Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    mandeep9888
    @mandeep9888
    ethsigner --chain-id=2018 --downstream-http-port=8590 azure-signer --client-id=xyz --client-secret-path=/home/mandy/client_secret --key-name=bob --key-version=blablabla --keyvault-name=SomeKeyVault
    zsh: command not found: ethsigner
    when i use docker run pegasyseng/ethsigner:latest --chain-id=2018 --downstream-http-port=8590 azure-signer --client-id=xyz --client-secret-path=/home/mandy/client_secret --key-name=bob --key-version=blablabla --keyvault-name=SomeKeyVault
    it works though but gives me below error message
    Setting logging level to INFO 2019-12-03 12:57:35.870+00:00 | main | INFO | SignerSubCommand | Version = ethsigner/v0.3.1-dev-5ea7b61e/linux-x86_64/oracle_openjdk-java-11 Failed to construct a signer from supplied arguments. Cause: Error when reading the secret from file
    mandeep9888
    @mandeep9888
    @rain-on
    Trent Mohay
    @rain-on
    Hey @mandeep9888 the first problem appears to be that Ethsigner is not on your path - and thus zsh cannot execute it - is that possible? I'm wondering if the second problem is to do with how your client secret file is being mounted into the docker container - i.e. firstly, /home/mandy into your docker container as a volume (with an known path "inside" the container), then on the commandline, reference your client secret file in terms of the volume's path (i.e. the path inside the container) rather than the path in the host environment
    @mandeep9888 otherwise you are correct, your client secret needs to be in the client-secret-file - but a word of warning, the file should contain NOTHING other than your secret - not even a CR or LF at the end of the line
    mandeep9888
    @mandeep9888
    @rain-on thanks i able to run both the images besu and ethsigner using docker but the problem i am facing is, I am not able access the port outside the container even though i am running by exposing ports i guess there is some problem buy running using docker run command. When i am exposing any port for ethesigner and besu i am able to see the port but is not mapped to any process.
    do have some idea regarding this ?
    mandeep9888
    @mandeep9888
    @rain-on I guess it's a issue with ethsigner only I am able to access besu by passing it's exposed with curl I am able to get block number
    Trent Mohay
    @rain-on
    @mandeep9888 ok great - so the issue with parsing the client-secret file is resolved? If so, that's great ((if not, then I EthSigner will exit immediately, and thus there will be no Ethsigner running in the docker container).
    Now - its worth confirming that EthSigner is up and listening on your specified port, to do this I'd suggest sending a get request to the "upcheck" API (curl -X GET http://<ip>:<port>/upcheck) - unfortunately, this isn't documented (but will be resolved!). If that works, then I suspect the issue is with EthSigner attempting to reach the dockerised Besu ...
    Jason Frame
    @jframe
    @mandeep9888 I suspect you have probably already found this but there is little bit of detail on using EthSigner with docker here https://docs.ethsigner.pegasys.tech/en/latest/HowTo/Get-Started/Use-Docker/. I suspect the issue is that EthSigner is listening on a local port in the container, try setting --http-listen-host=0.0.0.0 as part of the EthSigner options to have it listen on your host machines network.
    mandeep9888
    @mandeep9888
    @jframe thanks mate I am able to access now from host also, it was problem with --http-listen-host=0.0.0.0 it was working with besu image though You have to highlight that in documentation. and it will help if you could provide me some example of sen+Transaction using ethsigner.
    i also have some doubts regarding how it signs actually because in docs we are not providing any key name while sending transaction to ethsigner
    How it works in case we have multiple keys in the azure vault how do we specify which key to be used for signing @jframe @rain-on
    @faraggi this mandeep from consensys academy yesterday we had a talk over zoom.
    mandeep9888
    @mandeep9888
    @jframe @rain-on do we need to a separate run signer for every private key?
    Trent Mohay
    @rain-on
    @mandeep9888 at the moment, EthSigner only supports a single key - so yes, you will need to run an EthSigner per key. Having said that - a new EthSigner should be released (fingers crossed) next week - which will allow for a single EthSigner to support multiple keys.
    Felipe Faraggi
    @faraggi
    @mandeep9888 Hi mandeep. nice to see you around here. I see you've made some friends already :)
    mandeep9888
    @mandeep9888
    thank @faraggi glad to be here, we are building on besu here at bosch india. I am trying to use ethsigner with besu thats how i landed up here
    @rain-on good to hear that, anyone please give me an example an example to how to send a transaction using ethsigner
    curl -X POST --data '{"jsonrpc":"2.0","method":"eth_sendTransaction","params":[{"from":"0x9811ebc35d7b06b3fa8dc5809a1f9c52751e1deb","data":"0x608060405234801561001057600080fd5b50610301806100206000396000f3fe60806040526004361061004b5763ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166317d7de7c81146100505780632cefeb07146100da575b600080fd5b34801561005c57600080fd5b5061006561018f565b6040805160208082528351818301528351919283929083019185019080838360005b8381101561009f578181015183820152602001610087565b50505050905090810190601f1680156100cc5780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b3480156100e657600080fd5b5061018d600480360360208110156100fd57600080fd5b81019060208101813564010000000081111561011857600080fd5b82018360208201111561012a57600080fd5b8035906020019184600183028401116401000000008311171561014c57600080fd5b91908080601f016020809104026020016040519081016040528093929190818152602001838380828437600092019190915250929550610226945050505050565b005b60008054604080516020601f600260001961010060018816150201909516949094049384018190048102820181019092528281526060939092909183018282801561021b5780601f106101f05761010080835404028352916020019161021b565b820191906000526020600020905b8154815290600101906020018083116101fe57829003601f168201915b505050505090505b90565b805161023990600090602084019061023d565b5050565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061027e57805160ff19168380011785556102ab565b828001600101855582156102ab579182015b828111156102ab578251825591602001919060010190610290565b506102b79291506102bb565b5090565b61022391905b808211156102b757600081556001016102c156fea165627a7a7230582075302e487198c16028da43a3fb974a78fdc5eceeb39e325c773abcec5c50b0250029","gas":"0x7600","gasPrice": "0x9184e72a000"}],"id":1}' http://127.0.0.1:8545
    i am sending this transaction to deploy a contract getting
    {"jsonrpc":"2.0","id":1,"error":{"code":-32000,"message":"No unlocked account matches the Sender"}}%
    i am providing the address in from whose private key is saved in azure vault and ethsigner run running using corrosponding key name
    @jframe do have any idea about it.
    mandeep9888
    @mandeep9888
    my genesis file looks like that { "config": { "chainId": 20, "constantinoplefixblock": 0, "ibft2": { "blockperiodseconds": 5, "epochlength": 30000, "requesttimeoutseconds": 10 } }, "nonce": "0x0", "timestamp": "0x58ee40ba", "extraData": "0xf83ea00000000000000000000000000000000000000000000000000000000000000000d5949811ebc35d7b06b3fa8dc5809a1f9c52751e1deb808400000000c0", "gasLimit": "0x1fffffffffffff", "difficulty": "0x1", "mixHash": "0x63746963616c2062797a616e74696e65206661756c7420746f6c6572616e6365", "coinbase": "0x0000000000000000000000000000000000000000", "alloc": { "9811ebc35d7b06b3fa8dc5809a1f9c52751e1deb": { "balance": "0xad78ebc5ac6200000" }, "d6e028e04be1422f73dcb8fca743cbad4bd30957": { "balance": "0xad78ebc5ac6200000" } } }
    Trent Mohay
    @rain-on
    @mandeep9888 the "no unlocked account matches the sender" means that the address derived from your key file is not the same as that in your transaction - i.e. your key file does not represent an ethereum address of "0x9811ebc35d7b06b3fa8dc5809a1f9c52751e1deb"
    mandeep9888
    @mandeep9888
    Yeah I thought so, thanks @rain-on but it's the same address corresponds to that key, do ethsigner checks for checksum also for the address ?
    Trent Mohay
    @rain-on
    @mandeep9888 Can you call "eth_accounts" on EthSigner (curl -X POST --data '{"jsonrpc":"2.0","method":"eth_accounts","params":[],"id":1}') - this will show what accounts EthSigner thinks are available for signing of transactions
    mandeep9888
    @mandeep9888
    curl -X POST --data '{"jsonrpc":"2.0","method":"eth_accounts","params":[],"id":1}' http://127.0.0.1:8545
    gives me >>>>>>>>>>>>>>>>> {"jsonrpc":"2.0","id":1,"result":["0xf23eef92431847dadda9e483c61d3a4d8001915a"]}
    mandeep9888
    @mandeep9888
    i have few question here:
    1. is this the default address already there in ethSigner ?
    2. this address doesn't corresponds to my private key which i pass while starting ethsigner. then where this address is coming from and where the address corresponds to the key ?
    3. For some reasons i am unable to access signer service outside my docker container. and ethsigner also not able to connect to besu which is running in another container (which i am able to access normally ) Is that a common issue ?
      @rain-on @jframe
    my docker-compose file looks like this
    version: "3"
    networks:
    the_hub:
    services:
    the_besu:
    image: hyperledger/besu:latest
    ports:
    - "4000:8545"
    - "13001:30303"
    `networks:
            - the_hub
        volumes: 
            - /home/mandy/signer/mandy:/mandy
        command: ["--rpc-http-enabled","--network-id=${NETWORK_ID}","--logging=${LOG_LEVEL}","--genesis-file=/mandy/genesis.json"]
    the_signer:
        image: pegasyseng/ethsigner:latest
        ports: 
            - "8545:8545"
        volumes:
            - /home/mandy/signer/mandy:/mandy       
        command: ["--chain-id=${CHAIN_ID}","--downstream-http-port=${DOWNSTREAM_HTTP_PORT}","--http-listen-host=${HTTP_LISTEN_HOST}","azure-signer","--client-id=${CLIENT_ID}","--client-secret-path=${CLIENT_SECRET_PATH}","--key-name=${KEY_NAME}","--key-version=${KEY_VERSION}","--keyvault-name=${KEYVAULT_NAME}"]
        networks:
            - the_hub `
    Trent Mohay
    @rain-on
    @mandeep9888 Ethsigner doesn't have any default keys - it can only access the one specified on the command line - so, for whatever reason, the address being reported is the one from the Azure key Ethsigner is accessing. Did you have Azure auto-create your private key, or did you upload a known key into Azure?
    Unfortunately, I can't talk to the third point, but will see what I can find out.
    mandeep9888
    @mandeep9888
    @rain-on yeah the key was auto created I drived the address from public key which azure provided against my private key.
    Trent Mohay
    @rain-on
    @mandeep9888 So - Ethsigner determines the public key from Azure by concatenating the "x" and "y" fields of the "key" object (in AzureKeyVaultTransactionSignerFactory::createSigner) - then uses web3j to determine the address. Its possible we've made an error in the public-key calculation ... are you sure you've got your public key correct?
    Trent Mohay
    @rain-on
    @mandeep9888 I should ask (as I can't see it) - how do you get your public key out of Azure? I can't seem to do it via the portal, do you have a utility?
    Joshua Fernandes
    @joshuafernandes
    Hi @mandeep9888 from your docker-compose file are you able to access Besu at localhost:4000?
    in the Ethsigner command what does HTTP_LISTEN_HOST evaluate to?
    mandeep9888
    @mandeep9888
    @joshuafernandes yeah I am able to access besu on localhost but not ethsigner
    see the result below
    curl -X POST --data '{"jsonrpc":"2.0","method":"net_enode","params":[],"id":1}' http://localhost:4000
    result >>> { "jsonrpc" : "2.0", "id" : 1, "result" : "enode://bff7d33ae11557e3adf6900faa80cb718f0e998ae688b4d0251898ac22639104a96cddf4fb84874c4f4976ccfbe2b82aa704471a52445f5659b575c48d7e977c@127.0.0.1:30303" }
    Joshua Fernandes
    @joshuafernandes
    ok what does HTTP_LISTEN_HOST evaluate to for ethsigner
    could you set that to 0.0.0.0 explictly and then start it up
    mandeep9888
    @mandeep9888
    HTTP_LISTEN_HOST=0.0.0.0
    i am already setting it up
    Joshua Fernandes
    @joshuafernandes
    on your native host could you do netstat -tanp | grep 8545 and see if anything returns
    native host = macos / linux host os
    i'm going to try spinning up your file and see if i get anything different and i'll get back to you
    mandeep9888
    @mandeep9888

    signer ›› sudo netstat -tanp | grep 4000
    tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 24000/cupsd tcp6 0 0 ::1:631 :::* LISTEN 24000/cupsd tcp6 0 0 :::4000 :::* LISTEN 11374/docker-proxy

    signer ›› sudo netstat -tanp | grep 8545
    tcp6 0 0 :::8545 :::* LISTEN 11386/docker-proxy
    yeah its listening to docker proxy but unable to access.
    can you please try and see if its works for your case or suggest me alternative.

    Trent Mohay
    @rain-on
    @mandeep9888 It's probably worth creating a genesis file with funds allocated to the 0xf23eef92431847dadda9e483c61d3a4d8001915a account - you can then try and perform a value transfer from said account. If successful (i.e. account balance changes), that implies the Account recovery from the transaction's signature matches the account reported by Ethsigner (having said that, we need to get your Besu/Ethsigner communicating first)
    Joshua Fernandes
    @joshuafernandes
    @mandeep9888 I can confirm the following works via compose
    This message was deleted
        rpcnode: #  We keep one node named rpcnode to have a specific node to connect the explorer
          image: quickstart/besu:${BESU_VERSION}-ibft2
          environment:
            - BESU_PUBLIC_KEY_DIRECTORY=${BESU_PUBLIC_KEY_DIRECTORY}
          command: *base_options
          volumes:
            - public-keys:${BESU_PUBLIC_KEY_DIRECTORY}
            - ./config/besu/log-config.xml:/config/log-config.xml
            - ./config/besu/ibft2Genesis.json:/config/genesis.json
            - ./config/besu/networkFiles/rpcnode/keys:/opt/besu/keys
            - ./logs/besu:/var/log/
          depends_on:
            - bootnode
          ports:
            - 8545:8545/tcp
    
        ethsignerRpcNode:
          image: pegasyseng/ethsigner:latest
          command: [
            "--chain-id=2018",
            "--http-listen-host=0.0.0.0",
            "--downstream-http-port=8545",
            "--downstream-http-host=rpcnode",
            "file-based-signer",
            "-k",
            "/opt/ethsigner/keyfile",
            "-p",
            "/opt/ethsigner/passwordfile"
          ]
          volumes:
            - ./config/ethsigner/password:/opt/ethsigner/passwordfile
            - ./config/ethsigner/key:/opt/ethsigner/keyfile
          depends_on:
            - bootnode
            - rpcnode
          ports:
            - 18545:8545/tcp
    if you are using env vars i think you need to define them via the environment key
    Joshua Fernandes
    @joshuafernandes
        # status check to ethsigner
        curl -X GET http://127.0.0.1:18545/upcheck
        I'm up!
    
    
        # passthough to the besu node
        curl -X POST --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":51}' http://127.0.0.1:18545
        {
          "jsonrpc" : "2.0",
          "id" : 51,
          "result" : "0x611"
        }
    mandeep9888
    @mandeep9888
    @joshuafernandes Thanks I got it worked by building locally will try docker also.
    when ethsigner going to support multiple keys ? @rain-on
    Trent Mohay
    @rain-on
    @mandeep9888 We're putting the final touches on the release, it may go out tomorrow, or otherwise early next week.
    mandeep9888
    @mandeep9888
    cool, is eth signer support truffle ?
    @rain-on @joshuafernandes