refactor proposer docs to use templates

This commit is contained in:
Anton Livaja 2025-02-26 19:50:51 -05:00
parent 2437eac516
commit de40afb775
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
6 changed files with 116 additions and 118 deletions

View File

@ -24,7 +24,8 @@
* [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
* [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
* [Proposer]()
* [Propose Transaction](generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md)
* [Solana: Create Transaction Payload](generated-documents/level-2/fixed-location/proposer/sol-create-transaction-payload.md)
* [Cosmos: Create Transaction Payload](generated-documents/level-2/fixed-location/proposer/cosmos-create-transaction-payload.md)
* [Approver]()
* [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md)
* [Operator](generated-documents/level-2/fixed-location/operator/index.md)

View File

@ -0,0 +1,10 @@
# Cosmos: Create Transaction Payload
{{ #include template-create-tx-0.md:content }}
1. Use icepick to generate and sign the payload:
```
$ icepick workflow <workflow> <--option value> <--option value> --export-for-quorum --sign > <output_file>
```
{{ #include template-create-tx-1.md }}

View File

@ -1,117 +0,0 @@
# Proposer - Create Transaction Payload
The proposer is a fiduciary whose responsibility is to make sound financial decisions on behalf of a business and determine where funds are moving from, where to and in which amount. The reasons for sending funds may range across settlement, exchanging, staking and more.
The proposer MUST include the workflow type and all arguments required by a workflow, such as `from_address`, `to_address`, `asset_name`, etc., as well as a UTC datetime representing the time when the transaction is proposed.
The proposer must combine these values into a JSON file, such as:
```json
{
"workflow": ["cosmos", "withdraw"],
"values": {
"delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer",
"validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh",
"asset_name": "KYVE",
"asset_amount": "0.4",
"chain_name": "korellia"
},
"proposal_datetime": "2025-01-28T18:18:00"
}
```
## Requirements
* [Quorum PGP Key](../operator/quorum-entropy-ceremony.md)
* [Air-Gapped Bundle](../provisioner/air-gapped-bundle.md)
* The proposer should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo
{{ #include ../../../../component-documents/linux-workstation.md:content }}
* Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine
## Procedure
1. Turn on online linux workstation
1. Clone the `vaults` repository if it's not available locally and get the latest changes:
```
$ git clone <repository_git_url>
$ git pull origin main
```
1. Unseal the SD Card Pack
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Plug a fresh SD card into the online linux workstation
1. {{ #include ../../../../component-documents/finding-device-name.md:content }}
1. Save the `vaults` repo to the SD card, referred to as the Ceremony SD card
```
$ cp -r ~/vaults/ /media
```
1. Unplug the Ceremony SD card
1. Unseal the tamper proofed bundle
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Insert the AirgapOS SD card into the airgapped machine and turn it on
1. Once booted, unplug the AirgapOS SD card and place it in High Visibility Storage
1. Plug in the Ceremony SD card
1. Copy the git repo locally from the Ceremony SD card and change to it
```
$ cp -r /media/vaults /root
$ cd /root/vaults
```
1. Create a new payloads directory in the `vaults` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist
* `mkdir -p <namespace>/ceremonies/<date>/payloads`
* e.g `mkdir -p solana-01/ceremonies/2025-01-01/payloads`
1. Use `icepick workflow --help` to list the available workflows and options
1. Plug in the Operator smart card
1. Use icepick to generate and sign the payload:
```
$ icepick workflow <chain> <workflow> <--option value> <--option value> --export-for-quorum --sign > <output_file>
```
* e.g `$ icepick workflow cosmos withdraw-rewards --delegate-address kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer --validator-address kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh --chain-name korellia --export-for-quorum --sign > <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
* e.g `$ icepick workflow sol transfer --from-address "$(cat <namespace>/<coin>/0.txt)" --to-address "$(cat to_address.txt)" --amount <amount> --export-for-quorum --sign > <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
1. Copy the updated ceremonies repo to the SD card
```
$ cp -r /root/vaults /media
```
1. Transfer the SD card from the air-gapped machine to the online machine
1. {{ #include ../../../../component-documents/finding-device-name.md:content }}
1. Copy the updated repository locally and switch to it:
```
$ cp -r /media/vaults ~/
$ cd ~/vaults
```
1. Stage, sign, commit and push the changes to the ceremonies repository:
```
$ git add <namespace>/ceremonies/<date>/payloads/*
$ git commit -S -m "add payload signature for payload_<num>.json"
$ git push origin main
```
1. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool.
1. Tamper proof the AirgapOS and Air-gapped laptop
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

View File

@ -0,0 +1,10 @@
# Solana: Create Transaction Payload
{{ #include template-create-tx-0.md:content }}
1. Use icepick to generate and sign the payload:
```
$ icepick workflow sol <--option value> <--option value> --export-for-quorum --sign > <output_file>
```
{{ #include template-create-tx-1.md }}

View File

@ -0,0 +1,65 @@
/* ANCHOR: all */
// ANCHOR: content
## Requirements
* [Quorum PGP Key](../operator/quorum-entropy-ceremony.md)
* [Air-Gapped Bundle](../provisioner/air-gapped-bundle.md)
* The proposer should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo
{{ #include ../../../../component-documents/linux-workstation.md:content }}
* Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine
## Procedure
1. Turn on online linux workstation
1. Clone the `vaults` repository if it's not available locally and get the latest changes:
```
$ git clone <repository_git_url>
$ git pull origin main
```
1. Unseal the SD Card Pack
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Plug a fresh SD card into the online linux workstation
1. {{ #include ../../../../component-documents/finding-device-name.md:content }}
1. Save the `vaults` repo to the SD card, referred to as the Ceremony SD card
```
$ cp -r ~/vaults/ /media
```
1. Unplug the Ceremony SD card
1. Unseal the tamper proofed bundle
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Insert the AirgapOS SD card into the airgapped machine and turn it on
1. Once booted, unplug the AirgapOS SD card and place it in High Visibility Storage
1. Plug in the Ceremony SD card
1. Copy the git repo locally from the Ceremony SD card and change to it
```
$ cp -r /media/vaults /root
$ cd /root/vaults
```
1. Create a new payloads directory in the `vaults` repository for the date on which the ceremony for the transaction will take place if it doesn't already exist
* `mkdir -p <namespace>/ceremonies/<date>/payloads`
* e.g `mkdir -p acme-coin-01/ceremonies/2025-01-01/payloads`
1. Use `icepick workflow --help` to list the available workflows and options
1. Plug in the Operator smart card
// ANCHOR_END: content
/* ANCHOR_END: all */

View File

@ -0,0 +1,29 @@
/* ANCHOR: all */
// ANCHOR: content
1. Copy the updated ceremonies repo to the SD card
```
$ cp -r /root/vaults /media
```
1. Transfer the SD card from the air-gapped machine to the online machine
1. {{ #include ../../../../component-documents/finding-device-name.md:content }}
1. Copy the updated repository locally and switch to it:
```
$ cp -r /media/vaults ~/
$ cd ~/vaults
```
1. Stage, sign, commit and push the changes to the ceremonies repository:
```
$ git add <namespace>/ceremonies/<date>/payloads/*
$ git commit -S -m "add payload signature for payload_<num>.json"
$ git push origin main
```
1. Notify relevant individuals that there are new transactions queued up, and that a ceremony should be scheduled. This can be automated in the future so that when a commit is made or PR opened, others are notified, for example using a incident management tool.
1. Tamper proof the AirgapOS and Air-gapped laptop
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
// ANCHOR_END: content
/* ANCHOR_END: all */