Cover is an open internet service for canister code verification on the Internet Computer

Overview

Conventional Commits Client Services

Cover

Cover (short for Code Verification) is an open internet service that helps verify the code of canisters on the Internet Computer.

This is an alpha release so that developers can start to play around, test the general Cover architecture during the weekend, and provide feedback to us! The alpha registry shouldn't be considered dependable yet. We will follow-up next week with a release that will include the permissioning ruling necessary to ensure all submissions are fully trusted.

If you are Cover developer, please read the Developer Readme

Requirements ⚙️

  • Github action
  • Canister Id

Getting started 🤔

Create Build Action

Inside of your canister repo create a directory .github/workflows/ and add a myBuild.yml file, with the following content. To see a full build example see build.yml

name: Example canister build using build.js 

on:
  push:
    branches:
      - production
      - main
jobs:
  build:
    runs-on: ubuntu-latest

    container:
      image: fleek/dfxrust

    steps:
      - uses: actions/[email protected]

      - name: Build WASM
          # HACK: set HOME to get github actions to execute correctly
          export HOME=/root
          export PATH="$HOME/.cargo/bin:${PATH}"
          # Start build
          yarn
          MODE=PRODUCTION dfx build cover --check

      - name: Cover Validator Plugin
        uses: Psychedelic/cover/[email protected]
        with:
          canister_id: "iftvq-niaaa-aaaai-qasga-cai"
          wasm_path: ".dfx/local/canisters/cover/cover.wasm"

Whenever you push your code using production or main branches, the above workflow will be triggered. If you successfully generated the canister.wasm the Cover Validation Plugin will call an AWS Lambda Function that will add the validation results to the Cover canister

Build Canister

In order to get the same wasm files on github actions and locally, we need to ensure that the build environment on github actions is EXACTLY the same as the local one. Thus, if you want to generate a wasm file locally, you must use the same docker image as the github actions is using.

You can either provide your own docker image (We suggest you use ubuntu:20:04 at the base) or you use our fleek/dfxrust docker image that includes tools needed to build Rust based canisters. The fleek/dfxrust image is build with this Dockerfile.

Executing local build

To execute a local build using fleek/dfxrust image, in your local folder run GithubActionPlugin/dockers/docker-build.sh to generate wasm files inside of folder ./dfx-build.

You can tweak the docker-build.sh and the entrypoint.sh scripts to your needs. Just make sure that the entrypoint.sh matches your Buld.WASM section in github actions.

Checking canister status

After a few minutes, you should be able to query the Cover canister. You can either call it directly

dfx canister --network=ic call iftvq-niaaa-aaaai-qasga-cai get_verification_by_canister_id '(principal"rrkah-fqaaa-aaaaa-aaaaq-cai")'

or you can save the cover canister id in canister_ids.json:

{
  "cover": {
    "ic": "iftvq-niaaa-aaaai-qasga-cai"
  }
}

And enquire about any canister id:

dfx canister --network=ic call cover get_verification_by_canister_id '(principal"rrkah-fqaaa-aaaaa-aaaaq-cai")'

( opt record { 
  wasm_checksum = "0xecb74c834fcd93d27dd2c0e35410c3b34cf9f7c45e4721a2fbd92a7babf11eaf"; 
  updated_at = "2021-11-19T15:00:00.280+00:00"; 
  updated_by = principal "6cu3r-liw3y-hmevf-e74z4-ogury-e7ur6-xpyka-764on-gcaqs-cbjps-7qe"; 
  source_snapshot_url = "NA"; 
  canister_id = principal "rrkah-fqaaa-aaaaa-aaaaq-cai"; 
  created_at = "2021-11-19T15:00:00.280+00:00"; 
  created_by = principal "6cu3r-liw3y-hmevf-e74z4-ogury-e7ur6-xpyka-764on-gcaqs-cbjps-7qe";
  git_repo = "Psychedeleic/cover"; 
  git_ref = "refs/heads/main"; 
  git_sha = "ef9ff448ad0973a193d479e7842aa0f7e2bccfdf"; 
  build_log_url = "NA"; 
}, )

Now you can compare the returned wasm_checksum against the deployed canister Module hash. To get the canister module hash run:

dfx canister --no-wallet --network ic info iftvq-niaaa-aaaai-qasga-cai          

Controllers: ique5-maaaa-aaaai-qasfq-cai rftgd-dz3se-hrufx-kwtpc-bc5hj-ha54l-lhxnm-chz5z-5tfmq-6th4y-eqe s4jec-wiaaa-aaaah-qch4q-cai
Module hash: 0xecb74c834fcd93d27dd2c0e35410c3b34cf9f7c45e4721a2fbd92a7babf11eaf

You can see that the checksums are equal. You can also use a tool called cover verification.

cover-verification rrkah-fqaaa-aaaaa-aaaaq-cai

Wasm checksum: 0xecb74c834fcd93d27dd2c0e35410c3b34cf9f7c45e4721a2fbd92a7babf11eaf
Module hash: 0xecb74c834fcd93d27dd2c0e35410c3b34cf9f7c45e4721a2fbd92a7babf11eaf
Status: Verified
Issues
  • feat: serverless lambda setup

    feat: serverless lambda setup

    Why?

    Serverless setup for deploying cover lambdas

    How?

    • implemented consume function (example of pulling data from cover canister)
    • added createActor with plug identity import
    • added publish template, to be extended with a call to cover.add_validation call

    Tickets

    JS-Client

    Demo

    1. Create and deploy cover canister yarn dfx:full
    2. Add 1+ requests using:
      dfx canister --network=local call cover create_request '(record {canister_id=principal"rrkah-fqaaa-aaaaa-aaaaq-cai"; build_settings=record{git_ref="git1"; git_tag="abc";}})'            
    
    1. Set PEM env variable
    export IDENTITY_PEM_PATH=path/plug_identity.pem
    OR 
    export IDENTITY_PEM=`cat plug_identity.pem`
    
    1. Call the lambda locally:
    cd serverless/app
    yarn sls invoke local -f consume
    yarn sls invoke local -f publish --path src/functions/publish/mock.json      
    yarn sls invoke local -f publish --path src/functions/publish/mock-error.json      
    
    opened by studna 4
  • fix: update_verification bug, added tests

    fix: update_verification bug, added tests

    Why?

    git_repo was not set correctly

    How?

    • Fixed update_verification
    • Added tests
    opened by rbialek 3
  • Json interface

    Json interface

    • add and fetch request using json
    • add response using json
    • list requests
    • list responses
    opened by rbialek 2
  • feat: Extended github store params

    feat: Extended github store params

    Why?

    Need to store git repo and standardize git params

    How?

    • Added git_repo
    • Renamed git_checksum to git_sha

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [ ] Documentation has been updated to reflect the changes
    • [x] Tests have been added or updated to reflect the changes
    • [x] All code formatting pass
    • [x] All lints pass
    • [x] All tests pass
    opened by rbialek 2
  • feat: 🎸 progress tracker

    feat: 🎸 progress tracker

    Why?

    Progress tracker for validation progress

    How?

    • Implement progress tracker service

    Tickets?

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [x] Documentation has been updated to reflect the changes
    • [x] Tests have been added or updated to reflect the changes
    • [x] All code formatting pass
    • [x] All lints pass
    • [x] All tests pass

    Security checklist?

    • [ ] Injection has been prevented (parameterized queries, no eval or system calls)
    • [ ] The UI is escaping output (to prevent XSS)
    • [ ] Sensitive data has been identified and is being protected properly

    Demo?

    Optionally, provide any screenshot, gif or small video.

    opened by scott-dn 2
  • feat: js client to cover

    feat: js client to cover

    Why?

    We need to connect from a js (lambda function) to cover.

    How?

    • Added import identity function (works only with plug identities)
    • Added serverless/poll-cover/src/consume-request

    Tickets?

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [ ] Documentation has been updated to reflect the changes
    • [ ] Tests have been added or updated to reflect the changes
    • [ ] All code formatting pass
    • [ ] All lints pass
    • [ ] All tests pass

    Demo?

    opened by rbialek 2
  • refactor: 💡 better naming

    refactor: 💡 better naming

    Why?

    Meaningful naming

    How?

    • Meaningful naming

    Tickets?

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [x] Documentation has been updated to reflect the changes
    • [x] Tests have been added or updated to reflect the changes
    • [x] All code formatting pass
    • [x] All lints pass
    • [x] All tests pass

    Security checklist?

    • [ ] Injection has been prevented (parameterized queries, no eval or system calls)
    • [ ] The UI is escaping output (to prevent XSS)
    • [ ] Sensitive data has been identified and is being protected properly

    Demo?

    Optionally, provide any screenshot, gif or small video.

    opened by scott-dn 2
  • feat: 🎸 timestamp

    feat: 🎸 timestamp

    Why?

    System need audit timestamp.

    How?

    • Use ic_cdk::api::time for ic environment
    • On test environment, use chrono

    Tickets?

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [x] Documentation has been updated to reflect the changes
    • [x] Tests have been added or updated to reflect the changes
    • [x] All code formatting pass
    • [x] All lints pass
    • [x] All tests pass

    Security checklist?

    • [ ] Injection has been prevented (parameterized queries, no eval or system calls)
    • [ ] The UI is escaping output (to prevent XSS)
    • [ ] Sensitive data has been identified and is being protected properly

    Demo?

    Optionally, provide any screenshot, gif or small video.

    opened by scott-dn 2
  • feat: 🎸 verification

    feat: 🎸 verification

    Why?

    Provide verification canister information.

    How?

    • Implement Update/Get verification

    Tickets?

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [x] Documentation has been updated to reflect the changes
    • [x] Tests have been added or updated to reflect the changes
    • [x] All code formatting pass
    • [x] All lints pass
    • [x] All tests pass

    Security checklist?

    • [ ] Injection has been prevented (parameterized queries, no eval or system calls)
    • [ ] The UI is escaping output (to prevent XSS)
    • [ ] Sensitive data has been identified and is being protected properly

    Demo?

    Optionally, provide any screenshot, gif or small video.

    opened by scott-dn 2
  • feat: 🎸 provider

    feat: 🎸 provider

    Why?

    Need provider management api.

    How?

    • Implement provider management api

    Tickets?

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [x] Documentation has been updated to reflect the changes
    • [x] Tests have been added or updated to reflect the changes
    • [x] All code formatting pass
    • [x] All lints pass
    • [x] All tests pass

    Security checklist?

    • [ ] Injection has been prevented (parameterized queries, no eval or system calls)
    • [ ] The UI is escaping output (to prevent XSS)
    • [ ] Sensitive data has been identified and is being protected properly

    Demo?

    Optionally, provide any screenshot, gif or small video.

    opened by scott-dn 2
  • chore: 🚬 blackhole local testing (PLEASE DONT MERGE)

    chore: 🚬 blackhole local testing (PLEASE DONT MERGE)

    Why?

    FOR LOCAL TESTING ONLY - PLEASE DONT MERGE KEEP THE PR HERE TO TRACK THE CHANGES

    How?

    • FOR LOCAL TESTING ONLY - PLEASE DONT MERGE

    Tickets?

    • N/A

    Contribution checklist?

    • [x] The commit messages are detailed
    • [x] It does not break existing features (unless required)
    • [x] I have performed a self-review of my own code
    • [x] Documentation has been updated to reflect the changes
    • [x] Tests have been added or updated to reflect the changes
    • [x] All code formatting pass
    • [x] All lints pass
    • [x] All tests pass

    Security checklist?

    • [ ] Injection has been prevented (parameterized queries, no eval or system calls)
    • [ ] The UI is escaping output (to prevent XSS)
    • [ ] Sensitive data has been identified and is being protected properly

    Demo?

    Optionally, provide any screenshot, gif or small video.

    opened by scott-dn 0
Owner
Psychedelic
Decentralized product studio focused on building products on Web3, Ethereum, and the Internet Computer.
Psychedelic
A tool to aid in self-hosting. Expose local services on your computer, via a public IPv4 address.

innisfree A tool to aid in self-hosting. Expose local services on your computer, via a public IPv4 address. Why? Most of the data I maintain is local,

Conor Schaefer 7 Nov 13, 2021
ZeroNS: a name service centered around the ZeroTier Central API

ZeroNS: a name service centered around the ZeroTier Central API ZeroNS provides names that are a part of ZeroTier Central's configured networks; once

ZeroTier, Inc. 153 Nov 30, 2021
Modular IPC-based desktop launcher service

Pop Launcher Modular IPC-based desktop launcher service, written in Rust. Desktop launchers may interface with this service via spawning the pop-launc

Pop!_OS 44 Nov 25, 2021
The best open source remote desktop software

The best open-source remote desktop software, written in Rust. Works out of the box, no configuration required. Great alternative to TeamViewer and AnyDesk! You have full control of your data, with no concerns about security. You can use our rendezvous/relay server, set up your own, or write your own rendezvous/relay server.

RustDesk 13.3k Nov 23, 2021
Filen.io is a cloud storage provider with an open-source desktop client.

Library to call Filen.io API from Rust Filen.io is a cloud storage provider with an open-source desktop client. My goal is to write a library which ca

Konstantin Zakharov 3 Nov 22, 2021
Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...

tosh Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code... Inspired fro

Mark Vainomaa 406 Nov 14, 2021
Jex Compiler Server - Server that runs Jex code

Server that compiles and runs Jex code.

furetur 3 Nov 18, 2021
All the data an IC app needs to make seamless experiences, accessible directly on the IC. DAB is an open internet service for NFT, Token, Canister, and Dapp registries.

DAB ?? Overview An Internet Computer open internet service for data. All the data an IC app needs to make a seamless experience, accessible directly o

Psychedelic 33 Nov 24, 2021
Open Internet Service to store transaction history for NFTs/Tokens on the Internet Computer

CAP - Certified Asset Provenance Transaction history & asset provenance for NFT’s & Tokens on the Internet Computer CAP is an open internet service pr

Psychedelic 16 Nov 18, 2021
Dank - The Internet Computer Decentralized Bank - A collection of Open Internet Services - Including the Cycles Token (XTC)

Dank - The Internet Computer Decentralized Bank Dank is a collection of Open Internet Services for users and developers on the Internet Computer. In t

Psychedelic 36 Nov 21, 2021
deductive verification of Rust code. (semi) automatically prove your code satisfies your specifications!

Le marteau-pilon, forges et aciéries de Saint-Chamond, Joseph-Fortuné LAYRAUD, 1889 About Creusot is a tool for deductive verification of Rust code. I

Xavier Denis 218 Nov 25, 2021
Dancing Links (“dlx”) solver for the exact cover problem, written in Rust. Can be used to create a sudoku solver.

Dancing Links “dlx” Dancing Links solver for “algorithm X” by Knuth This solver solves the exact cover problem using “algorithm X”, implemented using

bluss 2 Oct 15, 2021
Wait Service is a pure rust program to test and wait on the availability of a service.

Wait Service Wait Service is a pure rust program to test and wait on the availability of a service.

Magic Len (Ron Li) 2 Nov 6, 2021
Source project for the Internet Computer software

The Internet Computer is the world’s first blockchain that runs at web speed and can increase its capacity without bound. Like the Internet (which is composed of many machines adhering to TCP/IP protocol) and blockchain protocols (such as Bitcoin and Ethereum).

DFINITY 798 Nov 22, 2021
Agent library for Internet Computer, in Dart

An agent library built for Internet Computer, a plugin package for dart and flutter apps. Developers can build ones to interact with Dfinity's blockchain directly.

null 41 Nov 18, 2021
A rust library containing typings and utility functions dealing with the Public specification of the Internet Computer.

IC Types Contributing Please follow the guidelines in the CONTRIBUTING.md document. Goal This library contains typings and utility functions dealing w

DFINITY 3 Oct 21, 2021
Task scheduler for the Internet Computer

IC Cron Makes your IC canister proactive Abstract Canisters are reactive by their nature - they only do something when they're asked by a client or an

Alexander Vtyurin 14 Sep 28, 2021
Generate QR code easily for free - QR Code Generation as a Service.

QRcode.show Generate QR code easily for free - QR Code Generation as a Service. INPUT: curl qrcode.show/INPUT curl qrcode.show -d INPUT curl qrcode.sh

Arijit Basu 540 Nov 21, 2021
Fast and efficient ed25519 signing and verification in Rust.

ed25519-dalek Fast and efficient Rust implementation of ed25519 key generation, signing, and verification in Rust. Documentation Documentation is avai

dalek cryptography 445 Nov 20, 2021
R1CS circuit for Falcon signature verification.

Falcon R1CS This crate generates the R1CS circuit for Falcon signature verifications. Performance The total #constraints for a single Falcon-512 signa

zhenfei 2 Nov 22, 2021
An implementation of NZ COVID Pass verification written in Rust

NZCP Rust   An implementation of NZ COVID Pass verification, New Zealand's proof of COVID-19 vaccination solution, written in Rust ?? We also have a J

Vaxx.nz 3 Nov 17, 2021
ANISE provides an open-source and open-governed library and algorithmic specification for most computations for astrodynamics

ANISE provides an open-source and open-governed library and algorithmic specification for most computations for astrodynamics. It is heavily inspired by NAIF SPICE, and may be considered as an open-source modern rewrite of SPICE.

ANISE 2 Nov 22, 2021
Download Apple's open source code from opensource.apple.com

Apple Open Source Downloader This repository defines a Rust crate and CLI program to automate the downloading of Apple's open source code from https:/

Gregory Szorc 1 Nov 23, 2021
Polaris is a music streaming application, designed to let you enjoy your music collection from any computer or mobile device.

Polaris is a music streaming application, designed to let you enjoy your music collection from any computer or mobile device. Polaris works by streami

Antoine Gersant 791 Nov 29, 2021
Advanced Rust quantum computer simulator

quantum Advanced Rust quantum computer simulator. Motivation Quantum is a quantum computer simulator written with the following design goals in mind:

Ben Eills 180 Nov 8, 2021
The Computer Language Benchmarks Game: Rust implementations

The Computer Language Benchmarks Game: Rust implementations This is the version I propose to the The Computer Language Benchmarks Game. For regex-dna,

Guillaume P. 62 Feb 4, 2021
Experimental Quantum Computer Simulator + Quantum Chess Implementation

Quantum Chess A somewhat hacky implementation of this paper (made in a week over a holiday). It's not heavily tested and probably has some bugs still

null 18 Feb 10, 2021
A computer programming language interpreter written in Rust

Ella lang Welcome to Ella lang! Ella lang is a computer programming language implemented in Rust.

Luke Chu 60 Oct 30, 2021