Add `Paras` `authorize_code_hash` + `apply_authorized_code` feature by bkontur · Pull Request #7592 · paritytech/polkadot-sdk

bkontur · 2025-02-17T11:00:00Z

Closes: #7574
Relates to: #7591

Motivation

This feature is useful when triggering a Paras pallet call from a different chain than the one where the Paras pallet is deployed. For example, we may want to send Paras::force_set_current_code(para, code) from the Collectives and/or AssetHub to the relay chain (because the relaychain governance will be migrated to the AssetHub as a part of AHM).

The primary reason for this approach is to avoid transferring the entire new_code Wasm blob between chains. Instead, we authorize the code_hash using root via fn authorize_force_set_current_code_hash(new_authorization, expire_at). This authorization can later be applied by anyone using Paras::apply_authorized_force_set_current_code(para, new_code). If expire_at is reached without the authorization being used, it is automatically removed.

Usage

This feature is intended for use in two scenarios:

The D-Day scenario, where we can restart AssetHub from Collectives — see the PoC: [AHM] PoC for D-Day governance rescue feature on CollectivesWestend #8141
Using force_set_current_code for any parachain from migrated governance to AssetHub (AHM)

TODO

~~cover also add_trusted_validation_code or force_schedule_code_upgrade - see comment bellow: Add Paras authorize_code_hash + apply_authorized_code feature #7592 (comment)~~ no see other comment

Open questions

~~Do we need something like poke_authorized_code_hash? E.g. in case that we authorize code hash, but nobody would apply it and the parachain starts working with old/other_new code? Is this possible?~~
Do we need something similar for frame_system pallet and set_code / set_code_without_checks?
Can we achieve the same with pallet-whitelist?
Do we have other extrinsics over chains which has code attribute?
Do we need to add validate_unsigned for apply_authorized_code?

bkontur · 2025-02-17T11:20:03Z

/cmd fmt

…-set-current-code

…code' into bko-paras-authorize-set-current-code

bkontur · 2025-02-17T13:52:10Z

/cmd prdoc --audience runtime_dev --bump patch

…ump patch'

prdoc/pr_7592.prdoc

bkontur · 2025-02-17T13:55:50Z

/cmd bench --pallet polkadot_runtime_parachains::paras --runtime westend rococo

github-actions · 2025-02-17T13:56:32Z

Command "bench --pallet polkadot_runtime_parachains::paras --runtime westend rococo" has started 🚀 See logs here

…parachains::paras --runtime westend rococo'

github-actions · 2025-02-17T16:01:59Z

Command "bench --pallet polkadot_runtime_parachains::paras --runtime westend rococo" has finished ✅ See logs here

Details

Subweight results:

File	Extrinsic	Old	New	Change [%]
cumulus/pallets/collator-selection/src/weights.rs	leave_intent	-	-	ERROR
cumulus/pallets/collator-selection/src/weights.rs	new_session	-	-	ERROR
cumulus/pallets/collator-selection/src/weights.rs	register_as_candidate	-	-	ERROR
cumulus/pallets/collator-selection/src/weights.rs	set_invulnerables	-	-	ERROR
cumulus/pallets/collator-selection/src/weights.rs	take_candidate_slot	-	-	ERROR
cumulus/pallets/collator-selection/src/weights.rs	update_bond	-	-	ERROR
cumulus/parachains/runtimes/assets/asset-hub-rococo/src/weights/pallet_collator_selection.rs	take_candidate_slot	-	-	ERROR
cumulus/parachains/runtimes/assets/asset-hub-rococo/src/weights/pallet_collator_selection.rs	update_bond	-	-	ERROR
cumulus/parachains/runtimes/assets/asset-hub-westend/src/weights/pallet_collator_selection.rs	take_candidate_slot	-	-	ERROR
cumulus/parachains/runtimes/assets/asset-hub-westend/src/weights/pallet_collator_selection.rs	update_bond	-	-	ERROR
cumulus/parachains/runtimes/bridge-hubs/bridge-hub-rococo/src/weights/pallet_collator_selection.rs	take_candidate_slot	-	-	ERROR
cumulus/parachains/runtimes/bridge-hubs/bridge-hub-rococo/src/weights/pallet_collator_selection.rs	update_bond	-	-	ERROR
cumulus/parachains/runtimes/bridge-hubs/bridge-hub-westend/src/weights/pallet_collator_selection.rs	take_candidate_slot	-	-	ERROR
cumulus/parachains/runtimes/bridge-hubs/bridge-hub-westend/src/weights/pallet_collator_selection.rs	update_bond	-	-	ERROR
cumulus/parachains/runtimes/collectives/collectives-westend/src/weights/pallet_collator_selection.rs	take_candidate_slot	-	-	ERROR
cumulus/parachains/runtimes/collectives/collectives-westend/src/weights/pallet_collator_selection.rs	update_bond	-	-	ERROR
cumulus/parachains/runtimes/collectives/collectives-westend/src/weights/pallet_preimage.rs	ensure_updated	-	-	ERROR
cumulus/parachains/runtimes/people/people-rococo/src/weights/pallet_collator_selection.rs	take_candidate_slot	-	-	ERROR
cumulus/parachains/runtimes/people/people-rococo/src/weights/pallet_collator_selection.rs	update_bond	-	-	ERROR
cumulus/parachains/runtimes/people/people-westend/src/weights/pallet_collator_selection.rs	take_candidate_slot	-	-	ERROR
cumulus/parachains/runtimes/people/people-westend/src/weights/pallet_collator_selection.rs	update_bond	-	-	ERROR
polkadot/runtime/rococo/src/weights/polkadot_runtime_parachains_paras.rs	add_trusted_validation_code	-	-	ERROR
polkadot/runtime/rococo/src/weights/polkadot_runtime_parachains_paras.rs	force_note_new_head	-	-	ERROR
polkadot/runtime/rococo/src/weights/polkadot_runtime_parachains_paras.rs	force_schedule_code_upgrade	-	-	ERROR
polkadot/runtime/rococo/src/weights/polkadot_runtime_parachains_paras.rs	force_set_current_code	-	-	ERROR
polkadot/runtime/rococo/src/weights/polkadot_runtime_parachains_paras.rs	force_set_current_head	-	-	ERROR
polkadot/runtime/westend/src/weights/pallet_preimage.rs	ensure_updated	-	-	ERROR
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	add_trusted_validation_code	-	-	ERROR
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	force_note_new_head	-	-	ERROR
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	force_schedule_code_upgrade	-	-	ERROR
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	force_set_current_code	-	-	ERROR
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	force_set_current_head	-	-	ERROR
substrate/frame/election-provider-support/src/weights.rs	phragmen	-	-	ERROR
substrate/frame/election-provider-support/src/weights.rs	phragmms	-	-	ERROR
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	force_set_most_recent_context	110.16us	103.91us	-5.67
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	include_pvf_check_statement_finalize_onboarding_accept	1.21ms	1.03ms	-14.87
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	authorize_force_set_current_code_hash		137.18us	Added
polkadot/runtime/westend/src/weights/polkadot_runtime_parachains_paras.rs	apply_authorized_force_set_current_code		40.31ms	Added
polkadot/runtime/rococo/src/weights/polkadot_runtime_parachains_paras.rs	authorize_force_set_current_code_hash		137.30us	Added
polkadot/runtime/rococo/src/weights/polkadot_runtime_parachains_paras.rs	apply_authorized_force_set_current_code		38.43ms	Added

Command output:

✅ Successful benchmarks of runtimes/pallets:
-- westend: ['polkadot_runtime_parachains::paras']
-- rococo: ['polkadot_runtime_parachains::paras']

polkadot/runtime/parachains/src/paras/mod.rs

Co-authored-by: Bastian Köcher <git@kchr.de>

bkontur · 2025-02-18T09:48:46Z

/cmd fmt

prdoc/pr_7592.prdoc

paritytech-workflow-stopper · 2025-05-12T21:26:34Z

All GitHub workflows were cancelled due to failure one of the required jobs.
Failed workflow url: https://github.com/paritytech/polkadot-sdk/actions/runs/14982334373
Failed job name: test-linux-stable-no-try-runtime

seadanda · 2025-05-07T08:08:24Z

polkadot/runtime/parachains/src/paras/benchmarking.rs

+		let code = ValidationCode(vec![0; c as usize]);
+		let para_id = ParaId::from(1000);
+		let expire_at =
+			frame_system::Pallet::<T>::block_number().saturating_add(BlockNumberFor::<T>::from(c));


Seems strange to also use the code size as the expiry time. If we expect this to affect the benchmark, it should be its own parameter, if not should we not just set it to something constant?

seadanda · 2025-05-29T08:53:46Z

polkadot/runtime/parachains/src/paras/mod.rs

+		);
+		for para in to_remove {
+			AuthorizedCodeHash::<T>::remove(&para);
+			weight.saturating_accrue(T::DbWeight::get().writes(1));


Yea I believe @kianenigma looked into this quite a bit for benchmarking MB staking when there were a lot of removals and ended up using a measured weight IIRC

…7592) Closes: #7574 Relates to: #7591 ## Motivation This feature is useful when triggering a `Paras` pallet call from a different chain than the one where the `Paras` pallet is deployed. For example, we may want to send `Paras::force_set_current_code(para, code)` from the Collectives and/or AssetHub to the relay chain (because the relaychain governance will be migrated to the AssetHub as a part of AHM). The primary reason for this approach is to avoid transferring the entire `new_code` Wasm blob between chains. Instead, we authorize the `code_hash` using `root` via `fn authorize_force_set_current_code_hash(new_authorization, expire_at)`. This authorization can later be applied by anyone using `Paras::apply_authorized_force_set_current_code(para, new_code)`. If `expire_at` is reached without the authorization being used, it is automatically removed. ## Usage This feature is intended for use in two scenarios: - The D-Day scenario, where we can restart AssetHub from Collectives — see the PoC: #8141 - Using `force_set_current_code` for any parachain from migrated governance to AssetHub (AHM) ## TODO - [x] ~cover also `add_trusted_validation_code` or `force_schedule_code_upgrade` - see comment bellow: #7592 (comment) no see other [comment](#7592 (comment)) ## Open questions - [ ] ~Do we need something like `poke_authorized_code_hash`? E.g. in case that we authorize code hash, but nobody would apply it and the parachain starts working with old/other_new code? Is this possible?~ - [ ] Do we need something similar for `frame_system` pallet and `set_code` / `set_code_without_checks`? - [ ] Can we achieve the same with `pallet-whitelist`? - [ ] Do we have other extrinsics over chains which has `code` attribute? - [x] Do we need to add `validate_unsigned` for `apply_authorized_code`? --------- Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: Kian Paimani <5588131+kianenigma@users.noreply.github.com> Co-authored-by: Adrian Catangiu <adrian@parity.io>

@kianenigma

This brings in `stable2506` Polkadot SDK, and integrates many new features. Integrated breaking changes to be verified by the original authors: - [x] ~paritytech/polkadot-sdk#8127 @kianenigma @Ank4n~ This will come in with AHM, and not before. - [x] paritytech/polkadot-sdk#7597 @gui1117 - [x] paritytech/polkadot-sdk#8254 @bkchr - [x] paritytech/polkadot-sdk#7592 @bkontur - [x] paritytech/polkadot-sdk#8382 @UtkarshBhardwaj007 - [x] paritytech/polkadot-sdk#8021 @serban300 - [x] paritytech/polkadot-sdk#8344 @serban300 - [x] paritytech/polkadot-sdk#8262 @athei - [x] paritytech/polkadot-sdk#8584 @athei - [x] paritytech/polkadot-sdk#8299 @skunert - [x] paritytech/polkadot-sdk#8652 @pgherveou - [x] paritytech/polkadot-sdk#8554 @pgherveou - [x] paritytech/polkadot-sdk#8281 @mrshiposha - [x] paritytech/polkadot-sdk#7730 @franciscoaguirre - [x] paritytech/polkadot-sdk#8599 @yrong @claravanstaden - [x] paritytech/polkadot-sdk#8531 @bkontur - [x] paritytech/polkadot-sdk#8409 @kianenigma - [x] paritytech/polkadot-sdk#9137 @franciscoaguirre - [x] paritytech/polkadot-sdk#7944 @bkontur - [x] paritytech/polkadot-sdk#8179 @bkontur - [x] paritytech/polkadot-sdk#8037 @yrong --------- Co-authored-by: GitHub Action <action@github.com> Co-authored-by: claravanstaden <claravanstaden64@gmail.com> Co-authored-by: Branislav Kontur <bkontur@gmail.com> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: Alain Brenzikofer <alain@integritee.network> Co-authored-by: kianenigma <kian@parity.io> Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com> Co-authored-by: ron <yrong1997@gmail.com> Co-authored-by: joe petrowski <25483142+joepetrowski@users.noreply.github.com> Co-authored-by: Overkillus <maciej.zyszkiewicz@parity.io>

…7592) Closes: #7574 Relates to: #7591 ## Motivation This feature is useful when triggering a `Paras` pallet call from a different chain than the one where the `Paras` pallet is deployed. For example, we may want to send `Paras::force_set_current_code(para, code)` from the Collectives and/or AssetHub to the relay chain (because the relaychain governance will be migrated to the AssetHub as a part of AHM). The primary reason for this approach is to avoid transferring the entire `new_code` Wasm blob between chains. Instead, we authorize the `code_hash` using `root` via `fn authorize_force_set_current_code_hash(new_authorization, expire_at)`. This authorization can later be applied by anyone using `Paras::apply_authorized_force_set_current_code(para, new_code)`. If `expire_at` is reached without the authorization being used, it is automatically removed. ## Usage This feature is intended for use in two scenarios: - The D-Day scenario, where we can restart AssetHub from Collectives — see the PoC: #8141 - Using `force_set_current_code` for any parachain from migrated governance to AssetHub (AHM) ## TODO - [x] ~cover also `add_trusted_validation_code` or `force_schedule_code_upgrade` - see comment bellow: #7592 (comment) no see other [comment](#7592 (comment)) ## Open questions - [ ] ~Do we need something like `poke_authorized_code_hash`? E.g. in case that we authorize code hash, but nobody would apply it and the parachain starts working with old/other_new code? Is this possible?~ - [ ] Do we need something similar for `frame_system` pallet and `set_code` / `set_code_without_checks`? - [ ] Can we achieve the same with `pallet-whitelist`? - [ ] Do we have other extrinsics over chains which has `code` attribute? - [x] Do we need to add `validate_unsigned` for `apply_authorized_code`? --------- Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: Kian Paimani <5588131+kianenigma@users.noreply.github.com> Co-authored-by: Adrian Catangiu <adrian@parity.io>

bkontur added 2 commits February 17, 2025 11:37

Added authorize_force_set_current_code_hash feature

90fa441

Add force_set_current_code test

693c277

github-actions bot and others added 5 commits February 17, 2025 11:22

Update from bkontur running command 'fmt'

1a9dba4

Merge remote-tracking branch 'origin/master' into bko-paras-authorize…

8dc2779

…-set-current-code

Fix Rococo/Westend

e14f331

Merge remote-tracking branch 'origin/master' into bko-paras-authorize…

a3d1f3c

…-set-current-code

Merge remote-tracking branch 'origin/bko-paras-authorize-set-current-…

9bb38f3

…code' into bko-paras-authorize-set-current-code

bkontur added T14-system_parachains This PR/Issue is related to system parachains. A4-needs-backport labels Feb 17, 2025

Update from bkontur running command 'prdoc --audience runtime_dev --b…

9eea06f

…ump patch'

bkontur commented Feb 17, 2025

View reviewed changes

prdoc/pr_7592.prdoc Outdated Show resolved Hide resolved

Update prdoc/pr_7592.prdoc

caff716

Update from bkontur running command 'bench --pallet polkadot_runtime_…

4d746d2

…parachains::paras --runtime westend rococo'

bkchr reviewed Feb 17, 2025

View reviewed changes

bkontur commented Feb 18, 2025

View reviewed changes

polkadot/runtime/parachains/src/paras/mod.rs Outdated Show resolved Hide resolved

bkontur and others added 3 commits February 18, 2025 10:27

Apply suggestions from code review

bde0c00

Co-authored-by: Bastian Köcher <git@kchr.de>

Update polkadot/runtime/parachains/src/paras/mod.rs

6062032

Co-authored-by: Bastian Köcher <git@kchr.de>

Dedicated enum variant NotAuthorizedCode

3243e63

bkontur and others added 2 commits February 18, 2025 10:48

Merge branch 'master' into bko-paras-authorize-set-current-code

1aeb6b3

Update from bkontur running command 'fmt'

77463f4

bkontur requested a review from bkchr February 18, 2025 10:05

bkontur commented Feb 18, 2025

View reviewed changes

prdoc/pr_7592.prdoc Show resolved Hide resolved

Update prdoc/pr_7592.prdoc

a1225cb

bkontur self-assigned this Feb 18, 2025

bkontur added 3 commits May 6, 2025 09:55

Merge branch 'master' into bko-paras-authorize-set-current-code

6075ad7

Merge branch 'master' into bko-paras-authorize-set-current-code

822a1ec

Merge branch 'master' into bko-paras-authorize-set-current-code

8036264

Merge branch 'master' into bko-paras-authorize-set-current-code

abdde6c

This was referenced May 22, 2025

The Unbrick Collective polkadot-fellows/RFCs#117

Open

Implementations to allow easier unbricking of parachains #5429

Draft

bkontur added 2 commits May 23, 2025 23:26

Merge branch 'master' into bko-paras-authorize-set-current-code

b110076

Merge branch 'master' into bko-paras-authorize-set-current-code

0cb5c59

seadanda approved these changes May 29, 2025

View reviewed changes

acatangiu added this pull request to the merge queue May 29, 2025

acatangiu added this to fellowship/runtimes integrations queue May 29, 2025

acatangiu moved this to To be released (SDK) in fellowship/runtimes integrations queue May 29, 2025

Merged via the queue into master with commit d6b9159 May 29, 2025
245 checks passed

acatangiu deleted the bko-paras-authorize-set-current-code branch May 29, 2025 11:13

github-project-automation bot moved this from In review to Done in Plaza: AHM May 29, 2025

bkontur moved this from In Progress to Done in @bkontur's board May 29, 2025

miss-stake added this to Security Audit (PRs) - SRLabs Jun 3, 2025

github-project-automation bot moved this to Backlog in Security Audit (PRs) - SRLabs Jun 3, 2025

miss-stake moved this from Backlog to Scheduled in Security Audit (PRs) - SRLabs Jun 3, 2025

redzsina moved this from Scheduled to In progress in Security Audit (PRs) - SRLabs Jun 30, 2025

redzsina moved this from In progress to Scheduled in Security Audit (PRs) - SRLabs Jul 1, 2025

acatangiu mentioned this pull request Jul 16, 2025

Upgrade to Polkadot-SDK stable2506 polkadot-fellows/runtimes#817

Merged

21 tasks

redzsina moved this from Scheduled to Waiting for fix in Security Audit (PRs) - SRLabs Aug 12, 2025

redzsina moved this from Waiting for fix to Audited in Security Audit (PRs) - SRLabs Aug 26, 2025

github-actions bot mentioned this pull request Oct 24, 2025

Update polkadot-sdk from stable2503 to stable2506 moondance-labs/tanssi#1340

Closed

Comments

Conversation

bkontur commented Feb 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Motivation

Usage

TODO

Open questions

Uh oh!

bkontur commented Feb 17, 2025

Uh oh!

bkontur commented Feb 17, 2025

Uh oh!

Uh oh!

bkontur commented Feb 17, 2025

Uh oh!

github-actions bot commented Feb 17, 2025

Uh oh!

github-actions bot commented Feb 17, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bkontur commented Feb 18, 2025

Uh oh!

Uh oh!

paritytech-workflow-stopper bot commented May 12, 2025

Uh oh!

seadanda May 7, 2025

Choose a reason for hiding this comment

Uh oh!

seadanda May 29, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

bkontur commented Feb 17, 2025 •

edited

Loading