feat(cli): support per-keystore passwords for validator import#9236
feat(cli): support per-keystore passwords for validator import#9236JackCC703 wants to merge 4 commits intoChainSafe:unstablefrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces the --importKeystoresPasswords CLI flag, enabling the use of per-keystore password files during validator import. The changes include updates to the documentation, CLI option definitions, and the core import logic to support mapping keystores to specific password files based on their public keys. Additionally, comprehensive unit and E2E tests were added. Feedback was provided to lowercase the public key hex when constructing password filenames to ensure compatibility across case-sensitive filesystems.
| throw new YargsError(`Failed to read keystore ${keystorePath}: ${e instanceof Error ? e.message : String(e)}`); | ||
| } | ||
|
|
||
| const passwordFilepath = path.join(passwordsDir, `${pubkeyHex}.txt`); |
There was a problem hiding this comment.
To ensure compatibility with case-sensitive filesystems (like Linux), it is recommended to lowercase the public key hex when constructing the password filename. While EIP-2335 keystores usually contain lowercase hex, some tools might produce mixed-case strings, which would lead to file-not-found errors if the user created the password file with a different case.
| const passwordFilepath = path.join(passwordsDir, `${pubkeyHex}.txt`); | |
| const passwordFilepath = path.join(passwordsDir, `${pubkeyHex.toLowerCase()}.txt`); |
There was a problem hiding this comment.
I changed this to always look up the password file using the lowercased pubkey. That keeps the implementation simple and avoids the extra directory scan. I also reduced the test coverage to the mixed-case keystore pubkey case.
…t-keystore-passwords # Please enter a commit message to explain why this merge is necessary, # especially if it merges an updated upstream into a topic branch. # # Lines starting with '#' will be ignored, and an empty message aborts # the commit.
|
This PR is ready for review. |
|
Hi maintainers, CI is green now and the bot comment has been addressed. Could someone take a look when available? This implements #5249 for per-keystore password files during validator import. Thanks! |
1 participant
Motivation
The current validator import flow supports either interactive password entry or a single shared password file for all keystores. That makes non-interactive imports awkward for users who have multiple keystores encrypted with different passwords.
This PR adds a per-keystore password file workflow so validator keystores can be imported in batch without requiring all of them to share the same password.
Description
--importKeystoresPasswordsCLI option for per-keystore password files--importKeystoresPasswordbehavior unchanged for backward compatibility--importKeystoresPasswordand--importKeystoresPasswordsmutually exclusive0x<validator-public-key-hex>.txt--importKeystoresPasswordsdoes not point to a valid directoryCloses #5249
Testing
pnpm lintpnpm check-typespnpm test:unitpnpm docs:lintAI Assistance Disclosure
This PR was written primarily with Codex assistance. I used Codex for code generation, test additions and debugging. I reviewed the final changes and validated them locally before submission.