Merge branch 'master' into feat/hole-punching-tests

.github/workflows/ci.yml

@@ -78,7 +78,8 @@ jobs:
           !startsWith(github.event.pull_request.title, 'chore') &&
           !startsWith(github.event.pull_request.title, 'refactor') &&
           !startsWith(github.event.pull_request.title, 'deps') &&
-          !startsWith(github.event.pull_request.title, 'docs')
+          !startsWith(github.event.pull_request.title, 'docs') &&
+          !contains(github.event.pull_request.labels.*.name, 'internal-change')
         run: |
           git fetch origin master:master
           ./scripts/ensure-version-bump-and-changelog.sh

.github/workflows/docker-image.yml

@@ -35,5 +35,10 @@ jobs:
           context: .
           file: ./misc/server/Dockerfile
           push: ${{ ! github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }} # Only push image if we have the required permissions, i.e. not running from a fork
+          cache-from: ${{ ! github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && type=s3,mode=max,bucket=libp2p-by-tf-aws-bootstrap,region=us-east-1,prefix=buildCache,name=rust-libp2p-server }}
+          cache-to:   ${{ ! github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && type=s3,mode=max,bucket=libp2p-by-tf-aws-bootstrap,region=us-east-1,prefix=buildCache,name=rust-libp2p-server }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+        env:
+          AWS_ACCESS_KEY_ID: ${{ vars.TEST_PLANS_BUILD_CACHE_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_PLANS_BUILD_CACHE_KEY }}

Cargo.toml

@@ -84,7 +84,7 @@ libp2p-dns = { version = "0.40.1", path = "transports/dns" }
 libp2p-floodsub = { version = "0.43.0", path = "protocols/floodsub" }
 libp2p-gossipsub = { version = "0.45.2", path = "protocols/gossipsub" }
 libp2p-identify = { version = "0.43.1", path = "protocols/identify" }
-libp2p-identity = { version = "0.2.6" }
+libp2p-identity = { version = "0.2.7" }
 libp2p-kad = { version = "0.44.6", path = "protocols/kad" }
 libp2p-mdns = { version = "0.44.0", path = "protocols/mdns" }
 libp2p-memory-connection-limits = { version = "0.1.0", path = "misc/memory-connection-limits" }
@@ -105,7 +105,7 @@ libp2p-server = { version = "0.12.3", path = "misc/server" }
 libp2p-swarm = { version = "0.43.6", path = "swarm" }
 libp2p-swarm-derive = { version = "0.33.0", path = "swarm-derive" }
 libp2p-swarm-test = { version = "0.2.0", path = "swarm-test" }
-libp2p-tcp = { version = "0.40.0", path = "transports/tcp" }
+libp2p-tcp = { version = "0.40.1", path = "transports/tcp" }
 libp2p-tls = { version = "0.2.1", path = "transports/tls" }
 libp2p-uds = { version = "0.39.0", path = "transports/uds" }
 libp2p-wasm-ext = { version = "0.40.0", path = "transports/wasm-ext" }

README.md

@@ -91,8 +91,8 @@ Conduct](https://github.com/ipfs/community/blob/master/code-of-conduct.md).
 - [Forest](https://github.com/ChainSafe/forest) - An implementation of Filecoin written in Rust.
 - [fuel-core](https://github.com/FuelLabs/fuel-core) - A Rust implementation of the Fuel protocol.
 - [HotShot](https://github.com/EspressoSystems/HotShot) - Decentralized sequencer in Rust developed by [Espresso Systems](https://www.espressosys.com/).
-- [ipfs-embed](https://github.com/ipfs-rust/ipfs-embed) - A small embeddable ipfs implementation
-used and maintained by [Actyx](https://www.actyx.com).
+- [ipfs-embed](https://github.com/ipfs-rust/ipfs-embed) - A small embeddable ipfs implementation used and maintained by [Actyx](https://www.actyx.com).
+- [Homestar](https://github.com/ipvm-wg/homestar) - An InterPlanetary Virtual Machine (IPVM) implementation used and maintained by Fission.
 - [beetle](https://github.com/n0-computer/beetle) - Next-generation implementation of IPFS for Cloud & Mobile platforms.
 - [Lighthouse](https://github.com/sigp/lighthouse) - Ethereum consensus client in Rust.
 - [Locutus](https://github.com/freenet/locutus) - Global, observable, decentralized key-value store.
@@ -103,4 +103,4 @@ used and maintained by [Actyx](https://www.actyx.com).
 - [Subspace](https://github.com/subspace/subspace) - Subspace Network reference implementation
 - [Substrate](https://github.com/paritytech/substrate) - Framework for blockchain innovation,
 used by [Polkadot](https://www.parity.io/technologies/polkadot/).
-- [Taple](https://github.com/opencanarias/taple-core) - Sustainable DLT for asset and process traceability by [OpenCanarias](https://www.opencanarias.com/en/).
+- [Taple](https://github.com/opencanarias/taple-core) - Sustainable DLT for asset and process traceability by [OpenCanarias](https://www.opencanarias.com/en/).

core/Cargo.toml

@@ -39,7 +39,7 @@ libp2p-mplex = { path = "../muxers/mplex" }                    # Using `path` he
 libp2p-noise = { path = "../transports/noise" }                # Using `path` here because this is a cyclic dev-dependency which otherwise breaks releasing.
 multihash = { workspace = true, features = ["arb"] }
 quickcheck = { workspace = true }
-libp2p-identity = { workspace = true, features = ["ed25519"] }
+libp2p-identity = { workspace = true, features = ["ed25519", "rand"] }
 
 [features]
 serde = ["multihash/serde-codec", "dep:serde", "libp2p-identity/serde"]

docs/maintainer-handbook.md

@@ -26,6 +26,14 @@ Once a PR fulfills all merge requirements (approvals, passing CI, etc), applying
 In case of a trivial code change, maintainers may choose to apply the `trivial` label.
 This will have mergify approve your PR, thus fulfilling all requirements to automatically queue a PR for merging.
 
+## Changelog entries
+
+Our CI checks that each crate which is modified gets a changelog entry.
+Whilst this is a good default safety-wise, it creates a lot of false-positives for changes that are internal and don't need a changelog entry.
+
+For PRs that in the categories `chore`, `deps`, `refactor` and `docs`, this check is disabled automatically.
+Any other PR needs to explicitly disable this check if desired by applying the `internal-change` label.
+
 ## Dependencies
 
 We version our `Cargo.lock` file for better visibility into which dependencies are required for a functional build.

examples/rendezvous/src/main.rs

@@ -33,7 +33,11 @@ use std::time::Duration;
 async fn main() -> Result<(), Box<dyn Error>> {
     env_logger::init();
 
-    let mut swarm = libp2p::SwarmBuilder::with_new_identity()
+    // Results in PeerID 12D3KooWDpJ7As7BWAwRMfu1VU2WCqNjvq387JEYKDBj4kx6nXTN which is
+    // used as the rendezvous point by the other peer examples.
+    let keypair = libp2p::identity::Keypair::ed25519_from_bytes([0; 32]).unwrap();
+
+    let mut swarm = libp2p::SwarmBuilder::with_existing_identity(keypair)
         .with_tokio()
         .with_tcp(
             tcp::Config::default(),

identity/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.2.7
+
+- Add `rand` feature to gate methods requiring a random number generator, enabling use in restricted environments (e.g. smartcontracts).
+  This feature is not enabled by default.
+  See [PR 4349](https://github.com/libp2p/rust-libp2p/pull/4349).
+
 ## 0.2.6
 
 - Make `PeerId::to_bytes` and `PeerId::to_base58` take `self` by value to follow Rust convention of `Copy` types.

identity/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libp2p-identity"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 description = "Data structures and algorithms for identifying peers in libp2p."
 rust-version = { workspace = true }
@@ -14,7 +14,7 @@ categories = ["cryptography"]
 [dependencies]
 asn1_der = { version = "0.7.6", optional = true }
 bs58 = { version = "0.5.0", optional = true }
-ed25519-dalek = { version = "2.0", optional = true, features = ["rand_core"] }
+ed25519-dalek = { version = "2.0", optional = true }
 hkdf = { version = "0.12.3", optional = true }
 libsecp256k1 = { version = "0.7.0", optional = true }
 log = "0.4"
@@ -33,11 +33,12 @@ zeroize = { version = "1.6", optional = true }
 ring = { version = "0.16.9", features = [ "alloc", "std"], default-features = false, optional = true }
 
 [features]
-secp256k1 = ["dep:libsecp256k1", "dep:asn1_der", "dep:rand", "dep:sha2", "dep:hkdf", "dep:zeroize"]
-ecdsa = ["dep:p256", "dep:rand", "dep:void", "dep:zeroize", "dep:sec1", "dep:sha2", "dep:hkdf"]
+secp256k1 = ["dep:libsecp256k1", "dep:asn1_der", "dep:sha2", "dep:hkdf", "dep:zeroize"]
+ecdsa = ["dep:p256", "dep:void", "dep:zeroize", "dep:sec1", "dep:sha2", "dep:hkdf"]
 rsa = ["dep:ring", "dep:asn1_der", "dep:rand", "dep:zeroize"]
-ed25519 = ["dep:ed25519-dalek", "dep:rand", "dep:zeroize", "dep:sha2", "dep:hkdf"]
-peerid = ["dep:multihash", "dep:bs58", "dep:rand", "dep:thiserror", "dep:sha2", "dep:hkdf" ]
+ed25519 = ["dep:ed25519-dalek", "dep:zeroize", "dep:sha2", "dep:hkdf"]
+peerid = ["dep:multihash", "dep:bs58", "dep:thiserror", "dep:sha2", "dep:hkdf"]
+rand = ["dep:rand", "ed25519-dalek?/rand_core"]
 
 [dev-dependencies]
 quickcheck = { workspace = true }

identity/src/ecdsa.rs

@@ -44,6 +44,7 @@ pub struct Keypair {
 
 impl Keypair {
     /// Generate a new random ECDSA keypair.
+    #[cfg(feature = "rand")]
     pub fn generate() -> Keypair {
         Keypair::from(SecretKey::generate())
     }
@@ -265,6 +266,7 @@ mod tests {
     use super::*;
 
     #[test]
+    #[cfg(feature = "rand")]
     fn sign_verify() {
         let pair = Keypair::generate();
         let pk = pair.public();

identity/src/ed25519.rs

@@ -34,6 +34,7 @@ pub struct Keypair(ed25519::SigningKey);
 
 impl Keypair {
     /// Generate a new random Ed25519 keypair.
+    #[cfg(feature = "rand")]
     pub fn generate() -> Keypair {
         Keypair::from(SecretKey::generate())
     }
@@ -181,6 +182,7 @@ impl fmt::Debug for SecretKey {
 
 impl SecretKey {
     /// Generate a new Ed25519 secret key.
+    #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
         let signing = ed25519::SigningKey::generate(&mut rand::rngs::OsRng);
         SecretKey(signing.to_bytes())
@@ -213,6 +215,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn ed25519_keypair_encode_decode() {
         fn prop() -> bool {
             let kp1 = Keypair::generate();
@@ -224,6 +227,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn ed25519_keypair_from_secret() {
         fn prop() -> bool {
             let kp1 = Keypair::generate();
@@ -235,6 +239,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn ed25519_signature() {
         let kp = Keypair::generate();
         let pk = kp.public();

identity/src/keypair.rs

@@ -102,23 +102,23 @@ enum KeyPairInner {
 
 impl Keypair {
     /// Generate a new Ed25519 keypair.
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     pub fn generate_ed25519() -> Keypair {
         Keypair {
             keypair: KeyPairInner::Ed25519(ed25519::Keypair::generate()),
         }
     }
 
     /// Generate a new Secp256k1 keypair.
-    #[cfg(feature = "secp256k1")]
+    #[cfg(all(feature = "secp256k1", feature = "rand"))]
     pub fn generate_secp256k1() -> Keypair {
         Keypair {
             keypair: KeyPairInner::Secp256k1(secp256k1::Keypair::generate()),
         }
     }
 
     /// Generate a new ECDSA keypair.
-    #[cfg(feature = "ecdsa")]
+    #[cfg(all(feature = "ecdsa", feature = "rand"))]
     pub fn generate_ecdsa() -> Keypair {
         Keypair {
             keypair: KeyPairInner::Ecdsa(ecdsa::Keypair::generate()),
@@ -352,7 +352,6 @@ impl Keypair {
     /// ```
     /// # fn main() {
     /// # use libp2p_identity as identity;
-    ///
     /// let key = identity::Keypair::generate_ed25519();
     ///
     /// let new_key = key.derive_secret(b"my encryption key").expect("can derive secret for ed25519");
@@ -926,7 +925,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     fn test_publickey_from_ed25519_public_key() {
         let pubkey = Keypair::generate_ed25519().public();
         let ed25519_pubkey = pubkey
@@ -941,7 +940,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "secp256k1")]
+    #[cfg(all(feature = "secp256k1", feature = "rand"))]
     fn test_publickey_from_secp256k1_public_key() {
         let pubkey = Keypair::generate_secp256k1().public();
         let secp256k1_pubkey = pubkey
@@ -955,7 +954,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "ecdsa")]
+    #[cfg(all(feature = "ecdsa", feature = "rand"))]
     fn test_publickey_from_ecdsa_public_key() {
         let pubkey = Keypair::generate_ecdsa().public();
         let ecdsa_pubkey = pubkey.clone().try_into_ecdsa().expect("A ecdsa keypair");

identity/src/peer_id.rs

@@ -18,6 +18,7 @@
 // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 // DEALINGS IN THE SOFTWARE.
 
+#[cfg(feature = "rand")]
 use rand::Rng;
 use sha2::Digest as _;
 use std::{convert::TryFrom, fmt, str::FromStr};
@@ -101,6 +102,7 @@ impl PeerId {
     /// Generates a random peer ID from a cryptographically secure PRNG.
     ///
     /// This is useful for randomly walking on a DHT, or for testing purposes.
+    #[cfg(feature = "rand")]
     pub fn random() -> PeerId {
         let peer_id = rand::thread_rng().gen::<[u8; 32]>();
         PeerId {
@@ -247,22 +249,23 @@ mod tests {
     use super::*;
 
     #[test]
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     fn peer_id_into_bytes_then_from_bytes() {
         let peer_id = crate::Keypair::generate_ed25519().public().to_peer_id();
         let second = PeerId::from_bytes(&peer_id.to_bytes()).unwrap();
         assert_eq!(peer_id, second);
     }
 
     #[test]
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     fn peer_id_to_base58_then_back() {
         let peer_id = crate::Keypair::generate_ed25519().public().to_peer_id();
         let second: PeerId = peer_id.to_base58().parse().unwrap();
         assert_eq!(peer_id, second);
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn random_peer_id_is_valid() {
         for _ in 0..5000 {
             let peer_id = PeerId::random();