From 778a7359a7e52975d39c21b180d67e3acab08ad8 Mon Sep 17 00:00:00 2001
From: Pietro Abate <pietro.abate@nomadic-labs.com>
Date: Wed, 9 Oct 2024 09:55:25 +0200
Subject: [PATCH 1/2] docs: add pretty urls for debian repositories

---
 .pre-commit-config.yaml              |  1 +
 docs/introduction/howtoget.rst       | 18 ++++++-------
 docs/introduction/install-bin-deb.sh | 38 +++++++++++++++++++++++-----
 3 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 00ad2e8feb5f..4457aa93b136 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -29,6 +29,7 @@ repos:
       - id: shfmt
         # These settings must mirror the ones set in `scripts/lint.sh`.
         args: [ "-i", "2", "-sr", "-d" ]
+        exclude: "docs/introduction/install-bin-deb.sh"
   - repo: https://github.com/arenadotio/pre-commit-ocamlformat
     rev: 0439858
     hooks:
diff --git a/docs/introduction/howtoget.rst b/docs/introduction/howtoget.rst
index 6baedc46bb7d..34c129454990 100644
--- a/docs/introduction/howtoget.rst
+++ b/docs/introduction/howtoget.rst
@@ -109,16 +109,15 @@ In order to add the Tezos package repository to your machine, do:
 
 ::
 
-    export distribution=debian
-    export release=bookworm
-    export bucket="tezos-linux-protected-repo"
+  export distribution=debian
+  export release=bookworm
 
 and run:
 
 .. literalinclude:: install-bin-deb.sh
    :language: shell
-   :start-after: [install prerequisites]
-   :end-before: [ preeseed octez ]
+   :start-after: [add repository]
+   :end-before: [end add repository]
 
 We also maintain a separate repository for release candidates. To install
 the last release candidate simply prepend ``RC/`` to the distribution name
@@ -164,12 +163,11 @@ The new set of packages can be installed by adding the following apt repository:
 
   export distribution=debian
   export release=bookworm
-  export bucket="tezos-linux-protected-repo"
 
-  curl "https://$bucket.storage.googleapis.com/next/$distribution/octez.asc" | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/octez.gpg
-  echo "deb [arch=amd64] https://$bucket.storage.googleapis.com/next/$distribution $release main" | sudo tee /etc/apt/sources.list.d/octez.list
-  sudo apt-get update
-  sudo apt-get install octez-node ...
+.. literalinclude:: install-bin-deb.sh
+   :language: shell
+   :start-after: [add next repository]
+   :end-before: [end add next repository]
 
 Once the Octez binary packages are installed, they can be set up as services
 as explained in :doc:`./services`.
diff --git a/docs/introduction/install-bin-deb.sh b/docs/introduction/install-bin-deb.sh
index c2cd0f482dfe..78caa2bb437c 100755
--- a/docs/introduction/install-bin-deb.sh
+++ b/docs/introduction/install-bin-deb.sh
@@ -49,14 +49,38 @@ export DEBIAN_FRONTEND=noninteractive
 set -e
 set -x
 
-# [install prerequisites]
+# these two packages are needed here, but they don't need to appear in the doc
 apt-get update
-apt-get install -y sudo gpg curl debconf-utils apt-utils
-# [add repository]
-REPO="deb https://$bucket.storage.googleapis.com/$distribution $release main"
-curl "https://$bucket.storage.googleapis.com/$distribution/octez.asc" | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/octez.gpg
-echo "$REPO" | sudo tee /etc/apt/sources.list.d/octez.list
-sudo apt-get update
+apt-get install -y debconf-utils apt-utils
+
+if [ "$RELEASETYPE" = "Master" ]; then
+  if [ -z "$PREFIX" ]; then
+    # [add repository]
+    apt-get update
+    apt-get install -y sudo gpg curl
+
+    curl "https://packages.nomadic-labs.com/$distribution/octez.asc" |
+      sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/octez.gpg
+    echo "deb [arch=amd64] https://packages.nomadic-labs.com/$distribution $release main" |
+      sudo tee /etc/apt/sources.list.d/octez.list
+    # [end add repository]
+  else
+    # [add next repository]
+    apt-get update
+    apt-get install -y sudo gpg curl
+
+    curl "https://packages.nomadic-labs.com/next/$distribution/octez.asc" |
+      sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/octez.gpg
+    echo "deb [arch=amd64] https://packages.nomadic-labs.com/next/$distribution $release main" |
+      sudo tee /etc/apt/sources.list.d/octez.list
+    # [end add next repository]
+  fi
+else
+  REPO="deb https://$bucket.storage.googleapis.com/$distribution $release main"
+  curl "https://$bucket.storage.googleapis.com/$distribution/octez.asc" | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/octez.gpg
+  echo "$REPO" | sudo tee /etc/apt/sources.list.d/octez.list
+  sudo apt-get update
+fi
 
 # [ preeseed octez ]
 if [ -n "$PREFIX" ]; then
-- 
GitLab


From 60b88aa8836f9ad5207ee2e37a847c7e90707535 Mon Sep 17 00:00:00 2001
From: Pietro Abate <pietro.abate@nomadic-labs.com>
Date: Wed, 16 Oct 2024 12:38:58 +0200
Subject: [PATCH 2/2] doc: fix and clarify signer configuration for debian
 packages

---
 docs/introduction/services.rst | 43 +++++++++++++++++++++-------------
 grafazos/jsonnetfile.json      |  9 +++++++
 2 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/docs/introduction/services.rst b/docs/introduction/services.rst
index 59b4f13443dd..3b9ae414a989 100644
--- a/docs/introduction/services.rst
+++ b/docs/introduction/services.rst
@@ -125,41 +125,51 @@ using the Octez signer.
 Configuring the signer
 ----------------------
 
-First, logged as the user chosen to run the signer, we must create a set of keys. These are the
-private keys that will be entrusted to the signer to actually sign
-operations on behalf of the baker. The signer will run in a different
-process (possibly on a separate host), and ideally using a hardware
-enclave such as a :ref:`hardware ledger <ledger>`. For the sake of brevity, in this
-example, the keys will be simply stored on the disk, but this is not a
+First, logged as the user chosen to run the signer, we must create a set of
+keys. These are the private keys that will be entrusted to the signer to
+actually sign operations on behalf of the baker. The signer will run in a
+different process (possibly on a separate host), and ideally using a hardware
+enclave such as a :ref:`hardware ledger <ledger>`. For the sake of brevity, in
+this example, the keys will be simply stored on the disk, but this is not a
 recomended setting for a production baker.
 
 We create an authentication key that is going to be used to authenticate
 the baker with the signer, and a signing key to sign the operations.
 
+The signer secret key is stored in the current user directory and
+we will configure the baker using the ``tz1`` address for this key.
+
+The signer authentication key is stored in the ``tezos`` user space
+and we will configure the signer using the public key associated to
+the auth key.
+
 .. code:: shell
 
-   # create a signing key
+   # create a signing key ( as current user )
    $ octez-signer gen keys alice
 
-   # create an authentication key
-   $ octez-client gen keys auth
+   # create an authentication key for signer authorization
+   $ sudo su tezos -c "octez-client gen keys auth"
 
-   $ octez-client show address auth
+   $ sudo su tezos -c "octez-client show address auth"
    Hash: tz1V7TgBR52wAjjqsh24w8y9CymFGdegt9qs
    Public Key: edpk123456789....
 
-   # add the auth key to the octez-signer. This is the default options set in the octez-signer.service file
+   # add the auth key to the octez-signer. This is the default
+   # options set in the octez-signer.service file
    $ octez-signer add authorized key edpk123456789... --name auth
 
-Now we need to configure the ``octez-signer`` service. We use again ``systemd`` and
-we run it as a user service. The ``octez-signer.service`` file can be
-customized by the user if needed to allow for more complex and secure scenarios.
+Now we need to configure the ``octez-signer`` service. We use again ``systemd``
+and we run it as a user service. The ``octez-signer.service`` file can be
+customized by the user if needed to allow for more complex and secure
+scenarios.
 
 .. code:: shell
 
    # customize the signer service if needed
    $ mkdir -p ~/.config/systemd/user/
-   $ cp /usr/share/doc/octez-signer/octez-signer.service ~/.config/systemd/user/
+   $ cp /usr/share/doc/octez-signer/octez-signer.service \
+        ~/.config/systemd/user/
 
    # start the service
    $ systemctl --user start octez-signer
@@ -183,7 +193,8 @@ Since the baker runs as the user ``tezos``, we use ``sudo su tezos -c`` to wrap
    Public Key: edpkvGAz71r8SZomcvF7LGajXT3AnhYX9CrmK3JWgA2xk8rf8CudY8
 
    # Configure the baker to use the remote signer
-   sudo su tezos -c "octez-client -R tcp://localhost:7732 import secret key alice remote:tz1V7TgBR52wAjjqsh24w8y9CymFGdegt9qs"
+   sudo su tezos -c "octez-client -R tcp://localhost:7732 \
+      import secret key alice remote:tz1V7TgBR52wAjjqsh24w8y9CymFGdegt9qs"
 
 Now that everything is in place, as for the node, we can first enable,
 then start the Octez baker.
diff --git a/grafazos/jsonnetfile.json b/grafazos/jsonnetfile.json
index 2414c8671944..ea12714b26a0 100644
--- a/grafazos/jsonnetfile.json
+++ b/grafazos/jsonnetfile.json
@@ -9,6 +9,15 @@
         }
       },
       "version": "main"
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/grafana/grafonnet.git",
+          "subdir": "gen/grafonnet-v11.1.0"
+        }
+      },
+      "version": "1ce5aec"
     }
   ],
   "legacyImports": true
-- 
GitLab