Merge branch 'master' into feat/alerts

Dockerfile

@@ -9,15 +9,20 @@ ENV GO111MODULE on
 ENV GOPROXY     https://proxy.golang.org
 
 ENV SUEXEC_VERSION v0.2
-ENV TINI_VERSION v0.16.1
-RUN set -x \
-  && cd /tmp \
+ENV TINI_VERSION v0.19.0
+RUN set -eux; \
+    dpkgArch="$(dpkg --print-architecture)"; \
+    case "${dpkgArch##*-}" in \
+        "amd64" | "armhf" | "arm64") tiniArch="tini-static-$dpkgArch" ;;\
+        *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
+    esac; \
+  cd /tmp \
   && git clone https://github.com/ncopa/su-exec.git \
   && cd su-exec \
   && git checkout -q $SUEXEC_VERSION \
-  && make \
+  && make su-exec-static \
   && cd /tmp \
-  && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini \
+  && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch \
   && chmod +x tini
 
 # Get the TLS CA certificates, they're not provided by busybox.
@@ -48,7 +53,7 @@ COPY --from=builder $GOPATH/bin/ipfs-cluster-service /usr/local/bin/ipfs-cluster
 COPY --from=builder $GOPATH/bin/ipfs-cluster-ctl /usr/local/bin/ipfs-cluster-ctl
 COPY --from=builder $GOPATH/bin/ipfs-cluster-follow /usr/local/bin/ipfs-cluster-follow
 COPY --from=builder $SRC_PATH/docker/entrypoint.sh /usr/local/bin/entrypoint.sh
-COPY --from=builder /tmp/su-exec/su-exec /sbin/su-exec
+COPY --from=builder /tmp/su-exec/su-exec-static /sbin/su-exec
 COPY --from=builder /tmp/tini /sbin/tini
 COPY --from=builder /etc/ssl/certs /etc/ssl/certs
 

Dockerfile-test

@@ -51,7 +51,7 @@ COPY --from=builder /tmp/jq-linux64 /usr/local/bin/jq
 
 # Add bash
 COPY --from=builder /bin/bash /bin/bash
-COPY --from=builder /lib/x86_64-linux-gnu/libtinfo.so* /lib64/
+COPY --from=builder /lib/*-linux-gnu*/libtinfo.so* /lib64/
 
 USER root
 

api/ipfsproxy/ipfsproxy.go

@@ -563,9 +563,13 @@ func (proxy *Server) addHandler(w http.ResponseWriter, r *http.Request) {
 	logger.Warnf("Proxy/add does not support all IPFS params. Current options: %+v", params)
 
 	outputTransform := func(in *api.AddedOutput) interface{} {
+		cidStr := ""
+		if in.Cid.Defined() {
+			cidStr = in.Cid.String()
+		}
 		r := &ipfsAddResp{
 			Name:  in.Name,
-			Hash:  in.Cid.String(),
+			Hash:  cidStr,
 			Bytes: int64(in.Bytes),
 		}
 		if in.Size != 0 {

api/pb/types.pb.go

@@ -7,12 +7,12 @@
 package pb
 
 import (
-	//lint:ignore SA1019 protobuf generates deprecated imports
+	reflect "reflect"
+	sync "sync"
+
 	proto "github.com/golang/protobuf/proto"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
 )
 
 const (

cluster_config.go

@@ -439,15 +439,16 @@ func (cfg *Config) applyConfigJSON(jcfg *configJSON) error {
 	}
 
 	// PeerAddresses
+	peerAddrs := []ma.Multiaddr{}
 	for _, addr := range jcfg.PeerAddresses {
 		peerAddr, err := ma.NewMultiaddr(addr)
 		if err != nil {
 			err = fmt.Errorf("error parsing peer_addresses: %s", err)
 			return err
 		}
-		cfg.PeerAddresses = append(cfg.PeerAddresses, peerAddr)
+		peerAddrs = append(peerAddrs, peerAddr)
 	}
-
+	cfg.PeerAddresses = peerAddrs
 	cfg.LeaveOnShutdown = jcfg.LeaveOnShutdown
 	cfg.DisableRepinning = jcfg.DisableRepinning
 	cfg.FollowerMode = jcfg.FollowerMode

consensus/crdt/config.go

@@ -108,6 +108,7 @@ func (cfg *Config) applyJSONConfig(jcfg *jsonConfig) error {
 
 	// Whenever we parse JSON, TrustAll is false unless an '*' peer exists
 	cfg.TrustAll = false
+	cfg.TrustedPeers = []peer.ID{}
 
 	for _, p := range jcfg.TrustedPeers {
 		if p == "*" {

consensus/crdt/consensus.go

@@ -162,8 +162,13 @@ func (css *Consensus) setup() {
 	// from trusted sources)
 	err = css.pubsub.RegisterTopicValidator(
 		topicName,
-		func(ctx context.Context, p peer.ID, msg *pubsub.Message) bool {
-			return css.IsTrustedPeer(ctx, p)
+		func(ctx context.Context, _ peer.ID, msg *pubsub.Message) bool {
+			signer := msg.GetFrom()
+			trusted := css.IsTrustedPeer(ctx, signer)
+			if !trusted {
+				logger.Debug("discarded pubsub message from non trusted source %s ", signer)
+			}
+			return trusted
 		},
 	)
 	if err != nil {