chore: update installations when restarting or upgrading #10999
Conversation
Chris-Hibbert
added
deployment
| installations: { | ||
| walletFactory: restoreRef(walletRef), | ||
| }, |
There was a problem hiding this comment.
This will create a new installation handle, which is a little tricky...
This upgrade-wallet-factory2-proposal.js is designed to upgrade the wallet factory contract instance. That instance's installation handle will still be the installation handle that it was started with. I'm not sure we want to make that installation handle harder to find by removing it from agoricNames. It's not like we plan to start more smartWallet contract instances.
I suppose we can get the original handle back using E(Zoe).getInstallationForInstance(instance), so maybe there's not much harm here.
There was a problem hiding this comment.
This will create a new installation handle, which is a little tricky...
I think that's what I intend. Without this change, the installation registered (in AoricNames and bootstrap space) would remain the old one, and if someone used that to start a new instance, they'd get the old one. I think each contract name in those tables should lead to the most recent installation, i.e. the one you would want to use.
Admittedly this doesn't make as much sense for singleton vats like walletFactory, but if I wanted to do a null-upgrade, this is the installation I'd want to use.
This upgrade-wallet-factory2-proposal.js is designed to upgrade the wallet factory contract instance. That instance's installation handle will still be the installation handle that it was started with.
That seems like a bug to me. I think @erights and I talked about this at some point and agreed that E(Zoe).getInstallationForInstance(instance) should return info about the current installation. It is currently never updated. Perhaps it should return an ordered list of installations, but the current one should be there, as that's the one that someone might want to verify.
There was a problem hiding this comment.
if I wanted to do a null-upgrade, this is the installation I'd want to use.
upgrade doesn't use installations. it uses bundle hashes.
I suppose you can get a bundle hash from an installation, so I suppose that argues for updating the installation
| installations: { | ||
| walletFactory: restoreRef(agoricNamesRef), | ||
| }, |
There was a problem hiding this comment.
walletFactory? I suppose that's a copy-and-paste-o
but more to the point: agoricNames is not a contract vat. There's no relevant installation.
| @@ -89,5 +89,8 @@ export const getManifestForUpgradingAssetReserve = ( | |||
| }, | |||
| }, | |||
| }, | |||
| installations: { | |||
| walletFactory: restoreRef(assetReserveRef), | |||
There was a problem hiding this comment.
| walletFactory: restoreRef(assetReserveRef), | |
| reserve: restoreRef(assetReserveRef), |
| installations: { | ||
| walletFactory: restoreRef(bankRef), | ||
| }, |
There was a problem hiding this comment.
not a contract vat. there are no relevant installations
| @@ -51,6 +54,9 @@ export const getManifestForUpgradingRegistry = (_powers, { registryRef }) => ({ | |||
| brand: { consume: { [Stable.symbol]: par } }, | |||
| }, | |||
| }, | |||
| installations: { | |||
| walletFactory: restoreRef(registryRef), | |||
There was a problem hiding this comment.
walletFactory looks like a copy-and-paste-o
These changes don't seem to get tested.
There was a problem hiding this comment.
corrected.
I don't know how to test these. Suggestions?
There was a problem hiding this comment.
I can think of a contrived way to test for this particular problem:
- run some/all of these upgrades
- for each entry in
agoricNames.installation, get the bundleId from the installation; extract the bundle from the kernel db; get the entry module of the bundle - check that the entry module makes sense compared to the key of
agoricNames.installation
But it seems like a lot of work compared to the gain. Especially since the harm from this goofy code is minimal: we don't intend to start another walletFactory. z:acceptance tests all the things we do plan to do (or: it's supposed to).
| @@ -128,5 +128,8 @@ export const getManifestForUpgradingProvisionPool = ( | |||
| produce: {}, | |||
| }, | |||
| }, | |||
| installations: { | |||
| walletFactory: restoreRef(provisionPoolRef), | |||
Deploying agoric-sdk with
|
| Latest commit: |
d1241a6
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://28628f55.agoric-sdk.pages.dev |
| Branch Preview URL: | https://cth-recordinstallations.agoric-sdk.pages.dev |
| @@ -89,5 +89,8 @@ export const getManifestForUpgradingAssetReserve = ( | |||
| }, | |||
| }, | |||
| }, | |||
| installations: { | |||
| assetReserve: restoreRef(assetReserveRef), | |||
There was a problem hiding this comment.
Again, I suggest reserve, not assetReserve.
| assetReserve: restoreRef(assetReserveRef), | |
| reserve: restoreRef(assetReserveRef), |
We can see this in published.agoricNames.installation on mainnet (or any of our running networks, I'm pretty sure).
There was a problem hiding this comment.
I decided to import agoricNamesReserved from @agoric/vats/src/core/utils.js to verify that I'm using actual installation names.
| @@ -51,6 +54,9 @@ export const getManifestForUpgradingRegistry = (_powers, { registryRef }) => ({ | |||
| brand: { consume: { [Stable.symbol]: par } }, | |||
| }, | |||
| }, | |||
| installations: { | |||
| priceAuthority: restoreRef(registryRef), | |||
There was a problem hiding this comment.
| priceAuthority: restoreRef(registryRef), | |
| priceAggregator: restoreRef(registryRef), |
There was a problem hiding this comment.
wait... now I'm getting things mixed up.
priceAuthorityRegistry is not a contract vat.
There was a problem hiding this comment.
dropped. I hate the names for priceAuthority/Registry/fluxAggregator!
| @@ -56,5 +57,8 @@ export const getManifestForUpgradeWallet = (_powers, { walletRef }) => ({ | |||
| }, | |||
| }, | |||
| }, | |||
| installations: { | |||
| [agoricNamesReserved.installation.walletFactory]: restoreRef(walletRef), | |||
There was a problem hiding this comment.
interesting idea, but that expression evaluates to 'multitenant smart wallet'
| installations: { | ||
| [agoricNamesReserved.installation.walletFactory]: restoreRef(walletRef), |
There was a problem hiding this comment.
maybe...
| installations: { | |
| [agoricNamesReserved.installation.walletFactory]: restoreRef(walletRef), | |
| /** @satisfies {Record<keyof typeof agoricNamesReserved.installation, unknown>} */ | |
| installations: { | |
| 'walletFactory': restoreRef(walletRef), |
There was a problem hiding this comment.
It looks good, and I'd prefer it to no check, but it didn't enforce correct names.
| @@ -89,5 +90,8 @@ export const getManifestForUpgradingAssetReserve = ( | |||
| }, | |||
| }, | |||
| }, | |||
| installations: { | |||
| [agoricNamesReserved.installation.reserve]: restoreRef(assetReserveRef), | |||
There was a problem hiding this comment.
same problem
likewise the 2 below
I agree. I thought of trying to impose your suggestion of |
Description
I've known for a while that there was something magic about the
installationskeyword ingetManifestForFooin coreEval proposals, but I was never able to track it down. Now I've found the relevant code. IncoreProposalBehavior(which is copied into generated proposals), if the manifest contains namedinstallations, then they are added to both agoricNames and the bootstrap promiseSpace. When upgrading a contract to a new installation, the installation should nearly always be updated this way.This PR updates all the proposals/scripts currently slated for upgrade-19 to include their upgraded bundles in
installationsso future references will automatically pick them up.Security Considerations
related to security and reliability of the contracts, not the chain.
Scaling Considerations
not relevant.
Documentation Considerations
I updated the README in deploy-script-support.
Testing Considerations
The
n:upgrade-nextandz:acceptancetests continue to pass.Upgrade Considerations
PSM is the only contract being upgraded in Upgrade19 that starts up multiple copies, and it was already doing this correctly.