feat(validator): SIMD-0387 BLS pubkey registration + Agave XDP support#400
Merged
Conversation
Two new testnet/mainnet validator requirements:
BLS public key (SIMD-0387)
- registerBlsPubkey() runs `solana vote-authorize-voter-checked` with
`--use-v2-instruction` per host, signing with the identity keypair
(the default authorized voter) to fill in the derived BLS pubkey.
- Idempotent: skips hosts whose blsPubkeyCompressed is already set, and
verifies the key landed on-chain before reporting success. When the
feature gate is inactive the forced-v2 tx fails at simulation without
mutating state (no wasted voter re-authorization).
- Auto-runs at the end of `slv v deploy` (testnet + mainnet, non-fatal);
also exposed as `slv v register:bls` for re-running after activation.
Agave XDP (retransmit acceleration)
- Per-host inventory vars (xdp_enabled / xdp_interface / xdp_cpu_cores /
xdp_zero_copy / xdp_poh_pinned_cpu_core) on NodeConfigBase, captured by
promptXdpConfig() during `slv v init` for agave/jito only (Firedancer
uses XDP natively).
- start-validator*.sh.j2 inject the --experimental-retransmit-xdp-* flags
and solv.service.j2 grants CAP_NET_RAW/NET_ADMIN/BPF/PERFMON, all gated
by `{% if xdp_enabled %}` so existing hosts are unaffected.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- registerBlsPubkey: run vote-authorize via Deno.Command argv array (no shell word-splitting on keypair paths with spaces); treat empty blsPubkeyCompressed as unset; guard non-testnet/mainnet networks and empty HOME; catch malformed inventory YAML instead of throwing out of the standalone command. - promptXdpConfig: validate xdp_cpu_cores / xdp_poh_pinned_cpu_core as non-negative integers so a fat-fingered entry can't write NaN (.nan) to the inventory and emit a garbage launch flag. - start-validator*.j2: gate the XDP block on a non-empty xdp_interface and use default(1, true) for cpu-cores, so a hand-edited inventory with xdp_enabled but a blank interface no longer renders a valueless flag that eats the next. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for two new testnet/mainnet validator requirements.
BLS public key (SIMD-0387)
Voting validators must register the BLS public key derived from their authorized voter keypair; otherwise the vote account behaves as unstaked once SIMD-0357 (Alpenglow voting) activates.
registerBlsPubkey()runssolana vote-authorize-voter-checked … --use-v2-instructionper host, signing with the identity keypair (the default authorized voter), which fills in the derived BLS pubkey without changing the voter.blsPubkeyCompressedis already set, and reads the key back on-chain before reporting success. Forcing the v2 instruction means that when the feature gate is still inactive the tx fails cleanly at simulation without mutating state (avoids a wasted voter re-authorization that would also burn the once-per-epoch voter-change slot).slv v deployfor testnet and mainnet (wrapped, non-fatal). Also exposed asslv v register:blsto re-run after the feature activates.Agave XDP (retransmit acceleration)
NodeConfigBase:xdp_enabled,xdp_interface,xdp_cpu_cores,xdp_zero_copy,xdp_poh_pinned_cpu_core. Captured bypromptXdpConfig()duringslv v initfor agave/jito only (Firedancer uses XDP natively).start-validator*.sh.j2inject the--experimental-retransmit-xdp-*flags;solv.service.j2grantsCAP_NET_RAW/CAP_NET_ADMIN/CAP_BPF/CAP_PERFMON. All gated by{% if xdp_enabled %}, so existing hosts are unaffected.Testing
deno check) and aredeno fmtformatted; no new type errors introduced.trim_blocks=True: XDP flags/capabilities present when enabled, fully absent (no stray blank lines breaking bash line-continuation) when disabled.slv v register:blsexercised end-to-end against a live testnet validator: inventory read → identity-signed tx → on-chain read-back. Confirmed the idempotent/verify path and the clean no-op behavior while SIMD-0387 is not yet gate-active on the cluster.Notes
--experimental-in current Agave; names may change upstream.vote-authorize-voter-checked --use-v2-instructionandsolana-keygen bls_pubkey(v4.x).🤖 Generated with Claude Code