feat: Add validator-keys to xrpld project

[legleux]

High Level Overview of Change

Adds the validator-keys utility to the xrpld repository as an optional CMake target and includes it in Linux packages.

This also changes the Conan package test from a synthetic example executable to a real downstream consumer: the test exports the xrpl package, builds validator-keys against xrpl::libxrpl, and runs the tool’s unit tests.

Context of Change

The previous Conan test package only verified that a tiny example target could link against xrpl::libxrpl. That is useful, but it does not exercise the kind of real consumer we expect downstream users to build.

validator-keys is a good fit for that role because it is:

• small enough to build as a package test,
• directly useful to validator operators,
• dependent on real libxrpl headers, libraries, and build settings,
• already part of the XRPL operational ecosystem.

The tool is vendored in this repository so the Conan test is hermetic and tests the source in this PR instead of fetching another repository at build time.

The target is opt-in through -Dvalidator_keys=ON. Normal builds are unchanged unless that option is enabled. Debian/RHEL package build configs enable it so the produced xrpld packages include /usr/bin/validator-keys.

API Impact

• Public API: New feature
• Public API: Breaking change
• libxrpl change
• Peer protocol change

No public API, peer protocol, or libxrpl API changes.

This PR adds a real Conan package consumer test for xrpl::libxrpl; it does not change libxrpl itself.

Before / After

Before:

• The repository contained a minimal tests/conan example consumer.
• CI did not run that consumer as a Conan package test.
• Linux packages only staged xrpld.
• There was no in-tree validator-keys target.

After:

• CI exports the xrpl Conan package and runs conan test.
• The Conan test package builds validator-keys against xrpl::libxrpl.
• The test runs validator-keys --unittest.
• Linux package artifacts include both xrpld and validator-keys.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.9%. Comparing base (b6a1ad5) to head (1f7c2db).

Additional details and impacted files

@@            Coverage Diff            @@
##           develop   #7555     +/-   ##
=========================================
- Coverage     82.0%   81.9%   -0.0%     
=========================================
  Files         1007    1007             
  Lines        76854   76854             
  Branches      8984    8984             
=========================================
- Hits         62990   62980     -10     
- Misses       13855   13865     +10     
  Partials         9       9             

see 6 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR vendors the validator-keys utility into the xrpld repo, wires it up as an opt-in CMake target (-Dvalidator_keys=ON), includes it in Linux packaging, and upgrades the Conan test_package to build and run validator-keys --unittest as a real downstream consumer of xrpl::libxrpl.

Changes:

• Add in-tree validator-keys-tool source (utility + unit tests) and expose a validator-keys executable target.
• Update Conan tests/conan to build validator-keys against the exported xrpl package and run its unit tests.
• Include validator-keys in Debian/RPM packaging and ensure CI uploads/stages the additional binary.

Reviewed changes

Copilot reviewed 33 out of 33 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
validator-keys-tool/src/ValidatorKeysTool.h	Declares validator-keys tool entrypoints.
validator-keys-tool/src/ValidatorKeysTool.cpp	Implements CLI commands and main() for validator-keys.
validator-keys-tool/src/ValidatorKeys.h	Declares xrpl::ValidatorKeys and ValidatorToken.
validator-keys-tool/src/ValidatorKeys.cpp	Implements key file parsing/writing, token generation, revocation, signing, domain validation.
validator-keys-tool/src/test/ValidatorKeysTool_test.cpp	Adds unit tests for tool commands.
validator-keys-tool/src/test/ValidatorKeys_test.cpp	Adds unit tests for ValidatorKeys behavior and serialization.
validator-keys-tool/src/test/KeyFileGuard.h	Test helper for creating/removing a temporary key directory.
validator-keys-tool/README.md	Build instructions for the vendored tool and mention of Conan test usage.
validator-keys-tool/doc/validator-keys-tool-guide.md	Operator-facing guide for validator key/token workflows.
validator-keys-tool/CMakeLists.txt	Builds validator-keys target and registers CTest invocation.
validator-keys-tool/cmake/KeysSanity.cmake	Sanity checks and configuration setup for the tool build.
validator-keys-tool/cmake/KeysInterface.cmake	Defines an interface target for compile/link options consistent with xrpld settings.
validator-keys-tool/cmake/KeysCov.cmake	Adds optional coverage report target for validator-keys.
validator-keys-tool/.git-blame-ignore-revs	Adds a blame-ignore file for formatting-only revs.
tests/conan/src/example.cpp	Removes the previous synthetic “link-only” test consumer.
tests/conan/conanfile.py	Updates test_package recipe to build/run validator-keys unit tests.
tests/conan/CMakeLists.txt	Builds vendored validator-keys-tool as the Conan consumer.
tests/conan/.gitignore	Ignores Conan test_package build output directory.
package/rpm/xrpld.spec	Installs validator-keys into RPM and lists it in packaged files.
package/README.md	Documents that packages include validator-keys and how to build locally with -Dvalidator_keys=ON.
package/debian/rules	Installs validator-keys into Debian package staging.
package/debian/control	Notes validator-keys inclusion in Debian package description.
package/build_pkg.sh	Stages both xrpld and validator-keys binaries for packaging.
CMakeLists.txt	Adjusts include order to pull in XrplValidatorKeys earlier.
cmake/XrplValidatorKeys.cmake	Switches from FetchContent to vendored add_subdirectory + install rules.
cmake/XrplPackaging.cmake	Makes packaging target depend on both xrpld and validator-keys.
.github/workflows/reusable-test-conan-package.yml	Adds a reusable workflow to export and conan test the package.
.github/workflows/reusable-package.yml	Ensures both binaries are made executable before packaging.
.github/workflows/reusable-build-test-config.yml	Uploads/stages both binaries as artifacts; adjusts patchelf handling.
.github/workflows/on-trigger.yml	Runs Conan package test workflow and includes validator-keys-tool in watched paths.
.github/workflows/on-tag.yml	Runs Conan package test before uploading recipe on tags.
.github/workflows/on-pr.yml	Runs Conan package test workflow and includes validator-keys-tool in watched paths.
.github/scripts/strategy-matrix/linux.json	Enables -Dvalidator_keys=ON for Linux packaging builds.

Comments suppressed due to low confidence (1)

tests/conan/conanfile.py:43

• The test runs validator-keys from self.cpp.build.bindir, but the CMakeLists sets validator-keys RUNTIME_OUTPUT_DIRECTORY to ${CMAKE_BINARY_DIR} (build folder root). This mismatch can make conan test fail to find the executable. Point the command at the actual output location (or align the CMake output dir with bindir).

    def test(self):
        if can_run(self):
            cmd = os.path.join(self.cpp.build.bindir, "validator-keys")
            self.run(f'"{cmd}" --unittest', env="conanrun")

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[xrplf-ai-reviewer]

One issue flagged inline — FORCE-writing CMAKE_CONFIGURATION_TYPES without a root-project guard can silently clobber the parent project's cache when this file is included via add_subdirectory().

---

Review by ReviewBot 🤖

Review by Claude Sonnet 4.6 · Prompt: V15

[xrplf-ai-reviewer]

FORCE overwrites CMAKE_CONFIGURATION_TYPES globally — guard it so it only runs at the root:

if(is_root_project)
    set(CMAKE_CONFIGURATION_TYPES "Debug;Release" CACHE STRING "" FORCE)
endif()

Note: is_root_project is computed later (line 41–46); move that block above this line, or inline the get_directory_property check here.

[mathbunnyru]

I haven't read the code much, but I think after fixing existing issues, it will change too.

[mathbunnyru]

Suggested change

	cp "${BUILD_DIR}/xrpld" "${BUILD_DIR}/artifacts/xrpld"
	if [ -x "${BUILD_DIR}/validator-keys" ]; then
	cp "${BUILD_DIR}/validator-keys" "${BUILD_DIR}/artifacts/validator-keys"
	fi
	cp "${BUILD_DIR}/xrpld" "${BUILD_DIR}/artifacts/"
	if [ -x "${BUILD_DIR}/validator-keys" ]; then
	cp "${BUILD_DIR}/validator-keys" "${BUILD_DIR}/artifacts/"
	fi

No need to duplicate the binary name, I think

[mathbunnyru]

This changes the interface we provide, so outside scripts relying on our binaries might fail.

[mathbunnyru]

We don't use nproc directly

[mathbunnyru]

Maybe it would make sense to move this file content to validator-kets-tool/CMakeLists.txt?

[mathbunnyru]

I don't like that this definition is different from debian one, even though they describe a similar thing. Can we unify them?
I don't mind duplication in this case, but at least let's keep the same description

[mathbunnyru]

Maybe let's just add this file to README.md in the validator-keys-tool directory, instead of creating a directory for one file?

[mathbunnyru]

This duplicates the existing logic

[mathbunnyru]

I don't think you need it

[mathbunnyru]

Magic number, let's put it as a static constexpr variable with a better name

[mathbunnyru]

Again magic number

[mathbunnyru]

Please, search in your PR, 72 is only in one place.