diff --git a/docs/developers/Concepts/avs-keys.md b/docs/developers/Concepts/avs-keys.md index da2bb09d..d62a7908 100644 --- a/docs/developers/Concepts/avs-keys.md +++ b/docs/developers/Concepts/avs-keys.md @@ -1,5 +1,5 @@ --- -sidebar_position: 6 +sidebar_position: 7 title: AVS Keys --- diff --git a/docs/developers/Concepts/avs-release-management.md b/docs/developers/Concepts/avs-release-management.md new file mode 100644 index 00000000..62f19365 --- /dev/null +++ b/docs/developers/Concepts/avs-release-management.md @@ -0,0 +1,16 @@ +--- +sidebar_position: 5 +title: AVS Release Management +--- + +The Release Management Service (RMS) enables verifiable container image signing using Ethereum keys and supports +OpenContainerInterface (OCI) compliant signature publishing to GitHub Container Registry (GHCR). The RMS is an optional +service that enables: + +* AVS developers to tag and sign releases. +* Operators to view the latest releases they are registered to run. +* Operators to verify the signature of the release container. + +For information on: +* Signing and publishing AVS releases, refer to [Release AVS](../HowTo/publish/release-avs.md). +* Get and verify releases, refer to [Get and Verify AVS Releases](../../operators/howto/get-and-verify-releases.md). diff --git a/docs/developers/Concepts/avs-security-models.md b/docs/developers/Concepts/avs-security-models.md index 1aa91266..d09c2f92 100644 --- a/docs/developers/Concepts/avs-security-models.md +++ b/docs/developers/Concepts/avs-security-models.md @@ -1,5 +1,5 @@ --- -sidebar_position: 5 +sidebar_position: 6 title: AVS Security Models --- diff --git a/docs/developers/HowTo/publish/release-avs.md b/docs/developers/HowTo/publish/release-avs.md new file mode 100644 index 00000000..53e0ecbd --- /dev/null +++ b/docs/developers/HowTo/publish/release-avs.md @@ -0,0 +1,77 @@ +--- +sidebar_position: 1 +title: Release AVS +--- + +To sign a release and update the AVS metadata to enable Operators to verify the container was signed by the specified public key +using the [Release Management Service (RMS)](../../Concepts/avs-release-management.md): + +1. Add valid keys for container signatures to AVS metadata. The format is: + + ``` + { + "name": "AVS Release Nofitication Demo", + ... + "releaseKeys": [ + "0xc877a87254ad39e717d2f322192f2b93e3aea5b651e13267901a4f6db507243e" + ], + ... + } + ``` + +2. Sign the container digest with a key included in the AVS metadata. Using the EigenLayer CLI: + + `eigenlayer-cli container sign [options]` with + * `container-digest` - Digest of the container + * `repository-location` - GitHub Container Registry (GHCR) repository location with which to tag the signature artifact. + +3. Update the AVS metadata to include the software section with the container name, description, and location. + + For AVSs using Operator Sets, the format is: + + ``` + { + "name": "AVS Release Nofitication Demo", + ... + "releaseKeys": [ + "0xc877a87254ad39e717d2f322192f2b93e3aea5b651e13267901a4f6db507243e" + ], + "operatorSets": [ + { + "name":"AVS Release Management Demo!!!", + ... + "software":[ + { + "name": "AVS Application Container", + "description": "A container located in GHCR for node operators to run.", + "location": "ghcr.io/bdchatham/avs-release-demo-v1" + } + ], + ... + } + ] + } + ``` + + For AVSs using AVSDirectory, the format is: + + ``` + { + "name": "AVS Release Nofitication Demo", + "avs_contract_address": "0x4c68f7bef3e14b47ba9af64acb3f0ea70c6535b1", + ... + "description": "An AVS using for demonstrating application release tracking & notifications.", + "software": { + "name": "AVS Application Container for M2 Quorum operators.", + "description": "A container located in GHCR for node operators to run.", + "location": "ghcr.io/bdchatham/avs-m2-release-demo" + }, + ... + } + ``` + +## List Release Keys + +To list AVS keys for signing releases included in the AVS metadata, use: + +`eigenlayer-cli service list-avs-release-keys –avs-address
` \ No newline at end of file diff --git a/docs/operators/howto/avs-operator-risks-mitigations-bp.md b/docs/operators/howto/avs-operator-risks-mitigations-bp.md index 682663ef..c7f17b24 100644 --- a/docs/operators/howto/avs-operator-risks-mitigations-bp.md +++ b/docs/operators/howto/avs-operator-risks-mitigations-bp.md @@ -1,5 +1,5 @@ --- -sidebar_position: 5 +sidebar_position: 8 title: Implement Security Best Practices --- diff --git a/docs/operators/howto/get-and-verify-releases.md b/docs/operators/howto/get-and-verify-releases.md new file mode 100644 index 00000000..77c11ac1 --- /dev/null +++ b/docs/operators/howto/get-and-verify-releases.md @@ -0,0 +1,20 @@ +--- +sidebar_position: 7 +title: Get and Verify AVS Releases +--- + +If an AVS is using the [Release Management Service (RMS)](../../developers/Concepts/avs-release-management.md), Operators can list and verify the releases they are registered to run. + +## List AVS Releases + +To list the AVS releases a specified Operator is registered to run, use the EigenLayer CLI: + +`eigenlayer-cli service list-operator-releases –operater-address
` + +## Verify AVS Releases + +To verify the container was signed by a public key specified in the AVS metadata, use the EigenLayer CLI: + +`eigenlayer-cli container verify [options]` with +* `container-digest` - Digest of the container +* `repository-location` - Github Container Registry (GHCR) repository location from which the release container was obtained. \ No newline at end of file diff --git a/docs/operators/howto/operator-content-guidelines.md b/docs/operators/howto/operator-content-guidelines.md index 9d5c2084..379a3055 100644 --- a/docs/operators/howto/operator-content-guidelines.md +++ b/docs/operators/howto/operator-content-guidelines.md @@ -1,5 +1,5 @@ --- -sidebar_position: 6 +sidebar_position: 8 title: Follow Webapp Content Guidelines --- diff --git a/docs/operators/howto/troubleshooting.md b/docs/operators/howto/troubleshooting.md index 632cb5b1..1e236675 100644 --- a/docs/operators/howto/troubleshooting.md +++ b/docs/operators/howto/troubleshooting.md @@ -1,5 +1,5 @@ --- -sidebar_position: 7 +sidebar_position: 9 title: Troubleshoot ---