[#2273 Item C] Add non-root key paths fallback#2305
Closed
sheerai wants to merge 3 commits into
Closed
Conversation
Contributor
|
Welcome to RustChain! Thanks for your first pull request. Before we review, please make sure:
Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150) A maintainer will review your PR soon. Thanks for contributing! |
github-actions
Bot
added
BCOS-L1
github-actions
Bot
added
size/M
FlintLeng
reviewed
Apr 19, 2026
Contributor
FlintLeng
left a comment
FlintLeng
left a comment
There was a problem hiding this comment.
Code Review
Non-root execution support + cert validation. ✅
Item C: Non-root key paths fallback
- Falls back from /etc/rustchain → $RC_P2P_PRIVKEY_PATH → ~/.rustchain/p2p_identity.pem
- Correct priority chain: system → env → home directory
- Allows non-root execution without sacrificing security
Item B: Certificate clock skew validation
- Validates not_before/not_after with ±5 min tolerance
- Important for distributed systems with clock drift
- Reasonable tolerance value
Concerns
- 58 additions, 73 deletions — net reduction is good (cleaner code)
- Should document the fallback path order in README or CONTRIBUTING.md
Good quality contribution. Recommended merge. ✅
This was referenced Apr 19, 2026
fengqiankun6-sudo
approved these changes
Apr 19, 2026
fengqiankun6-sudo
left a comment
fengqiankun6-sudo
left a comment
There was a problem hiding this comment.
LGTM. Key changes: (1) Improved P2P identity path resolution with RC_P2P_PRIVKEY_PATH env var and multi-candidate search - much more robust; (2) Simplifies expiry check using timedelta objects instead of raw timestamp arithmetic - cleaner and more readable. Good incremental improvement to the key management system.
FlintLeng
reviewed
Apr 21, 2026
Owner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes part of #2273
Claiming Item C. The LocalKeypair now successfully falls back to $RC_P2P_PRIVKEY_PATH and ~/.rustchain/p2p_identity.pem if /etc/rustchain is unwritable, allowing non-root execution.
UPDATE: I have also completed Item B. The get_pubkey method now validates not_before and not_after timestamps with the requested ±5 minute clock skew tolerance
GitHub Username: sheerai
RTC Wallet: RTCf3e03dba442d0140b78cf9b76068921e1badcd6b