Merge branch 'feat/use-mini-quorum'

2025-02-05 09:37:24 -05:00 · 2025-02-05 09:37:24 -05:00 · 1472b7c608
parent 9ad10d3817 1ece3b4d8d
commit 1472b7c608
3 changed files with 23 additions and 106 deletions
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md
@ -48,10 +48,6 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
 1. Plug in the Operator smart card
 1. Set a local variable `pgp_key_id` to the smart card OpenPGP key id:
    * `pgp_key_id="$(oct list -i | head -1)"`
 1. Copy the git repo locally from the Ceremony SD card
 	* `cp -r /media/<device_name>/vaults /root/vaults`
@ -60,31 +56,9 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
 	* `cd /root/vaults`
-1. Verify the detached signature for the payload
+1. Verify the existing signatures and add your own signature:
-	* `gpg --verify <payload>.<num>.json <payload>.<num>.<key_id>.sig`
+	* `icepick workflow --add-signature-to-file <namespace>/ceremonies/<date>/payload_<num>.json --shardfile <shardfile>.asc`
 	* The filename will be of format: `/<namespace>/ceremonies/<date>/payloads/payload_<number>.json`
 1. Verify the key is authenticated:
 	* `sq-wot --gpg list "<their@email.co>"`
 	* Ensure the output of the command includes "fully authenticated"
 1. Sign the transaction payload:
    * `gpg --detach-sign <namespace>/ceremonies/<date>/payloads/payload_<num>.json > <namespace>/ceremonies/<date>/payloads/payload_<num>_$pgp_key_id.sig`
 	* e.g `gpg --detach-sign solana-01/ceremonies/2025-01-01/payloads/payload_1.json > solana-01/ceremonies/2025-01-01/payloads/payload_1_F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D.sig`
 1. Stage the modified file:
    * `git add <namespace>/ceremonies/<date>/payloads/payload_<num>_$pgp_key_id.sig`
 1. Create a signed git commit:
 	* `git commit -S -m "add payload signature for payload_<num>.json using $pgp_key_id"`
 1. {{ #include ../../../../component-documents/finding-device-name.md:content }}
@ -106,6 +80,14 @@ The approver is responsible for verifying a transaction proposed by a [proposer]
 	* `cd ~/vaults`
 1. Stage the modified file:
    * `git add <namespace>/ceremonies/<date>/payloads/*`
 1. Create a signed git commit:
 	* `git commit -S -m "add payload signature for payload_<num>.json"`
 1. Push the latest commit to the repository
 	* `git push origin main`
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md
@ -50,30 +50,6 @@
 1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine 
 1. Verify keyring data from the Ceremony SD card:
 	1. Import keys into the system
 		* `gpg --import keys/all/*.asc`
 	1. Plug in the operator's smartcard, and ensure it is loaded:
 		* `gpg --card-status`
 	1. Print the list of trusted keys:
 		* `sq-wot --gpg list`
 	1. Repeat for every operator, ensuring all keys are cross-trusted.
 	1. Terminate `gpg-agent`: `killall gpg-agent`
 1. Verify all signatures for the workflow data:
 	* `for file in <payload.json>.*.sig; do echo "Verifying: $file"; gpg --verify "${file}" "<payload.json>"; done`
 	* Ensure that the script doesn't output any "WARNING" messages to the console. If it does, abort the ceremony and initiate incident response.
 1. Start Keyfork using the relevant Shardfile:
 	* `keyfork recover shard --daemon /media/external/shard.asc`
@ -84,7 +60,7 @@
 1. Run the `icepick` command with the transaction payload
-	* `icepick workflow sol transfer-token --input-file=<(jq .values <payload.json>)` 
+	* `icepick workflow --run-quorum <payload>.json --shardfile /media/external/shard.asc`
 	* Follow on screen prompts
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md
@ -74,10 +74,6 @@ The proposer must combine these values into a JSON file, such as:
 1. Plug in the Operator smart card
 1. Set a local variable `smart_card_id` to the smart card OpenPGP key id:
 	* `smart_card_id="$(oct list -i | head -1)"`
 1. Copy the git repo locally from the Ceremony SD card
 	* `cp -r /media/<device_name>/vaults /root/vaults`
@ -92,58 +88,13 @@ The proposer must combine these values into a JSON file, such as:
 	* e.g `mkdir -p solana-01/ceremonies/2025-01-01/payloads`
-1. Create a new file `payload_<num>.json`, for example `payload_1.json`
+1. Use `icepick workflow --help` to list the available workflows and options
-	* `touch <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
+1. Use icepick to generate and sign the payload:
-	* e.g `touch solana-01/ceremonies/2025-01-01/payloads/payload_1.json`
+	* `icepick workflow <chain> <workflow> <--option value> <--option value> --export-for-quorum --sign > <output_file>`
-1. Collect data for the transaction being sent, and structure it according to the template below, replacing values with valid ones. The values have to come from a organization approved list of values, for each field, except for `datetime` which is just the current date and time.
+	* e.g `icepick workflow cosmos withdraw-rewards --delegate-address kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer --validator-address kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh --chain-name korellia --export-for-quorum --sign > <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
 	* Write the data to the file: `vim <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
 	```json
 	{
 		"workflow": ["<workflow_namespace>", "<workflow_name>"],
 		"values": {
 			"<workflow_field>": "<workflow_value>"
 		},
 		"proposal_datetime": "<datetime>"
 	}
 	```
 	Example data object:
 	```json
 	{
 		"workflow": ["cosmos", "withdraw"],
 		"values": {
 			"delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer",
 			"validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh",
 			"asset_name": "KYVE",
 			"asset_amount": "0.4",
 			"chain_name": "korellia"
 		},
 		"proposal_datetime": "2025-01-28T18:18:00"
 	}
 	```
 1. Import the keys relevant to the ceremony:
 	* `gpg --import <namespace>/keyring.asc`
 1. Sign the data in the CLI using `gpg` or another OpenPGP implementation:
 	* `gpg --detach-sign <namespace>/ceremonies/<date>/payloads/<payload>_<num>.json > <namespace>/ceremonies/<date>/payloads/payload_<num>_$smart_card_id.sig`
 	* e.g `gpg --detach-sign solana-01/ceremonies/2025-01-01/payloads/payload_1.json > solana-01/ceremonies/2025-01-01/payloads/payload_1_F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D.sig`
 1. Stage the new file:
 	* `git add <namespace>/ceremonies/<date>/payloads/<payload>.<num>.$smart_card_id.sig`
 1. Create a signed git commit:
 	* `git commit -S -m "add payload signature for payload_<num>.sig using $smart_card_id"`
 1. {{ #include ../../../../component-documents/finding-device-name.md:content }}
@ -165,6 +116,14 @@ The proposer must combine these values into a JSON file, such as:
 	* `cd ~/vaults`
 1. Stage the modified file:
    * `git add <namespace>/ceremonies/<date>/payloads/*`
 1. Create a signed git commit:
 	* `git commit -S -m "add payload signature for payload_<num>.json"`
 1. Push the latest commit to the repository
 	* `git push origin main`