fix: adding multiple signatures on metagraph messages

infra/ansible/remote/nodes/playbooks/deploy/deploy.ansible.yml

@@ -197,7 +197,7 @@
       shell: |
         rm -f /home/{{ ansible_user }}/code/{{ all_nodes[0].key_file.name }}
 
-- name: Send fees p12 files to nodes
+- name: Send primary snapshot fee p12 file to nodes
   hosts: nodes
   gather_facts: false
   vars:
@@ -228,4 +228,37 @@
       copy:
         src: "{{ lookup('env', 'SOURCE_PATH') }}/p12-files/{{ staking_p12_file_name }}"
         dest: "/home/{{ ansible_user }}/code/metagraph-l0/{{ staking_p12_file_name }}"
-      when: not (staking_p12_file_name is undefined or staking_p12_file_name == "") and staking_p12_file.stat.exists
+      when: not (staking_p12_file_name is undefined or staking_p12_file_name == "") and staking_p12_file.stat.exists
+
+- name: Send the second signer .p12 file for snapshot fee to nodes
+  hosts: nodes
+  gather_facts: false
+  vars:
+     second_signer_p12_file_name_owner: "{{ second_signer_p12_file_name_owner }}"
+     second_signer_p12_file_name_staking: "{{ second_signer_p12_file_name_staking }}"
+  tasks:
+    - name: Check if second signer file exists - owner
+      stat:
+        path: "{{ lookup('env', 'SOURCE_PATH') }}/p12-files/{{ second_signer_p12_file_name_owner }}"
+      register: owner_p12_file
+      delegate_to: localhost
+      when: not (second_signer_p12_file_name_owner is undefined or second_signer_p12_file_name_owner == "")
+
+    - name: Copy second signer file to remote node - owner
+      copy:
+        src: "{{ lookup('env', 'SOURCE_PATH') }}/p12-files/{{ second_signer_p12_file_name_owner }}"
+        dest: "/home/{{ ansible_user }}/code/metagraph-l0/{{ second_signer_p12_file_name_owner }}"
+      when: not (second_signer_p12_file_name_owner is undefined or second_signer_p12_file_name_owner == "") and owner_p12_file.stat.exists
+
+    - name: Check if second signer file exists - staking
+      stat:
+        path: "{{ lookup('env', 'SOURCE_PATH') }}/p12-files/{{ second_signer_p12_file_name_staking }}"
+      register: staking_p12_file
+      when: not (second_signer_p12_file_name_staking is undefined or second_signer_p12_file_name_staking == "")
+      delegate_to: localhost
+
+    - name: Copy second signer file to remote node if it exists - staking
+      copy:
+        src: "{{ lookup('env', 'SOURCE_PATH') }}/p12-files/{{ second_signer_p12_file_name_staking }}"
+        dest: "/home/{{ ansible_user }}/code/metagraph-l0/{{ second_signer_p12_file_name_staking }}"
+      when: not (second_signer_p12_file_name_staking is undefined or second_signer_p12_file_name_staking == "") and staking_p12_file.stat.exists

infra/ansible/remote/nodes/playbooks/start/metagraph-l0/genesis.ansible.yml

@@ -69,6 +69,17 @@
     msg: "File /home/{{ ansible_user }}/code/metagraph-l0/{{ owner_p12_file_name }} does not exist"
   when: not (owner_p12_file_name is undefined or owner_p12_file_name == "")  and not owner_file.stat.exists
 
+- name: Check if second signer owner file exists - owner
+  stat:
+    path: "/home/{{ ansible_user }}/code/metagraph-l0/{{ second_signer_p12_file_name_owner }}"
+  register: owner_file
+  when: not (second_signer_p12_file_name_owner is undefined or second_signer_p12_file_name_owner == "") 
+
+- name: Throw an error if the second signer file doesn't exist - owner
+  fail:
+    msg: "File /home/{{ ansible_user }}/code/metagraph-l0/{{ second_signer_p12_file_name_owner }} does not exist"
+  when: not (second_signer_p12_file_name_owner is undefined or second_signer_p12_file_name_owner == "")  and not owner_file.stat.exists
+
 - name: Check if staking file exists
   stat:
     path: "/home/{{ ansible_user }}/code/metagraph-l0/{{ staking_p12_file_name }}"
@@ -80,6 +91,17 @@
     msg: "File /home/{{ ansible_user }}/code/metagraph-l0/{{ staking_p12_file_name }} does not exist"
   when: not (staking_p12_file_name is undefined or staking_p12_file_name == "") and not staking_file.stat.exists
 
+- name: Check if second signer file exists - staking
+  stat:
+    path: "/home/{{ ansible_user }}/code/metagraph-l0/{{ second_signer_p12_file_name_staking }}"
+  register: staking_file
+  when: not (second_signer_p12_file_name_staking is undefined or second_signer_p12_file_name_staking == "")
+
+- name: Throw an error if the second signer file doesn't exist - staking
+  fail:
+    msg: "File /home/{{ ansible_user }}/code/metagraph-l0/{{ second_signer_p12_file_name_staking }} does not exist"
+  when: not (second_signer_p12_file_name_staking is undefined or second_signer_p12_file_name_staking == "") and not staking_file.stat.exists
+
 - name: Fetch the latest combined snapshot from global network
   uri:
     url: "http://{{ gl0_ip }}:{{ gl0_port }}/global-snapshots/latest/combined"
@@ -161,17 +183,49 @@
   register: owner_address_output 
   when: not (owner_p12_file_name is undefined or owner_p12_file_name == "") 
 
-- name: Get owner message
+- name: Get owner message first signer
   environment:
     CL_KEYSTORE: "{{ owner_p12_file_name }}"
     CL_KEYALIAS: "{{ owner_p12_alias }}"
     CL_PASSWORD: "{{ owner_p12_password }}"
   shell: |
     cd "/home/{{ ansible_user }}/code/metagraph-l0"
     java -jar cl-wallet.jar create-owner-signing-message --address {{ owner_address_output.stdout }} --parentOrdinal {{ owner_parent_ordinal }} --metagraphId {{ metagraph_id }}
-  register: owner_message_output 
+  register: owner_message_first_signer_output 
   when: not (owner_p12_file_name is undefined or owner_p12_file_name == "") 
 
+- name: Get owner message second signer
+  environment:
+    CL_KEYSTORE: "{{ second_signer_p12_file_name_owner }}"
+    CL_KEYALIAS: "{{ second_signer_p12_alias_owner }}"
+    CL_PASSWORD: "{{ second_signer_p12_password_owner }}"
+  shell: |
+    cd "/home/{{ ansible_user }}/code/metagraph-l0"
+    java -jar cl-wallet.jar create-owner-signing-message --address {{ owner_address_output.stdout }} --parentOrdinal {{ owner_parent_ordinal }} --metagraphId {{ metagraph_id }}
+  register: owner_message_second_signer_output 
+  when: not (owner_p12_file_name is undefined or owner_p12_file_name == "") 
+
+- name: Get owner message with 2 signers
+  set_fact:
+    owner_message_output: >-
+      {{
+        owner_message_first_signer_output.stdout | from_json |
+        combine({
+          "proofs": (
+            (owner_message_first_signer_output.stdout | from_json).proofs +
+            [(owner_message_second_signer_output.stdout | from_json).proofs[0]]
+          )
+        })
+      }}
+  when: 
+    - not (owner_p12_file_name is undefined or owner_p12_file_name == "")
+    - owner_message_first_signer_output is defined
+    - owner_message_second_signer_output is defined
+
+- name: Print owner message
+  debug:
+    var: owner_message_output
+
 - name: Get staking address
   environment:
     CL_KEYSTORE: "{{ staking_p12_file_name }}"
@@ -183,17 +237,49 @@
   register: staking_address_output 
   when: not (staking_p12_file_name is undefined or staking_p12_file_name == "")
 
-- name: Get staking message
+- name: Get staking message first signer
   environment:
     CL_KEYSTORE: "{{ staking_p12_file_name }}"
     CL_KEYALIAS: "{{ staking_p12_alias }}"
     CL_PASSWORD: "{{ staking_p12_password }}"
   shell: |
     cd "/home/{{ ansible_user }}/code/metagraph-l0"
     java -jar cl-wallet.jar create-staking-signing-message --address {{ staking_address_output.stdout }} --parentOrdinal {{ staking_parent_ordinal }}  --metagraphId {{ metagraph_id }}
-  register: staking_message_output
+  register: staking_message_first_signer_output
+  when: not (staking_p12_file_name is undefined or staking_p12_file_name == "")
+
+- name: Get staking message second signer
+  environment:
+    CL_KEYSTORE: "{{ second_signer_p12_file_name_staking }}"
+    CL_KEYALIAS: "{{ second_signer_p12_alias_staking }}"
+    CL_PASSWORD: "{{ second_signer_p12_password_staking }}"
+  shell: |
+    cd "/home/{{ ansible_user }}/code/metagraph-l0"
+    java -jar cl-wallet.jar create-staking-signing-message --address {{ staking_address_output.stdout }} --parentOrdinal {{ staking_parent_ordinal }}  --metagraphId {{ metagraph_id }}
+  register: staking_message_second_signer_output
   when: not (staking_p12_file_name is undefined or staking_p12_file_name == "")
 
+- name: Get staking message with 2 signers
+  set_fact:
+    staking_message_output: >-
+      {{
+        staking_message_first_signer_output.stdout | from_json |
+        combine({
+          "proofs": (
+            (staking_message_first_signer_output.stdout | from_json).proofs +
+            [(staking_message_second_signer_output.stdout | from_json).proofs[0]]
+          )
+        })
+      }}
+  when: 
+    - not (staking_p12_file_name is undefined or staking_p12_file_name == "")
+    - staking_message_first_signer_output is defined
+    - staking_message_second_signer_output is defined
+
+- name: Print staking message
+  debug:
+    var: staking_message_output
+
 - name: Start as genesis
   environment:
     CL_PUBLIC_HTTP_PORT: "{{ base_metagraph_l0_public_port }}"
@@ -228,14 +314,6 @@
     retries: 0
   when: should_run_genesis
 
-- name: Wait 2 minutes before stopping current execution
-  pause:
-    minutes: 2
-  when: >
-      owner_p12_file_name is defined and 
-      owner_p12_file_name != "" and 
-      should_run_genesis or force_owner_message_bool
-
 - name: Find metagraph-l0 process ID by port
   shell: "lsof -t -i:{{ base_metagraph_l0_public_port }}"
   register: l0_process_id
@@ -247,9 +325,9 @@
   ignore_errors: true
   when: should_run_genesis
 
-- name: Wait 2 minutes before starting the metagraph
+- name: Wait 5 minutes before starting the metagraph
   pause:
-    minutes: 2
+    minutes: 5
   when: >
       owner_p12_file_name is defined and 
       owner_p12_file_name != "" and 
@@ -288,11 +366,19 @@
   vars:
     retries: 0
 
+- name: Wait 7 seconds before sending messages
+  pause:
+    seconds: 7
+  when: >
+      owner_p12_file_name is defined and 
+      owner_p12_file_name != "" and 
+      should_run_genesis or force_owner_message_bool
+
 - name: Send owner message
   uri:
     url: "http://localhost:{{ base_metagraph_l0_public_port }}/currency/message"
     method: POST
-    body: "{{ owner_message_output.stdout }}"
+    body: "{{ owner_message_output }}"
     body_format: json
     status_code: 204, 200
   register: owner_response
@@ -305,7 +391,7 @@
   uri:
     url: "http://localhost:{{ base_metagraph_l0_public_port }}/currency/message"
     method: POST
-    body: "{{ staking_message_output.stdout }}"
+    body: "{{ staking_message_output }}"
     body_format: json
     status_code: 204, 200
   register: staking_response

scripts/hydra-operations/remote-deploy.sh

@@ -25,12 +25,17 @@ function remote_deploy_metagraph() {
     force_genesis=false
   fi
 
+  owner_second_signer_info=$(get_additonal_file_info_to_sign_message $SNAPSHOT_FEES_OWNER_FILE_NAME)
+  staking_second_signer_info=$(get_additonal_file_info_to_sign_message $SNAPSHOT_FEES_STAKING_FILE_NAME)
+
   ansible-playbook \
     -e "force_genesis=$force_genesis" \
     -e "deploy_cl1=$deploy_cl1" \
     -e "deploy_dl1=$deploy_dl1" \
     -e "owner_p12_file_name=$SNAPSHOT_FEES_OWNER_FILE_NAME" \
+    -e "second_signer_p12_file_name_owner=$(echo "$owner_second_signer_info" | jq -r '.name')" \
     -e "staking_p12_file_name=$SNAPSHOT_FEES_STAKING_FILE_NAME" \
+    -e "second_signer_p12_file_name_staking=$(echo "$staking_second_signer_info" | jq -r '.name')" \
     -i $ANSIBLE_HOSTS_FILE $ANSIBLE_NODES_DEPLOY_PLAYBOOK_FILE
 
 }

scripts/hydra-operations/remote-start.sh

@@ -43,6 +43,8 @@ function remote_start_metagraph() {
     fi
   fi
 
+  owner_second_signer_info=$(get_additonal_file_info_to_sign_message $SNAPSHOT_FEES_OWNER_FILE_NAME)
+  staking_second_signer_info=$(get_additonal_file_info_to_sign_message $SNAPSHOT_FEES_STAKING_FILE_NAME)
 
   ansible-playbook \
     -e "force_genesis=$force_genesis" \
@@ -51,8 +53,14 @@ function remote_start_metagraph() {
     -e "owner_p12_file_name=$SNAPSHOT_FEES_OWNER_FILE_NAME" \
     -e "owner_p12_alias=$SNAPSHOT_FEES_OWNER_ALIAS" \
     -e "owner_p12_password=$SNAPSHOT_FEES_OWNER_PASSWORD" \
+    -e "second_signer_p12_file_name_owner=$(echo "$owner_second_signer_info" | jq -r '.name')" \
+    -e "second_signer_p12_alias_owner=$(echo "$owner_second_signer_info" | jq -r '.alias')" \
+    -e "second_signer_p12_password_owner=$(echo "$owner_second_signer_info" | jq -r '.password')" \
     -e "staking_p12_file_name=$SNAPSHOT_FEES_STAKING_FILE_NAME" \
     -e "staking_p12_alias=$SNAPSHOT_FEES_STAKING_ALIAS" \
     -e "staking_p12_password=$SNAPSHOT_FEES_STAKING_PASSWORD" \
+    -e "second_signer_p12_file_name_staking=$(echo "$staking_second_signer_info" | jq -r '.name')" \
+    -e "second_signer_p12_alias_staking=$(echo "$staking_second_signer_info" | jq -r '.alias')" \
+    -e "second_signer_p12_password_staking=$(echo "$staking_second_signer_info" | jq -r '.password')" \
     -i $ANSIBLE_HOSTS_FILE $ANSIBLE_NODES_START_PLAYBOOK_FILE
 }

scripts/utils/get-information.sh

@@ -136,3 +136,15 @@ function get_should_use_updated_modules() {
         echo false
     fi
 }
+
+function get_additonal_file_info_to_sign_message() {
+  first_different_key_file=$(echo "$NODES" | jq -r --arg ext_name "$1" '
+  .[] | select(.key_file.name != $ext_name) | .key_file | @json' | head -n 1)
+
+  if [ -n "$first_different_key_file" ]; then
+    echo "$first_different_key_file"
+  else
+    echo_red "Could not find second file to sign messages"
+    exit 1
+  fi
+}