pr_fixes

.github/workflows/release.yml

@@ -141,7 +141,7 @@ jobs:
         with:
           workflow: update_service
           repo: fluencelabs/node-distro
-          ref: 'main'
+          ref: 'tg-hl-api'
           token: ${{ secrets.PERSONAL_TOKEN }}
           inputs: '{
             "name": "trust-graph",

README.md

@@ -62,5 +62,26 @@ func my_function(peer_id: string) -> u32:
    import { Fluence, KeyPair } from "@fluencelabs/fluence";
    import { krasnodar, Node } from "@fluencelabs/fluence-network-environment";
    ```
-3. Add root and issue root trust.
+3. Create client (specify keypair if you are node owner
-4. For now, trusts/revocations can only be signed by client's private key.
+[link](https://github.com/fluencelabs/node-distro/blob/main/fluence/Config.default.toml#L9))
+
+   ```typescript
+   await Fluence.start({ connectTo: relay /*, KeyPair: builtins_keypair*/});
+   ```
+4. Add root and issue root trust.
+   ```typescript
+   let peer_id = Fluence.getStatus().peerId;
+   let relay = Fluence.getStatus().relayPeerId;
+   assert(peer_id !== null);
+   assert(relay !== null);
+   let max_chain_len = 2;
+   let far_future = tg.timestamp_sec() + 9999999999;
+   let error = await tg.add_root_trust(relay, peer_id, max_chain_len, far_future);
+   assert(error == null)
+   ```
+5. For now, trusts/revocations can only be signed with the client's private key.
+   Keypair specification will be available soon.
+   ```typescript
+   // issue signed trust
+   let error = await tg.issue_trust(relay, peer_id, issued_for_peer_id, expires_at_sec);
+   ```

admin/index.ts

@@ -69,7 +69,7 @@ async function main(environment: Node[]) {
     common_chain.push(await issue_trust_helper(node, root_kp, root_kp.Libp2pPeerId.toB58String(), issuer_kp.Libp2pPeerId.toB58String(), expires_at, cur_time));
     // from root to example
     let trust = await issue_trust_helper(node, root_kp, root_kp.Libp2pPeerId.toB58String(), example_kp.Libp2pPeerId.toB58String(), expires_at, cur_time);
-    let cert = {chain: [...common_chain, trust]};
+    let cert = {chain: [common_chain[0], trust]};
     certificates.push(cert);
 
     for (let i = 0; i < krasnodar.length; i++)  {

aqua/trust-graph-api.aqua

@@ -13,9 +13,9 @@ func set_root(peer_id: PeerId, max_chain_len: u32) -> SetRootResult:
     result <- TrustGraph.set_root(peer_id, max_chain_len)
     <- result
 
--- Create and sign trust with private key from 'sig_id' service
+-- Create and sign trust
--- If `sig_id` is nil, default Sig service will be used with %init_peer_id% private key
+-- If `issuer` is not %init_peer_id%, Sig service with `issuer` peer id as service id should be defined
-func issue_trust(issued_for: PeerId, expires_at_sec: u64, sig_id: ?string) -> ?Trust, ?Error:
+func issue_trust(issuer: PeerId, issued_for: PeerId, expires_at_sec: u64) -> ?Trust, ?Error:
     on HOST_PEER_ID:
         issued_at_sec <- Peer.timestamp_sec()
         bytes <- TrustGraph.get_trust_bytes(issued_for, expires_at_sec, issued_at_sec)
@@ -23,13 +23,11 @@ func issue_trust(issued_for: PeerId, expires_at_sec: u64, sig_id: ?string) -> ?T
     result: ?Trust
     error: ?string
     if bytes.success:
-        sig_service: ?string
+        if issuer != %init_peer_id%:
-        if sig_id != nil:
+            Sig issuer
-            sig_service <<- sig_id!
         else:
-            sig_service <<- "sig"
+            Sig "sig"
 
-        Sig sig_service!
         signature <- Sig.sign(bytes.result)
 
         on HOST_PEER_ID:
@@ -52,13 +50,9 @@ func import_trust(trust: Trust, issuer: PeerId) -> ?Error:
     <- error
 
 -- Issue trust and add to TG instance on `node`
--- If `issuer` != %init_peer_id%, Sig service should be registered with issuer's peer id as a service id.
+-- If `issuer` is not %init_peer_id%, Sig service with `issuer` peer id as service id should be defined
 func add_trust(node: PeerId, issuer: PeerId, issued_for: PeerId, expires_at_sec: u64) -> ?Error:
-    sig_service: ?string
+    trust, issue_error <- issue_trust(issuer, issued_for, expires_at_sec)
-    if issuer != %init_peer_id%:
-        sig_service <<- issuer
-
-    trust, issue_error <- issue_trust(issued_for, expires_at_sec, sig_service)
 
     error: *?Error
     if trust == nil:
@@ -70,13 +64,9 @@ func add_trust(node: PeerId, issuer: PeerId, issued_for: PeerId, expires_at_sec:
     <- error!
 
 -- Set `peer_id` as a root and add self-signed trust to TG instance on `node`
--- If `peer_id` != %init_peer_id%, Sig service should be registered with this peer id as a service id.
+-- If `peer_id` is not %init_peer_id%, Sig service with `peer_id` as service id should be defined
 func add_root_trust(node: PeerId, peer_id: PeerId, max_chain_len: u32, expires_at_sec: u64) -> ?Error:
-    sig_service: ?string
+    trust, issue_error <- issue_trust(peer_id, peer_id, expires_at_sec)
-    if peer_id != %init_peer_id%:
-        sig_service <<- peer_id
-
-    trust, issue_error <- issue_trust(peer_id, expires_at_sec, sig_service)
 
     error: *?Error
     if trust == nil:
@@ -114,8 +104,8 @@ func get_weight_from(peer_id: PeerId, issuer: PeerId) -> WeightResult:
     <- result
 
 -- Create revocation signed by %init_peer_id%
--- If `sig_id` is nil, default Sig service will be used with %init_peer_id% private key
+-- If `revoked_by` is not %init_peer_id%, Sig service with `revoked_by` peer id as service id should be defined
-func issue_revocation(revoked_by: PeerId, revoked: PeerId, sig_id: ?string) -> ?Revocation, ?Error:
+func issue_revocation(revoked_by: PeerId, revoked: PeerId) -> ?Revocation, ?Error:
     on HOST_PEER_ID:
         issued_at_sec <- Peer.timestamp_sec()
         bytes <- TrustGraph.get_revocation_bytes(revoked, issued_at_sec)
@@ -123,13 +113,11 @@ func issue_revocation(revoked_by: PeerId, revoked: PeerId, sig_id: ?string) -> ?
     result: ?Revocation
     error: ?string
     if bytes.success:
-        sig_service: ?string
+        if revoked_by != %init_peer_id%:
-        if sig_id != nil:
+            Sig revoked_by
-            sig_service <<- sig_id!
         else:
-            sig_service <<- "sig"
+            Sig "sig"
 
-        Sig sig_service!
         signature <- Sig.sign(bytes.result)
 
         on HOST_PEER_ID:
@@ -154,13 +142,9 @@ func import_revocation(revocation: Revocation) -> ?Error:
 
 -- Revoke all certificates on `node` TG instance
 -- which contain path from %init_peer_id% to `revoked_peer_id`
--- If `revoked_by` != %init_peer_id%, Sig service should be registered with this peer id as a service id.
+-- If `revoked_by` is not %init_peer_id%, Sig service with `revoked_by` peer id as service id should be defined
 func revoke(node: PeerId, revoked_by: PeerId, revoked: PeerId) -> ?Error:
-    sig_service: ?string
+    revocation, issue_error <- issue_revocation(revoked_by, revoked)
-    if revoked_by != %init_peer_id%:
-        sig_service <<- revoked_by
-
-    revocation, issue_error <- issue_revocation(revoked_by, revoked, sig_service)
 
     error: *?string
     if revocation == nil: