feat: pass genesis_cn pub fields separate to hide sk

.github/workflows/benchmark-prs.yml

@@ -7,7 +7,9 @@ env:
   RUST_BACKTRACE: 1
   CLIENT_DATA_PATH: /home/runner/.local/share/safe/client
   NODE_DATA_PATH: /home/runner/.local/share/safe/node
-  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4 
+  GENESIS_PK: 9934c21469a68415e6b06a435709e16bff6e92bf302aeb0ea9199d2d06a55f1b1a21e155853d3f94ae31f8f313f886ee
+  GENESIS_CN_UNIQUE_KEY: 82e84d347286a2a2035e4fdb5f011649e0244c22d20ab6b14008499ee24e7259c312f3a6427359da0048ff9894b11b55
+  GENESIS_CN_PARENT_TX: 005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d99291005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d9929192
 
 jobs:
   benchmark-cli:

.github/workflows/generate-benchmark-charts.yml

@@ -17,7 +17,9 @@ env:
   RUST_BACKTRACE: 1
   CLIENT_DATA_PATH: /home/runner/.local/share/safe/client
   NODE_DATA_PATH: /home/runner/.local/share/safe/node
-  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
+  GENESIS_PK: 9934c21469a68415e6b06a435709e16bff6e92bf302aeb0ea9199d2d06a55f1b1a21e155853d3f94ae31f8f313f886ee
+  GENESIS_CN_UNIQUE_KEY: 82e84d347286a2a2035e4fdb5f011649e0244c22d20ab6b14008499ee24e7259c312f3a6427359da0048ff9894b11b55
+  GENESIS_CN_PARENT_TX: 005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d99291005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d9929192
 
 jobs:
   benchmark-cli:

.github/workflows/memcheck.yml

@@ -16,7 +16,9 @@ env:
   BOOTSTRAP_NODE_DATA_PATH: /home/runner/.local/share/safe/bootstrap_node
   RESTART_TEST_NODE_DATA_PATH: /home/runner/.local/share/safe/restart_node
   FAUCET_LOG_PATH: /home/runner/.local/share/safe/test_faucet/logs
-  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
+  GENESIS_PK: 9934c21469a68415e6b06a435709e16bff6e92bf302aeb0ea9199d2d06a55f1b1a21e155853d3f94ae31f8f313f886ee
+  GENESIS_CN_UNIQUE_KEY: 82e84d347286a2a2035e4fdb5f011649e0244c22d20ab6b14008499ee24e7259c312f3a6427359da0048ff9894b11b55
+  GENESIS_CN_PARENT_TX: 005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d99291005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d9929192
 
 jobs:
   memory-check:

.github/workflows/merge.yml

@@ -12,7 +12,9 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WINSW_URL: https://github.com/winsw/winsw/releases/download/v3.0.0-alpha.11/WinSW-x64.exe
-  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
+  GENESIS_PK: 9934c21469a68415e6b06a435709e16bff6e92bf302aeb0ea9199d2d06a55f1b1a21e155853d3f94ae31f8f313f886ee
+  GENESIS_CN_UNIQUE_KEY: 82e84d347286a2a2035e4fdb5f011649e0244c22d20ab6b14008499ee24e7259c312f3a6427359da0048ff9894b11b55
+  GENESIS_CN_PARENT_TX: 005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d99291005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d9929192
 
 jobs:
   cargo-udeps:

.github/workflows/nightly.yml

@@ -8,7 +8,9 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WORKFLOW_URL: https://github.com/maidsafe/stableset_net/actions/runs
-  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
+  GENESIS_PK: 9934c21469a68415e6b06a435709e16bff6e92bf302aeb0ea9199d2d06a55f1b1a21e155853d3f94ae31f8f313f886ee
+  GENESIS_CN_UNIQUE_KEY: 82e84d347286a2a2035e4fdb5f011649e0244c22d20ab6b14008499ee24e7259c312f3a6427359da0048ff9894b11b55
+  GENESIS_CN_PARENT_TX: 005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d99291005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d9929192
 
 jobs:
   e2e:

.github/workflows/nightly_wan.yml

@@ -8,7 +8,9 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WORKFLOW_URL: https://github.com/maidsafe/stableset_net/actions/runs
-  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
+  GENESIS_PK: 9934c21469a68415e6b06a435709e16bff6e92bf302aeb0ea9199d2d06a55f1b1a21e155853d3f94ae31f8f313f886ee
+  GENESIS_CN_UNIQUE_KEY: 82e84d347286a2a2035e4fdb5f011649e0244c22d20ab6b14008499ee24e7259c312f3a6427359da0048ff9894b11b55
+  GENESIS_CN_PARENT_TX: 005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d99291005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d9929192
 
 jobs:
   e2e:

.github/workflows/nightly_wan_churn.yml

@@ -9,7 +9,9 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WORKFLOW_URL: https://github.com/maidsafe/stableset_net/actions/runs
-  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
+  GENESIS_PK: 9934c21469a68415e6b06a435709e16bff6e92bf302aeb0ea9199d2d06a55f1b1a21e155853d3f94ae31f8f313f886ee
+  GENESIS_CN_UNIQUE_KEY: 82e84d347286a2a2035e4fdb5f011649e0244c22d20ab6b14008499ee24e7259c312f3a6427359da0048ff9894b11b55
+  GENESIS_CN_PARENT_TX: 005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d99291005d1eeeffa2e111cf35356231316234393839666638343030616439353337323436613366323133633935323765343265653939343830303431623662613032643232633434323065393436313130663562646634653533303261326136383237343364343865323860d9929192
 
 jobs:
   e2e:

sn_auditor/src/dag_db.rs

@@ -11,7 +11,9 @@ use color_eyre::eyre::{eyre, Result};
 use graphviz_rust::{cmd::Format, exec, parse, printer::PrinterContext};
 use serde::{Deserialize, Serialize};
 use sn_client::networking::NetworkError;
-use sn_client::transfers::{Hash, NanoTokens, SignedSpend, SpendAddress, GENESIS_CASHNOTE};
+use sn_client::transfers::{
+    Hash, NanoTokens, SignedSpend, SpendAddress, GENESIS_CASHNOTE_UNIQUE_KEY,
+};
 use sn_client::Error as ClientError;
 use sn_client::{Client, SpendDag, SpendDagGet};
 use std::collections::{BTreeMap, BTreeSet};
@@ -302,7 +304,7 @@ impl SpendDagDb {
 }
 
 pub async fn new_dag_with_genesis_only(client: &Client) -> Result<SpendDag> {
-    let genesis_addr = SpendAddress::from_unique_pubkey(&GENESIS_CASHNOTE.unique_pubkey());
+    let genesis_addr = SpendAddress::from_unique_pubkey(&GENESIS_CASHNOTE_UNIQUE_KEY);
     let mut dag = SpendDag::new(genesis_addr);
     let genesis_spend = match client.get_spend_from_network(genesis_addr).await {
         Ok(s) => s,

sn_cli/src/bin/subcommands/wallet/audit.rs

@@ -11,7 +11,9 @@ use std::path::Path;
 use bls::SecretKey;
 use color_eyre::Result;
 use sn_client::acc_packet::load_account_wallet_or_create_with_mnemonic;
-use sn_client::transfers::{CashNoteRedemption, SpendAddress, Transfer, GENESIS_CASHNOTE};
+use sn_client::transfers::{
+    CashNoteRedemption, SpendAddress, Transfer, GENESIS_CASHNOTE_UNIQUE_KEY,
+};
 use sn_client::{Client, SpendDag};
 
 const SPEND_DAG_FILENAME: &str = "spend_dag";
@@ -27,7 +29,7 @@ async fn gather_spend_dag(client: &Client, root_dir: &Path) -> Result<SpendDag>
         Err(err) => {
             println!("Starting from Genesis as found no local spend dag on disk...");
             info!("Starting from Genesis as failed to load spend dag from disk: {err}");
-            let genesis_addr = SpendAddress::from_unique_pubkey(&GENESIS_CASHNOTE.unique_pubkey());
+            let genesis_addr = SpendAddress::from_unique_pubkey(&GENESIS_CASHNOTE_UNIQUE_KEY);
             client
                 .spend_dag_build_from(genesis_addr, None, true)
                 .await?
@@ -64,7 +66,7 @@ pub async fn audit(
     } else {
         //NB TODO use the above DAG to audit too
         println!("Auditing the Currency, note that this might take a very long time...");
-        let genesis_addr = SpendAddress::from_unique_pubkey(&GENESIS_CASHNOTE.unique_pubkey());
+        let genesis_addr = SpendAddress::from_unique_pubkey(&GENESIS_CASHNOTE_UNIQUE_KEY);
         client.follow_spend(genesis_addr).await?;
     }
     Ok(())

sn_client/src/audit/spend_check.rs

@@ -86,9 +86,9 @@ impl Client {
                 trace!("Spends for {parent_tx_hash:?} - {spends:?}");
 
                 // check if we reached the genesis Tx
-                if parent_tx == sn_transfers::GENESIS_CASHNOTE.parent_tx
+                if parent_tx == *sn_transfers::GENESIS_CASHNOTE_PARENT_TX
                     && spends.iter().all(|s| {
-                        s.spend.unique_pubkey == sn_transfers::GENESIS_CASHNOTE.unique_pubkey
+                        s.spend.unique_pubkey == *sn_transfers::GENESIS_CASHNOTE_UNIQUE_KEY
                     })
                     && spends.len() == 1
                 {

sn_client/src/audit/spend_dag_building.rs

@@ -201,9 +201,9 @@ impl Client {
                 trace!("Spends for {parent_tx_hash:?} - {spends:?}");
 
                 // check if we reached the genesis Tx
-                if parent_tx == sn_transfers::GENESIS_CASHNOTE.parent_tx
+                if parent_tx == *sn_transfers::GENESIS_CASHNOTE_PARENT_TX
                     && spends.iter().all(|s| {
-                        s.spend.unique_pubkey == sn_transfers::GENESIS_CASHNOTE.unique_pubkey
+                        s.spend.unique_pubkey == *sn_transfers::GENESIS_CASHNOTE_UNIQUE_KEY
                     })
                     && spends.len() == 1
                 {

sn_transfers/src/cashnotes/transaction.rs

@@ -214,4 +214,22 @@ impl Transaction {
         // Verify that the transaction is balanced
         self.verify_balanced()
     }
+
+    /// Deserializes a `Transaction` represented as a hex string to a `Transaction`.
+    pub fn from_hex(hex: &str) -> Result<Self> {
+        let mut bytes =
+            hex::decode(hex).map_err(|_| TransferError::TransferDeserializationFailed)?;
+        bytes.reverse();
+        let transaction: Self = rmp_serde::from_slice(&bytes)
+            .map_err(|_| TransferError::TransferDeserializationFailed)?;
+        Ok(transaction)
+    }
+
+    /// Serialize this `Transaction` instance to a readable hex string that a human can copy paste
+    pub fn to_hex(&self) -> Result<String> {
+        let mut serialized =
+            rmp_serde::to_vec(&self).map_err(|_| TransferError::TransferSerializationFailed)?;
+        serialized.reverse();
+        Ok(hex::encode(serialized))
+    }
 }

sn_transfers/src/genesis.rs

@@ -11,7 +11,7 @@ use super::wallet::HotWallet;
 use crate::{
     wallet::Result as WalletResult, CashNote, DerivationIndex, Input, MainPubkey, MainSecretKey,
     NanoTokens, SignedSpend, SpendReason, Transaction, TransactionBuilder,
-    TransferError as CashNoteError,
+    TransferError as CashNoteError, UniquePubkey,
 };
 
 use bls::SecretKey;
@@ -58,7 +58,7 @@ lazy_static! {
     /// The hard coded value is for production release, allows all nodes to validate it.
     /// The env set value is only used for testing purpose.
     pub static ref GENESIS_PK: MainPubkey = {
-        let pk_str = std::env::var("GENESIS_PK").unwrap_or("96d3f6fb55ab504307d56f4085856dc61806ca5285eba1d8b9d1ce83db2604b41de9f2f50a0ea3dd160b65c1e8798b43".to_string());  // DevSkim: ignore DS173237
+        let pk_str = std::env::var("GENESIS_PK").unwrap_or("b814bc39a357e6f6000f4946da52dcfc72e19efe91e31d4e94e9cb408d765a4a6cf3bf2df14806f8fa524bd7ebb9bb4e".to_string());  // DevSkim: ignore DS173237
 
         match MainPubkey::from_hex(pk_str) {
             Ok(pk) => pk,
@@ -67,11 +67,45 @@ lazy_static! {
     };
 }
 
+lazy_static! {
+    /// This key is public for auditing purposes.
+    /// The hard coded value is for production release, allows all nodes to validate it.
+    /// The env set value is only used for testing purpose.
+    pub static ref GENESIS_CASHNOTE_UNIQUE_KEY: UniquePubkey = {
+        match std::env::var("GENESIS_CN_UNIQUE_KEY") {
+            Ok(pk_str) => {
+                match UniquePubkey::from_hex(pk_str) {
+                    Ok(pk) => pk,
+                    Err(err) => panic!("Failed to parse genesis_cashnote.unique_key: {err:?}"),
+                }
+            }
+            _ => GENESIS_CASHNOTE.unique_pubkey(),
+        }
+    };
+}
+
+lazy_static! {
+    /// This trasnsaction is public for auditing purposes.
+    /// The hard coded value is for production release, allows all nodes to validate it.
+    /// The env set value is only used for testing purpose.
+    pub static ref GENESIS_CASHNOTE_PARENT_TX: Transaction = {
+        match std::env::var("GENESIS_CN_PARENT_TX") {
+            Ok(tx_str) => {
+                match Transaction::from_hex(&tx_str) {
+                    Ok(tx) => tx,
+                    Err(err) => panic!("Failed to parse genesis_cashnote.parent_tx: {err:?}"),
+                }
+            }
+            _ => GENESIS_CASHNOTE.parent_tx.clone(),
+        }
+    };
+}
+
 lazy_static! {
     /// Unlike the `GENESIS_PK`, the hard coded secret_key is for testing purpose.
     /// The one for live network shall be passed in via env set.
     static ref GENESIS_SK_STR: String = {
-        std::env::var("GENESIS_SK").unwrap_or("141a4ccbce0ef0992c3db01ad2215f89ff5249c0d6749d979f37745c3c0170c9".to_string())  // DevSkim: ignore DS173237
+        std::env::var("GENESIS_SK").unwrap_or("23746be7fa5df26c3065eb7aa26860981e435c1853cafafe472417bc94f340e9".to_string())  // DevSkim: ignore DS173237
     };
 }
 
@@ -97,16 +131,14 @@ pub fn get_genesis_sk() -> MainSecretKey {
 
 /// Return if provided Transaction is genesis parent tx.
 pub fn is_genesis_parent_tx(parent_tx: &Transaction) -> bool {
-    parent_tx == &GENESIS_CASHNOTE.parent_tx
+    parent_tx == &*GENESIS_CASHNOTE_PARENT_TX
 }
 
 /// Return if provided Spend is genesis spend.
 pub fn is_genesis_spend(spend: &SignedSpend) -> bool {
     let bytes = spend.spend.to_bytes_for_signing();
-    spend.spend.unique_pubkey == GENESIS_CASHNOTE.unique_pubkey()
-        && GENESIS_CASHNOTE
-            .unique_pubkey()
-            .verify(&spend.derived_key_sig, bytes)
+    spend.spend.unique_pubkey == *GENESIS_CASHNOTE_UNIQUE_KEY
+        && GENESIS_CASHNOTE_UNIQUE_KEY.verify(&spend.derived_key_sig, bytes)
         && is_genesis_parent_tx(&spend.spend.parent_tx)
         && spend.spend.amount == NanoTokens::from(GENESIS_CASHNOTE_AMOUNT)
 }
@@ -232,3 +264,32 @@ fn get_genesis_dir() -> PathBuf {
         .expect("Genesis test path to be successfully created.");
     data_dirs
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn generate_genesis() {
+        for _ in 0..10 {
+            let sk = bls::SecretKey::random();
+            let sk_str = sk.to_hex();
+            let genesis_sk = MainSecretKey::new(sk);
+            let main_pubkey = genesis_sk.main_pubkey();
+
+            let genesis_cn = match create_first_cash_note_from_key(&genesis_sk) {
+                Ok(cash_note) => cash_note,
+                Err(err) => panic!("Failed to create genesis CashNote: {err:?}"),
+            };
+
+            println!("=============================");
+            println!("secret_key: {sk_str:?}");
+            println!("main_pub_key: {:?}", main_pubkey.to_hex());
+            println!(
+                "genesis_cn.unique_pubkey: {:?}",
+                genesis_cn.unique_pubkey().to_hex()
+            );
+            println!("genesis_cn.parent_tx: {:?}", genesis_cn.parent_tx.to_hex());
+        }
+    }
+}

sn_transfers/src/lib.rs

@@ -30,7 +30,8 @@ pub use error::{Result, TransferError};
 pub use genesis::{
     calculate_royalties_fee, create_first_cash_note_from_key, get_faucet_data_dir, get_genesis_sk,
     is_genesis_parent_tx, is_genesis_spend, load_genesis_wallet, Error as GenesisError,
-    GENESIS_CASHNOTE, GENESIS_PK, TOTAL_SUPPLY,
+    GENESIS_CASHNOTE, GENESIS_CASHNOTE_PARENT_TX, GENESIS_CASHNOTE_UNIQUE_KEY, GENESIS_PK,
+    TOTAL_SUPPLY,
 };
 pub use transfers::{CashNoteRedemption, OfflineTransfer, Transfer};
 pub use wallet::{