From 132037380b1f8823d067324ea88a2f5db9477efb Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Tue, 20 Feb 2024 16:18:48 +0100 Subject: [PATCH 1/3] packaging: fix octez-node template --- .gitlab/ci/jobs/packaging/build-debian-packages.sh | 3 --- scripts/packaging/octez/debian/octez-node.templates | 2 +- scripts/packaging/octez/debian/rules | 2 -- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.gitlab/ci/jobs/packaging/build-debian-packages.sh b/.gitlab/ci/jobs/packaging/build-debian-packages.sh index cff82f858179..cf4b678f806d 100755 --- a/.gitlab/ci/jobs/packaging/build-debian-packages.sh +++ b/.gitlab/ci/jobs/packaging/build-debian-packages.sh @@ -31,9 +31,6 @@ cp octez-* scripts/packaging/octez/binaries/ # Copy the zcash parametes to be packaged cp -a _opam/share/zcash-params scripts/packaging/octez/ -# Generate the octez-node manual to be included in the package -./octez-node --help=groff > scripts/packaging/octez/manpages/octez-node.1 - # Build the debian packages cd scripts/packaging/octez/ DEB_BUILD_OPTIONS=noautodbgsym dpkg-buildpackage -b --no-sign -sa diff --git a/scripts/packaging/octez/debian/octez-node.templates b/scripts/packaging/octez/debian/octez-node.templates index 5ebe6d26a7c3..412f6b59ff40 100644 --- a/scripts/packaging/octez/debian/octez-node.templates +++ b/scripts/packaging/octez/debian/octez-node.templates @@ -29,7 +29,7 @@ Description: Do you really want to remove all data ? configuration and all associated files. Otherwise, the node data will be left untouched, and only the packages will be removed. - + . Enter "yes, please" to confirm. Template: octez-node/configure diff --git a/scripts/packaging/octez/debian/rules b/scripts/packaging/octez/debian/rules index 97bfd5f15561..955bdd98be8a 100755 --- a/scripts/packaging/octez/debian/rules +++ b/scripts/packaging/octez/debian/rules @@ -1,7 +1,5 @@ #!/usr/bin/make -f -export DEB_BUILD_OPTIONS=noautodbgsym - %: dh $@ -- GitLab From 1121f6b571c7ad7b6e05e540c92a2d401c0feba4 Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Thu, 7 Mar 2024 10:03:02 +0100 Subject: [PATCH 2/3] packaging: make sure the node is restarted after an upgrade --- .../octez/debian/octez-node.postinst | 75 ++++++++++--------- .../packaging/octez/debian/octez-node.postrm | 14 +++- .../packaging/octez/debian/octez-node.prerm | 9 ++- 3 files changed, 59 insertions(+), 39 deletions(-) diff --git a/scripts/packaging/octez/debian/octez-node.postinst b/scripts/packaging/octez/debian/octez-node.postinst index bd79ac470cfd..32e8db344a1f 100755 --- a/scripts/packaging/octez/debian/octez-node.postinst +++ b/scripts/packaging/octez/debian/octez-node.postinst @@ -2,55 +2,58 @@ set -e +# shellcheck disable=SC1091 . /usr/share/debconf/confmodule db_version 2.0 HOME=/var/tezos -case "${1}" in - configure) - # these are the defaults for the package and only used - # in the "configure" stage. - DATADIR="$HOME/.tezos-node" - - # shellcheck disable=SC2119 - if ! id "tezos" >/dev/null 2>&1; then - sudo adduser --quiet --disabled-password \ - --home $HOME --shell /bin/bash \ - --gecos "admin user for octez" tezos - mkdir -p /var/log/tezos - mkdir -p "$DATADIR" - chown tezos /var/log/tezos - chown tezos "$DATADIR" - fi +# work directory to store temporary files associated to this package +mkdir -p /var/lib/octez-node - db_get octez-node/configure - case "$RET" in - no) - db_get octez-node/network - NETWORK=${RET} - echo "NETWORK=${RET}" >> /etc/default/octez-node - db_get octez-node/history-mode - HISTORY_MODE=${RET} - echo "HISTORY_MODE=${RET}" >> /etc/default/octez-node - - if [ ! -e $DATADIR/config.json ]; then - su tezos -c "/usr/bin/octez-node config init --data-dir=$DATADIR\ - --network=\"$NETWORK\" \ +case "${1}" in +configure) + # these are the defaults for the package and only used + # in the "configure" stage. + DATADIR="$HOME/.tezos-node" + + # shellcheck disable=SC2119 + if ! id "tezos" > /dev/null 2>&1; then + sudo adduser --quiet --disabled-password \ + --home $HOME --shell /bin/bash \ + --gecos "admin user for octez" tezos + mkdir -p /var/log/tezos + mkdir -p "$DATADIR" + chown tezos /var/log/tezos + chown tezos "$DATADIR" + fi + + db_get octez-node/configure + case "$RET" in + no) + db_get octez-node/network + NETWORK=${RET} + echo "NETWORK=${RET}" >> /etc/default/octez-node + db_get octez-node/history-mode + HISTORY_MODE=${RET} + echo "HISTORY_MODE=${RET}" >> /etc/default/octez-node + + if [ ! -e $DATADIR/config.json ]; then + su tezos -c "/usr/bin/octez-node config init --data-dir=$DATADIR --network=\"$NETWORK\" \ --history-mode=\"$HISTORY_MODE\" \ --net-addr=\"[::]:9732\" \ --rpc-addr=\"127.0.0.1:8732\"" - fi - ;; - *) - echo "Skipping initialization." - ;; - esac + fi ;; *) - echo "postinst noop" + echo "Skipping initialization." ;; + esac + ;; +*) + echo "postinst noop" + ;; esac #DEBHELPER# diff --git a/scripts/packaging/octez/debian/octez-node.postrm b/scripts/packaging/octez/debian/octez-node.postrm index 62811a6c38a7..654f2fb17d5e 100755 --- a/scripts/packaging/octez/debian/octez-node.postrm +++ b/scripts/packaging/octez/debian/octez-node.postrm @@ -23,15 +23,27 @@ purge) echo "Not purging DATADIR. Octez-node data is intact" ;; esac + rm -Rf /var/lib/octez-node # Purge debconf data for the package in any case # shellcheck disable=SC2119 db_purge || true ;; -remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; +upgrade) + # Check if the daemon was running before the upgrade + if [ -f /var/lib/octez-node/daemon_was_running ] && + [ "$(cat /var/lib/octez-node/daemon_was_running)" = "1" ]; then + # Start the daemon if it was running + systemctl start octez-node.service + fi + ;; +remove | failed-upgrade | abort-install | abort-upgrade | disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac +# Clean up the temporary file +rm -f /var/lib/octez-node/daemon_was_running + #DEBHELPER# diff --git a/scripts/packaging/octez/debian/octez-node.prerm b/scripts/packaging/octez/debian/octez-node.prerm index 841c2b346a37..c025e99ed139 100755 --- a/scripts/packaging/octez/debian/octez-node.prerm +++ b/scripts/packaging/octez/debian/octez-node.prerm @@ -13,5 +13,10 @@ db_input critical octez-node/purge_warning || true # shellcheck disable=SC2119 db_go || true -echo "Stopping octez-node" -sudo systemctl stop octez-node.service +# Check if the daemon is active before stopping it +if systemctl is-active --quiet octez-node.service; then + # Set a flag in a temporary file to indicate the daemon was running + echo "1" > /var/lib/octez-node/daemon_was_running + echo "Stopping octez-node" + sudo systemctl stop octez-node.service +fi -- GitLab From 3838ade82a602a98ab35ac2646b92a3c28eb6b73 Mon Sep 17 00:00:00 2001 From: Pietro Abate Date: Tue, 30 Jan 2024 13:08:06 +0100 Subject: [PATCH 3/3] packaging: add octez-baker and octez-signer --- scripts/packaging/octez/.gitignore | 11 +++- scripts/packaging/octez/debian/control | 44 +++++++++++++++ .../packaging/octez/debian/octez-baker.config | 19 +++++++ .../octez/debian/octez-baker.install | 3 ++ .../octez/debian/octez-baker.logrotate | 44 +++++++++++++++ .../octez-baker.octez-accuser-active.default | 2 + .../octez-baker.octez-accuser-active.service | 17 ++++++ .../octez-baker.octez-accuser-next.default | 2 + .../octez-baker.octez-accuser-next.service | 17 ++++++ .../octez-baker.octez-baker-active.default | 7 +++ .../octez-baker.octez-baker-active.service | 23 ++++++++ .../octez-baker.octez-baker-next.default | 7 +++ .../octez-baker.octez-baker-next.service | 23 ++++++++ .../octez/debian/octez-baker.postinst | 38 +++++++++++++ .../packaging/octez/debian/octez-baker.postrm | 38 +++++++++++++ .../packaging/octez/debian/octez-baker.prerm | 18 +++++++ .../octez/debian/octez-baker.templates | 32 +++++++++++ .../octez/debian/octez-signer.install | 1 + scripts/packaging/octez/debian/rules | 24 ++++++++- .../packaging/octez/docs/README.octez-baker | 48 +++++++++++++++++ .../packaging/octez/docs/README.octez-node | 4 +- .../packaging/octez/docs/README.octez-signer | 53 +++++++++++++++++++ .../packaging/octez/docs/octez-signer.service | 22 ++++++++ .../packaging/octez/manpages/octez-baker.1 | 35 ++++++++++++ .../packaging/octez/manpages/octez-signer.1 | 35 ++++++++++++ .../octez/scripts/wait-for-node-up.sh | 25 +++++++++ 26 files changed, 587 insertions(+), 5 deletions(-) create mode 100755 scripts/packaging/octez/debian/octez-baker.config create mode 100644 scripts/packaging/octez/debian/octez-baker.install create mode 100644 scripts/packaging/octez/debian/octez-baker.logrotate create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-accuser-active.default create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-accuser-active.service create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-accuser-next.default create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-accuser-next.service create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-baker-active.default create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-baker-active.service create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-baker-next.default create mode 100644 scripts/packaging/octez/debian/octez-baker.octez-baker-next.service create mode 100755 scripts/packaging/octez/debian/octez-baker.postinst create mode 100755 scripts/packaging/octez/debian/octez-baker.postrm create mode 100755 scripts/packaging/octez/debian/octez-baker.prerm create mode 100644 scripts/packaging/octez/debian/octez-baker.templates create mode 100644 scripts/packaging/octez/debian/octez-signer.install create mode 100644 scripts/packaging/octez/docs/README.octez-baker create mode 100644 scripts/packaging/octez/docs/README.octez-signer create mode 100644 scripts/packaging/octez/docs/octez-signer.service create mode 100644 scripts/packaging/octez/manpages/octez-baker.1 create mode 100644 scripts/packaging/octez/manpages/octez-signer.1 create mode 100755 scripts/packaging/octez/scripts/wait-for-node-up.sh diff --git a/scripts/packaging/octez/.gitignore b/scripts/packaging/octez/.gitignore index 8f58b304d25d..0e50e3a81502 100644 --- a/scripts/packaging/octez/.gitignore +++ b/scripts/packaging/octez/.gitignore @@ -30,8 +30,15 @@ debian/*.debhelper debian/*.substvars debian/files debian/substvars -debian/octez-client/ -debian/octez-node/ binaries manpages/octez-node.1 zcash-params + +debian/octez-client/ +debian/octez-node/ +debian/octez-baker/ +debian/octez-evm-node/ +debian/octez-experimental/ +debian/octez-signer/ +debian/octez-smartrollup-node/ +debian/octez-zcash-params/ diff --git a/scripts/packaging/octez/debian/control b/scripts/packaging/octez/debian/control index e51bb5805fb3..0f9370df5a75 100644 --- a/scripts/packaging/octez/debian/control +++ b/scripts/packaging/octez/debian/control @@ -3,6 +3,16 @@ Section: devel Priority: optional Maintainer: Nomadic Labs Homepage: https://gitlab.com/tezos/tezos +Build-Depends: rsync, + git, m4, + build-essential, + patch, unzip, wget, opam, jq, bc, + autoconf, cmake, libev-dev, + libffi-dev, libgmp-dev, + libhidapi-dev, pkg-config, + zlib1g-dev, debhelper, debconf, + libprotobuf-dev, protobuf-compiler, + libsqlite3-dev Package: octez-zcash-params Architecture: all @@ -25,6 +35,8 @@ Description: L1 Octez node for the Tezos network This package serves as the core implementation for the Tezos blockchain node. It contains the fundamental components required for protocol execution, consensus, and network communication within the Tezos blockchain network + . + This package installs the Octez node. Package: octez-client Architecture: amd64 arm64 @@ -34,3 +46,35 @@ Description: Octez client Tezos blockchain. It includes command-line tools and functionalities for querying blockchain data, broadcasting transactions, and interacting with smart contracts on the Tezos network. + . + This package installs the Octez client. For key management it is + recommended to install a remote signer of a different host. + +Package: octez-baker +Architecture: amd64 arm64 +Depends: + ${misc:Depends}, ${shlibs:Depends}, + octez-client (= ${source:Version}), + octez-node (= ${source:Version}), +Recommends: octez-signer (= ${source:Version}), +Description: Octez baker + Octez baking software for the Tezos blockchain. + It includes the necessary tools and functionalities for participating in the + baking process, such as block creation, attestations, and protocol-specific + consensus mechanisms. + . + This package installs the baker, the accuser and the Octez node. For key + management it is recommended to install a remote signer of a different host. + +Package: octez-signer +Architecture: amd64 arm64 +Depends: ${misc:Depends}, ${shlibs:Depends}, octez-client (= ${source:Version}), +Suggests: wireguard, openssh-client +Description: Octez signer + This package is designed as a signing component for the Tezos blockchain. It + provides the essential tools and functionalities for securely signing + transactions, blocks, and other protocol-related data within the Tezos + network. + . + This package installs the Octez remote signer. It's recommended to run the signer + and the baker on different hosts and use a hardware ledger for key management. diff --git a/scripts/packaging/octez/debian/octez-baker.config b/scripts/packaging/octez/debian/octez-baker.config new file mode 100755 index 000000000000..d39037d5301d --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.config @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +# shellcheck disable=SC1091 +. /usr/share/debconf/confmodule +db_version 2.0 + +db_input high octez-baker/liquidity-vote || true +# shellcheck disable=SC2119 +db_go || true + +db_input high octez-baker/baker-key || true +# shellcheck disable=SC2119 +db_go || true + +db_input high octez-baker/baker-protocol || true +# shellcheck disable=SC2119 +db_go || true diff --git a/scripts/packaging/octez/debian/octez-baker.install b/scripts/packaging/octez/debian/octez-baker.install new file mode 100644 index 000000000000..46041ef7cdb5 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.install @@ -0,0 +1,3 @@ +binaries/octez-baker-* /usr/bin/ +binaries/octez-accuser-* /usr/bin/ +scripts/wait-for-node-up.sh /usr/share/octez-baker/ diff --git a/scripts/packaging/octez/debian/octez-baker.logrotate b/scripts/packaging/octez/debian/octez-baker.logrotate new file mode 100644 index 000000000000..ff95809e7497 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.logrotate @@ -0,0 +1,44 @@ +/var/log/tezos/baker-next.log{ + daily + # we use copytruncate to avoid stopping node. + copytruncate + rotate 5 + compress + minsize 1M +} + +/var/log/tezos/baker-active.log{ + daily + # we use copytruncate to avoid stopping node. + copytruncate + rotate 5 + compress + minsize 1M +} + +/var/log/tezos/accuser.log{ + daily + # we use copytruncate to avoid stopping node. + copytruncate + rotate 5 + compress + minsize 1M +} + +/var/log/tezos/accuser-next.log{ + daily + # we use copytruncate to avoid stopping node. + copytruncate + rotate 5 + compress + minsize 1M +} + +/var/log/tezos/accuser-active.log{ + daily + # we use copytruncate to avoid stopping node. + copytruncate + rotate 5 + compress + minsize 1M +} diff --git a/scripts/packaging/octez/debian/octez-baker.octez-accuser-active.default b/scripts/packaging/octez/debian/octez-baker.octez-accuser-active.default new file mode 100644 index 000000000000..ca9dff757782 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-accuser-active.default @@ -0,0 +1,2 @@ +# Keep the daemon process alive: when the connection with the node is lost +RUNTIME_OPTS="--keep-alive" diff --git a/scripts/packaging/octez/debian/octez-baker.octez-accuser-active.service b/scripts/packaging/octez/debian/octez-baker.octez-accuser-active.service new file mode 100644 index 000000000000..c4d06be5062c --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-accuser-active.service @@ -0,0 +1,17 @@ +[Unit] +Description=Octez accuser +Documentation=https://tezos.gitlab.io/ +After=network.target + +[Service] +EnvironmentFile=-/etc/default/octez-baker-active +EnvironmentFile=-/etc/default/octez-accuser-active +WorkingDirectory=/var/tezos +Restart=on-failure +User=tezos +ExecStart=/bin/sh -c "/usr/bin/octez-accuser-$PROTOCOL run $RUNTIME_OPTS" +StandardOutput=append:/var/log/tezos/accuser-active.log +StandardError=inherit + +[Install] +WantedBy=multi-user.target diff --git a/scripts/packaging/octez/debian/octez-baker.octez-accuser-next.default b/scripts/packaging/octez/debian/octez-baker.octez-accuser-next.default new file mode 100644 index 000000000000..ca9dff757782 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-accuser-next.default @@ -0,0 +1,2 @@ +# Keep the daemon process alive: when the connection with the node is lost +RUNTIME_OPTS="--keep-alive" diff --git a/scripts/packaging/octez/debian/octez-baker.octez-accuser-next.service b/scripts/packaging/octez/debian/octez-baker.octez-accuser-next.service new file mode 100644 index 000000000000..702005221181 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-accuser-next.service @@ -0,0 +1,17 @@ +[Unit] +Description=Octez accuser +Documentation=https://tezos.gitlab.io/ +After=network.target + +[Service] +EnvironmentFile=-/etc/default/octez-baker-next +EnvironmentFile=-/etc/default/octez-accuser-next +WorkingDirectory=/var/tezos +Restart=on-failure +User=tezos +ExecStart=/bin/sh -c "/usr/bin/octez-accuser-$PROTOCOL run $RUNTIME_OPTS" +StandardOutput=append:/var/log/tezos/accuser-next.log +StandardError=inherit + +[Install] +WantedBy=multi-user.target diff --git a/scripts/packaging/octez/debian/octez-baker.octez-baker-active.default b/scripts/packaging/octez/debian/octez-baker.octez-baker-active.default new file mode 100644 index 000000000000..9e6e89537f5f --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-baker-active.default @@ -0,0 +1,7 @@ + +# Data Directory +# we use the datadir defined in /etc/default/octez-node + +# Other options +# Keep the daemon process alive +RUNTIME_OPTS="--keep-alive" diff --git a/scripts/packaging/octez/debian/octez-baker.octez-baker-active.service b/scripts/packaging/octez/debian/octez-baker.octez-baker-active.service new file mode 100644 index 000000000000..4d305b279b9a --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-baker-active.service @@ -0,0 +1,23 @@ +[Unit] +Description=Octez baker +Documentation=https://tezos.gitlab.io/ +After=network.target + +[Service] +# We use the octez-node default to determine the node's DATADIR +EnvironmentFile=-/etc/default/octez-node +EnvironmentFile=-/etc/default/octez-baker-active +WorkingDirectory=/var/tezos +Restart=on-failure +User=tezos + +# We wrap the command in /bin/sh to use identify the baker associated to $PROTOCOL +ExecStart=/bin/sh -c "/usr/bin/octez-baker-$PROTOCOL --base-dir /var/tezos/.tezos-client run with local node $DATADIR --liquidity-baking-toggle-vote $LQVOTE $RUNTIME_OPTS $BAKING_KEY" + +# The baker is started only if the node is up and running +ExecStartPre=/usr/share/octez-baker/wait-for-node-up.sh +StandardOutput=append:/var/log/tezos/baker-active.log +StandardError=inherit + +[Install] +WantedBy=multi-user.target diff --git a/scripts/packaging/octez/debian/octez-baker.octez-baker-next.default b/scripts/packaging/octez/debian/octez-baker.octez-baker-next.default new file mode 100644 index 000000000000..9e6e89537f5f --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-baker-next.default @@ -0,0 +1,7 @@ + +# Data Directory +# we use the datadir defined in /etc/default/octez-node + +# Other options +# Keep the daemon process alive +RUNTIME_OPTS="--keep-alive" diff --git a/scripts/packaging/octez/debian/octez-baker.octez-baker-next.service b/scripts/packaging/octez/debian/octez-baker.octez-baker-next.service new file mode 100644 index 000000000000..2e413f58a249 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.octez-baker-next.service @@ -0,0 +1,23 @@ +[Unit] +Description=Octez baker +Documentation=https://tezos.gitlab.io/ +After=network.target + +[Service] +# We use the octez-node default to determine the node's DATADIR +EnvironmentFile=-/etc/default/octez-node +EnvironmentFile=-/etc/default/octez-baker-next +WorkingDirectory=/var/tezos +Restart=on-failure +User=tezos + +# We wrap the command in /bin/sh to use identify the baker associated to $PROTOCOL +ExecStart=/bin/sh -c "/usr/bin/octez-baker-$PROTOCOL --base-dir /var/tezos/.tezos-client run with local node $DATADIR --liquidity-baking-toggle-vote $LQVOTE $RUNTIME_OPTS $BAKING_KEY" + +# The baker is started only if the node is up and running +ExecStartPre=/usr/share/octez-baker/wait-for-node-up.sh +StandardOutput=append:/var/log/tezos/baker-next.log +StandardError=inherit + +[Install] +WantedBy=multi-user.target diff --git a/scripts/packaging/octez/debian/octez-baker.postinst b/scripts/packaging/octez/debian/octez-baker.postinst new file mode 100755 index 000000000000..ebcfd1568036 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.postinst @@ -0,0 +1,38 @@ +#!/bin/sh + +set -e + +# shellcheck disable=SC1091 +. /usr/share/debconf/confmodule + +db_version 2.0 + +# work directory to store temporary files associated to this package +mkdir -p /var/lib/octez-baker + +case "${1}" in +configure) + + db_get octez-baker/liquidity-vote + echo "LQVOTE=${RET}" > /etc/default/octez-baker + + db_get octez-baker/baker-key + echo "BAKER_KEY=${RET}" >> /etc/default/octez-baker + + db_get octez-baker/baker-active-protocol + echo "PROTOCOL=${RET}" >> /etc/default/octez-baker-active + + db_get octez-baker/baker-next-protocol + if [ -z "$RET" ]; then + echo "PROTOCOL=${RET}" >> /etc/default/octez-baker-next + else + echo "#PROTOCOL=${RET}" >> /etc/default/octez-baker-next + fi + + ;; +*) + echo "postinst noop" + ;; +esac + +#DEBHELPER# diff --git a/scripts/packaging/octez/debian/octez-baker.postrm b/scripts/packaging/octez/debian/octez-baker.postrm new file mode 100755 index 000000000000..dff14a07d483 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.postrm @@ -0,0 +1,38 @@ +#!/bin/sh + +set -e + +# Load debconf library +# shellcheck disable=SC1091 +. /usr/share/debconf/confmodule + +case "${1}" in +purge) + rm -Rf /var/lib/octez-baker + # Purge debconf data for the package in any case + # shellcheck disable=SC2119 + db_purge || true + ;; +upgrade) + for s in baker accuser; do + for p in next active; do + # Check if the daemon was running before the upgrade + if [ -f "/var/lib/octez-baker/$s-$p-daemon_was_running" ] && + [ "$(cat "/var/lib/octez-baker/$s-$p-daemon_was_running")" = "1" ]; then + # Start the daemon if it was running + systemctl "start octez-$s-$p.service" + fi + done + done + ;; +remove | failed-upgrade | abort-install | abort-upgrade | disappear) ;; +*) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# Clean up the temporary file +rm -f /var/lib/octez-baker/*daemon_was_running + +#DEBHELPER# diff --git a/scripts/packaging/octez/debian/octez-baker.prerm b/scripts/packaging/octez/debian/octez-baker.prerm new file mode 100755 index 000000000000..f500fb2cff01 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.prerm @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +# shellcheck disable=SC1091 +. /usr/share/debconf/confmodule + +for s in baker accuser; do + for p in active next; do + # Check if the daemon is active before stopping it + if systemctl is-active --quiet "octez-$s-$p.service"; then + # Set a flag in a temporary file to indicate the daemon was running + echo "1" > "/var/lib/octez-baker/$s-$p-daemon_was_running" + echo "Stopping octez-$s-$p" + sudo systemctl stop "octez-$s-$p.service" + fi + done +done diff --git a/scripts/packaging/octez/debian/octez-baker.templates b/scripts/packaging/octez/debian/octez-baker.templates new file mode 100644 index 000000000000..b558596dd966 --- /dev/null +++ b/scripts/packaging/octez/debian/octez-baker.templates @@ -0,0 +1,32 @@ +Template: octez-baker/liquidity-vote +Type: string +Default: on +Description: Your choice for the liquidity vote + Vote to continue or end the liquidity baking subsidy. The possible values for + this option are: "off" to request ending the subsidy, "on" to request + continuing or restarting the subsidy, and "pass" to abstain. + +Template: octez-baker/baker-key +Type: string +Description: The baker key to associate to this baker + Name of the delegate to attest and bake for or the name of the consensus key + signing on the delegate's behalf. The key is required to run the baker, but it + can also be added later while configuring the baker. + +Template: octez-baker/baker-active-protocol +Type: string +Default: Proxford +Description: The protocol associated to the baker + For production bakers this is the protocol of mainnet. Upon activation + both the baker for the active protocol and the next protocol must be running + at the same time. + +Template: octez-baker/baker-next-protocol +Type: string +Description: The protocol associated to the baker + For production bakers this is the adopted mainnet protocol. Upon activation + both the baker for the active protocol and the next protocol must be running + at the same time. You can leave this field empty. + . + After activation you can re-configure the package to stop the baker for the + old protocol and mark the freshly activated protocol as active. diff --git a/scripts/packaging/octez/debian/octez-signer.install b/scripts/packaging/octez/debian/octez-signer.install new file mode 100644 index 000000000000..afe12f0eb0df --- /dev/null +++ b/scripts/packaging/octez/debian/octez-signer.install @@ -0,0 +1 @@ +binaries/octez-signer /usr/bin/ diff --git a/scripts/packaging/octez/debian/rules b/scripts/packaging/octez/debian/rules index 955bdd98be8a..7ff1f6517f35 100755 --- a/scripts/packaging/octez/debian/rules +++ b/scripts/packaging/octez/debian/rules @@ -14,21 +14,43 @@ override_dh_builddeb: override_dh_installman: dh_installman --name octez-node manpages/octez-node.1 dh_installman --name octez-client manpages/octez-client.1 + dh_installman --name octez-baker manpages/octez-baker.1 + dh_installman --name octez-signer manpages/octez-signer.1 override_dh_installdocs: dh_installdocs -p octez-node docs/README.octez-node + dh_installdocs -p octez-baker docs/README.octez-baker + dh_installdocs -p octez-signer docs/octez-signer.service + dh_installdocs -p octez-signer docs/README.octez-signer override_dh_installsystemd: - dh_installsystemd --no-enable --no-start --name octez-node + dh_installsystemd -p octez-node --no-enable --no-start + dh_installsystemd -p octez-baker --no-enable --no-start --name octez-baker-next + dh_installsystemd -p octez-baker --no-enable --no-start --name octez-baker-active + dh_installsystemd -p octez-baker --no-enable --no-start --name octez-accuser-next + dh_installsystemd -p octez-baker --no-enable --no-start --name octez-accuser-active override_dh_installlogrotate: dh_installlogrotate --package=octez-node + dh_installlogrotate --package=octez-baker override_dh_install: dh_install # Include debconf configuration + mkdir -p debian/octez-baker/etc/default/ + cp debian/octez-baker.octez-accuser-next.default debian/octez-baker/etc/default/octez-accuser-next + cp debian/octez-baker.octez-accuser-active.default debian/octez-baker/etc/default/octez-accuser-active + cp debian/octez-baker.octez-baker-next.default debian/octez-baker/etc/default/octez-baker-next + cp debian/octez-baker.octez-baker-active.default debian/octez-baker/etc/default/octez-baker-active dh_installdebconf +override_dh_fixperms: + dh_fixperms + chmod 644 debian/octez-baker/etc/default/octez-accuser-next + chmod 644 debian/octez-baker/etc/default/octez-accuser-active + chmod 644 debian/octez-baker/etc/default/octez-baker-active + chmod 644 debian/octez-baker/etc/default/octez-baker-next + # avoid creating debug symbols override_dh_dwz: diff --git a/scripts/packaging/octez/docs/README.octez-baker b/scripts/packaging/octez/docs/README.octez-baker new file mode 100644 index 000000000000..768f8ccedc4c --- /dev/null +++ b/scripts/packaging/octez/docs/README.octez-baker @@ -0,0 +1,48 @@ +# Octez Baker + +The octez baker should be configured to run along side a remote signer. + +This package provides systemd services for both the baker and the accuser +and for the active and next protocol. For example, you can start the +baker using + +``` +$ sudo systemctl start octez-baker-active +``` + +All services are disables and inactive by default. It's up to the user +to configure them. + +## Usage with a remote signer + +The remote signer can be located either on the same machine, or better +on a separate machine and connected to a ledger. + +This package does not make any assumption on how the final user will +configure its baker. We provide as an example some steps a user should +take to configure its baker service to communicate with a remote signer. + +We assume, for the sake of brevity, that the signer is configured to +answer on a local http connection running on localhost and will use +authentication. + +For example, assuming the octez-signer is already setup: +``` +$ octez-signer show address alice +Hash: tz1V7TgBR52wAjjqsh24w8y9CymFGdegt9qs +Public Key: edpkvGAz71r8SZomcvF7LGajXT3AnhYX9CrmK3JWgA2xk8rf8CudY8 + +# Tell the baker about this signer +$ sudo su tezos -c "octez-client -R tcp://localhost:7732 config update" + +# add the remote key to the baker +$ sudo su tezos -c "octez-client -R tcp://localhost:7732 import secret key alice remote:tz1V7TgBR52wAjjqsh24w8y9CymFGdegt9qs" + +# Check that everything is ok +# you should see the the operation in the logs of the signer +# journalctl --user-unit octez-signer +$ sudo su tezos -c "octez-client sign bytes 0x03 for alice" + +# Register your baking account +$ sudo su tezos -c "octez-client register key alice as delegate" +``` diff --git a/scripts/packaging/octez/docs/README.octez-node b/scripts/packaging/octez/docs/README.octez-node index 3b9922660ab1..f5348cd91121 100644 --- a/scripts/packaging/octez/docs/README.octez-node +++ b/scripts/packaging/octez/docs/README.octez-node @@ -14,9 +14,9 @@ mode. Execute the following command to obtain a new data directory: - curl -L -o snapshot + curl -L -o snapshot.file - octez-node snapshot import snapshot --block --data-dir /var/tezos/.tezos-node + octez-node snapshot import snapshot.file --block --data-dir /var/tezos/.tezos-node Check here the full documentation on how to import a snapshot: https://tezos.gitlab.io/user/snapshots.html#importing-a-snapshot diff --git a/scripts/packaging/octez/docs/README.octez-signer b/scripts/packaging/octez/docs/README.octez-signer new file mode 100644 index 000000000000..5cdf6d55e123 --- /dev/null +++ b/scripts/packaging/octez/docs/README.octez-signer @@ -0,0 +1,53 @@ +This package provides the octez remote signer. + +We provide below an example of a systemd service that the user can use +to run the signer. + +For more details please refer to the official documentation about key +management: https://tezos.gitlab.io/user/key-management.html#signer + +``` +# create a siging key +$ octez-signer gen keys alice +# create a authentication key +$ octez-client gen keys auth + +$ octez-signer show address auth +Hash: tz1e5dLhLkovZE43obFVdztGBRR5op7Z99zr +Public Key: edpkvQZjxdikAtuWtT1BREEERQ64z26AMQkaMWgsDyCBnSJ5Muk1YG + +$ octez-signer add authorized key edpkvQZjxdikAtuWtT1BREEERQ64z26AMQkaMWgsDyCBnSJ5Muk1YG --name auth + +$ octez-signer show address auth --show-secret +Hash: tz1e5dLhLkovZE43obFVdztGBRR5op7Z99zr +Public Key: edpkvQZjxdikAtuWtT1BREEERQ64z26AMQkaMWgsDyCBnSJ5Muk1YG +Secret Key: unencrypted:edsk3Q9asoarfKtFzrcZyxPwE62DJVuRkSr6HkSCJ7T5zXeM7kKcuQ + +# add auth key to the baker +$ sudo su tezos -c "octez-client import secret key auth unencrypted:edsk3Q9asoarfKtFzrcZyxPwE62DJVuRkSr6HkSCJ7T5zXeM7kKcuQ" + +# install the signer service +$ mkdir -p ~/.config/systemd/user/ +$ cp /usr/share/doc/octez-signer/octez-signer.service ~/.config/systemd/user/ + +$ start the service +systemctl --user start octez-signer + +$ examine the logs +journalctl --user-unit octez-signer + +# Tell the baker about this signer +$ sudo su tezos -c "octez-client -R tcp://localhost:7732 config update" + +# add the remote key to the baker +$ sudo su tezos -c "octez-client -R tcp://localhost:7732 import secret key alice remote:tz1V7TgBR52wAjjqsh24w8y9CymFGdegt9qs" + +# Test is everything is ok +$ sudo su tezos -c "octez-client sign bytes 0x03 for alice" +``` + +If you are experimenting on ghostnet you can request tokens here: +https://faucet.ghostnet.teztnets.com/ + +We recommend to associate the signer to a ledger and to take all relevant +precautions to secure the private keys. diff --git a/scripts/packaging/octez/docs/octez-signer.service b/scripts/packaging/octez/docs/octez-signer.service new file mode 100644 index 000000000000..fe801136656c --- /dev/null +++ b/scripts/packaging/octez/docs/octez-signer.service @@ -0,0 +1,22 @@ +# This is a systemd user Service + +# Must be placed in ~/.config/systemd/user/ +# Start the signer as : `systemctl --user start octez-signer` +# Enable to run it permanently as : `systemctl --user enable octez-signer` +# Allow to run unsupervised: loginctl enable-linger ubuntu + +# See the logs using : `journalctl --user -u octez-signer.service` + +[Unit] +Description=Octez-signer +Documentation=https://tezos.gitlab.io/ +After=network.target + +[Service] +Type=simple +Restart=always +RestartSec=5 +ExecStart=/usr/bin/octez-signer --require-authentication launch socket signer -a 127.0.0.1 + +[Install] +WantedBy=default.target diff --git a/scripts/packaging/octez/manpages/octez-baker.1 b/scripts/packaging/octez/manpages/octez-baker.1 new file mode 100644 index 000000000000..5182d613d2fa --- /dev/null +++ b/scripts/packaging/octez/manpages/octez-baker.1 @@ -0,0 +1,35 @@ +.TH OCTEZ-BAKER 1 "January 2024" "Octez Baker Manual" + +.SH NAME +octez-baker \- Octez Baker Daemon + +.SH SYNOPSIS +.B octez-baker +[\fIOPTION\fR]... \fI\fR [\fIARGS\fR]... + +.SH DESCRIPTION +.B octez-baker +includes the necessary tools and functionalities for participating in the +baking process, such as block creation, endorsement, and protocol-specific +consensus mechanisms. + +.SH OPTIONS +.TP +.B \-h, \-\-help +Display help information. + +.TP +.B \-\-version +Display version information. + +.SH SEE ALSO +Online Octez Documentation: https://tezos.gitlab.io/shell/cli-commands.html + +.SH AUTHOR +Nomadic Labs. + +.SH COPYRIGHT +Copyright \(co 2024 Nomadic Labs. + +.SH BUGS +Report bugs to: https://gitlab.com/tezos/tezos/-/issues diff --git a/scripts/packaging/octez/manpages/octez-signer.1 b/scripts/packaging/octez/manpages/octez-signer.1 new file mode 100644 index 000000000000..b1f7813a6592 --- /dev/null +++ b/scripts/packaging/octez/manpages/octez-signer.1 @@ -0,0 +1,35 @@ +.TH OCTEZ-SIGNER 1 "January 2024" "Octez Signer Manual" + +.SH NAME +octez-signer \- Octez Remote signer + +.SH SYNOPSIS +.B octez-signer +[\fIOPTION\fR]... \fI\fR [\fIARGS\fR]... + +.SH DESCRIPTION +.B octez-signer + provides the essential tools and functionalities for securely signing + transactions, blocks, and other protocol-related data within the Tezos + network. + +.SH OPTIONS +.TP +.B \-h, \-\-help +Display help information. + +.TP +.B \-\-version +Display version information. + +.SH SEE ALSO +Online Octez Documentation: https://tezos.gitlab.io/shell/cli-commands.html + +.SH AUTHOR +Nomadic Labs. + +.SH COPYRIGHT +Copyright \(co 2024 Nomadic Labs. + +.SH BUGS +Report bugs to: https://gitlab.com/tezos/tezos/-/issues diff --git a/scripts/packaging/octez/scripts/wait-for-node-up.sh b/scripts/packaging/octez/scripts/wait-for-node-up.sh new file mode 100755 index 000000000000..c05d48324232 --- /dev/null +++ b/scripts/packaging/octez/scripts/wait-for-node-up.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# Simple helper script used by octez-baker systemd service + +url="http://localhost:8732" +max_attempts=30 +wait_seconds=15 + +check_service() { + if command -v curl > /dev/null && curl --output /dev/null --silent --head --fail "$url"; then + echo "Service is ready" + exit 0 + else + echo "Service not yet ready, waiting..." + fi +} + +#shellcheck disable=SC2034 +for i in $(seq 1 $max_attempts); do + check_service + sleep $wait_seconds +done + +echo "Service did not become ready within the specified time." +exit 1 -- GitLab