Merge pull request #66 from AntelopeIO/remove_yubihsm

[3.2] remove YubiHSM support from keosd
AntelopeIO · Aug 31, 2022 · 10d696f · 10d696f
2 parents b18eaec + 56d94f2
commit 10d696f
Show file tree

Hide file tree

Showing 16 changed files with 6 additions and 451 deletions.
diff --git a/.cicd/platforms/ubuntu18.Dockerfile b/.cicd/platforms/ubuntu18.Dockerfile
@@ -7,13 +7,10 @@ RUN apt-get update && apt-get upgrade -y && \
                                                       g++-8                       \
                                                       git                         \
                                                       jq                          \
-                                                      libcurl4-openssl-dev        \
                                                       libgmp-dev                  \
                                                       libssl-dev                  \
-                                                      libusb-1.0-0-dev            \
                                                       llvm-7-dev                  \
                                                       ninja-build                 \
-                                                      pkg-config                  \
                                                       python3                     \
                                                       software-properties-common  \
                                                       zlib1g-dev                  \

diff --git a/.cicd/platforms/ubuntu20.Dockerfile b/.cicd/platforms/ubuntu20.Dockerfile
@@ -7,11 +7,8 @@ RUN apt-get update && apt-get upgrade -y && \
                                                       git                  \
                                                       jq                   \
                                                       libboost-all-dev     \
-                                                      libcurl4-openssl-dev \
                                                       libgmp-dev           \
                                                       libssl-dev           \
-                                                      libusb-1.0-0-dev     \
                                                       llvm-11-dev          \
                                                       ninja-build          \
-                                                      pkg-config           \
                                                       zstd
diff --git a/.cicd/platforms/ubuntu22.Dockerfile b/.cicd/platforms/ubuntu22.Dockerfile
@@ -7,11 +7,8 @@ RUN apt-get update && apt-get upgrade -y && \
                                                       git                  \
                                                       jq                   \
                                                       libboost-all-dev     \
-                                                      libcurl4-openssl-dev \
                                                       libgmp-dev           \
                                                       libssl-dev           \
-                                                      libusb-1.0-0-dev     \
                                                       llvm-11-dev          \
                                                       ninja-build          \
-                                                      pkg-config           \
                                                       zstd
diff --git a/.gitmodules b/.gitmodules
@@ -13,9 +13,6 @@
 [submodule "libraries/softfloat"]
 	path = libraries/softfloat
 	url = https://github.com/AntelopeIO/berkeley-softfloat-3
-[submodule "libraries/yubihsm"]
-	path = libraries/yubihsm
-	url = https://github.com/Yubico/yubihsm-shell
 [submodule "tests/abieos"]
 	path = tests/abieos
 	url = https://github.com/AntelopeIO/abieos

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -224,7 +224,6 @@ configure_file(libraries/wasm-jit/LICENSE                               licenses
 configure_file(libraries/fc/secp256k1/secp256k1/COPYING                 licenses/leap/LICENSE.secp256k1 COPYONLY)
 configure_file(libraries/fc/include/fc/crypto/webauthn_json/license.txt licenses/leap/LICENSE.rapidjson COPYONLY)
 configure_file(libraries/fc/src/network/LICENSE.go                      licenses/leap/LICENSE.go        COPYONLY)
-configure_file(libraries/yubihsm/LICENSE                                licenses/leap/LICENSE.yubihsm   COPYONLY)
 configure_file(libraries/eos-vm/LICENSE                                 licenses/leap/LICENSE.eos-vm    COPYONLY)
 configure_file(libraries/fc/libraries/ff/LICENSE                        licenses/leap/LICENSE.libff     COPYONLY)
 
@@ -237,9 +236,6 @@ add_custom_target(dev-install
   USES_TERMINAL
 )
 
-get_property(_CTEST_CUSTOM_TESTS_IGNORE GLOBAL PROPERTY CTEST_CUSTOM_TESTS_IGNORE)
-file(WRITE "${CMAKE_BINARY_DIR}/CTestCustom.cmake" "SET(CTEST_CUSTOM_TESTS_IGNORE ${_CTEST_CUSTOM_TESTS_IGNORE})")
-
 include(doxygen)
 
 include(package.cmake)

diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ Recent Ubuntu LTS releases are the only Linux distributions that we fully suppor
 * CMake 3.8+
 * (for Linux only) LLVM 7 - 11 (newer versions do not work)
 
-A few other common libraries are tools also required such as openssl 1.1+, libcurl, curl, libusb, GMP, Python 3, and zlib.
+A few other common libraries are tools also required such as openssl 1.1+, curl, GMP, Python 3, and zlib.
 
 **A Warning On Parallel Compilation Jobs (`-j` flag)**: When building C/C++ software often the build is performed in parallel via a command such as `make -j $(nproc)` which uses the number of CPU cores as the number of compilation jobs to perform simultaneously. However, be aware that some compilation units (.cpp files) in Leap are extremely complex and will consume nearly 4GB of memory to compile. You may need to reduce the level of parallelization depending on the amount of memory on your build host. e.g. instead of `make -j $(nproc)` run `make -j2`. Failures due to memory exhaustion will typically but not always manifest as compiler crashes.
 
@@ -33,6 +33,8 @@ The binary package will be produced in the Leap build directory that was supplie
 
 #### Manual (non "pinned") Build Instructions
 
+These instructions are valid for this branch. Other release branches may have different requirements so ensure you follow the directions in the branch or release you intend to build.
+
 <details>
   <summary>Ubuntu 20.04 & 22.04 Build Instructions</summary>
 
@@ -44,12 +46,9 @@ apt-get update && apt-get install   \
         curl                        \
         git                         \
         libboost-all-dev            \
-        libcurl4-openssl-dev        \
         libgmp-dev                  \
         libssl-dev                  \
-        libusb-1.0-0-dev            \
-        llvm-11-dev                 \
-        pkg-config
+        llvm-11-dev
 ```
 and perform the build:
 ```
@@ -72,12 +71,9 @@ apt-get update && apt-get install   \
         curl                        \
         g++-8                       \
         git                         \
-        libcurl4-openssl-dev        \
         libgmp-dev                  \
         libssl-dev                  \
-        libusb-1.0-0-dev            \
         llvm-7-dev                  \
-        pkg-config                  \
         python3                     \
         zlib1g-dev
         

diff --git a/docs/03_keosd/10_usage.md b/docs/03_keosd/10_usage.md
@@ -91,11 +91,6 @@ Config Options for eosio::wallet_plugin:
                                         number of seconds of inactivity.
                                         Activity is defined as any wallet
                                         command e.g. list-wallets.
-  --yubihsm-url URL                     Override default URL of
-                                        http://localhost:12345 for connecting
-                                        to yubihsm-connector
-  --yubihsm-authkey key_num             Enables YubiHSM support using given
-                                        Authkey
 
 Application Config Options:
   --plugin arg                          Plugin(s) to enable, may be specified

diff --git a/docs/03_keosd/30_how-to-guides/how-to-attach-a-yubihsm-hard-wallet.md b/docs/03_keosd/30_how-to-guides/how-to-attach-a-yubihsm-hard-wallet.md
diff --git a/docs/03_keosd/30_how-to-guides/index.md b/docs/03_keosd/30_how-to-guides/index.md
diff --git a/libraries/CMakeLists.txt b/libraries/CMakeLists.txt
@@ -30,17 +30,3 @@ set(ENABLE_PROFILE OFF CACHE BOOL "Enable for profile builds")
 if(eos-vm IN_LIST EOSIO_WASM_RUNTIMES OR eos-vm-jit IN_LIST EOSIO_WASM_RUNTIMES)
 add_subdirectory( eos-vm )
 endif()
-
-set(ENABLE_STATIC ON)
-set(CMAKE_MACOSX_RPATH OFF)
-set(BUILD_ONLY_LIB ON CACHE BOOL "Library only build")
-message(STATUS "Starting yubihsm configuration...")
-add_subdirectory( yubihsm EXCLUDE_FROM_ALL )
-target_compile_options(yubihsm_static PRIVATE -fno-lto -fcommon)
-message(STATUS "yubihsm configuration complete")
-
-get_property(_CTEST_CUSTOM_TESTS_IGNORE GLOBAL PROPERTY CTEST_CUSTOM_TESTS_IGNORE)
-set_property(GLOBAL PROPERTY CTEST_CUSTOM_TESTS_IGNORE
-  "change_authkey import_ed decrypt_ec decrypt_rsa ssh logs generate_rsa import_ec echo\
-  yubico_otp wrap_data wrap info import_rsa import_authkey generate_hmac generate_ec\
-  attest pbkdf2 parsing ${_CTEST_CUSTOM_TESTS_IGNORE}")
diff --git a/libraries/yubihsm b/libraries/yubihsm
diff --git a/plugins/wallet_plugin/CMakeLists.txt b/plugins/wallet_plugin/CMakeLists.txt
@@ -19,11 +19,7 @@ add_library( wallet_plugin
              wallet_plugin.cpp
              wallet_manager.cpp
              ${SE_WALLET_SOURCES}
-             yubihsm_wallet.cpp
              ${HEADERS} )
 
-target_link_libraries( wallet_plugin yubihsm_static eosio_chain appbase ${security_framework} ${corefoundation_framework} ${localauthentication_framework} ${cocoa_framework})
+target_link_libraries( wallet_plugin eosio_chain appbase ${security_framework} ${corefoundation_framework} ${localauthentication_framework} ${cocoa_framework})
 target_include_directories( wallet_plugin PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/include" )
-
-#sadly old cmake 2.8 support in yubihsm cmake prevents usage of target_include_directories there
-target_include_directories( wallet_plugin PRIVATE "${CMAKE_SOURCE_DIR}/libraries/yubihsm/lib" )
diff --git a/plugins/wallet_plugin/include/eosio/wallet_plugin/yubihsm_wallet.hpp b/plugins/wallet_plugin/include/eosio/wallet_plugin/yubihsm_wallet.hpp
diff --git a/plugins/wallet_plugin/wallet_plugin.cpp b/plugins/wallet_plugin/wallet_plugin.cpp
@@ -1,6 +1,5 @@
 #include <eosio/wallet_plugin/wallet_plugin.hpp>
 #include <eosio/wallet_plugin/wallet_manager.hpp>
-#include <eosio/wallet_plugin/yubihsm_wallet.hpp>
 #include <eosio/chain/exceptions.hpp>
 #include <boost/filesystem/path.hpp>
 #include <chrono>
@@ -27,10 +26,6 @@ void wallet_plugin::set_program_options(options_description& cli, options_descri
           "Timeout for unlocked wallet in seconds (default 900 (15 minutes)). "
           "Wallets will automatically lock after specified number of seconds of inactivity. "
           "Activity is defined as any wallet command e.g. list-wallets.")
-         ("yubihsm-url", bpo::value<string>()->value_name("URL"),
-          "Override default URL of http://localhost:12345 for connecting to yubihsm-connector")
-         ("yubihsm-authkey", bpo::value<uint16_t>()->value_name("key_num"),
-          "Enables YubiHSM support using given Authkey")
          ;
 }
 
@@ -53,15 +48,6 @@ void wallet_plugin::plugin_initialize(const variables_map& options) {
          std::chrono::seconds t(timeout);
          wallet_manager_ptr->set_timeout(t);
       }
-      if (options.count("yubihsm-authkey")) {
-         uint16_t key = options.at("yubihsm-authkey").as<uint16_t>();
-         string connector_endpoint = "http://localhost:12345";
-         if(options.count("yubihsm-url"))
-            connector_endpoint = options.at("yubihsm-url").as<string>();
-         try {
-            wallet_manager_ptr->own_and_use_wallet("YubiHSM", make_unique<yubihsm_wallet>(connector_endpoint, key));
-         }FC_LOG_AND_RETHROW()
-      }
    } FC_LOG_AND_RETHROW()
 }