From ff08f0ffdbafbb21f53a8a49d770b4fbc0d0da0e Mon Sep 17 00:00:00 2001
From: Chris Pinnock <chris_pinnock@mac.com>
Date: Wed, 6 Dec 2023 09:44:55 +0000
Subject: [PATCH 1/2] Packages: Various small fixes to the package scripts to
 improve them including:

Reliably checking PID and log files to avoid spurious errors.
No need to wait for bootstrap for Smart Rollup daemons.
Ensure correct permissions on log directories.
Ensure that the tezos user is created on the Smart Rollup package.
---
 scripts/dpkg/smartrollup.postinst       | 12 +++++++
 scripts/pkg-common/baker.conf           |  2 +-
 scripts/pkg-common/baker.initd.in       | 48 ++++++++++++++++---------
 scripts/pkg-common/signer.initd.in      |  2 +-
 scripts/pkg-common/smartrollup.conf     |  6 ++--
 scripts/pkg-common/smartrollup.initd.in | 31 +++-------------
 scripts/pkg-common/vdf.initd.in         | 19 ++--------
 scripts/rpm/smartrollup-spec.in         |  2 ++
 8 files changed, 57 insertions(+), 65 deletions(-)

diff --git a/scripts/dpkg/smartrollup.postinst b/scripts/dpkg/smartrollup.postinst
index ae06162aaad1..f8cbb3970b38 100644
--- a/scripts/dpkg/smartrollup.postinst
+++ b/scripts/dpkg/smartrollup.postinst
@@ -1,4 +1,16 @@
 #!/bin/sh
 
+user=tezos
+group=tezos
+homedir=/var/tezos
+
+# Ensure the tezos user is created
+getent group ${group} >/dev/null 2>&1 || addgroup --system ${group}
+getent passwd ${user} >/dev/null 2>&1 || adduser --system	\
+						--home $homedir \
+						--shell /bin/bash \
+						--disabled-password \
+						--ingroup ${group} ${user}
+
 # Reload to get new init scripts
 /usr/bin/systemctl daemon-reload
diff --git a/scripts/pkg-common/baker.conf b/scripts/pkg-common/baker.conf
index 53621ac7373c..79843f0381e6 100644
--- a/scripts/pkg-common/baker.conf
+++ b/scripts/pkg-common/baker.conf
@@ -2,7 +2,7 @@
 user=tezos
 group=tezos
 
-# Wait for Node to bootstrap before starting bakers
+# Wait for node
 waitfornode=yes
 
 # Keepalive - don't exit if node disappears (if yes)
diff --git a/scripts/pkg-common/baker.initd.in b/scripts/pkg-common/baker.initd.in
index 4b4663290911..86b7a8502207 100755
--- a/scripts/pkg-common/baker.initd.in
+++ b/scripts/pkg-common/baker.initd.in
@@ -37,6 +37,9 @@ rotateonstart=yes
 protocols="@PROTOCOLS@"
 waitfornode=yes
 othercliopts_baker_@PROTOCOL@=""
+
+nodesetup=local 
+
 keepalive=yes
 keepalive_opt="-K"
 
@@ -52,12 +55,26 @@ accuser="/usr/bin/octez-accuser"
 
 [ "${keepalive}" != "yes" ] && keepalive_opt=""
 
+
+wait_for_bootstrap()
+{
+	echo "Waiting for node to be bootstrapped" >&2
+
+	while :; do
+		/usr/bin/octez-client bootstrapped >/dev/null 2>&1 && break
+		echo "Node not ready - sleeping for 30 seconds" >&2
+		sleep 30
+	done
+}
+
 initial_checks()
 {
 	mkdir -p ${PIDDIR}
 	chown $user:$group ${PIDDIR}
 
 	mkdir -p ${logdir}
+	chown $user:$group ${logdir}
+
 	if [ -z "$lq_vote" ]; then
 		echo "lq_vote must be set in /etc/octez/baker.conf" >&2
 		exit 3
@@ -67,18 +84,17 @@ initial_checks()
 		exit 3
 	fi
 
-}
-
-wait_for_bootstrap()
-{
-	echo "Waiting for node to be bootstrapped" >&2
+	if [ "$nodesetup" != "local" ]; then
+		echo "Only local nodes currently supported by the package" >&2
+		exit 3
+	fi
 
-	while :; do
-		/usr/bin/octez-client bootstrapped >/dev/null 2>&1 && break
-		echo "Node not ready - sleeping for 30 seconds" >&2
-		sleep 30
+	if [ ! -d "$nodedir" ] && [ "$nodesetup" = "local" ]; then
+		echo "$nodedir must be set up with a local running node" >&2
+		exit 3
+	fi
 
-	done
+	[ "$waitfornode" = "yes" ] &&  wait_for_bootstrap
 
 }
 
@@ -86,8 +102,10 @@ rotate_logs ()
 {
 	if [ ${rotateonstart} = "yes" ]; then
 		for p in ${protocols}; do
-			mv -f "${logfile_baseb}${p}.log" "${logfile_baseb}${p}.log.1"
-			mv -f "${logfile_basea}${p}.log" "${logfile_basea}${p}.log.1"
+			[ -f "${logfile_baseb}${p}.log" ] && \
+				mv -f "${logfile_baseb}${p}.log" "${logfile_baseb}${p}.log.1"
+			[ -f "${logfile_basea}${p}.log" ] && \
+				mv -f "${logfile_basea}${p}.log" "${logfile_basea}${p}.log.1"
 		done
 	fi
 }
@@ -95,7 +113,6 @@ rotate_logs ()
 case "$1" in
 start)	initial_checks
 	rotate_logs
-	[ "$waitfornode" = "yes" ] &&  wait_for_bootstrap
 	for p in ${protocols}; do
 		[ ! -x "${baker}-$p" ] && continue
 
@@ -106,9 +123,8 @@ start)	initial_checks
 	;;
 stop)
 	for p in ${protocols}; do
-		[ ! -x "${baker}-$p" ] && continue
-    kill  "$(cat ${PIDFILEB}-$p)"
-    kill  "$(cat ${PIDFILEA}-$p)"
+		[ -f "${PIDFILEB}-$p" ] && kill  "$(cat ${PIDFILEB}-$p)"
+		[ -f "${PIDFILEA}-$p" ] && kill  "$(cat ${PIDFILEA}-$p)"
 		rm -f ${PIDFILEB}-$p ${PIDFILEA}-$p
 	done
         ;;
diff --git a/scripts/pkg-common/signer.initd.in b/scripts/pkg-common/signer.initd.in
index efa82aeaf477..d08d5f191ab0 100755
--- a/scripts/pkg-common/signer.initd.in
+++ b/scripts/pkg-common/signer.initd.in
@@ -98,7 +98,7 @@ initial_checks()
 rotate_logs ()
 {
 	if [ ${rotateonstart} = "yes" ]; then
-		mv -f "${logfile}" "${logfile}.1"
+		[ -f "${logfile}" ] && mv -f "${logfile}" "${logfile}.1"
 	fi
 }
 
diff --git a/scripts/pkg-common/smartrollup.conf b/scripts/pkg-common/smartrollup.conf
index 889c84c2ea55..6d447d81e101 100644
--- a/scripts/pkg-common/smartrollup.conf
+++ b/scripts/pkg-common/smartrollup.conf
@@ -3,12 +3,10 @@
 #group=tezos
 
 # Data directories
-#clientdir=~tezos/.tezos-client
+#clientdir=/var/tezos/.tezos-client
+#rollupdatadir=/var/tezos/.tezos-smart-rollup-node
 rollupdatadir=/var/tezos/smartrollup
 
-# Wait for Node to bootstrap before starting rollup node
-waitfornode=yes
-
 # Assume the node is on the local machine. Change if not.
 nodeaddr=127.0.0.1
 rpcport=8732
diff --git a/scripts/pkg-common/smartrollup.initd.in b/scripts/pkg-common/smartrollup.initd.in
index 995b1b5ebe2e..da795778ca3e 100755
--- a/scripts/pkg-common/smartrollup.initd.in
+++ b/scripts/pkg-common/smartrollup.initd.in
@@ -31,9 +31,9 @@ user=tezos
 group=tezos
 nodedir=/var/tezos/node
 clientdir=~tezos/.tezos-client
+rollupdatadir=~tezos/.tezos-smart-rollup-node
 logdir=/var/log/tezos
 rotateonstart=yes
-waitfornode=yes
 nodeaddr=127.0.0.1
 rpcport=8732
 othercliopts_smartrollup=""
@@ -52,52 +52,29 @@ initial_checks()
 	chown $user:$group ${PIDDIR}
 
 	mkdir -p ${logdir}
-	if [ -z "$rollupdatadir" ]; then
-		echo "rollupdatadir must be set in /etc/octez/smartrollup.conf" >&2
-		exit 3
-	fi
-	if [ -z "$clientdir" ]; then
-		echo "clientdir must be set" >&2
-		exit 3
-	fi
+	chown $user:$group ${logdir}
 
 	if [ ! -f "$rollupdatadir/config.json" ]; then
 		echo "Rollup not configured" >&2
 		exit 3
 	fi
 	
-}
-
-wait_for_bootstrap()
-{
-	echo "Waiting for node to be bootstrapped" >&2
-		
-	while [ 1 = 1 ]; do
-		/usr/bin/octez-client -E $nodeurl bootstrapped >/dev/null 2>&1
-		[ "$?" = "0" ] && break
-		echo "Node not ready - sleeping for 30 seconds" >&2
-		sleep 30
-	done
-
-
-
 }
 
 rotate_logs ()
 {
 	if [ ${rotateonstart} = "yes" ]; then
-		mv -f "${logfile}" "${logfile}.1"
+		[ -f "${logfile}" ] && mv -f "${logfile}" "${logfile}.1"
 	fi
 }
 
 case "$1" in
 start)	initial_checks
 	rotate_logs
-	[ "$waitfornode" = "yes" ] && wait_for_bootstrap
 	su $user -c "${sr} -d "$clientdir" -E $nodeurl run --data-dir "$rollupdatadir" ${othercliopts_smartrollup} >> ${logfile} 2>&1 &"
 	;;
 stop)	
-       	pkill octez-smart-rollup-node
+       	pkill -f octez-smart-rollup-node
         ;;
 restart) 
         $0 stop
diff --git a/scripts/pkg-common/vdf.initd.in b/scripts/pkg-common/vdf.initd.in
index 790171258f41..b449e3239097 100755
--- a/scripts/pkg-common/vdf.initd.in
+++ b/scripts/pkg-common/vdf.initd.in
@@ -33,7 +33,6 @@ group=tezos
 logdir=/var/log/tezos
 rotateonstart=yes
 protocols="@PROTOCOLS@"
-waitfornode=yes
 
 #shellcheck disable=SC1091
 [ -r /etc/octez/node.conf ] && . /etc/octez/node.conf
@@ -49,19 +48,7 @@ initial_checks()
 	chown $user:$group ${PIDDIR}
 
 	mkdir -p ${logdir}
-
-}
-
-wait_for_bootstrap()
-{
-  echo "Waiting for node to be bootstrapped" >&2
-
-  while :; do
-    /usr/bin/octez-client bootstrapped >/dev/null 2>&1 && break
-    echo "Node not ready - sleeping for 30 seconds" >&2
-    sleep 30
-
-  done
+	chown $user:$group ${logdir}
 
 }
 
@@ -69,7 +56,8 @@ rotate_logs ()
 {
 	if [ ${rotateonstart} = "yes" ]; then
 		for p in ${protocols}; do
-			mv -f "${logfile_base}${p}.log" "${logfile_base}${p}.log.1"
+			[ -f "${logfile_base}${p}.log" ] && \
+				mv -f "${logfile_base}${p}.log" "${logfile_base}${p}.log.1"
 		done
 	fi
 }
@@ -77,7 +65,6 @@ rotate_logs ()
 case "$1" in
 start)	initial_checks
 	rotate_logs
-  [ "$waitfornode" == "yes" ] && wait_for_bootstrap
 	for p in ${protocols}; do
 		[ ! -x "${baker}-$p" ] && continue
 		su $user -c "${baker}-$p run vdf -K >> ${logfile_base}${p}.log 2>&1 & echo \$! > ${PIDFILE}-$p"
diff --git a/scripts/rpm/smartrollup-spec.in b/scripts/rpm/smartrollup-spec.in
index c1f633ad823d..762d59172cef 100644
--- a/scripts/rpm/smartrollup-spec.in
+++ b/scripts/rpm/smartrollup-spec.in
@@ -25,4 +25,6 @@ The Octez Smart Rollup daemons
 %config /etc/octez/smartrollup.conf
 
 %post 
+getent group tezos >/dev/null 2>&1 || groupadd tezos
+getent passwd tezos >/dev/null 2>&1 || useradd -g tezos -d /var/tezos tezos
 /usr/bin/systemctl daemon-reload
-- 
GitLab


From 4f1ce9b4c367256573fdacaa339256f6b51fcfec Mon Sep 17 00:00:00 2001
From: Chris Pinnock <chris_pinnock@mac.com>
Date: Wed, 3 Jan 2024 15:00:57 +0000
Subject: [PATCH 2/2] Packages: Do not use system users for the signer user

---
 scripts/dpkg/signer.postinst | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scripts/dpkg/signer.postinst b/scripts/dpkg/signer.postinst
index 0517aa58e002..a7f96e6557b8 100644
--- a/scripts/dpkg/signer.postinst
+++ b/scripts/dpkg/signer.postinst
@@ -5,9 +5,8 @@ group=tzsigner
 homedir=/var/tzsigner
 
 # Ensure the tzsigner user is created
-getent group ${group} >/dev/null 2>&1 || addgroup --system ${group}
-getent passwd ${user} >/dev/null 2>&1 || adduser --system	\
-						--home $homedir \
+getent group ${group} >/dev/null 2>&1 || addgroup ${group}
+getent passwd ${user} >/dev/null 2>&1 || adduser --home $homedir \
 						--shell /bin/bash \
 						--disabled-password \
 						--ingroup ${group} ${user}
-- 
GitLab