Nucypher
/
nucypher
mirror of https://github.com/nucypher/nucypher.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Separate documentation for running eth nodes, and for running clef as an external transaction signer.

pull/1944/head
derekpierre 2020-05-14 14:50:24 -04:00
parent 6816c7fae3
commit b7100c411a
8 changed files with 276 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/guides/development/cli_guide.rst
View File

@ -12,7 +12,7 @@ in :doc:`getting_started`.
.. note::
While the example provided uses Ethereum mainnet, these steps can be followed for the Goerli Testnet
with updated `geth` (``~/.ethereum/goerli/geth.ipc``) and `seed` uri (``https://gemini.nucypher.network:9151``).
with updated `geth` (``~/.ethereum/goerli/geth.ipc``) and `seed` URI (``https://gemini.nucypher.network:9151``).
To better understand the commands and their options, use the ``--help`` option.
@ -30,7 +30,7 @@ Replace ``<YOUR PROVIDER URI>`` with a valid node web3 node provider string, for
- ``ipc:///home/<username>/.ethereum/geth.ipc`` - IPC Socket-based JSON-RPC server
- ``https://<host>`` - HTTP(S)-based JSON-RPC server
- ``ws://<host>:8080`` - Websocket-based JSON-RPC server
- ``wss://<host>:8080`` - Websocket(Secure)-based JSON-RPC server
Get Bob's Public Keys

87
docs/source/guides/development/getting_started.rst
View File

@ -56,75 +56,8 @@ Running an Ethereum Node
Operation of a decentralized NuCypher character [\ ``Alice``\ , ``Bob``\ , ``Ursula``\ ] requires
a connection to an Ethereum node and wallet to interact with smart
contracts (https://docs.nucypher.com/en/latest/architecture/contracts.html).
For general background information about choosing a node technology and operation,
see https://web3py.readthedocs.io/en/stable/node.html.
In this guide, a local Geth node connected to Ethereum mainnet.
For detailed information on using the geth CLI and Javascript console,
see https://geth.ethereum.org/interface/Command-Line-Options.
.. important::
While the example provided uses Ethereum mainnet, these steps can be followed for the Goerli Testnet
with updated `geth` (``~/.ethereum/goerli/geth.ipc``) and `seed` uri (``https://gemini.nucypher.network:9151``).
To run a Geth node in *fast* syncing mode:
.. code-block:: bash
$ geth
To run a Geth node in *light* syncing mode:
.. code-block:: bash
$ geth --syncmode light
Note that using ``--syncmode light`` is not 100% stable.
Connect to the Geth Console to test your ethereum node's IPC:
.. code-block:: bash
$ geth attach ~/.ethereum/geth.ipc
Wallets
^^^^^^^
To list available accounts on your geth node (Hardware wallet addresses will also be listed here
if one is attached to the system hardware):
.. code-block:: bash
$ geth attach ~/.ethereum/geth.ipc
> eth.accounts
["0x287a817426dd1ae78ea23e9918e2273b6733a43d"]
To create a new software based Geth account:
.. code-block:: bash
$ geth attach ~/.ethereum/geth.ipc
> personal.newAccount()
...
"0xc080708026a3a280894365efd51bb64521c45147"
Note that the Geth console does not return EIP-55 compliant checksum addresses, and instead will output
the *lowercase* version of the address. Since Nucypher requires EIP-55 checksum addresses, you will need
to convert your address to checksum format:
.. code-block:: javascript
> web3.toChecksumAddress(eth.accounts[0])
"0x287A817426DD1AE78ea23e9918e2273b6733a43D"
contracts (https://docs.nucypher.com/en/latest/architecture/contracts.html). For more information about running an
Ethereum node, see :ref:`using-eth-node`.
Connecting to The NuCypher Network
@ -133,14 +66,20 @@ Connecting to The NuCypher Network
Provider URI
^^^^^^^^^^^^
This example uses the ethereum node's IPC-File to communicate, specified by ``provider_uri``.
By default in ubuntu, the path is ``~/.ethereum/geth.ipc`` - This path
This example uses a local ethereum geth node's IPC-File specified by ``provider_uri``.
By default on ubuntu, the path is ``~/.ethereum/geth.ipc`` - this path
will also be logged to the geth-running console on startup.
However, Nucypher also supports alternative web3 node providers such as:
.. important::
* HTTP(S)-based JSON-RPC server e.g. ``http://<host>``
* Websocket-based JSON-RPC server e.g. ``ws://<host>:8080``
While the example provided uses Ethereum mainnet, these steps can be followed for the Goerli Testnet with
updated `geth` (``~/.ethereum/goerli/geth.ipc``) and `seed` URI (``https://gemini.nucypher.network:9151``).
Nucypher also supports alternative web3 node providers such as:
* HTTP(S)-based JSON-RPC server e.g. ``https://<host>``
* Websocket(Secure)-based JSON-RPC server e.g. ``ws://<host>:8080``, ``wss://<host>:8080``
Connecting Nucypher to an Ethereum Provider

231
docs/source/guides/ethereum_node.rst Normal file
View File

@ -0,0 +1,231 @@
.. _using-eth-node:
======================
Using an Ethereum Node
======================
For operations that require an ethereum provider for transaction signing and broadcasting, either a local or remote
ethereum node may be used. For general background information about choosing a node technology and operation,
see https://web3py.readthedocs.io/en/stable/node.html.
Local Ethereum Node
~~~~~~~~~~~~~~~~~~~
This is the typical configuration for a locally operated trusted ethereum node. For detailed information on using the
geth CLI and Javascript console, see https://geth.ethereum.org/interface/Command-Line-Options.
Assuming you have ``geth`` installed, to run a `geth` node in *fast* syncing mode:
.. code:: bash
$ geth
and to run a Geth node in *light* syncing mode:
.. code:: bash
$ geth --syncmode light
.. note::
``--syncmode light`` is not 100% stable.
If you want to use your hardware wallet, just connect it to your machine, and you'll see something like this in logs:
.. code:: bash
INFO [08-30|15:50:39.153] New wallet appeared url=ledger://0001:000b:00 status="Ethereum app v1.2.7 online"
If you see something like ``New wallet appeared, failed to open`` in the logs,
you need to reconnect the hardware wallet (without turning the ``geth`` node
off).
If you don't have a hardware wallet, you can create a software one. Whilst running the initialized node:
* Linux:
.. code:: bash
$ geth attach /home/<username>/.ethereum/geth.ipc
> personal.newAccount();
> eth.accounts
["0x287a817426dd1ae78ea23e9918e2273b6733a43d"]
* MacOS:
.. code:: bash
$ geth attach /Users/<username>/Library/Ethereum/geth.ipc
> personal.newAccount();
> eth.accounts
["0x287a817426dd1ae78ea23e9918e2273b6733a43d"]
Where ``0x287a817426dd1ae78ea23e9918e2273b6733a43d`` is your newly created
account address and ``<username>`` is your user.
.. note::
The Geth console **does not return EIP-55 compliant checksum addresses**, and instead will output
the *lowercase* version of the address. Since Nucypher requires EIP-55 checksum addresses, you will need
to convert your address to checksum format:
.. code:: javascript
> web3.toChecksumAddress(eth.accounts[0])
"0x287A817426DD1AE78ea23e9918e2273b6733a43D"
Run Geth with Docker
********************
Run a local geth using volume bindings:
.. code:: bash
docker run -it -p 30303:30303 -v ~/.ethereum:/root/.ethereum ethereum/client-go
For alternate geth configuration via docker see:
`Geth Docker Documentation <https://geth.ethereum.org/docs/install-and-build/installing-geth#run-inside-docker-container>`_.
Remote Ethereum Node
~~~~~~~~~~~~~~~~~~~~
Nucypher supports remote ethereum providers such as Alchemy, Infura, Public Remote Node, but an external transaction
signing client (e.g. `clef <External Signing Using Clef>`_ or geth) is needed separate from the broadcasting node.
.. _signing-with-clef:
External Signing Using Clef
~~~~~~~~~~~~~~~~~~~~~~~~~~~
In conjunction with an ethereum provider, an external signer, such as Clef, can be specified and operated
independently of the provider/broadcaster. This separation allows pre-signed transactions to be sent to an
external (possibly remote) ethereum node. Clef enables applications to connect to an Ethereum node and send locally signed
transactions to be broadcasted. This setup could be desirable when interacting with an untrusted Ethereum node. More
information about Clef can be found `here <https://github.com/ethereum/go-ethereum/tree/master/cmd/clef>`_.
Some examples:
- Infura/Alchemy/Etc. for broadcasting with clef signer
- Local geth node for broadcasting with clef signer
- Remote ethereum node for broadcasting with local geth signer
.. important::
External signing support is an experimental feature and under active development.
Clef Setup
**********
We'll quickly walk through setup steps below, but additional in-depth documentation on clef can
be found in the source repository here https://github.com/ethereum/go-ethereum/tree/master/cmd/clef
Clef is typically installed alongside geth. If you already have geth installed on your system you
may already have clef installed. To check for an existing installation run:
.. code:: bash
$ clef --version
Clef version 0.0.0
If ``clef`` was not found, upgrade ``geth`` to the latest version and try again.
Next, initialize Clef with your chosen password to encrypt the master seed:
.. code:: bash
$ clef init
...
The master seed of clef will be locked with a password.
Please specify a password. Do not forget this password!
Password:
Running Clef
************
Clef can use hardware wallets (ledger and trezor) over USB, or geth formatted private keys
by specifying the keystore directory path:
.. code:: bash
$ clef --keystore <PATH TO KEYSTORE> --chainid <CHAIN ID> --advanced
* <PATH TO KEYSTORE> - The path to the directory containing geth-formatted private key files; the default path for Linux is ``~/.ethereum/keystore``.
* Chain ID 1 is specified to ensure clef signs transactions with the network ID of mainnet.
.. code:: bash
Enter 'ok' to proceed:
> ok
...
------- Signer info -------
* extapi_version : 6.0.0
* extapi_http : n/a
* extapi_ipc : <CLEF IPC PATH>
* intapi_version : 7.0.0
where ``<CLEF IPC PATH>``:
* Linux: ``/home/<username>/.clef/clef.ipc``
* MacOS: ``/Users/<username>/Library/Signer/clef.ipc``
.. _clef-rules:
Clef Rules
**********
By default, all requests to the clef signer require manual confirmation. To overcome this, Clef allows the
configuration of rules to automate the confirmation of requests to the signer. In particular, we recommend that users
of a Clef signer with `nucypher` define the following rules file (``rules.js``), which simply approves the
listing of accounts:
.. code:: javascript
function ApproveListing() {
return "Approve"
}
The sha256 digest of this particular 3-line file is ``8d089001fbb55eb8d9661b04be36ce3285ffa940e5cdf248d0071620cf02ebcd``.
We will use this digest to attest that we trust these rules:
.. code:: bash
$ clef attest 8d089001fbb55eb8d9661b04be36ce3285ffa940e5cdf248d0071620cf02ebcd
WARNING!
Clef is an account management tool. It may, like any software, contain bugs.
Please take care to
- backup your keystore files,
- verify that the keystore(s) can be opened with your password.
Clef is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more details.
Enter 'ok' to proceed:
> ok
Decrypt master seed of clef
Password:
INFO [04-14|02:00:54.740] Ruleset attestation updated sha256=8d089001fbb55eb8d9661b04be36ce3285ffa940e5cdf248d0071620cf02ebcd
Once the rules file is attested, we can run Clef with the ``--rules rules.js`` flag,
to indicate which are the automated rules (in our case, allowing the listing of accounts):
.. code:: bash
$ clef --keystore <PATH TO KEYSTORE> --chainid <CHAIN ID> --advanced --rules rules.js

203
docs/source/guides/network_node/staking_guide.rst
View File

@ -108,135 +108,32 @@ All staking-related operations done by Staker are performed through the ``nucyph
Staking
--------
Staking transactions can be broadcast using either a local or remote ethereum node.
By default transaction signing requests are forwarded to the configured ethereum provider;
This is the typical configuration for locally or independently run ethereum nodes.
In order to use a remote ethereum provider (e.g. Alchemy, Infura, Public Remote Node) an external transaction signing client
(e.g. clef or geth) is needed separate from the broadcasting node.
Running an Ethereum Node for Staking
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Below we describe the usage of both local and remote ethereum providers...
Running an Ethereum Node for Staking (Local Provider)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here we describe the steps required to run an ethereum node for both transaction signing and broadcast.
This is the typical configuration for a locally operated trusted ethereum node.
Assuming you have ``geth`` installed
.. code:: bash
$ geth
If you want to use your hardware wallet, just connect it to your machine. You'll see something like this in logs:
.. code:: bash
INFO [08-30|15:50:39.153] New wallet appeared url=ledger://0001:000b:00 status="Ethereum app v1.2.7 online"
If you see something like ``New wallet appeared, failed to open`` in the logs,
you need to reconnect the hardware wallet (without turning the ``geth`` node
off).
If you don't have a hardware wallet, you can create a software one:
Whilst running the initialized node:
.. code:: bash
Linux:
$ geth attach /home/<username>/.ethereum/geth.ipc
> personal.newAccount();
> eth.accounts
["0x287a817426dd1ae78ea23e9918e2273b6733a43d"]
MacOS:
$ geth attach /Users/<username>/Library/Ethereum/geth.ipc
> personal.newAccount();
> eth.accounts
["0x287a817426dd1ae78ea23e9918e2273b6733a43d"]
Where ``0x287a817426dd1ae78ea23e9918e2273b6733a43d`` is your newly created
account address and ``<username>`` is your user.
Using Clef as an external transaction signer (Remote Provider)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. important::
External signing support is an experimental feature and under active development.
Motivation
**********
Instead of using a local ethereum node for both transaction signing and broadcast, an external signer can be specified
and operated independently of the provider/broadcaster. This separation allows stakers to use local hardware and software wallets
to send pre-signed transactions to an external (possibly remote) ethereum node.
Some examples:
- Infura/Alchemy/Etc. for broadcasting with clef signer
- Local geth node for broadcasting with clef signer
- Remote ethereum node for broadcasting with local geth signer
Staking transactions can be broadcasted using either a local or remote ethereum node. See
:ref:`using-eth-node` for more information.
Clef Setup
**********
Using External Signing
**********************
We'll quickly walk through setup steps below, but additional in-depth documentation on clef can
be found in the source repository here https://github.com/ethereum/go-ethereum/tree/master/cmd/clef
By default, transaction signing requests are forwarded to the configured ethereum provider. This is the typical
configuration for locally or independently run ethereum nodes. To use a remote ethereum provider
(e.g. Alchemy, Infura, Public Remote Node) an external transaction signing client (e.g. `clef` or `geth`) is needed
separate from the broadcasting node.
Clef is typically installed alongside geth. If you already have geth installed on your system you
may already have clef installed. To check for an existing installation run:
.. code:: bash
$ clef --version
Clef version 0.0.0
If clef was not found, upgrade geth to the latest version and try again.
Next, initialize Clef with your chosen password to encrypt the master seed:
.. code:: bash
$ clef init
...
The master seed of clef will be locked with a password.
Please specify a password. Do not forget this password!
Password:
Using Clef
++++++++++
See :ref:`signing-with-clef` for setting up Clef. By default, all requests to the clef signer require manual
confirmation. This includes not only transactions but also more innocuous requests such as listing the accounts
that the signer is handling. This means, for example, that a command like ``nucypher stake accounts`` will first ask
for user confirmation in the clef CLI before showing the staker accounts. You can automate this confirmation by
using :ref:`clef-rules`.
Running Clef
************
Clef can use hardware wallets (ledger and trezor) over USB, or geth formatted private keys
by specifying the keystore directory path:
.. code:: bash
$ clef --keystore <PATH TO KEYSTORE> --chainid <CHAIN ID> --advanced
- <PATH TO KEYSTORE> - The path to the directory containing geth-formatted private key files; the default path for Linux is ``~/.ethereum/keystore``.
- Chain ID 1 is specified to ensure clef signs transactions with the network ID of mainnet.
.. code:: bash
Enter 'ok' to proceed:
> ok
...
------- Signer info -------
* extapi_version : 6.0.0
* extapi_http : n/a
* extapi_ipc : /home/<username>/.clef/clef.ipc
* intapi_version : 7.0.0
Using clef with nucypher commands
*********************************
Using Clef with nucypher commands
+++++++++++++++++++++++++++++++++
.. code:: bash
@ -256,65 +153,6 @@ Some examples:
$ nucypher stake create --signer clef:///home/<username>/.clef/clef.ipc --provider ~/.ethereum/geth.ipc
Interacting with clef
*********************
Requests for account management, and signing will be directed at clef, with a 60 second timeout.
Be alert for user-interactive requests and confirmations from the clef CLI.
By default, all requests to the clef signer require manual confirmation.
This include not only transactions, but also more innocuous requests such as listing the accounts
that the signer is handling. This means, for example, that a command like ``nucypher stake accounts`` will first
ask for user confirmation in the clef CLI before showing the staker accounts.
To overcome this, Clef allows to define rules to automate the confirmation of certain transactions,
or more generally, of some requests to the signer.
In particular, we recommend that users of a Clef signer with nucypher define the following rules file,
which simply approves the listing of accounts:
.. code:: javascript
function ApproveListing() {
return "Approve"
}
The sha256 digest of this particular 3-line file is ``8d089001fbb55eb8d9661b04be36ce3285ffa940e5cdf248d0071620cf02ebcd``.
We will use this digest to attest that we trust these rules:
.. code:: bash
$ clef attest 8d089001fbb55eb8d9661b04be36ce3285ffa940e5cdf248d0071620cf02ebcd
WARNING!
Clef is an account management tool. It may, like any software, contain bugs.
Please take care to
- backup your keystore files,
- verify that the keystore(s) can be opened with your password.
Clef is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more details.
Enter 'ok' to proceed:
> ok
Decrypt master seed of clef
Password:
INFO [04-14|02:00:54.740] Ruleset attestation updated sha256=8d089001fbb55eb8d9661b04be36ce3285ffa940e5cdf248d0071620cf02ebcd
Once the rules file is attested, we can run Clef with the ``--rules rules.js`` flag,
to indicate which are the automated rules (in our case, allowing listing of accounts):
.. code:: bash
$ clef --keystore <PATH TO KEYSTORE> --chainid <CHAIN ID> --advanced --rules rules.js
Initialize a new stakeholder
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -327,7 +165,8 @@ This will create a configuration file (`~/.local/share/nucypher/stakeholder.json
where:
* If you utilized `Clef Setup`_, the ``SIGNER URI`` is ``clef:///home/<username>/.clef/clef.ipc``
* If you utilized :ref:`signing-with-clef`, the ``SIGNER URI`` is ``clef:///home/<username>/.clef/clef.ipc``
(on MacOS for Goerli testnet, ``ipc:///Users/<username>/Library/Signer/clef.ipc``)
* If you ran ``geth`` node as above, your ``<PROVIDER>`` is ``ipc:///home/<username>/.ethereum/geth.ipc``
(on MacOS for Goerli testnet, ``ipc:///Users/<username>/Library/Ethereum/goerli/geth.ipc``)
* ``<NETWORK_NAME>`` is the name of the NuCypher network domain where the staker will participate.

37
docs/source/guides/network_node/ursula_configuration_guide.rst
View File

@ -9,7 +9,7 @@ NuCypher staking operations are divided into two roles "Staker" and "Worker" - T
Worker Overview
----------------
*Worker* - (aka "Ursula") Active network participant, Carries out re-encryption work orders.
*Worker* - (aka "Ursula") Active network participant who carries out re-encryption work orders.
The Worker is the bonded delegate of a Staker and an active network node. Workers must remain online to provide
uninterrupted re-encryption services on-demand. Each staking account or Staker is bonded to exactly one Worker.
@ -36,37 +36,8 @@ Working Procedure:
1. Running an Ethereum node for Ursula
----------------------------------------
Run Geth with Docker
~~~~~~~~~~~~~~~~~~~~~
Run a local geth using volume bindings:
.. code:: bash
docker run -it -p 30303:30303 -v ~/.ethereum:/root/.ethereum ethereum/client-go
For alternate geth configuration via docker see:
`Geth Docker Documentation <https://geth.ethereum.org/docs/install-and-build/installing-geth#run-inside-docker-container>`_.
Run Geth with the CLI
~~~~~~~~~~~~~~~~~~~~~
.. code:: bash
$ geth --nousb
... (geth log output)
Create a software-controlled account in geth in another console:
.. code:: bash
$ geth attach ~/.ethereum/geth.ipc
> personal.newAccount();
> eth.accounts[0]
["0xc080708026a3a280894365efd51bb64521c45147"]
The new account is ``0xc080708026a3a280894365efd51bb64521c45147`` in this case.
Worker (Ursula) transactions can be broadcasted using either a local or remote ethereum node. See :ref:`using-eth-node`
for more information.
.. _fund-worker-account:
@ -120,7 +91,7 @@ Replace ``<YOUR PROVIDER URI>`` with a valid node web3 node provider string, for
- ``ipc:///home/<username>/.ethereum/geth.ipc`` - IPC Socket-based JSON-RPC server
- ``https://<host>`` - HTTP(S)-based JSON-RPC server
- ``ws://<host>:8080`` - Websocket-based JSON-RPC server
- ``wss://<host>:8080`` - Websocket(Secure)-based JSON-RPC server
``<NETWORK_NAME>`` is the name of the NuCypher network domain where the node will run.

2
docs/source/guides/worklock_guide.rst
View File

@ -27,7 +27,7 @@ Replace ``<YOUR PROVIDER URI>`` with a valid node web3 node provider string, for
- ``ipc:///home/<username>/.ethereum/geth.ipc`` - IPC Socket-based JSON-RPC server
- ``https://<host>`` - HTTP(S)-based JSON-RPC server
- ``ws://<host>:8080`` - Websocket-based JSON-RPC server
- ``wss://<host>:8080`` - Websocket(Secure)-based JSON-RPC server
Show current WorkLock information
---------------------------------

3
docs/source/index.rst
View File

@ -131,8 +131,9 @@ Whitepapers
guides/installation_guide
guides/network_node/network_node
guides/development/development
guides/ethereum_node
guides/worklock_guide
guides/environment_variables.rst
guides/environment_variables
guides/contribution_guide
.. toctree::

4
docs/source/support/faq.rst
View File

@ -338,5 +338,5 @@ Q: What types of Ethereum web3 node providers do you support?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* IPC Socket-based JSON-RPC server e.g. ``ipc:///home/<username>/.ethereum/geth.ipc``
* HTTP(S)-based JSON-RPC server e.g. ``http://<host>``
* Websocket-based JSON-RPC server e.g. ``ws://<host>:8080``
* HTTP(S)-based JSON-RPC server e.g. ``http://<host>``, ``https://<host>``
* Websocket(Secure)-based JSON-RPC server e.g. ``ws://<host>:8080``, ``wss://<host>:8080``