bcgov / indy-tails-server Goto Github PK

This software stores and makes available tails files for use with Hyperledger Indy

License: Apache License 2.0

Python 90.43% Shell 9.57%

von verifiable-organizations-network verifiable-credentials aries indy hyperledger-indy dts citz trust-over-ip hyperledger

indy-tails-server's Introduction

Indy Tails Server

An Indy Tails Server is file server that is designed to receive, store and serve Hyperledger Indy Tails files. An Indy Tails Server is commonly used by issuers of Indy AnonCred verifiable credentials, particularly those that issued using Aries Cloud Agent Python.

Introduction

An Indy Tails Server is file server that is designed to receive, store and serve Hyperledger Indy Tails files. Indy tails files are generated by an issuer of Indy AnonCred verifiable credentials when a Revocation Registry is created and must be published to a location accessible by all holders that receive a credential referenced in that Revocation Registry. The generated file is static, it does not change, and the credential holders use the tails file to produce a zero-knowledge proof of non-revocation about their credential and include it when responding to a proof request with a proof that includes claims from a revocable credential. If you are new to Indy AnonCreds Revocation, please review this document to understand how Indy revocation works, and where tails files fit in.

An Indy Tails Server is a customized file server that makes it easy for AnonCred Issuers to publish tails files and for holders to access those tails files. A tails file does not have to be published to an Indy Tails Server, they can be published anywhere as long as there exists a URL accessible to all holders to access the tails file. If holders are mobile iOS or Android apps, the URL must use SSL (e.g. must be https:) due to the restrictions in those OS's. Support for publishing tails files to an Indy Tails Server is built into Aries Cloud Agent Python.

Metrics about Tails Files

The following are some metrics about the size of Indy tails files. When an issuer creates a Revocation Registry, they give it a size corresponding to the number of Indy AnonCred credentials that can be issued from the Registry. The size of tails file grows linearly with the number of credentials in the Registry, and that size is a limiting factor on how big a Registry can be. If too large, the holders will have challenges in downloading and processing the tails file.

Revocation Registry Size	Tail File Size	Proof Generation Time
3000	768KB	~4sec
10000	2.6MB	~5sec
32768	8.4MB	~7sec

Tests of Proof Generation used the Lissi-Wallet on a iPhone 12Pro
32768 is the Revocation Registry max-size-value set in Aries Cloud Agent Python.

Recent performance improvements in Tails File handling both in I/O and cryptographic processing may have resulted in decreases in proof generation times.

Running in Docker (easy mode)

Install Docker.

From the docker directory in this repo, run ./manage start.

Ngrok

The docker environment requires Ngrok to run locally. After registering an Ngrok token you can create a .env file in the docker directory and supply your token with

NGROK_AUTHTOKEN=<your token here>

Running on Bare Metal

Install the python package tails-server from this directory. This may be available on PyPI some day.

pip3 install -e .

Run the software:

tails-server --host 0.0.0.0 --port 6543 --storage-path $STORAGE_PATH

Where $STORAGE_PATH is where you would like the tails files stored.

Usage

This server has two functions:

Uploading a tails file
Downloading a tails file

For each of those operations, there are two endpoints, one based on the Revocation Registry ID, and the other based on the hash of the tails file to be load/retrieved.

Uploading

To upload a tails file using the Revocation Registry ID, make a PUT request to /{revoc_reg_id} as a multipart file upload with 2 fields. The first field must be named genesis and the second field must be named tails. genesis should be the genesis transactions file and tails should be the tails file. The server supports chunked encoding for streaming very large tails files. The server will lookup the relevant revocation registry definition and check the integrity of the file against fileHash on the ledger. If it's good, it will store the file. Otherwise it will respond with response code 400. If revoc_reg_id does not exist on the ledger, the server will respond with response code 404. If the file already exists on the server, it will respond with response code 409.

To upload a tails file using the hash endpoint, use the PUT /hash/{tails-hash} endpoint to upload the file, validate the hash against the uploaded file, and ensure the tails file "looks" like a tails file by carrying out several checks of the contents.

Downloading

For downloading a file using the Revocation Registry ID, execute a GET request with the path /{revoc_reg_id} where revoc_reg_id is a valid id. If it doesn't exist, the server will respond with response code 404.

For downloading a file using the tails file hash, execute a GET /hash/{tails-hash}. If a file with that hash doesn't exist, the server will respond with response code 404.

Guarantees

This software is designed to support scaling to as many machines or processes as necessary. As long as the filesystem (perhaps a network mount) being written to support POSIX file locks, you should be good.

Tests

There is a suite of integration tests that test some assumptions about the environment like the type of mounted file system and the ledger that is being connected to. For running these tests a local von-network needs to be running, you can spin one up by

git clone https://github.com/bcgov/von-network
cd von-network
./manage build
./manage start

After the von-network is up, goto the tails-server docker directory, run the manage script as follows.

cd indy-tails-server/docker
./manage test

This will perform a series of tests creating revocation registries with a local tails-server. Some notes:

The tests can only be run once per run of VON Network (error UnauthorizedClientRequest). To rerun, bring down von-network (./manage down; ./manage start in the von-network repository clone) and rerun the tests.
Wait a bit after starting von-network (15-20 seconds) before running the indy-tails-server tests, as you will get an error (Server disconnected...) if you start too quickly. If you get that error, try again and it should work.

If you want to run a local copy for testing with other deployments, here are some things you can try:

After starting your docker Tails File instance, run the ACA-Py Alice-Faber Demo with Revocation.
After starting your docker Tails File instance, run the Aries Agent Test Harness (AATH). For example, after cloning the AATH repo, run the command ./manage runset acapy -b to build and run the standard set of tests with ACA-Py. AATH detects that a tails file is already running locally, and so will use that instance.

Additional Notes

Due to how revocation works in Hyperledger Indy, there is the expectation/requirement that the tails server public URL will be stable over time. Failing to satisfy this requirement will cause failures when issuing and/or verifying credentials for which the credential definition was created/registered on an "old" tails server url.

indy-tails-server's People

Contributors

Stargazers

Watchers

Forkers

nrempel wadebarnes ianco esune kmovkr sktston sklump petridishdev vitalrev kiva thearhaam rd-dlab sauveer weiiv pixelschnitzel anonyome merbatur atb-leap chriamue swcurran marcraupachcicnetherlands nsgorlew njitblockchainlab senthil-akshay27 tdiesler dicoe-cgi bartekus idunion pasquale95 pradeepp88 indicio-tech rd-oss drumrobot mingi3442 oneof-inc opsecid funcode50 loneil ff137 c6ai digicred-holdings rajpalc7 contactable-georgel

indy-tails-server's Issues

Support ZMQ socks proxy

ZMQ socks proxy support is already implemented in indy-vdr (see Issue 2399 and is included in indy-vdr from the release 0.3.2.

By using/running tails-server behind a corporate proxy, this socks proxy must be provided via configuration to indy-vdr.

I am preparing a pull request to implement it...

Test in curl

Hello, I'm from Brazil and I am working as a collaborator on the Ian Constanzo project @ianco https://github.com/guilherme-funchal/django-aries-community. I'm trying to integrate Django with Indy-tails-server to save revocation registry from Aries and use ACA-PY.

1)I am trying to use the following python code:

def upload_file(revocation_file, revo_reg_def):

    with open(revocation_file, 'rb') as tails_file:

        response = requests.put(
            PUBLIC_TAILS_URL + revo_reg_def,
            data = {"genesis": "http://172.17.0.1:9000/genesis", "tails": revocation_file}
        )
        response.raise_for_status()
        file_status = response

2)Tails-server responds with 400 :

aries-django_1      | requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://eb81e473004d.ngrok.io/JnkAjQLbFzx7TrcJWW1ACw:4:JnkAjQLbFzx7TrcJWW1ACw:3:CL:9:default:CL_ACCUM:595a72b2-2e3b-48da-9247-cb71303cd955
aries-django_1      | [30/Jul/2020 00:52:37] "POST /credential_offer/ HTTP/1.1" 500 85206

3)I'm trying to use curl to test :

curl -X PUT -d tails=< revo_reg_def> http://

Error in tails-server :
2020-07-30 12:34:35,830 aiohttp.access INFO 172.19.0.2 [30/Jul/2020:12:34:35 +0000] "PUT /JnkAjQLbFzx7TrcJWW1ACw:4:JnkAjQLbFzx7TrcJWW1ACw:3:CL:49:default:CL_ACCUM:f455a85f-8e11-4574-a578-2ce5224ed6ee HTTP/1.1" 500 244 "-" "curl/7.68.0"

@nrempel Can you help me ?

Ngrok server can't connect to Tails Server

Hello, I tried to run the tails server and ngrok server directly by using my own-built tails server docker image and an official ngrok docker image. However, after running them, my ngrok server can't connect to my tails server.

Below shows what I've done.

Created a docker image based on the dockerfile in the tails server repo and pushed to the dockerhub.
Created a new docker bridge network called tails-server.
Use the following command to run this tails server
docker run --network tails-server -p 6543:6543 -d yunxizhang/indy-tails-server:latest tails-server --host 0.0.0.0 --port 6543 --storage-path /tmp/tail-files --log-level INFO
Use the following command to run the ngrok server
docker run --network tails-server -p 4040:4040 -d wernight/ngrok:latest ngrok http tails-server:6543 --log stdout

The two containers can run successfully. If I accessed the tails server directly by using the VM's public IP + port number, I can see below information, which tells me the tails server is up and running.

However, when I hit the my ngrok's server url, I got below error.

Note: I can see the same 404:Not found information if I run the built-in docker compose file provided by the indy-tails-server repo, and hit both VM's public IP + port number and the ngrok server's url in my browser.

Can any one help here on what's missing in my steps?

Publish a docker image?

Is there a published image of this tails server somewhere? If not, have we considered publishing one? We've been using one that I've unofficially pushed to hub.docker.com but the process is not automated and so can get out of sync when there are updates here.

Potential DOS via huge tails file PUT ?

I am logging this for someone to double check. I don't see any limit on the writing of the temporary tails file PRIOR to checking the hash on the ledger. My expectation is that it could be possible to send a continuous stream that would eventually exceed all storage available and cause service failure. The code I am concerned about is in tails_server/web.py :

while True:
                chunk = await field.read_chunk(CHUNK_SIZE)
                if not chunk:
                    break
                sha256.update(chunk)
                tmp_file.write(chunk)

A revocation registry is created with a number of entries specified so is there any possibility that the ledger can be used to pre-calculate a max/expect length from information retrieved when the tails_hash is ?

Happy to be wrong on this but thought I should pose the question from code review.

Cache transactions retrieved after a pool request

When publishing a new tails file, the server needs to read the current state of the targeted ledger in order to check the state of the revocation registry.

Every time a new file is pushed, the server needs to "start from scratch" and re-read all of the transactions from inception on the specified ledger (via the genesis file specified during upload + new entries on that ledger).

To speed-up this process, it would be nice to have the last know state for a specific ledger cached so that only transactions newer than the last update - if any - will need to be fetched and refreshed.

CoreDump in zmq

hello,

since weare behind a company firewall we are using the tails-server with the Socks-proxy pull request #38;
the tails-file server runs in OpenShift and tries to connect to the IDUnion indy-network (https://idunion.org/?lang=en);

Problem is that zmq creates a CoreDumped (currently we are not able to retrieve the coredump-file cause of company and OpenShift); log is given below:

remark: a similar problem we have on the agent side, where we switched from Indy to Asker...

=> has someone an idea how to investigate this problem further?

[2022-08-09T08:34:44Z DEBUG indy_vdr::ffi] Initialized default logger
[2022-08-09T08:34:44Z DEBUG indy_vdr::ffi] Setting pool socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z INFO indy_vdr::pool::genesis] Skipped: Node 'xxx' is not a validator
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::pool] New RequestHandle(1): reqId()
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] New ZMQConnectionHandle(1)
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node ING
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node regio_iT
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node xxx
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::helpers] Catchup target found 7YnD1B5iRy79QcBx1DFqiyu6j3fsyHiE13f4H4KEspLm 26 Some({"xxx": -1.0, "xxx": 0.290305, "xxx": -1.0, "xxx": -1.0, "xxx": -1.0, "xxx": 0.31385347, "xxx": 0.29052326, "xxx": -1.0, "xxx": 0.30031052, "xxx": -1.0, "xxx": -1.0, "xxx": -1.0})
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::pool] New RequestHandle(2): reqId()
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] New ZMQConnectionHandle(2)
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node siemens
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Open new socket for node tubzecm
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Use socks proxy: pxvip02.intranet.commerzbank.com:1080
[2022-08-09T08:34:44Z INFO indy_vdr::pool::helpers] Catchup completed Some({"siemens": 0.20512652, "tubzecm": -1.0})
[2022-08-09T08:34:44Z DEBUG indy_vdr::ffi::pool] Adding 11 new pool transactions
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::runner] Drop pool runner thread
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::runner] Pool thread ended
[2022-08-09T08:34:44Z DEBUG indy_vdr::pool::networker::zmq] Drop networker thread
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] socket dropped
[2022-08-09T08:34:44Z DEBUG zmq] context dropped
Bad file descriptor (/github/home/.cargo/registry/src/github.com-1ecc6299db9ec823/zeromq-src-0.1.10+4.3.2/vendor/src/epoll.cpp:113)
./wrapper.sh: line 21: 12 Aborted (core dumped) tails-server $1 $2 $3 $4 $5

Unable to run the tailsserver in docker

I spin up von-network and trying to set up tailsserver using the bcgov/indy-tails-server repo but I'm getting error with aiohttp error.
Please confirm if the python versions and requirements.txt has valid versions.

Tails Server is Failing to Build

#8 7.079     building '_cffi_backend' extension
#8 7.079     creating build/temp.linux-x86_64-3.7
#8 7.079     creating build/temp.linux-x86_64-3.7/c
#8 7.079     x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python3.7m -c c/_cffi_backend.c -o build/temp.linux-x86_64-3.7/c/_cffi_backend.o
#8 7.079     unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
#8 7.079     error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
#8 7.079     
#8 7.079     ----------------------------------------
#8 7.132 Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-ha9yyrkb/cffi/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-mdi73cuj/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-install-ha9yyrkb/cffi/
------
executor failed running [/bin/sh -c pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt]: exit code: 1
ERROR: Service 'tails-server' failed to build : Build failed

It's Been a While Since This Repository has Been Updated

This issue is a kind reminder that your repository has been inactive for 180 days. Some repositories are maintained in accordance with business requirements that infrequently change thus appearing inactive, and some repositories are inactive because they are unmaintained.

To help differentiate products that are unmaintained from products that do not require frequent maintenance, repomountie will open an issue whenever a repository has not been updated in 180 days.

If this product is being actively maintained, please close this issue.
If this repository isn't being actively maintained anymore, please archive this repository. Also, for bonus points, please add a dormant or retired life cycle badge.

Thank you for your help ensuring effective governance of our open-source ecosystem!

No Log Info when aca-py fails to create revocation files in the tails server

Issue:
Currently, there's no log info in the tails server when aca-py fails to create/upload revocation files, the only information one can get is from the aca-py POST API (/credential-definitions) response for creating a credential definition such that 500: Tails file for rev reg MtSBSkitb28PSoCj9EpSDs:4:MtSBSkitb28PSoCj9EpSDs:3:CL:61850:default:CL_ACCUM:e3b761f5-1218-44bd-8612-0727e777f72d failed to upload: Exceeded maximum put attempts

Lacking the log info in the tails server is hard to determine what's wrong when revocation files failed to be created/uploaded.

Error when giving any other URL for tails-server

When I'm trying to run the tails server with host as 0.0.0.0 and port 6543 it's working fine but whenever I'm giving an IP different from 0.0.0.0 Its giving me this error

Add project lifecycle badge

No Project Lifecycle Badge found in your readme!

Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.

What is a Project Lifecycle Badge?

It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.

What do I need to do?

I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)

how tails files used and why tails server url public

I set the tailsserver and revoking the credential.but need some info on how the tails file in storage path used and why tailsserver url should be public.
Is it safe to expose tails files to Internet and who are interacting with tails server.

Please share some insights on this.

Create a new api endpoint for health check

At the moment, there's no health check api endpoint available. When deploying with load balancers for health checking, this is not possible.

Request a new endpoint for health checking purpose.

Credential not stored in holder wallet with revocation support

After credential issued to holder then trying to store credential which has revocation support but getting error tails files hash does not match and able to store in holder wallet .
Need help in storing credential with revocation in holder wallet

Add missing topics

TL;DR

Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).

Why Topic

In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub and our Open Source initiative. This huge success means its critical that we work to make our content as discoverable as possible; Through discoverability, we promote code reuse across a large decentralized organization like the Government of British Columbia as well as allow ministries to find the repos they own.

What to do

Below is a table of abbreviation a.k.a short codes for each ministry; they're the ones used in all @gov.bc.ca email addresses. Please add the short codes of the ministry or organization that "owns" this repo as a topic.

That's in, you're done!!!

How to use

Once topics are added, you can use them in GitHub's search. For example, enter something like org:bcgov topic:citz to find all the repos that belong to Citizens' Services. You can refine this search by adding key words specific to a subject you're interested in. To learn more about searching through repos check out GitHub's doc on searching.

Pro Tip 🤓

If your org is not in the list below, or the table contains errors, please create an issue here.
While you're doing this, add additional topics that would help someone searching for "something". These can be the language used javascript or R; something like opendata or data for data only repos; or any other key words that are useful.
Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.
If your application is live, add the production URL.

Ministry Short Codes

Short Code	Organization Name
AEST	Advanced Education, Skills & Training
AGRI	Agriculture
ALC	Agriculture Land Commission
AG	Attorney General
MCF	Children & Family Development
CITZ	Citizens' Services
DBC	Destination BC
EMBC	Emergency Management BC
EAO	Environmental Assessment Office
EDUC	Education
EMPR	Energy, Mines & Petroleum Resources
ENV	Environment & Climate Change Strategy
FIN	Finance
FLNR	Forests, Lands, Natural Resource Operations & Rural Development
HLTH	Health
FLNR	Indigenous Relations & Reconciliation
JEDC	Jobs, Economic Development & Competitiveness
LBR	Labour Policy & Legislation
LDB	BC Liquor Distribution Branch
MMHA	Mental Health & Addictions
MAH	Municipal Affairs & Housing
BCPC	Pension Corporation
PSA	Public Safety & Solicitor General & Emergency B.C.
SDPR	Social Development & Poverty Reduction
TCA	Tourism, Arts & Culture
TRAN	Transportation & Infrastructure

NOTE See an error or omission? Please create an issue here to get it remedied.

Service 'tails-server' failed to build

So the indy-tails-server was working until yesterday, I tried building it today and faced the following error:

  Running setup.py install for yarl: started
    Running setup.py install for yarl: finished with status 'error'
    Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-v2k4bxe5/yarl/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-o1p0b6sl/install-record.txt --single-version-externally-managed --compile --user --prefix=:
    **********************
    * Accellerated build *
    **********************
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.7
    creating build/lib.linux-x86_64-3.7/yarl
    copying yarl/_url.py -> build/lib.linux-x86_64-3.7/yarl
    copying yarl/_quoting.py -> build/lib.linux-x86_64-3.7/yarl
    copying yarl/_quoting_py.py -> build/lib.linux-x86_64-3.7/yarl
    copying yarl/__init__.py -> build/lib.linux-x86_64-3.7/yarl
    running egg_info
    writing yarl.egg-info/PKG-INFO
    writing dependency_links to yarl.egg-info/dependency_links.txt
    writing requirements to yarl.egg-info/requires.txt
    writing top-level names to yarl.egg-info/top_level.txt
    reading manifest file 'yarl.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    warning: no previously-included files matching '*.pyc' found anywhere in distribution
    warning: no previously-included files matching '*.cache' found anywhere in distribution
    warning: no previously-included files found matching 'yarl/*.html'
    warning: no previously-included files found matching 'yarl/*.so'
    warning: no previously-included files found matching 'yarl/*.pyd'
    no previously-included directories found matching 'docs/_build'
    writing manifest file 'yarl.egg-info/SOURCES.txt'
    copying yarl/__init__.pyi -> build/lib.linux-x86_64-3.7/yarl
    copying yarl/_quoting_c.c -> build/lib.linux-x86_64-3.7/yarl
    copying yarl/_quoting_c.pyi -> build/lib.linux-x86_64-3.7/yarl
    copying yarl/_quoting_c.pyx -> build/lib.linux-x86_64-3.7/yarl
    copying yarl/py.typed -> build/lib.linux-x86_64-3.7/yarl
    running build_ext
    building 'yarl._quoting_c' extension
    creating build/temp.linux-x86_64-3.7
    creating build/temp.linux-x86_64-3.7/yarl
    x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c yarl/_quoting_c.c -o build/temp.linux-x86_64-3.7/yarl/_quoting_c.o
    unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

    ----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-v2k4bxe5/yarl/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-o1p0b6sl/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-install-v2k4bxe5/yarl/
Service 'tails-server' failed to build : The command '/bin/sh -c pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt' returned a non-zero code: 1

Ngrok auth token required for local Docker use

As of recently, this project doesn't seem to want to start up with out an Ngrok Auth Token.

If following the readme instructions and running manage start, the docker-ngrok-tails-server container will fail to start up with:

"ERROR: authentication failed: Usage of ngrok requires a verified account and authtoken."

Add the docker compose env needed and instructions for developers to set this up.

Update base image, and underlying dependencies

The production build for tails-server is using bcgovimages/von-image:next-1, which is outdated.

The project should be updated to use bcgovimages/von-image:py36-1.16-0, with the addition of indy_vdr~=0.2.0 to requirements.txt.

Add a /health endpoint

Please add a /health endpoint that we can use for readiness and liveness probes in OpenShift.

The endpoint should perform a meaningful health check on the server's services and return a 200 OK response if all is well.

Is indy vdr setup mandatory for tailsserver

I'm trying to build and run tails server with docker file using the docker.tails_server docker file statements.

Docker build is fine but when I run image getting indy vdr url is missing.

Please suggest to setup tails server without manage scripts.

Remove dependency on indy-sdk

indy-tails-server is based on indy-vdr. The only code using the indy-sdk is the integration tests. Update the tests and migrate away from the indy-sdk.

indy_vdr occasionally does not import correctly

======== Running on http://0.0.0.0:6543 ========
(Press CTRL+C to quit)
2020-06-03 07:52:53,836 indy_vdr.bindings WARNING Library not loaded from python package
2020-06-03 07:52:56,631 aiohttp.server ERROR Error handling request
Traceback (most recent call last):
  File "/home/indy/.local/lib/python3.7/site-packages/aiohttp/web_protocol.py", line 418, in start
    resp = await task
  File "/home/indy/.local/lib/python3.7/site-packages/aiohttp/web_app.py", line 458, in _handle
    resp = await handler(request)
  File "/home/indy/tails_server/web.py", line 72, in put_file
    genesis_txn_bytes, revocation_reg_id, storage_path
  File "/home/indy/tails_server/ledger.py", line 38, in get_rev_reg_def
    req = indy_vdr.ledger.build_get_revoc_reg_def_request(
AttributeError: module 'indy_vdr.ledger' has no attribute 'build_get_revoc_reg_def_request'

It's Been a While Since This Repository has Been Updated

To help differentiate products that are unmaintained from products that do not require frequent maintenance, repomountie will open an issue whenever a repository has not been updated in 180 days.

If this product is being actively maintained, please close this issue.
If this repository isn't being actively maintained anymore, please archive this repository. Also, for bonus points, please add a dormant or retired life cycle badge.

Thank you for your help ensuring effective governance of our open-source ecosystem!

Add missing topics

TL;DR

Why Topic

What to do

That's in, you're done!!!

How to use

Pro Tip 🤓

If your org is not in the list below, or the table contains errors, please create an issue here.
While you're doing this, add additional topics that would help someone searching for "something". These can be the language used javascript or R; something like opendata or data for data only repos; or any other key words that are useful.
Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.
If your application is live, add the production URL.

Ministry Short Codes

Short Code	Organization Name
AEST	Advanced Education, Skills & Training
AGRI	Agriculture
ALC	Agriculture Land Commission
AG	Attorney General
MCF	Children & Family Development
CITZ	Citizens' Services
DBC	Destination BC
EMBC	Emergency Management BC
EAO	Environmental Assessment Office
EDUC	Education
EMPR	Energy, Mines & Petroleum Resources
ENV	Environment & Climate Change Strategy
FIN	Finance
FLNR	Forests, Lands, Natural Resource Operations & Rural Development
HLTH	Health
FLNR	Indigenous Relations & Reconciliation
JEDC	Jobs, Economic Development & Competitiveness
LBR	Labour Policy & Legislation
LDB	BC Liquor Distribution Branch
MMHA	Mental Health & Addictions
MAH	Municipal Affairs & Housing
BCPC	Pension Corporation
PSA	Public Safety & Solicitor General & Emergency B.C.
SDPR	Social Development & Poverty Reduction
TCA	Tourism, Arts & Culture
TRAN	Transportation & Infrastructure

NOTE See an error or omission? Please create an issue here to get it remedied.

Update GHA versions in the project's workflow

The project's workflow contains GHAs that are using deprecated resources and/or APIs. Update the actions to use the latest version to fix the issues.

Support Different Port for PUTs compared to GETs

Is it the intention that ANY credential issuer can use ANY tails file server ?

Currently there is only a single PORT configured for the tails server. GETs HAVE to be available to the public however allowing PUTs on the same port means that any issuers capable of writing a revocable registry entry to the ledger could use any ones tails file server. This seems problematic and suggests a seperate PORT should be configurable for the PUT method so that it can be protected via standard firewall protection approaches.

It may seem crazy that anyone would use a tails server they don't have control of for their credentials however it does open a potential DOS avenue depending on the cost of ledger writes.

bcgov / indy-tails-server Goto Github PK

indy-tails-server's Introduction

Indy Tails Server

Introduction

Metrics about Tails Files

Running in Docker (easy mode)

Ngrok

Running on Bare Metal

Usage

Uploading

Downloading

Guarantees

Tests

Additional Notes

indy-tails-server's People

Contributors

Stargazers

Watchers

Forkers

indy-tails-server's Issues

No Project Lifecycle Badge found in your readme!

What is a Project Lifecycle Badge?

What do I need to do?

TL;DR

Why Topic

What to do

How to use

Pro Tip 🤓

Ministry Short Codes

TL;DR

Why Topic

What to do

How to use

Pro Tip 🤓

Ministry Short Codes

Recommend Projects

Recommend Topics

Recommend Org