Datasets algo approval

[alexcos20]

When approving an algo, we should store & check the file checksum, not metadata checksum

How it is now: Algorithm files checksum checking performed during compute start are checking against hash of encrypted files (asset.files) https://github.com/oceanprotocol/provider/blob/408a9032b30d3606a6b991f3982b7d17ded7cd47/ocean_provider/validation/algo.py#L415

Problem: The publisher can always update the underlying file, and introduce malicious code in the algorithm, after the algo was approved

Describe the solution Algorithm files checksum should check based on the contents, ie: https://github.com/oceanprotocol/provider/blob/408a9032b30d3606a6b991f3982b7d17ded7cd47/ocean_provider/routes/consume.py#L111 with_checksum = true

We are going to still the same fields in the ddo:

"publisherTrustedAlgorithms": [
          {
            "did": "did:op:123",
            "filesChecksum": "100",
            "containerSectionChecksum": "200"
          },
          {
            "did": "did:op:124",
            "filesChecksum": "110",
            "containerSectionChecksum": "210"
          }
        ]

Q: What if algo has multiple files? A: Then filesChecksum = checksumFile1 + checksumFile2 + checksumFile3

This requires coordination between:

• [ ] Market
• [ ] Ocean.js
• [x] Ocean.py
• [x] Provider

[alexcos20]

Docs updated in https://github.com/oceanprotocol/docs/pull/1032

[calina-c]

@bogdanfazakas can we close this one?

[bogdanfazakas]

@bogdanfazakas can we close this one?

Market PR not merged yet, I will close this once that is merged 😃

[LoznianuAnamaria]

@bogdanfazakas If I'm not wrong, this issue is done and delivered. Is there something that still needs to be done?

[bogdanfazakas]

@bogdanfazakas If I'm not wrong, this issue is done and delivered. Is there something that still needs to be done?

Yes we can close this, we are tracking the latest updates for the publish form in this issue https://github.com/oceanprotocol/market/issues/1672