-
Notifications
You must be signed in to change notification settings - Fork 690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport pallet-identity
double encoding on signature payload fix into crates io release 1.7.0
#4702
Conversation
In order to receive a username in `pallet-identity`, users have to, among other things, provide a signature of the desired username. Right now, there is an [extra encoding step](https://github.com/paritytech/polkadot-sdk/blob/4ab078d6754147ce731523292dd1882f8a7b5775/substrate/frame/identity/src/lib.rs#L1119) when generating the payload to sign. Encoding a `Vec` adds extra bytes related to the length, which changes the payload. This is unnecessary and confusing as users expect the payload to sign to be just the username bytes. This PR fixes this issue by validating the signature directly against the username bytes. --------- Signed-off-by: georgepisaltu <george.pisaltu@parity.io>
This change is marked as major so is not suitable for backport. The existing release branches should stay stable and have no breaking changes. |
Ok, closing the PR then |
@Morganamilo we have had some other "major" backports, even that changed the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case we can keep everything sane by yanking the previous version of pallet-identity
and releasing this new "patched" one.
The major
breaking change here will not break compilation (API is unchanged); the interpretation of one of the parameters does indeed change, so it is only breaking for actual users of it - which there are none yet since this hasn't been deployed anywhere yet.
Patching the fix here allows us to use the right behavior on the first deployment.
substrate/frame/identity/Cargo.toml
Outdated
@@ -1,6 +1,6 @@ | |||
[package] | |||
name = "pallet-identity" | |||
version = "29.0.1" | |||
version = "30.0.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
30.0.0
is already released (guessing with sdk v1.8.0)
version = "30.0.0" | |
version = "29.0.2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like latest on crates.io is v34.0.0, so there's some versions in between. Anyway, updated it to v29.0.2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Release tooling handles versioning. There's no need to change the crate or dep versions.
Signed-off-by: georgepisaltu <george.pisaltu@parity.io>
Signed-off-by: georgepisaltu <george.pisaltu@parity.io>
Signed-off-by: georgepisaltu <george.pisaltu@parity.io>
The CI pipeline was cancelled due to failure one of the required jobs. |
If this crate is considered unreleased then in this case it's fine. But I don't know what you mean by it hasn't been deployed yet. |
Technically it is deployed on Kusama People chain, but there is no way to use the broken functionality because there are no registered username authorities. It is unreleased on Polkadot People chain, which is good because we have a chance to fix it. I think yanking the current version makes sense and we can just release this "patch" version on top of the yanked one, and do the same for the remaining release branches. |
Backport for #4646