Looks like constellation-enclave-keygen expects berkeley-db v 6.1, which currently homebrew is installing v6.2

dyld: Library not loaded: /usr/local/opt/berkeley-db/lib/libdb-6.1.dylib
  Referenced from: /Users/jamie/Code/cons/./constellation-enclave-keygen
  Reason: image not found
Trace/BPT trap: 5

We're trying to get Constellation running in RHEL. Sadly Red Hat is not one of the major platforms where Constellation has precompiled binaries for :)

We compiled it on a machine with internet access (which was not trivial given a weird bunch of dependencies), but when trying to run it on another machine, we get the following error:

2017 Jun-21 13:51:38115940 [WARN] Failed to run an AtExit hook: : Data.Binary.Get.runGet at position 8: not enough bytes
CallStack (from HasCallStack):
  error, called at libraries/binary/src/Data/Binary/Get.hs:342:5 in binary-0.8.3.0:Data.Binary.Get
constellation-node: Data.Binary.Get.runGet at position 8: not enough bytes
CallStack (from HasCallStack):
  error, called at libraries/binary/src/Data/Binary/Get.hs:342:5 in binary-0.8.3.0:Data.Binary.Get

Constellation currently uses BerkeleyDB for all storage. It includes code for LevelDB and SQLite, however one cannot currently choose either of them. The simple reason BerkeleyDB is the default is that it was faster than the other options in our testing.

Constellation was specifically designed to use stateless crypto--XSalsa20 allows for randomly generated nonces--in order to support hosting the same key pair on multiple Constellation nodes and using a shared underlying datastore like S3 without requiring contentious nonce management, and positing only the restriction that the data store must have read-after-creation consistency. With S3 and similar, thinking about redundancy and backups becomes a lot simpler, and since the payloads stored are encrypted, storing them with a cloud provider doesn't involve much risk.

Ideally, the --storage option will work as follows:

• constellation-node --storage=data -- use default engine (BerkeleyDB) in the folder 'data'
• constellation-node --storage=bdb:data -- explicitly use BerkeleyDB in the folder 'data'
• constellation-node --storage=s3:constellationstore -- use the 'constellationstore' bucket on S3 (credentials fetched from ~/.aws/credentials or env vars on startup)
• ...

Now:

• What should the out of the box default be? Should it continue to be BerkeleyDB? Other options include BoltDB, LevelDB, RocksDB, ...
• What other options should be supported? For example:
  • S3
  • Google Cloud DataStore (10MiB object limit) or Google Blobstore
  • Azure Blob Storage
  • Redis
  • Tahoe-LAFS
  • seaweedfs
  • ...

(These would be the options supported out of the box in the standalone version, but you would still be able to import Constellation as a library and supply anything that satisfies the Storage datatype for exotic requirements.)

Hi all, I am trying to run a small performance test on quorum, focusing on private transactions. The test runs on an 8 nodes network. The machines are hosted on AWS each node is an M5XL instance. The test uses 4 nodes to insert those transactions private for the other 4 nodes. When the load (trough Jmeter) reach about 50 TX/s constellation raise an issue: Network.Socket.accept: resource exhausted (Too many open files) We have been changing the number of open files without help. limit.conf: ubuntu soft nofile 1000000 ubuntu hard nofile 1000000 root soft nofile 1000000 root hard nofile 1000000 ubuntu - nproc 819200 root - nproc 819200 ubuntu - memlock unlimited root - memlock unlimited

The output of sudo lsof | grep ipc : ghc_worke 20778 20789 ubuntu 25u unix 0xffff8803ea376800 0t0 6615462 node3.ipc type=STREAM multiplied by the number of open sockets ~1000

quorum crash with a SIGSEV error as below:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x93b695]
 
goroutine 3723 [running]:
github.com/ethereum/go-ethereum/private/constellation.(*Client).ReceivePayload(0xc420254000, 0xc42d853700, 0x40, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/private/constellation/node.go:112 +0x135
github.com/ethereum/go-ethereum/private/constellation.(*Constellation).Receive(0xc42024e030, 0xc42d853700, 0x40, 0x40, 0xc42e2d0480, 0x1, 0x0, 0x0, 0x0)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/private/constellation/constellation.go:38 +0x13e
github.com/ethereum/go-ethereum/core.(*StateTransition).TransitionDb(0xc42e115b20, 0x116e040, 0xc42e2d0480, 0xc42e13ce40, 0xc42e115b20, 0xc42e19a5d8, 0xc42e2d0480, 0xc42e2d0480, 0xf74ea0)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/core/state_transition.go:235 +0xdc6
github.com/ethereum/go-ethereum/core.ApplyMessage(0xc42e2c1500, 0x116e040, 0xc42e2d0480, 0xc42e13ce40, 0xc34b8ade501462de, 0xa5cea460, 0xc42e2a5f00, 0x0, 0x0, 0x0, ...)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/core/state_transition.go:138 +0x5b
github.com/ethereum/go-ethereum/core.ApplyTransaction(0xc4200e6000, 0xc4202f2000, 0x0, 0xc42e13ce40, 0xc42d715e00, 0xc42d715ef0, 0xc42d860480, 0xc42dac8750, 0xc42e13cbc0, 0x0, ...)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/core/state_processor.go:121 +0x4e4
github.com/ethereum/go-ethereum/raft.(*work).commitTransaction(0xc42e11f560, 0xc42dac8750, 0xc4202f2000, 0xc42e13ce40, 0x9e2bbac6a4b2bc44, 0x0, 0x0, 0x0)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/raft/minter.go:400 +0x1a6
github.com/ethereum/go-ethereum/raft.(*work).commitTransactions(0xc42e11f560, 0xc42e11f7a0, 0xc4202f2000, 0x6f5d49, 0xc420038030, 0xe48100, 0x19eeb20, 0x0, 0x0, 0xc422fa5f28, ...)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/raft/minter.go:370 +0x28f
github.com/ethereum/go-ethereum/raft.(*minter).mintNewBlock(0xc4202df4a0)
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/raft/minter.go:305 +0xcf
github.com/ethereum/go-ethereum/raft.(*minter).mintingLoop.func1()
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/raft/minter.go:223 +0x3c
created by github.com/ethereum/go-ethereum/raft.throttle.func1
    /home/ubuntu/DoubleMachines/dtcc-quorum-top-level-project/distributed_setup/quorum/build/_workspace/src/github.com/ethereum/go-ethereum/raft/minter.go:205 +0xc0

The main feature of this is a hybrid CA/tofu (openssh) TLS model that works out of the box with existing setups (even without Letsencrypt or other CAs in the mix), and uses only reasonably secure defaults for TLS (1.2+, mutually authenticated, only AEAD ciphersuites).

From CHANGELOG.md:

• Node API: The from parameter to /send is now optional. If unset, the first public key listed in publickeys will be used.

• Argon2id is now the default for password-based key locking.

• workdir command line and configuration option to set the directory in which files specified in other command-line arguments, as well as auto-generated files, will be placed.

• TLS certificate auto-generation and mutual authentication using a whitelist, certificate authority, or trust-on-first-use model.

From sample.conf:

## TLS status. Options:
##
##   - strict: All connections to and from this node must use TLS with mutual
##     authentication. See the documentation for tlsservertrust and
##     tlsclienttrust below.
##   - off: Mutually authenticated TLS is not used for in- and outbound
##     connections, although unauthenticated connections to HTTPS hosts are
##     still possible. This should only be used if another transport security
##     mechanism like WireGuard is in place.
##
## Default: strict
tls = "strict"

## Path to a file containing the server's TLS certificate in Apache format.
## This is used to identify this node to other nodes in the network when they
## connect to the public API.
##
## This file will be auto-generated if it doesn't exist.
##
## Default: "tls-server-cert.pem"
tlsservercert = "tls-server-cert.pem"

## List of files that constitute the CA trust chain for the server certificate.
## This can be empty for auto-generated/non-PKI-based certificates.
##
## Default: []
tlsserverchain = []

## The private key file for the server TLS certificate.
##
## This file will be auto-generated if it doesn't exist.
##
## Default: "tls-server-key.pem"
tlsserverkey = "tls-server-key.pem"

## TLS trust mode for the server. This decides who's allowed to connect to it.
## Options:
##
##   - whitelist: Only nodes that have previously connected to this node and
##     been added to the tlsknownclients file below will be allowed to connect.
##     This mode will not add any new clients to the tlsknownclients file.
##
##   - tofu: (Trust-on-first-use) Only the first node that connects identifying
##     as a certain host will be allowed to connect as the same host in the
##     future. Note that nodes identifying as other hosts will still be able
##     to connect -- switch to whitelist after populating the tlsknownclients
##     list to restrict access.
##
##   - ca: Only nodes with a valid certificate and chain of trust to one of
##     the system root certificates will be allowed to connect. The folder
##     containing trusted root certificates can be overriden with the
##     SYSTEM_CERTIFICATE_PATH environment variable.
##
##   - ca-or-tofu: A combination of ca and tofu: If a certificate is valid,
##     it is always allowed and added to the tlsknownclients list. If it is
##     self-signed, it will be allowed only if it's the first certificate this
##     node has seen for that host.
##
##   - insecure-no-validation: Any client can connect, however they will still
##     be added to the tlsknownclients file.
##
## Default: "tofu"
tlsservertrust = "tofu"

## TLS known clients file for the server. This contains the fingerprints of
## public keys of other nodes that are allowed to connect to this one.
##
## Default: "tls-known-clients"
tlsknownclients = "tls-known-clients"

## Path to a file containing the client's TLS certificate in Apache format.
## This is used to identify this node to other nodes in the network when it is
## connecting to their public APIs.
##
## This file will be auto-generated if it doesn't exist.
##
## Default: "tls-client-cert.pem"
tlsclientcert = "tls-client-cert.pem"

## List of files that constitute the CA trust chain for the client certificate.
## This can be empty for auto-generated/non-PKI-based certificates.
##
## Default: []
tlsclientchain = []

## The private key file for the client TLS certificate.
##
## This file will be auto-generated if it doesn't exist.
##
## Default: "tls-client-key.pem"
tlsclientkey = "tls-client-key.pem"

## TLS trust mode for the client. This decides which servers it will connect to.
## Options:
##
##   - whitelist: This node will only connect to servers it has previously seen
##     and added to the tlsknownclients file below. This mode will not add
##     any new servers to the tlsknownservers file.
##
##   - tofu: (Trust-on-first-use) This node will only connect to the same
##     server for any given host. (Similar to how OpenSSH works.)
##
##   - ca: The node will only connect to servers with a valid certificate and
##     chain of trust to one of the system root certificates. The folder
##     containing trusted root certificates can be overriden with the
##     SYSTEM_CERTIFICATE_PATH environment variable.
##
##   - ca-or-tofu: A combination of ca and tofu: If a certificate is valid,
##     it is always allowed and added to the tlsknownservers list. If it is
##     self-signed, it will be allowed only if it's the first certificate this
##     node has seen for that host.
##
##   - insecure-no-validation: This node will connect to any server, regardless
##     of certificate, however it will still be added to the tlsknownservers
##     file.
##
## Default: "ca-or-tofu"
tlsclienttrust = "ca-or-tofu"

## TLS known servers file for the client. This contains the fingerprints of
## public keys of other nodes that this node has encountered.
##
## Default: "tls-known-servers"
tlsknownservers = "tls-known-servers"

Resolves https://github.com/jpmorganchase/constellation/issues/24

Constellation seems to have an issue with persistence, causing data not to persist right away.

I am using a 3-node Istanbul setup and constellation with the following startup parameters:

constellation-node \
   --socket=/qdata/tm.ipc \
  --privatekeys=/k8s/secrets/constellationPrivateKeyJson \
  --publickeys=/k8s/secrets/constellationPublicKey \
  --passwords=/k8s/secrets/constellationPrivateKeyPassword \
  --storage=/qdata/constellation \
  --url=http://10.15.249.229:9000/ \
  --port=9000 --tls=off \
  --othernodes=http://10.15.249.81:9000/,http://10.15.249.229:9000/,http://10.15.251.95:9000/ \
  --verbosity=10000

Constellations starts with the following output:

21:34:12 [INFO] Log level is LevelDebug
21:34:12 [DEBUG] Configuration: Config 
    { cfgUrl = "http://10.15.249.229:9000/"
    , cfgPort = 9000
    , cfgWorkDir = Nothing
    , cfgSocket = Just "/qdata/tm.ipc"
    , cfgOtherNodes = 
        [ "http://10.15.249.81:9000/"
        , "http://10.15.249.229:9000/"
        , "http://10.15.251.95:9000/"
        ] 
    , cfgPublicKeys = [ "..." ]
    , cfgPrivateKeys = [ "..." ]
    , cfgAlwaysSendTo = []
    , cfgPasswords = Just "..."
    , cfgStorage = "/qdata/constellation"
    , cfgIpWhitelist = []
    , cfgTls = "off"
    , cfgTlsServerCert = "tls-server-cert.pem"
    , cfgTlsServerChain = []
    , cfgTlsServerKey = "tls-server-key.pem"
    , cfgTlsServerTrust = "ca-or-tofu"
    , cfgTlsKnownClients = "tls-known-clients"
    , cfgTlsClientCert = "tls-client-cert.pem"
    , cfgTlsClientChain = []
    , cfgTlsClientKey = "tls-client-key.pem"
    , cfgTlsClientTrust = "ca-or-tofu"
    , cfgTlsKnownServers = "tls-known-servers"
    , cfgJustShowVersion = False
    , cfgJustGenerateKeys = []
    , cfgVerbosity = 10000
    } 
21:34:12 [INFO] Utilizing 8 core(s)
21:34:12 [INFO] Constructing Enclave using keypairs [("...","...")]
21:34:18 [INFO] Throwaway public key for self-sending: "kqZCPoucrSdeNmWMhp9j1laf09sRL/uTkEsVH+fX5xk="
21:34:24 [INFO] Node started
21:34:24 [INFO] Public API listening on 0.0.0.0 port 9000 with whitelist: ["Disabled"]
21:34:24 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:34:24 [INFO] Private API listening on /qdata/tm.ipc
21:34:24 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:34:24 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:34:24 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:34:25 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:34:25 [DEBUG] Request from : ApiUpcheck; Response: ApiUpcheckR
21:34:25 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:34:25 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:34:25 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:34:25 [DEBUG] Request from : ApiUpcheck; Response: ApiUpcheckR
21:34:26 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:34:26 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:34:26 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:34:26 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:34:27 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:34:27 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:34:27 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:34:31 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:34:35 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:34:35 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:34:35 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:34:35 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:34:43 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:34:43 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:34:43 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:34:43 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:34:53 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:34:53 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:34:53 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:34:53 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:35:03 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:35:03 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:35:03 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:35:03 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:35:13 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:35:13 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:35:13 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:35:13 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:35:23 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:35:23 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:35:23 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:35:23 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:35:33 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:35:33 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:35:33 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:35:33 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:35:44 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:35:44 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:35:44 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:35:44 [INFO] Finished synchronization with http://10.15.249.81:9000/
21:36:14 [INFO] Starting synchronization with http://10.15.251.95:9000/
21:36:14 [INFO] Finished synchronization with http://10.15.251.95:9000/
21:36:14 [INFO] Starting synchronization with http://10.15.249.81:9000/
21:36:14 [INFO] Finished synchronization with http://10.15.249.81:9000/

The database is empty:

$ db_dump -p /qdata/constellation/payload.db 
VERSION=3
format=print
type=hash
db_pagesize=65536
HEADER=END
DATA=END

Now, I send a private transaction to this node using this script:

const solc = require('solc')
const Web3 = require('web3')

const accountPassword = "Abcd1234"

// define inputs
const rpc_1 = "..."
const web3_1 = new Web3(new Web3.providers.HttpProvider(rpc_1))

const pubkey_2 = "..."
const rpc_2 = "..."
const web3_2 = new Web3(new Web3.providers.HttpProvider(rpc_2))

// compile contract
const sourceCode = `
pragma solidity ^0.4.0;


contract SimpleStorage {


    uint public storedData;
    
    function SimpleStorage(uint initVal) public {
        storedData = initVal;
    }
    
    function set(uint x) public {
        storedData = x;
    }
    
    function get() public constant returns (uint retVal) {
        return storedData;
    }
}
`
const compiled = solc.compile(sourceCode, 1)
const root = compiled.contracts[Object.keys(compiled.contracts)[0]]
const abi = JSON.parse(root.interface)

web3_1.eth.getAccounts()
  .then((accounts) => {
    if (!accounts) {
      return Promise.reject(new Error('No account found'))
    }
    return Promise.resolve(accounts[0])
  })
  .then((account) => {
    return web3_1.eth.personal.unlockAccount(account, accountPassword).then(() => {
      return Promise.resolve(account)
    })
  })
  .then((unlockedAccount) => {
    const contract = new web3_1.eth.Contract(abi)
    // Deploy contract and send transaction
    return contract.deploy({
      data: '0x' + root.bytecode,
      arguments: [1]
    }).send({
      from: unlockedAccount,
      gas: 300000,
      privateFor: [ pubkey_2 ]
    })
  })
  // Make sure deployed contract has an address
  .then((newContractInstance) => {
    const address = newContractInstance.options.address
    console.log(address)
    const contract = new web3_2.eth.Contract(abi, address)
    return contract.methods.get().call().then((value) => {
      console.log("Successfully read value", value)
    })
  })
  .catch((err) => {
    console.error(err)
  })

Constellation output:

21:45:47 [DEBUG] Request from 10.12.2.141:45186: ApiPush ("\134J\146\&4\240~\235\202\&4\FS\193f\163\196\240\NAK\169\ETXE\223\137#\SI\"\245\SYN\179\239\218\196\163<","\204\189@\166\223\187\STX\214o\DEL\163\214\165\178\187\197A\132\189\215^6\DC3_[,f\194TQa,\144\203\198\ESC\175\ESC\RS\223\178&Q\STX7O\157Y\170\DLE\DC2Rm.\168\230\228{C|.}\241d}\152\241\209\135\&9\DLE\240\129b\154\192\174\236\rr6\181\NUL\a\194\181\227\215\194N\245\128\221\&2\195\DC1\183S\202k\175r\221\150\233\245<\227\153\n\202\155\171E[\155\DEL\137Q:\149$1\252\203\191\229\182\165\250\157\SO\NULe\186\234\246\210Z\v\152\188q\172\140>\154\253}\149H\ENQ-T\186\171\&5\152\160xj\187\146\138X\225\212|\212\ENQ1\132\170Q\158\201I\246\RS\168\222 \NULY\142\nk\133\164\EOT\ESCz-\249!\DLE>\ENQT@\137m2,fR\140F\251d\183ua\218\242\146\156i>\130.\201\CAN6\177-\152\178z\ETB\187\&2d\215\177\197W\172V\195\201c\196\246\SYN\212$:(\214\EM\DC4Z:\NAK\154t\156\229\236S\255\200\n\241_\ETBvU\ESC\252\223?i\220\ENQ\130\b\178\184\170]\181\131\255\DLE\160\153\169\220\191t\229\156\&5\232?\\\232sN\239\233\213\220\205\EOTM\188\162\240\251\145\n\204\230i@\195\tX\253/_","\GS\141j\154\206\192\205~\253\184\DEL\141-\180{7#t\165`0\249\168\250",["%I$\150\EM\GSw\137L\136)\211\160\179I3/g\STX\140\214\184;\218]\163\EOT\168\139\141\SO\233\146^X\208W\151G\145?\143X8\131\231\190\240"],"j6e\DLE\NUL\EOT\b\205\186\193#\170\DEL\129T\US\DC3#\171f\DLE^s\142"); Response: ApiPushR "HrNhsVYqY+8nUVDeVOG0vHBiX4zFUKCwXxD/y25043pNIQkS/zE1ndnOhlex/vR4vPf/a5bdPCGHo4FKptMBTw=="
21:45:48 [DEBUG] Request from : ApiReceiveRaw (Receive {rreqKey = "HrNhsVYqY+8nUVDeVOG0vHBiX4zFUKCwXxD/y25043pNIQkS/zE1ndnOhlex/vR4vPf/a5bdPCGHo4FKptMBTw==", rreqTo = Nothing}); Response: ApiReceiveRawR (ReceiveResponse {rresPayload = "`\128`@R4\128\NAKa\NUL\DLEW`\NUL\128\253[P`@Q` \128a\SOH\DC4\131\&9\129\SOH`@RQ`\NULU`\225\128a\NUL3`\NUL9`\NUL\243\NUL`\128`@R`\EOT6\DLE`RWc\255\255\255\255|\SOH\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL`\NUL5\EOT\SYNc*\SUB\252\217\129\DC4`WW\128c`\254G\177\DC4`{W\128cmL\230<\DC4`\146W[`\NUL\128\253[4\128\NAK`bW`\NUL\128\253[P`i`\164V[`@\128Q\145\130RQ\144\129\144\ETX` \SOH\144\243[4\128\NAK`\134W`\NUL\128\253[P`\144`\EOT5`\170V[\NUL[4\128\NAK`\157W`\NUL\128\253[P`i`\175V[`\NULT\129V[`\NULUV[`\NULT\144V\NUL\161ebzzr0X ~\ENQ\219\156}\SYN\SYN\191\a2\242\245\224\255\155\172l\238\235\227\137\174\213\250\175\RS\151\153\193\DC1\234\STX\NUL)\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\NUL\SOH"})

output of my script:

0xa7f3BE7d32C68695993B8c8F5618B3595A6aB3dE
Successfully read value 1

Now, I check the database again (still empty):

db_dump -p /qdata/constellation/payload.db 
VERSION=3
format=print
type=hash
db_pagesize=65536
HEADER=END
DATA=END

Now, I restart constellation and db dump returns the correct response:

$ db_dump -p /qdata/constellation/payload.db 
VERSION=3
format=print
type=hash
db_pagesize=65536
HEADER=END
 HrNhsVYqY+8nUVDeVOG0vHBiX4zFUKCwXxD/y25043pNIQkS/zE1ndnOhlex/vR4vPf/a5bdPCGHo4FKptMBTw==
 \00\00\00\00\00\00\00 \86J\924\f0~\eb\ca4\1c\c1f\a3\c4\f0\15\a9\03E\df\89#\0f"\f5\16\b3\ef\da\c4\a3<\00\00\00\00\00\00\01D\cc\bd@\a6\df\bb\02\d6o\7f\a3\d6\a5\b2\bb\c5A\84\bd\d7^6\13_[,f\c2TQa,\90\cb\c6\1b\af\1b\1e\df\b2&Q\027O\9dY\aa\10\12Rm.\a8\e6\e4{C|.}\f1d}\98\f1\d1\879\10\f0\81b\9a\c0\ae\ec\0dr6\b5\00\07\c2\b5\e3\d7\c2N\f5\80\dd2\c3\11\b7S\cak\afr\dd\96\e9\f5<\e3\99\0a\ca\9b\abE[\9b\7f\89Q:\95$1\fc\cb\bf\e5\b6\a5\fa\9d\0e\00e\ba\ea\f6\d2Z\0b\98\bcq\ac\8c>\9a\fd}\95H\05-T\ba\ab5\98\a0xj\bb\92\8aX\e1\d4|\d4\051\84\aaQ\9e\c9I\f6\1e\a8\de \00Y\8e\0ak\85\a4\04\1bz-\f9!\10>\05T@\89m2,fR\8cF\fbd\b7ua\da\f2\92\9ci>\82.\c9\186\b1-\98\b2z\17\bb2d\d7\b1\c5W\acV\c3\c9c\c4\f6\16\d4$:(\d6\19\14Z:\15\9at\9c\e5\ecS\ff\c8\0a\f1_\17vU\1b\fc\df?i\dc\05\82\08\b2\b8\aa]\b5\83\ff\10\a0\99\a9\dc\bft\e5\9c5\e8?\\\e8sN\ef\e9\d5\dc\cd\04M\bc\a2\f0\fb\91\0a\cc\e6i@\c3\09X\fd/_\00\00\00\00\00\00\00\18\1d\8dj\9a\ce\c0\cd~\fd\b8\7f\8d-\b4{7#t\a5`0\f9\a8\fa\00\00\00\00\00\00\00\01\00\00\00\00\00\00\000%I$\96\19\1dw\89L\88)\d3\a0\b3I3/g\02\8c\d6\b8;\da]\a3\04\a8\8b\8d\0e\e9\92^X\d0W\97G\91?\8fX8\83\e7\be\f0\00\00\00\00\00\00\00\18j6e\10\00\04\08\cd\ba\c1#\aa\7f\81T\1f\13#\abf\10^s\8e\00\00\00\00\00\00\00\00
DATA=END

While trying to create a private contract, Getting this error.

Creating Private Contract: simpleContract.new(42, { from: web3.eth.accounts[1], data: bytecode, gas: 0x47b760, privateFor:["v0wYXz58AoaEv8Ky9fgx6PlaU*************"] })

Web3 Browser Error: {"jsonrpc":"2.0","id":12,"error":{"code":-32000,"message":"illegal base64 data at input byte 8"}}

Constellation Logs; 14:47:25 [WARN] Error performing API request: ApiPush ("\139\155?\250Tb\224\168\208\170\STX\208b\128\170\188-\191\CAN\207\180\188y=\DEL;\190\213\140\133o","\247\143\181\227:\205[\205\ETB\170\167n,\DC3rU{\CANc\196\198b@\155\SOH\169u\211/\SI\t\138\199\241\248\234\255l\131\EOT\250\255\EOT\158k\166\233\190\229_\FSy,\226\251J h*\ENQ<\214\&7\229\NUL\168B\229\182\168S\240\&8\141\131\243\241\206\150\rQ\192\&9\DC4q\141\148,27\171[\GS\ETBl\136e~\156D\164B\168\EM\208s\233w\166\163\198\rk\172\a\172H\144r%\n\ESC\209\132\167\229\249\196\146\196\133h\247p.r\t\147&4\224N\186\STX\174>\131B\SI\174\242\166\176V8\244\150=w\GS\157\157m%\NULR@\135&5\FS\202\183\251\222\223\DC4\187\246X\ESC\189&1c\129\DEL\247:\211\145\222\153#\154"y<\202\152\226\EOTk\SUBM\215Y\200\ESC\150\ETX!\EOT\128"\t\170;\145\180\CAN\SI\192\239\161\ETX\193K\190^\r\136SC\208\US\DC4-\168X\228\FS\226po\234jM\US_\DLE\241\138\230$\195\147\169\236NPW\210\155v\EOT m_\128`\246h:\DLE\195\165\196D\166\129\222&3)(;\251z\ENQ\240\SUB\155E\137\182\175\148lD\246%\ETB\186\140&0\252\148\203m\132\144\166&6j\168[\172;\n[\232\EMv\193\248\228K\164P\206r\170\241\159\191\249\173L\212\DLE\b\FS?\239\254S\211A\191ha\212$A\DLEmzbgi\196\186)\167\224\157\173\164Jw9\221\237\130\224'7\DC1\EOT","V_\148A\144&2U\235v\157\227\b\254\184\172>\DC3\219n-\144y#\148",["\234\164&16No\168al\\EMk\231NE(w\203$_\228!#\STX=\DC25\158\179\192\242\248fD\153\251\DLE\216\166\182Iry\254\169\252 y"],"\DC2\DEL,?.\154\145q\CAN\v\ETB\195z\214\au\238O\131L7\205\252\245"); save: Payload file already exists

Note; Works fine with v0.2.0

Hi all, When setting up the 7-node example of Quorum, I wanna establish a private network to allow other node to join in. So I use private IP of virtual network to start the nodes instead of 127.0.0.1, ... , 127.0.0.7. However, there'll be Handshake errors when all nodes use one IP (even though ports are different). I wonder if is there any other way to make this? Thanks a lot.

I checked for the obvious, namely, tampering the pub base64 by adding some characters at the start. The error, changes to invalid base64 encoding near offset 44. Also I verified that I was using the same version constellation-enclave-keygen, and finally, tried to use keys from quorum-examples just in case.

DISCLAIMER: Pretty sure is a layer 8 error, but I cannot see it after two hours of fiddling. Kindly request for help.

• Commit is

commit 4b4ba6003baf01705ec9f7d843baeae3b37f9a94
Author: Patrick Mylund Nielsen <[email protected]>
Date:   Fri Mar 24 12:09:11 2017 -0400

• Log obtained

./constellation-node ethereum/constellation-conf

2017 Mar-28 10:36:12663291 [INFO] Log level is LevelDebug
2017 Mar-28 10:36:12663469 [DEBUG] Configuration: Config {cfgUrl = "http://10.24.0.4:22000/", cfgPort = 22000, cfgSocket = Just "/home/banketh/ethereum/constellation.ipc", cfgOtherNodes = ["http://10.24.0.5:22000/, http://10.24.0.8:22000/, http://10.24.0.7:22000/"], cfgPublicKeys = ["/home/banketh/ethereum/constellation-pub"], cfgPrivateKeys = ["/home/banketh/ethereum/constellation-prv"], cfgPasswords = Nothing, cfgStorage = "/home/banketh/ethereum/constellation", cfgIpWhitelist = [], cfgJustShowVersion = False, cfgVerbosity = 3}
2017 Mar-28 10:36:12663554 [INFO] Utilizing 1 core(s)
2017 Mar-28 10:36:12663722 [INFO] Constructing Enclave using keypairs [("/home/banketh/ethereum/constellation-pub","/home/banketh/ethereum/constellation-prv")]
constellation-node: fromShowRight: Got Left: "invalid padding"
CallStack (from HasCallStack):
  error, called at ./Constellation/Util/Either.hs:14:28 in constellation-0.1.0.0-IsiykKpPlVs3yKQYw1hA4n:Constellation.Util.Either

• Command

./constellation-node ethereum/constellation-conf

• constellation-conf

# Externally accessible URL for this node (this is what's advertised)
url = "http://10.24.0.4:22000/"

# Port to listen on for the public API
port = 22000

# Socket file to use for the private API / IPC
socket = "/home/banketh/ethereum/constellation.ipc"

# Initial (not necessarily complete) list of other nodes in the network.
# Constellation will automatically connect to other nodes not in this list
# that are advertised by the nodes below, thus these can be considered the
# "boot nodes."
othernodes = ["http://10.24.0.5:22000/", "http://10.24.0.8:22000/", "http://10.24.0.7:22000/"]

# The set of public keys this node will host
publickeys = ["/home/banketh/ethereum/constellation-pub"]

# The corresponding set of private keys
privatekeys = ["/home/banketh/ethereum/constellation-prv"]

# Optional file containing the passwords to unlock the given privatekeys
# (one password per line -- add an empty line if one key isn't locked.)
# passwords = "passwords"

# Where to store payloads and related information
storage = "/home/banketh/ethereum/constellation"

# Optional IP whitelist for the external API. If unspecified/empty,
# connections from all sources will be allowed (but the private API remains
# accessible only via the IPC socket above.) To allow connections from
# localhost when a whitelist is defined, e.g. when running multiple
# Constellation nodes on the same machine, add "127.0.0.1" and "::1" to
# this list.
# ipwhitelist = ["10.0.0.1", "2001:0db8:85a3:0000:0000:8a2e:0370:7334"]

# Verbosity level (each level includes all prior levels)
#   - 0: Only fatal errors
#   - 1: Warnings
#   - 2: Informational messages
#   - 3: Debug messages
verbosity = 3

• constellation-pub

UVSeNgQA2WJSZVoUAi5v2Ebu0aSc18QW2juW/yBSDzI=

• constellation-prv

{"data":{"bytes":"PQv0IkX0HR/qxv7v/3bkqLgqAb3EuNYl3LLDwHWyCm0="},"type":"unlocked"}

Is there a way to start sending password as argument? it would be very helpful, we are working setting up +3 constellation nodes with quorum and this will make start-up scripts easier for us.

We are attempting to understand how the Constellation network deals with possible bad actors that attempt to interact with private contracts they were not made a party to. In our testing, this can allow a bad actor to put a target peer in a bad state.

The 7node demo shows these step with a constellation private contract:

1. Alice creates a contract with Bob as a party and an initial state
2. Alice can read state
3. Charlie cannot read state
4. Bob can read state
5. Alice then sends state update to Bob
6. Charlie still cannot see the state
7. Bob can see the updated state

But what happens when Charlie sends an update transaction to Alice?

This scenario is not explicitly disallowed and results in a bad block from Alice's perspective being sealed. The rest of the network believes this is a valid block. Alice will drop any peer connections to nodes that send this "bad block" to her. She is effectively disconnected from the network.

Shouldn't this scenario be disallowed?

Network Details: Quorum v2.1.0 Constellation 0.3.2 IBFT Consensus Alice, Bob and Charle are not validators.

Major Changes No 1 : debian package manager tweaks

By default, Ubuntu or Debian based "apt" or "apt-get" system installs recommended but not suggested packages .

By passing "--no-install-recommends" option, the user lets apt-get know not to consider recommended packages as a dependency to install.

This results in smaller downloads and installation of packages .

Refer to blog at Ubuntu Blog .

Major Changes No 2 : added packages apt-utils ca-certificates

Because build is

1. Slow because "apt-utils" not installed

2. to avoid build to exits with error without having certificate

Signed-off-by: Pratik Raj [email protected]

Hi, ¿How can we know if constellation is working properly? We have 3 quorum nodes and we send a transaction private for 2 of them. ¿How can we check this?

Thanks in advance

Hi,

I couldn't find any contribution guidelines, so I hope this is okay. While reading through the README.md, I noticed that the section which mentions the 'receive' api call references two identifiers, 'qwrqwrqwr' and 'owqkrokwr'. Based on what I read, I believe 'owqkrokwr' should be passed to the 'receive' method call 'key' parameter.

I may have completely misunderstood how constellation works, if that is the case, please ignore this and sorry for wasting your time.