我们在上一小节中介绍到了,jack的owner权限是与bob和alice相关的。所以可能遇到这么一个情况,jack今天不在,而它又需要以上的操作怎么办?那么是否可以通过上面对jack权限的设置,在jack不在的情况下通过bob和alice的操作完成本属于jack权限许可的操作呢?是的,这就是多签名的概念和意义。
四. 建立多签名操作提案首先,eos中关于多签名的命令是multisig,这也是通过第一步中eosio.msig合约实现的。
jack不在,要想通过bob和alice两个人来审批本属于jack的操作,这就要比jack本人操作要麻烦一点,需要新建一个提案。
liuwenbin@liuwenbin:~$ cleos multisig propose nojack '[{"actor":"alice","permission":"owner"},{"actor":"bob","permission":"owner"}]' '[{"actor":"jack","permission":"owner"}]' eosio.token transfer '{"from":"jack","to":"bob","quantity":"50 SYS","memo":"test multisig"}' -p eosio.msig executed transaction: a223945e79c92cd5ca5243d64dce02ecf9bb1420e6ca3b5e5ac3fdae3dd4e8c3 240 bytes 389 us # eosio.msig <= eosio.msig::propose {"proposer":"eosio.msig","proposal_name":"nojack","requested":[{"actor":"alice","permission":"owner"... warning: transaction executed locally, but may not be confirmed by the network yet注意在提案中的定义操作要输入完整的key-value对应参数关系。本例中,transfer后面的参数的定义内容与上面直接用jack是一致的,但格式是完整格式,上面jack单签名时是使用的简略版,可自行对比发现。
这个提案结尾需要一个账户授权,这个账户是不做限制的,只是为了日后操作这个提案本身,因此这里选择一个不想关的用来部署eosio.msig合约的账户eosio.msig签名授权该提案。
五. 查看提案 liuwenbin@liuwenbin:~$ cleos multisig review eosio.msig nojack { "proposal_name": "nojack", "packed_transaction": "38d0295b000000000000000000000100a6823403ea3055000000572d3ccdcd0100000000000091790000000080ab26a72e00000000000091790000000000000e3d320000000000000000535953000000000d74657374206d756c746973696700", "transaction": { "expiration": "2018-06-20T03:55:36", "ref_block_num": 0, "ref_block_prefix": 0, "max_net_usage_words": 0, "max_cpu_usage_ms": 0, "delay_sec": 0, "context_free_actions": [], "actions": [{ "account": "eosio.token", "name": "transfer", "authorization": [{ "actor": "jack", "permission": "owner" } ], "data": { "from": "jack", "to": "bob", "quantity": "50 SYS", "memo": "test multisig" }, "hex_data": "00000000000091790000000000000e3d320000000000000000535953000000000d74657374206d756c7469736967" } ], "transaction_extensions": [] } }重点查看该提案设定的action,包括该action需要的权限,操作名,参数等。
六. 查看提案审批情况multisig合约定义了两个数据表,其中一个approvals表就是记录了提案的审批状态。
liuwenbin@liuwenbin:~/.local/share/eosio/nodeos/config$ cleos get table eosio.msig eosio.msig approvals { "rows": [{ "proposal_name": "nojack", "requested_approvals": [{ "actor": "alice", "permission": "owner" },{ "actor": "bob", "permission": "owner" } ], "provided_approvals": [] }], "more": false } 七. 审批提案提案创建完成以后,就需要alice和bob这两个账户分别进行审批,他们各自都需要使用自己的owner权限签名审批这个动作。
liuwenbin@liuwenbin:~$ cleos multisig approve eosio.msig nojack '{"actor":"alice","permission":"owner"}' -p alice@owner executed transaction: be473b9abcc361a6d4c00d726318d06cb98775bd9390f2ebe1e4e8d72afd5de2 128 bytes 269 us # eosio.msig <= eosio.msig::approve {"proposer":"eosio.msig","proposal_name":"nojack","level":{"actor":"alice","permission":"owner"}} warning: transaction executed locally, but may not be confirmed by the network yet liuwenbin@liuwenbin:~$ cleos multisig approve eosio.msig nojack '{"actor":"bob","permission":"owner"}' -p bob@owner executed transaction: 98c707b04ef43b17e25bfb5fb6700300f438ea3af08f5c5f44724bb7f66c9eb2 128 bytes 441 us # eosio.msig <= eosio.msig::approve {"proposer":"eosio.msig","proposal_name":"nojack","level":{"actor":"bob","permission":"owner"}} warning: transaction executed locally, but may not be confirmed by the network yet 八. 返回第6步 liuwenbin@liuwenbin:~/.local/share/eosio/nodeos/config$ cleos get table eosio.msig eosio.msig approvals { "rows": [{ "proposal_name": "nojack", "requested_approvals": [], "provided_approvals": [{ "actor": "alice", "permission": "owner" },{ "actor": "bob", "permission": "owner" } ] }], "more": false }可以看到,原requested_approvals中的待审批项已经全部转到了provided_approvals 已审批列表中。
这里我们可以通过unapprove命令将已审批项转至未审批集合中去。unapprove的参数与以上approve完全相同。
九. 执行提案