Merge branch 'main' into alex/sims2_main

CHANGELOG.md

@@ -43,6 +43,8 @@ Every module contains its own CHANGELOG.md. Please refer to the module you are i
 ### Features
 
 * (baseapp) [#20291](https://github.com/cosmos/cosmos-sdk/pull/20291) Simulate nested messages.
+* (cli) [#21372](https://github.com/cosmos/cosmos-sdk/pull/21372) Add a `bulk-add-genesis-account` genesis command to add many genesis accounts at once.
+* (crypto/keyring) [#21653](https://github.com/cosmos/cosmos-sdk/pull/21653) New Linux-only backend that adds Linux kernel's `keyctl` support.
 * (runtime) [#21704](https://github.com/cosmos/cosmos-sdk/pull/21704) Add StoreLoader in simappv2.
 
 ### Improvements

crypto/keyring/doc.go

@@ -33,6 +33,8 @@
 //		https://github.com/KDE/kwallet
 //	pass	This backend uses the pass command line utility to store and retrieve keys:
 //		https://www.passwordstore.org/
+//	keyctl  This backend leverages the Linux's kernel security key management system
+//		to store cryptographic keys securely in memory. This is available on Linux only.
 //	test	This backend stores keys insecurely to disk. It does not prompt for a password to
 //		be unlocked and it should be used only for testing purposes.
 //	memory	Same instance as returned by NewInMemory. This backend uses a transient storage. Keys

crypto/keyring/keyring.go

@@ -147,23 +147,6 @@ type Exporter interface {
 // Option overrides keyring configuration options.
 type Option func(options *Options)
 
-// Options define the options of the Keyring.
-type Options struct {
-	// supported signing algorithms for keyring
-	SupportedAlgos SigningAlgoList
-	// supported signing algorithms for Ledger
-	SupportedAlgosLedger SigningAlgoList
-	// define Ledger Derivation function
-	LedgerDerivation func() (ledger.SECP256K1, error)
-	// define Ledger key generation function
-	LedgerCreateKey func([]byte) types.PubKey
-	// define Ledger app name
-	LedgerAppName string
-	// indicate whether Ledger should skip DER Conversion on signature,
-	// depending on which format (DER or BER) the Ledger app returns signatures
-	LedgerSigSkipDERConv bool
-}
-
 // NewInMemory creates a transient keyring useful for testing
 // purposes and on-the-fly key generation.
 // Keybase options can be applied when generating this new Keybase.
@@ -180,7 +163,7 @@ func NewInMemoryWithKeyring(kr keyring.Keyring, cdc codec.Codec, opts ...Option)
 // New creates a new instance of a keyring.
 // Keyring options can be applied when generating the new instance.
 // Available backends are "os", "file", "kwallet", "memory", "pass", "test".
-func New(
+func newKeyringGeneric(
 	appName, backend, rootDir string, userInput io.Reader, cdc codec.Codec, opts ...Option,
 ) (Keyring, error) {
 	var (

crypto/keyring/keyring_linux.go

@@ -0,0 +1,84 @@
+//go:build linux
+// +build linux
+
+package keyring
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/99designs/keyring"
+
+	"github.com/cosmos/cosmos-sdk/codec"
+	"github.com/cosmos/cosmos-sdk/crypto/ledger"
+	"github.com/cosmos/cosmos-sdk/crypto/types"
+)
+
+// Linux-only backend options.
+const BackendKeyctl = "keyctl"
+
+func KeyctlScopeUser(options *Options)        { setKeyctlScope(options, "user") }
+func KeyctlScopeUserSession(options *Options) { setKeyctlScope(options, "usersession") }
+func KeyctlScopeSession(options *Options)     { setKeyctlScope(options, "session") }
+func KeyctlScopeProcess(options *Options)     { setKeyctlScope(options, "process") }
+func KeyctlScopeThread(options *Options)      { setKeyctlScope(options, "thread") }
+
+// Options define the options of the Keyring.
+type Options struct {
+	// supported signing algorithms for keyring
+	SupportedAlgos SigningAlgoList
+	// supported signing algorithms for Ledger
+	SupportedAlgosLedger SigningAlgoList
+	// define Ledger Derivation function
+	LedgerDerivation func() (ledger.SECP256K1, error)
+	// define Ledger key generation function
+	LedgerCreateKey func([]byte) types.PubKey
+	// define Ledger app name
+	LedgerAppName string
+	// indicate whether Ledger should skip DER Conversion on signature,
+	// depending on which format (DER or BER) the Ledger app returns signatures
+	LedgerSigSkipDERConv bool
+	// KeyctlScope defines the scope of the keyctl's keyring.
+	KeyctlScope string
+}
+
+func newKeyctlBackendConfig(appName, _ string, _ io.Reader, opts ...Option) keyring.Config {
+	options := Options{
+		KeyctlScope: keyctlDefaultScope, // currently "process"
+	}
+
+	for _, optionFn := range opts {
+		optionFn(&options)
+	}
+
+	return keyring.Config{
+		AllowedBackends: []keyring.BackendType{keyring.KeyCtlBackend},
+		ServiceName:     appName,
+		KeyCtlScope:     options.KeyctlScope,
+	}
+}
+
+// New creates a new instance of a keyring.
+// Keyring options can be applied when generating the new instance.
+// Available backends are "os", "file", "kwallet", "memory", "pass", "test", "keyctl".
+func New(
+	appName, backend, rootDir string, userInput io.Reader, cdc codec.Codec, opts ...Option,
+) (Keyring, error) {
+	if backend != BackendKeyctl {
+		return newKeyringGeneric(appName, backend, rootDir, userInput, cdc, opts...)
+	}
+
+	db, err := keyring.Open(newKeyctlBackendConfig(appName, "", userInput, opts...))
+	if err != nil {
+		return nil, fmt.Errorf("couldn't open keyring for %q: %w", appName, err)
+	}
+
+	return newKeystore(db, cdc, backend, opts...), nil
+}
+
+func setKeyctlScope(options *Options, scope string) { options.KeyctlScope = scope }
+
+// this is private as it is meant to be here for SDK devs convenience
+// as the user does not need to pick any default when he wants to
+// initialize keyctl with the default scope.
+const keyctlDefaultScope = "process"

crypto/keyring/keyring_linux_test.go

@@ -0,0 +1,51 @@
+//go:build linux
+// +build linux
+
+package keyring
+
+import (
+	"errors"
+	"io"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/cosmos/cosmos-sdk/codec"
+)
+
+func TestNewKeyctlKeyring(t *testing.T) {
+	cdc := getCodec()
+
+	tests := []struct {
+		name        string
+		appName     string
+		backend     string
+		dir         string
+		userInput   io.Reader
+		cdc         codec.Codec
+		expectedErr error
+	}{
+		{
+			name:        "keyctl backend",
+			appName:     "cosmos",
+			backend:     BackendKeyctl,
+			dir:         t.TempDir(),
+			userInput:   strings.NewReader(""),
+			cdc:         cdc,
+			expectedErr: nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			kr, err := New(tt.appName, tt.backend, tt.dir, tt.userInput, tt.cdc)
+			if tt.expectedErr == nil {
+				require.NoError(t, err)
+			} else {
+				require.Error(t, err)
+				require.Nil(t, kr)
+				require.True(t, errors.Is(err, tt.expectedErr))
+			}
+		})
+	}
+}

crypto/keyring/keyring_other.go

@@ -0,0 +1,35 @@
+//go:build !linux
+// +build !linux
+
+package keyring
+
+import (
+	"io"
+
+	"github.com/cosmos/cosmos-sdk/codec"
+	"github.com/cosmos/cosmos-sdk/crypto/ledger"
+	"github.com/cosmos/cosmos-sdk/crypto/types"
+)
+
+// Options define the options of the Keyring.
+type Options struct {
+	// supported signing algorithms for keyring
+	SupportedAlgos SigningAlgoList
+	// supported signing algorithms for Ledger
+	SupportedAlgosLedger SigningAlgoList
+	// define Ledger Derivation function
+	LedgerDerivation func() (ledger.SECP256K1, error)
+	// define Ledger key generation function
+	LedgerCreateKey func([]byte) types.PubKey
+	// define Ledger app name
+	LedgerAppName string
+	// indicate whether Ledger should skip DER Conversion on signature,
+	// depending on which format (DER or BER) the Ledger app returns signatures
+	LedgerSigSkipDERConv bool
+}
+
+func New(
+	appName, backend, rootDir string, userInput io.Reader, cdc codec.Codec, opts ...Option,
+) (Keyring, error) {
+	return newKeyringGeneric(appName, backend, rootDir, userInput, cdc, opts...)
+}

indexer/postgres/create_table_test.go

@@ -79,11 +79,11 @@ func Example_objectIndexer_createTableSql_vote_no_retain_delete() {
 	// GRANT SELECT ON TABLE "test_vote" TO PUBLIC;
 }
 
-func exampleCreateTable(objectType schema.ObjectType) {
+func exampleCreateTable(objectType schema.StateObjectType) {
 	exampleCreateTableOpt(objectType, false)
 }
 
-func exampleCreateTableOpt(objectType schema.ObjectType, noRetainDelete bool) {
+func exampleCreateTableOpt(objectType schema.StateObjectType, noRetainDelete bool) {
 	tm := newObjectIndexer("test", objectType, options{
 		logger:                 logutil.NoopLogger{},
 		disableRetainDeletions: noRetainDelete,

indexer/postgres/internal/testdata/example_schema.go

@@ -4,10 +4,10 @@ import "cosmossdk.io/schema"
 
 var ExampleSchema schema.ModuleSchema
 
-var AllKindsObject schema.ObjectType
+var AllKindsObject schema.StateObjectType
 
 func init() {
-	AllKindsObject = schema.ObjectType{
+	AllKindsObject = schema.StateObjectType{
 		Name: "all_kinds",
 		KeyFields: []schema.Field{
 			{
@@ -45,7 +45,7 @@ func init() {
 	)
 }
 
-var SingletonObject = schema.ObjectType{
+var SingletonObject = schema.StateObjectType{
 	Name: "singleton",
 	ValueFields: []schema.Field{
 		{
@@ -65,7 +65,7 @@ var SingletonObject = schema.ObjectType{
 	},
 }
 
-var VoteObject = schema.ObjectType{
+var VoteObject = schema.StateObjectType{
 	Name: "vote",
 	KeyFields: []schema.Field{
 		{

indexer/postgres/module.go

@@ -40,7 +40,7 @@ func (m *moduleIndexer) initializeSchema(ctx context.Context, conn dbConn) error
 	}
 
 	// create tables for all object types
-	m.schema.ObjectTypes(func(typ schema.ObjectType) bool {
+	m.schema.StateObjectTypes(func(typ schema.StateObjectType) bool {
 		tm := newObjectIndexer(m.moduleName, typ, m.options)
 		m.tables[typ.Name] = tm
 		err = tm.createTable(ctx, conn)

indexer/postgres/object.go

@@ -9,14 +9,14 @@ import (
 // objectIndexer is a helper struct that generates SQL for a given object type.
 type objectIndexer struct {
 	moduleName  string
-	typ         schema.ObjectType
+	typ         schema.StateObjectType
 	valueFields map[string]schema.Field
 	allFields   map[string]schema.Field
 	options     options
 }
 
 // newObjectIndexer creates a new objectIndexer for the given object type.
-func newObjectIndexer(moduleName string, typ schema.ObjectType, options options) *objectIndexer {
+func newObjectIndexer(moduleName string, typ schema.StateObjectType, options options) *objectIndexer {
 	allFields := make(map[string]schema.Field)
 	valueFields := make(map[string]schema.Field)
 

indexer/postgres/select.go

@@ -70,11 +70,11 @@ func (tm *objectIndexer) existsSqlAndParams(w io.Writer, key interface{}) ([]int
 	return keyParams, err
 }
 
-func (tm *objectIndexer) get(ctx context.Context, conn dbConn, key interface{}) (schema.ObjectUpdate, bool, error) {
+func (tm *objectIndexer) get(ctx context.Context, conn dbConn, key interface{}) (schema.StateObjectUpdate, bool, error) {
 	buf := new(strings.Builder)
 	params, err := tm.getSqlAndParams(buf, key)
 	if err != nil {
-		return schema.ObjectUpdate{}, false, err
+		return schema.StateObjectUpdate{}, false, err
 	}
 
 	sqlStr := buf.String()
@@ -147,7 +147,7 @@ func (tm *objectIndexer) selectAllClause(w io.Writer) error {
 	return nil
 }
 
-func (tm *objectIndexer) readRow(row interface{ Scan(...interface{}) error }) (schema.ObjectUpdate, bool, error) {
+func (tm *objectIndexer) readRow(row interface{ Scan(...interface{}) error }) (schema.StateObjectUpdate, bool, error) {
 	var res []interface{}
 	for _, f := range tm.typ.KeyFields {
 		res = append(res, tm.colBindValue(f))
@@ -164,16 +164,16 @@ func (tm *objectIndexer) readRow(row interface{ Scan(...interface{}) error }) (s
 	err := row.Scan(res...)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
-			return schema.ObjectUpdate{}, false, err
+			return schema.StateObjectUpdate{}, false, err
 		}
-		return schema.ObjectUpdate{}, false, err
+		return schema.StateObjectUpdate{}, false, err
 	}
 
 	var keys []interface{}
 	for _, field := range tm.typ.KeyFields {
 		x, err := tm.readCol(field, res[0])
 		if err != nil {
-			return schema.ObjectUpdate{}, false, err
+			return schema.StateObjectUpdate{}, false, err
 		}
 		keys = append(keys, x)
 		res = res[1:]
@@ -188,7 +188,7 @@ func (tm *objectIndexer) readRow(row interface{ Scan(...interface{}) error }) (s
 	for _, field := range tm.typ.ValueFields {
 		x, err := tm.readCol(field, res[0])
 		if err != nil {
-			return schema.ObjectUpdate{}, false, err
+			return schema.StateObjectUpdate{}, false, err
 		}
 		values = append(values, x)
 		res = res[1:]
@@ -199,7 +199,7 @@ func (tm *objectIndexer) readRow(row interface{ Scan(...interface{}) error }) (s
 		value = values[0]
 	}
 
-	update := schema.ObjectUpdate{
+	update := schema.StateObjectUpdate{
 		TypeName: tm.typ.Name,
 		Key:      key,
 		Value:    value,

indexer/postgres/view.go

@@ -100,15 +100,15 @@ type objectView struct {
 	conn dbConn
 }
 
-func (tm *objectView) ObjectType() schema.ObjectType {
+func (tm *objectView) ObjectType() schema.StateObjectType {
 	return tm.typ
 }
 
-func (tm *objectView) GetObject(key interface{}) (update schema.ObjectUpdate, found bool, err error) {
+func (tm *objectView) GetObject(key interface{}) (update schema.StateObjectUpdate, found bool, err error) {
 	return tm.get(tm.ctx, tm.conn, key)
 }
 
-func (tm *objectView) AllState(f func(schema.ObjectUpdate, error) bool) {
+func (tm *objectView) AllState(f func(schema.StateObjectUpdate, error) bool) {
 	buf := new(strings.Builder)
 	err := tm.selectAllSql(buf)
 	if err != nil {

schema/appdata/data.go

@@ -131,7 +131,7 @@ type ObjectUpdateData struct {
 	ModuleName string
 
 	// Updates are the object updates.
-	Updates []schema.ObjectUpdate
+	Updates []schema.StateObjectUpdate
 }
 
 // CommitData represents commit data. It is empty for now, but fields could be added later.