From 04623f92124e0e831ca72994e2ba28121f5a6ae1 Mon Sep 17 00:00:00 2001 From: Hanzo AI Date: Sun, 3 May 2026 14:07:53 -0700 Subject: [PATCH 1/2] ringtail: fix lux/mpc go.sum corruption (luxfi/edwards25519) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The recorded go.sum hash for github.com/luxfi/edwards25519@v0.1.0 was stale — the proxy now serves go.mod content (`module github.com/luxfi/ edwards25519\n\ngo 1.21\n`) that hashes to MBoV+bPE..., while go.sum had the older tFuuyXvI... value (matching whatever go.mod content was first published, evidently `module github.com/agl/ed25519`). Result: every Go build in the workspace, including ringtail's dkg tests, errored with a checksum mismatch SECURITY ERROR. Fix: remove the two stale edwards25519 lines and re-run go mod tidy so the current proxy content is re-pinned. New hashes: h1:YPoT831TZMslvNyy/KuTtpHi4BGZWgpwak06RCaYLzo= (zip) h1:MBoV+bPEz1tSMADPMSUaYdZ+agY3syG8B6z7RmJBH0A= (mod) Verified: `cd ~/work/lux/ringtail && go test ./dkg/...` passes TestDKG_2of3, TestDKG_3of5, TestDKG_InvalidParams, TestDKG_MissingData (env override GOENV=/dev/null + GOPROXY=https://proxy.golang.org,direct to bypass the unrelated GONOPROXY=hanzoai/* setting in the user's global go env that prevents the proxy from serving the cached but git-deleted hanzoai/xorm-adapter@v3.0.1 — that's a separate workspace-config issue, not a go.sum corruption). --- go.sum | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go.sum b/go.sum index 8b74708..d27a4f2 100644 --- a/go.sum +++ b/go.sum @@ -897,8 +897,8 @@ github.com/luxfi/crypto v1.17.45 h1:uGK0y4+aLipE/M0YIQ5hcsWv0ZG0E4cPv03a94K/eLE= github.com/luxfi/crypto v1.17.45/go.mod h1:GnAkhQ7HNs3X0Tzx5nOONS3kl0yRmWHbDcRO5ffILsg= github.com/luxfi/database v1.17.44 h1:hfiTls7sqbweW+o4iaZqB8P997paC+vpgWmhN6v5MJ0= github.com/luxfi/database v1.17.44/go.mod h1:6Ey5y3I0WNLHbxIlIdFqUuKfBg+b0fAgTA8FgRgQ8zg= -github.com/luxfi/edwards25519 v0.1.0 h1:zuSrBtgV4NUiJ8dzzJiLU4o+A0AHGnztRLUvZ24mAYk= -github.com/luxfi/edwards25519 v0.1.0/go.mod h1:tFuuyXvI+xqUoHz9pwC+kqsALCGHSO1SymL1NjCOmFM= +github.com/luxfi/edwards25519 v0.1.0 h1:YPoT831TZMslvNyy/KuTtpHi4BGZWgpwak06RCaYLzo= +github.com/luxfi/edwards25519 v0.1.0/go.mod h1:MBoV+bPEz1tSMADPMSUaYdZ+agY3syG8B6z7RmJBH0A= github.com/luxfi/fhe v1.7.7 h1:RP26i3CxvNy2y/3LKiJPgd9uR5MrlG/MvQnv5rkQFhk= github.com/luxfi/fhe v1.7.7/go.mod h1:FHfGNgKL5ZLcnKVKFVNLDJOBbQyQm5DGpVrMnY8ASJo= github.com/luxfi/geth v1.16.79 h1:MtP8ZUuSVZDjmZDa1kTJCl0PpG8+wGbQft652GO6a3A= From 6064d3405eec265b83a36c98ecc0b275d50ce379 Mon Sep 17 00:00:00 2001 From: Hanzo AI Date: Tue, 5 May 2026 03:01:12 -0700 Subject: [PATCH 2/2] fix(build): enable CGO so go-sqlite3 driver registers The /v1/mpc/wallets HTTP API was 503'ing because CGO_ENABLED=0 left mattn/go-sqlite3 unregistered, so the wallet tables couldn't open. Workaround was seeding wallets into TA's user_wallets table. Switch to CGO=1 with statically-linked external linker so the binary still runs in a scratch/alpine runtime without sqlite-libs at runtime. --- Dockerfile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 85c85d9..1301ca3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,11 @@ RUN pnpm build # syntax=docker/dockerfile:1 FROM --platform=$BUILDPLATFORM golang:1.26-alpine AS builder -RUN apk add --no-cache git ca-certificates +# CGO toolchain — required by go-sqlite3 (mattn) so the wallet HTTP API +# can open SQLite. Previously CGO=0 left the driver unregistered and +# /v1/mpc/wallets returned 503; the workaround was seeding wallets into +# TA's user_wallets table out-of-band. +RUN apk add --no-cache git ca-certificates gcc musl-dev sqlite-dev linux-headers ENV GONOSUMDB=github.com/luxfi/*,github.com/hanzoai/* WORKDIR /app @@ -22,10 +26,12 @@ COPY . . COPY --from=ui /ui/dist ./ui/dist/ ENV GOEXPERIMENT=runtimesecret -RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o mpcd ./cmd/mpcd -RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o mpc ./cmd/mpc +RUN CGO_ENABLED=1 GOOS=linux go build -ldflags="-s -w -linkmode external -extldflags '-static'" -tags 'sqlite_omit_load_extension' -o mpcd ./cmd/mpcd +RUN CGO_ENABLED=1 GOOS=linux go build -ldflags="-s -w -linkmode external -extldflags '-static'" -tags 'sqlite_omit_load_extension' -o mpc ./cmd/mpc FROM alpine:3.21 +# Runtime — statically linked binaries above don't need shared libs, but +# keep ca-certificates + tzdata for HTTPS + log timestamps. RUN apk add --no-cache ca-certificates tzdata COPY --from=builder /app/mpcd /usr/local/bin/mpcd COPY --from=builder /app/mpc /usr/local/bin/mpc