qvs: update docs prior to meeting

2025-01-28 20:01:24 -05:00 · 2025-01-28 20:01:24 -05:00 · bd3cc8c118
parent 695421bdbe
commit bd3cc8c118
8 changed files with 108 additions and 90 deletions
--- a/quorum-vault-system/src/SUMMARY.md
+++ b/quorum-vault-system/src/SUMMARY.md
@ -9,6 +9,7 @@
    * [Glossary](glossary.md)
 * [Generated Documents]()
    * [All Levels]()
+        * [Create Ceremony Repository](generated-documents/all-levels/create-ceremonies-repository.md)
        * [Personal PGP Key Provisioning](generated-documents/all-levels/pgp-key-provisioning.md)
    * [Level 2]()
        * [Fixed-Location]()
@ -18,7 +19,6 @@
                * [Procure SD Card Pack](generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md)
                * [Procure Hardware](generated-documents/level-2/fixed-location/procurer/procure-hardware.md)
            * [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md)
-                * [Provision Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md)
                * [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
                * [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
                * [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
--- a/quorum-vault-system/src/component-documents/ceremony-repository.md
+++ b/quorum-vault-system/src/component-documents/ceremony-repository.md
@ -49,54 +49,6 @@ keys/

 {{ #include ./git-repository-initialization.md:procedure}}

-## Procedure: Adding a OpenPGP Public Certificate
-
-1. Ensure you are on the correct branch:
-
-    * `git checkout main`
-
-1. Pull the latest ceremony repo changes
-
-    * `git pull origin main`
-
-1. If using a certificate from [Personal PGP Key Provisioning](/generated-documents/all-levels/pgp-key-provisioning.html):
-
-	1. Obtain the fingerprint for the certificate:
-
-		* `fingerprint="$(sq keyring cert.asc | awk '{ print $2 }')"`
-
-	2. Copy the certificate to a name based on the keyring:
-
-		* `cp cert.asc "${fingerprint}.asc"`
-
-1. If exporting a certificate from GnuPG:
-
-	1. Find your key fingerprint:
-
-		* `gpg --list-keys`
-
-	1. Export your OpenPGP public certificate:
-
-		* `gpg --export --armor <key_fingerprint> > <key_fingerprint>.asc`
-
-1. Place the file in `keys/all/<key_fingerprint>.asc`
-
-1. Create signed git commit:
-
-    * `git commit -S -m "add <name> pgp key"`
-
-1. Push to the commit:
-
-    * `git push origin main`
-
-1. Communicate your new key fingerprint to all other participants:
-
-    * Preferred: In person 
-    
-    * Fallback: via two logically distinct online communications methods (e.g. encrypted chat, and video call)
-
-1. Get confirmation they have used `gpg --import <your_key_id>.asc` to import your key from the git repo to the keyrings on workstations they will use to interact with the ceremony repo
-
 // ANCHOR_END: content
 /* ANCHOR_END: all */

--- a/quorum-vault-system/src/generated-documents/all-levels/create-ceremonies-repository.md
+++ b/quorum-vault-system/src/generated-documents/all-levels/create-ceremonies-repository.md
@ -0,0 +1,3 @@
+# Create Ceremony Repository
+
+{{ #include ../../component-documents/ceremony-repository.md:content }}
--- a/quorum-vault-system/src/generated-documents/all-levels/pgp-key-provisioning.md
+++ b/quorum-vault-system/src/generated-documents/all-levels/pgp-key-provisioning.md
@ -10,7 +10,7 @@

 * 2+ SD cards

-## Procedure
+##  Generate OpenPGP Key

 1. Insert AirgapOS SD card into computer

@ -21,3 +21,51 @@
    * [Disabling secure boot](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.html) may be necessary

 {{ #include ../../component-documents/openpgp-setup.md:steps-keyfork}}
+
+## Adding a OpenPGP Public Certificate to the Ceremony Repository
+
+1. Ensure you are on the correct branch:
+
+    * `git checkout main`
+
+1. Pull the latest ceremony repo changes
+
+    * `git pull origin main`
+
+1. If using a certificate from [Personal PGP Key Provisioning](/generated-documents/all-levels/pgp-key-provisioning.html):
+
+	1. Obtain the fingerprint for the certificate:
+
+		* `fingerprint="$(sq keyring cert.asc | awk '{ print $2 }')"`
+
+	2. Copy the certificate to a name based on the keyring:
+
+		* `cp cert.asc "${fingerprint}.asc"`
+
+1. If exporting a certificate from GnuPG:
+
+	1. Find your key fingerprint:
+
+		* `gpg --list-keys`
+
+	1. Export your OpenPGP public certificate:
+
+		* `gpg --export --armor <key_fingerprint> > <key_fingerprint>.asc`
+
+1. Place the file in `keys/all/<key_fingerprint>.asc`
+
+1. Create signed git commit:
+
+    * `git commit -S -m "add <name> pgp key"`
+
+1. Push to the commit:
+
+    * `git push origin main`
+
+1. Communicate your new key fingerprint to all other participants:
+
+    * Preferred: In person 
+    
+    * Fallback: via two logically distinct online communications methods (e.g. encrypted chat, and video call)
+
+1. Get confirmation they have used `gpg --import <your_key_id>.asc` to import your key from the git repo to the keyrings on workstations they will use to interact with the ceremony repo
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md
@ -1,4 +1,4 @@
-# Operator - Sign PYTH-SPL Transaction
+# Operator - SPL Token Transfer

 ## Requirements

@ -70,7 +70,7 @@

 1. Verify all signatures for the workflow data:

-	* `for file in <payload.json>.*.sig; do echo "Verifying: $file"; gpg --verify "${file}.json" "$file"; done`
+	* `for file in <payload.json>.*.sig; do echo "Verifying: $file"; gpg --verify "${file}" "<payload.json>"; done`

 	* Ensure that the script doesn't output any "WARNING" messages to the console. If it does, abort the ceremony and initiate incident response.

@ -82,14 +82,14 @@

 1. Follow on screen prompts

-1. Unplug the Shard SD card and place it in High Visibility Storage
-
 1. Run the `icepick` command with the transaction payload

 	* `icepick workflow sol transfer-token --input-file=<(jq .values <payload.json>)` 

 	* Follow on screen prompts

+1. Unplug the Ceremony SD card and place it in High Visibility Storage
+
 ### Broadcast Transaction: Online Machine

 1. Retrieve Ceremony SD from High Visibility Storage and plug it into online machine
@ -98,6 +98,8 @@

 1. The url that's found in the response after a successful broadcast should be reviewed and committed to the ceremony repository

+1. Unplug the Ceremony SD card and place it in High Visibility Storage
+
 ### Repeat

 1. You may repeat previous steps as many times as necessary to process all workflow payloads
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
@ -32,7 +32,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor

 1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:

-	* `keyfork mnemonic generate --size 256 --shard-to <path_to_input_shard>,output=<output_shard_name>`
+	* `keyfork mnemonic generate --size 256 --shard-to <path_to_input_shard>,output=<output_shardfile>`

 1. Unseal an SD card pack

@ -48,9 +48,15 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor

    1. Each backup should be placed into High Visibility Storage after it's made

+<!--
 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:

    * `keyfork recover shard --daemon /media/external/<shard_file_name>`
+-->
+
+1. Unplug the SD card and place it in High Visibility Storage
+
+1. Label the SD card "Shardfile \[date\] \[namespace\]"

 1. Gather all the original items that were in the air-gapped bundle:

--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
@ -52,9 +52,11 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key

        * `cp keyring.asc /media/<media_name>`

+<!--
    1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:

        * `echo -e '#!/bin/bash\nkeyfork recover shard --daemon' > /media/<media_name>/autorun.sh`
+-->

    1. Unplug the SD card and place it in High Visibility Storage

--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md
@ -8,14 +8,14 @@ The proposer must combine these values into a JSON file, such as:

 ```json
 {
-  "workflow": ["cosmos", "withdraw"],
-  "values": {
-    "delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer",
-    "validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh",
-    "asset_name": "KYVE",
-    "asset_amount": "0.4",
-    "chain_name": "korellia"
-  },
+	"workflow": ["cosmos", "withdraw"],
+	"values": {
+		"delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer",
+		"validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh",
+		"asset_name": "KYVE",
+		"asset_amount": "0.4",
+		"chain_name": "korellia"
+	},
 	"proposal_datetime": "2025-01-28T18:18:00"
 }
 ```
@ -75,39 +75,40 @@ The proposer must combine these values into a JSON file, such as:

 1. Collect data for the transaction being sent, and structure it according to the template below, replacing values with valid ones. The values have to come from a organization approved list of values, for each field, except for `datetime` which is just the current date and time.

-		```json
-		{
-			"workflow": ["<workflow_namespace>", "<workflow_name>"],
-			"values": {
-				"<workflow_field>": "<workflow_value>"
-			},
-			"proposal_datetime": "<datetime>"
-		}
-    ```
+	```json
+	{
+		"workflow": ["<workflow_namespace>", "<workflow_name>"],
+		"values": {
+			"<workflow_field>": "<workflow_value>"
+		},
+		"proposal_datetime": "<datetime>"
+	}
+	```

-    Example data object:
-		```json
-		{
-			"workflow": ["cosmos", "withdraw"],
-			"values": {
-				"delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer",
-				"validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh",
-				"asset_name": "KYVE",
-				"asset_amount": "0.4",
-				"chain_name": "korellia"
-			},
-			"proposal_datetime": "2025-01-28T18:18:00"
-		}
-		```
+	Example data object:
+
+	```json
+	{
+		"workflow": ["cosmos", "withdraw"],
+		"values": {
+			"delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer",
+			"validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh",
+			"asset_name": "KYVE",
+			"asset_amount": "0.4",
+			"chain_name": "korellia"
+		},
+		"proposal_datetime": "2025-01-28T18:18:00"
+	}
+	```
+
+1. Import the keys relevant to the ceremony:
+
+	* `gpg --import keys/all/*.asc`

 1. Sign the data in the CLI using `gpg` or another OpenPGP implementation:

 	* `gpg --detach-sign <file> <file>.1.sig`

-1. Create a signed git commit:
-
-	* `git commit -S -m "add <name> pgp key"`
-
 1. Copy the updated ceremonies repo to the SD card

 	* `cp -r . /media/external/ceremonies`
@ -116,6 +117,10 @@ The proposer must combine these values into a JSON file, such as:

 1. Plug in the SD card into the online machine

+1. Create a signed git commit:
+
+	* `git commit -S -m "add <name> pgp key"`
+
 1. Push the latest commit to the repository

 1. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool.