do not mark self malicious

[countvonzero]

Motivation

to ease adoption of testnet

Changes

• statically set miner's own node id
• whenever malfeasance proof is generated, check that it's not self

[codecov]

Codecov Report

Merging #4981 (c89fa6d) into develop (b694924) will decrease coverage by 0.1%.
Report is 1 commits behind head on develop.
The diff coverage is 31.2%.

❗ Current head c89fa6d differs from pull request most recent head 5c90fa8. Consider uploading reports for the commit 5c90fa8 to get more accurate results

@@            Coverage Diff            @@
##           develop   #4981     +/-   ##
=========================================
- Coverage     77.1%   77.1%   -0.1%     
=========================================
  Files          254     254             
  Lines        30141   30173     +32     
=========================================
+ Hits         23253   23266     +13     
- Misses        5384    5400     +16     
- Partials      1504    1507      +3     

Files Changed	Coverage Δ
hare/hare.go	65.9% <0.0%> (-0.3%)	⬇️
malfeasance/handler.go	68.6% <0.0%> (-1.1%)	⬇️
node/node.go	62.9% <0.0%> (-0.2%)	⬇️
common/types/nodeid.go	86.6% <33.3%> (-13.4%)	⬇️
activation/handler.go	76.6% <100.0%> (ø)
hare3/hare.go	84.5% <100.0%> (ø)
mesh/mesh.go	68.4% <100.0%> (ø)

... and 4 files with indirect coverage changes

📢 Have feedback on the report? Share it here.

[countvonzero]

sorry. i couldn't find a way to add it in TestHandler.
i didn't know how to advance to a round that the node is eligible again

[dshulyak]

i think the way to go to introduce such test is to make initialization reusable, instead of copying it

[dshulyak]

i don't think that adding global public key is acceptable even as a mitigation.

beside that this code already can be removed next week

[dshulyak]

*Hare has reference to signer

[dshulyak]

i don't understand what it fixes? if node sent an equivocating message thats enough, it doesn't have to generate a proof for itself. the latter is certainly should not be done, but by itself it doesn't fix much. this code also doesn't exit with fatal.

the solution in #4857 prevents some configuration mistakes, but not all

[dshulyak]

this global state can't work with t.Parallel, but hare already has access to signer

[dshulyak]

but anyway, i think this is not the approach. it doesn't solve any actual problems, introduces global state and code that needs to be removed "tomorrow".

the solutions that addresses some problems are:

• malfeasance: add machine fingerprint when post data/smesher key is generated #4856 to prevent copying state
• malfeasance: don't accept unknown messages from remote sources signed by your own identity #4857 to prevent syncing node with key (the simplest is to check in atx handler)
• Node should *not* delete POST files when there is more on a disk than configured #4594
• we also discussed how to prevent accidental launches on same computer. right now it is not possible because of leveldb used in libp2p . but maybe we should move lockfile relative to datadir