public
/
docs
5
0
Fork 0
Code Issues 9 Pull Requests 3 Packages Projects Releases Wiki Activity

simplify coin docs

This commit is contained in:
Anton Livaja 2025-02-26 08:31:05 -05:00
parent 2237d0cd21
commit 7ade873e97
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
7 changed files with 236 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
quorum-vault-system/src/SUMMARY.md
View File

@ -35,6 +35,11 @@
* [Decrypt Namespace Secret](generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md)
* [Encrypt Wallet To Namespace PGP Key](generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md)
* [Export Namespace Mnemonic](generated-documents/level-2/fixed-location/operator/export-namespace-mnemonic.md)
* [Coins - SOL]()
* [SOL - Generate Address](generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md)
* [SOL - Transfer Token](generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md)
* [Coins]()
* [Generate Address](generated-documents/level-2/fixed-location/operator/coins/generate-address.md)
* [Sign and Broadcast Transaction](generated-documents/level-2/fixed-location/operator/coins/sign-and-broadcast-transaction.md)
* [SOL]()
* [Generate Nonce Account](generated-documents/level-2/fixed-location/operator/coins/sol/generate-nonce-account.md)
* [Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/sol/sign-transaction.md)
* [Cosmos]()
* [Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/cosmos/sign-transaction.md)

1
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/cosmos/sign-transaction.md Normal file
View File

@ -0,0 +1 @@
# Sign Transaction

122
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/generate-address.md Normal file
View File

@ -0,0 +1,122 @@
# Generate Address
## Requirements
{{ #include ../../../operator-requirements.md:requirements }}
{{ #include ../../../../../component-documents/linux-workstation.md:content }}
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair)
* [Ceremony SD card](../../ceremony-sd-card-provisioning.md)
## Procedure
1. Enter the designated location with the quorum of operators and all required equipment
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
1. Place Ceremony SD card in High Visibility Storage
1. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all contents except for the laptop into High Visibility Storage
### Offline Machine: Generate Address
1. Retrieve AirgapOS SD card and plug it into the air-gapped machine
1. Turn on air-gapped machine
1. Unplug the AirgapOS SD card and place it in High Visibility Storage
1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine
1. Copy the `vaults` repository to the machine and switch to it
```
$ cp -r /media/vaults /root/
$ cd /root/vaults
```
1. Start Keyfork using the relevant Shardfile:
1. `keyfork recover shard --daemon <namespace>/shardfile.asc`
1. Follow on screen prompts
1. If the desired `<coin>` directory doesn't exist for the namespace, create it:
* `mkdir -p <namespace>/<coin>`
* e.g `mkdir -p vault_1/sol/`
1. Connect to the appropriate coin directory:
* `cd <namespace>/<coin>/`
1. Check what the latest address account is:
* `ls -la .`
1. Find what the latest number for the address is, and add 1 to it. This will be the new address account.
* For example if the latest address file is 42, the new account_id would be 43. The addresses should start at `0`
* Set an environment variable with the new account_id:
* `account_id=<num>`, e.g `account_id=43`
1. Generate a new address (replace `<coin>` with desired coin (`sol`, `cosmos`)):
* `icepick workflow <coin> generate-address --account $account_id | jq -r .pubkey > $account_id.txt`
* [38 removes need to use jq](https://git.distrust.co/public/icepick/issues/38)
1. Sign the file using:
* Import OpenPGP keys:
* `gpg --import /media/<device_name>/vaults/keys/all/*.asc`
* `gpg --detach-sign $account_id.txt`
1. You may repeat the previous steps, starting at the step where the `account_id` is set.
1. Once finished, copy the updated repository back to the Ceremony SD card:
* `cp -rf /root/vaults /media/`
1. Shut down the air gapped machine
1. Unplug the Ceremony SD card and place it into High Visibility Storage
1. Transfer the SD card from the air-gapped machine to the online machine
1. {{ #include ../../../../component-documents/finding-device-name.md:content }}
1. Copy the updated repository locally and switch to it:
```
$ cp -r /media/vaults ~/
$ cd ~/vaults
```
1. Stage, sign, commit and push the changes to the ceremonies repository:
```
$ git add <namespace>/ceremonies/<date>/payloads/*
$ git commit -S -m "add payload signature for payload_<num>.json"
$ git push origin main
```
### Sealing
1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer
* AirgapOS SD card
{{ #include ../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

27
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md → quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sign-and-broadcast-transaction.md
View File

@ -1,16 +1,16 @@
# Operator - SPL Token Transfer
# Sign and Broadcast Transaction
## Requirements
{{ #include ../../../../operator-requirements.md:requirements }}
{{ #include ../../../operator-requirements.md:requirements }}
* Online machine
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair)
* [Quorum PGP key pairs](../key-types.md#quorum-pgp-keypair)
* [Ceremony SD card](../../ceremony-sd-card-provisioning.md)
* [Ceremony SD card](../ceremony-sd-card-provisioning.md)
## Procedure
@ -22,7 +22,7 @@
1. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
{{ #include ../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all contents except for the laptop into High Visibility Storage
@ -36,13 +36,9 @@
* e.g `vaults/<namespace>/<coin>/0-na.txt`
* Set the nonce address variable:
* `nonce_address="$(cat vaults/<namespace>/<coin>/<account_id>-na.txt)"`
1. Set `ICEPICK_DATA_DIRECTORY`:
{{ #include ../../../../../../component-documents/finding-device-name.md:content }}
{{ #include ../../../../../component-documents/finding-device-name.md:content }}
* `export ICEPICK_DATA_DIRECTORY=/media/external/`
@ -50,7 +46,11 @@
* `export ICEPICK_CONFIG_FILE=<path_to_icepick_repo>/icepick.toml`
1. Run the command: `icepick workflow sol broadcast --nonce-address=$nonce_address`
1. Run the command: `icepick workflow <coin> broadcast`
* For `<sol>` add `--nonce-address=$nonce-address` if using durable transactions
* Set the nonce address variable:
* `nonce_address="$(cat vaults/<namespace>/<coin>/<account_id>-na.txt)"`
* Await completion message before removing Ceremony SD card
@ -66,7 +66,7 @@
1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine
1. {{ #include ../../../../../../component-documents/finding-device-name.md:content }}
1. {{ #include ../../../../../component-documents/finding-device-name.md:content }}
1. Start Keyfork using the relevant Shardfile:
@ -122,4 +122,5 @@
* AirgapOS SD card
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
{{ #include ../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

174
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md
View File

@ -1,174 +0,0 @@
# SOL - Generate Address
## Requirements
{{ #include ../../../../operator-requirements.md:requirements }}
{{ #include ../../../../../../component-documents/linux-workstation.md:content }}
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair)
* [Ceremony SD card](../../ceremony-sd-card-provisioning.md)
## Procedure
1. Enter the designated location with the quorum of operators and all required equipment
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
1. Place Ceremony SD card in High Visibility Storage
1. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all contents except for the laptop into High Visibility Storage
### Offline Machine: Generate Address
1. Retrieve AirgapOS SD card and plug it into the air-gapped machine
1. Turn on air-gapped machine
1. Unplug the AirgapOS SD card and place it in High Visibility Storage
1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine
1. Copy the `vaults` repository to the machine and switch to it
```
$ cp -r /media/vaults /root/
$ cd /root/vaults
```
1. Start Keyfork using the relevant Shardfile:
1. `keyfork recover shard --daemon <namespace>/shardfile.asc`
1. Follow on screen prompts
1. If the desired `<coin>` directory doesn't exist for the namespace, create it:
* `mkdir -p <namespace>/<coin>`
* e.g `mkdir -p vault_1/sol/`
1. Connect to the appropriate coin directory:
* `cd <namespace>/<coin>/`
1. Check what the latest address account is:
* `ls -la .`
1. Find what the latest number for the address is, and add 1 to it. This will be the new address account.
* For example if the latest address file is 42, the new account_id would be 43. The addresses should start at `0`
* Set an environment variable with the new account_id:
* `account_id=<num>`, e.g `account_id=43`
1. Generate a new address:
* `icepick workflow sol generate-address --account $account_id | jq -r .pubkey > $account_id.txt`
* [38 removes need to use jq](https://git.distrust.co/public/icepick/issues/38)
1. Sign the file using:
* Import OpenPGP keys:
* `gpg --import /media/<device_name>/vaults/keys/all/*.asc`
* `gpg --detach-sign $account_id.txt`
1. You may repeat the previous steps, starting at the step where the `account_id` is set.
1. Once finished, copy the updated repository back to the Ceremony SD card:
* `cp -rf /root/vaults /media/`
1. Shut down the air gapped machine
1. Unplug the Ceremony SD card and place it into High Visibility Storage
### Online Machine: Generate Nonce Account
1. Turn on online machine
1. Make sure `jq` is installed:
* `sudo apt install jq`
1. Retrieve the Ceremony SD card from High Visibility Storage and plug it into the computer
1. {{ #include ../../../../../../component-documents/finding-device-name.md:content }}
1. Copy the `vaults` repository from the Ceremony SD card:
* `cp -r /media/vaults ~/`
* If the `~/vaults/` repository already exists, ensure it doesn't have any changes that haven't been committed, then remove it using `sudo rm -rf ~/vaults` before re-running the previous step
1. Ensure `keyfork` is available on the system:
* Follow steps from [installation guide](https://git.distrust.co/public/keyfork#install)
1. Ensure `icepick` is available on system
* Follow steps from [installation guide](TODO)
1. Set unsafe `keyfork` usage variable:
* `export SHOOT_SELF_IN_FOOT=1`
1. Generate throwaway mnemonic to generate address which will be used for funding the creation of nonce account:
* `keyfork mnemonic generate | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon`
1. Change directory into the desired \<namespace>/\<coin> directory:
* `cd ~/vaults/<namespace>/<coin>`
1. Select which account you are creating the delegate address by viewing the appropriate \<namespace>/\<coin>/ directory:
* `ls -la .`
1. Once you have selected the appropriate account, set the account_id variable:
* `account_id=<num>`
1. Use `icepick` to generate nonce account:
* The following command will need to be updated to use the appropriate \<cluster>, which can be `devnet`, `testnet` or `mainnet-beta`
* Set `icepick` config file:
* `export ICEPICK_CONFIG_FILE=<path_to_icepick_repositry>/icepick.toml`
* `icepick workflow sol generate-nonce-account --authorization-address "$(cat $account_id.txt)" | jq -r .nonce_account > $account_id-na.txt`
* [38 removes he need to use jq and cat](https://git.distrust.co/public/icepick/issues/38)
* Repeat command if returned message is "The transaction was possibly not received by the cluster."
1. Airdrop the wallet displayed on-screen with 0.01 SOL
* Once the airdrop is done, nonce account will be created
1. Stage, commit, sign and push the changes:
```
$ git add .
$ git commit -m -S "<message>"
$ git push origin HEAD
```
### Sealing
1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer
* AirgapOS SD card
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

90
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-nonce-account.md Normal file
View File

@ -0,0 +1,90 @@
# Generate Nonce Account
## Requirements
{{ #include ../../../../operator-requirements.md:requirements }}
{{ #include ../../../../../../component-documents/linux-workstation.md:content }}
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair)
* [Ceremony SD card](../../ceremony-sd-card-provisioning.md)
## Procedure
1. Turn on online machine
1. Make sure `jq` is installed:
* `sudo apt install jq`
1. Clone the `vaults` repository if it's not available locally and get the latest changes:
```
$ cd ~
$ git clone <repository_git_url>
$ git pull origin main
```
1. Ensure `keyfork` is available on the system:
* Follow steps from [installation guide](https://git.distrust.co/public/keyfork#install)
1. Ensure `icepick` is available on system
* Follow steps from [installation guide](TODO)
1. Set unsafe `keyfork` usage variable:
* `export SHOOT_SELF_IN_FOOT=1`
1. Generate throwaway mnemonic to generate address which will be used for funding the creation of nonce account:
* `keyfork mnemonic generate | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon`
1. Change directory into the desired \<namespace>/\<coin> directory:
* `cd ~/vaults/<namespace>/<coin>`
1. Select which account you are creating the delegate address by viewing the appropriate \<namespace>/\<coin>/ directory:
* `ls -la .`
1. Once you have selected the appropriate account, set the account_id variable:
* `account_id=<num>`
1. Use `icepick` to generate nonce account:
* The following command will need to be updated to use the appropriate \<cluster>, which can be `devnet`, `testnet` or `mainnet-beta`
* Set `icepick` config file:
* `export ICEPICK_CONFIG_FILE=<path_to_icepick_repositry>/icepick.toml`
* `icepick workflow sol generate-nonce-account --authorization-address "$(cat $account_id.txt)" | jq -r .nonce_account > $account_id-na.txt`
* [38 removes he need to use jq and cat](https://git.distrust.co/public/icepick/issues/38)
* Repeat command if returned message is "The transaction was possibly not received by the cluster."
1. Airdrop the wallet displayed on-screen with 0.01 SOL
* Once the airdrop is done, nonce account will be created
1. Stage, commit, sign and push the changes:
```
$ git add .
$ git commit -m -S "<message>"
$ git push origin HEAD
```
### Sealing
1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer
* AirgapOS SD card
{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

1
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/sign-transaction.md Normal file
View File

@ -0,0 +1 @@
# Sign Transaction