Skip to content

Commit a869efb

Browse files
achamayouachamayou
authored
[release/5.x] Cherry pick: Correct node membership condition (#6849) (#6857)
1 parent 89b5368 commit a869efb

File tree

2 files changed

+17
-6
lines changed

2 files changed

+17
-6
lines changed

CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
55
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
66
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
77

8+
## [5.0.14]
9+
10+
[5.0.14]: https://github.com/microsoft/CCF/releases/tag/5.0.14
11+
12+
### Fixed
13+
14+
- `ccf.ledger`/`read_ledger.py` previously enforced too strict a condition on node membership when validating ledger files (#6849).
15+
816
## [5.0.13]
917

1018
[5.0.13]: https://github.com/microsoft/CCF/releases/tag/5.0.13

python/src/ccf/ledger.py

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -527,14 +527,17 @@ def _verify_tx_set(self, tx_info: TxBundleInfo):
527527
@staticmethod
528528
def _verify_node_status(tx_info: TxBundleInfo):
529529
"""Verify item 1, The merkle root is signed by a valid node in the given network"""
530-
# Note: A retired primary will still issue signature transactions until
531-
# its retirement is committed
530+
if tx_info.signing_node not in tx_info.node_activity:
531+
raise UntrustedNodeException(
532+
f"The signing node {tx_info.signing_node} is not part of the network"
533+
)
532534
node_info = tx_info.node_activity[tx_info.signing_node]
533535
node_status = NodeStatus(node_info[0])
534-
if node_status not in (
535-
NodeStatus.TRUSTED,
536-
NodeStatus.RETIRED,
537-
) or (node_status == NodeStatus.RETIRED and node_info[2]):
536+
# Note: Even nodes that are Retired, and for which retired_committed is True
537+
# may be issuing signatures, to ensure the liveness of a reconfiguring
538+
# network. They will stop doing so once the transaction that sets retired_committed is itself committed,
539+
# but that is unfortunately not observable from the ledger alone.
540+
if node_status == NodeStatus.PENDING:
538541
raise UntrustedNodeException(
539542
f"The signing node {tx_info.signing_node} has unexpected status {node_status.value}"
540543
)

0 commit comments

Comments
 (0)