpriv(name account, uint8_t is_priv)
    {
       // TODO disable proxying: this contract is priviledged and can execute the required API calls directly
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::setpriv_action action("eosio"_n, {governance_name, "active"_n});
       action.send(account, is_priv);
    }
 
    void native::setalimits(name account, int64_t ram_bytes, int64_t net_weight, int64_t cpu_weight)
    {
       // TODO delete function. This is handled by our own resource management
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::setalimits_action action("eosio"_n, {governance_name, "active"_n});
       action.send(account, ram_bytes, net_weight, cpu_weight);
    }
 
    void native::setprods(const std::vector<eosio::producer_authority> &schedule)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::setprods_action action("eosio"_n, {governance_name, "active"_n});
       action.send(schedule);
    }
 
    void native::setparams(const eosio::blockchain_parameters &params)
    {
       // TODO disable proxying: this contract is priviledged and can execute the required API calls directly
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::setparams_action action("eosio"_n, {governance_name, "active"_n});
       action.send(params);
    }
 
    void native::reqauth(name from)
    {
       // TODO delete as not needed. Check in Telegram first
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::reqauth_action action("eosio"_n, {from, "active"_n});
       action.send(from);
    }
 
    void native::activate(const eosio::checksum256 &feature_digest)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::activate_action action("eosio"_n, {governance_name, "active"_n});
       action.send(feature_digest);
    }
 
    void native::reqactivated(const eosio::checksum256 &feature_digest)
    {
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::reqactivated_action action("eosio"_n, {governance_name, "active"_n});
       action.send(feature_digest);
    }
 
    void native::onerror(uint128_t sender_id, std::vector<char> sent_trx)
    {
       // TODO delete: this is not needed in this contract. It is not supposed to be called in the eosio contract
-      require_auth(governance_name); // gov only, till we implement this
+      require_governance_owner();
       native::onerror_action action("eosio"_n, {governance_name, "active"_n});
       action.send(sender_id, sent_trx);
    }

contracts/tonomy/src/tonomy.cpp

@@ -3,6 +3,8 @@
 #include <eosio/transaction.hpp>
 #include <vector>
 
+#include <eosio.tonomy/eosio.tonomy.hpp>
+
 namespace tonomysystem
 {
    // contract class constructor
@@ -316,7 +318,7 @@ namespace tonomysystem
       }
 
       // must be signed by the account's permission_level or parent (from eosio.tonomy::updateauth())
-      tonomy::updateauth_action updateauthaction("eosio"_n, {account, "owner"_n});
+      eosiotonomy::bios::updateauth_action updateauthaction("eosio"_n, {account, "owner"_n});
       updateauthaction.send(account, permission, "owner"_n, authority);
 
       if (link_auth)
@@ -350,7 +352,7 @@ namespace tonomysystem
       // setup the new key authoritie(s)
       authority authority = create_authority_with_key(key);
 
-      tonomy::updateauth_action updateauthaction("eosio"_n, {account, parent});
+      eosiotonomy::bios::updateauth_action updateauthaction("eosio"_n, {account, parent});
       updateauthaction.send(account, app, parent, authority);
       // must be signed by the account's permission_level or parent (from eosio.tonomy::updateauth())
    }