mirror of
https://source.quilibrium.com/quilibrium/ceremonyclient.git
synced 2024-12-27 00:55:17 +00:00
13bac91367
* experiment: verify in channel (#215) * Change volume mapping so .config folder is created inside node folder and not on root (#214) * Update main.go to fix Q logo (#213) Q logo is not appearing correctly on the terminal while running node. Added a new line character after "Signature check passed" to fix it * switched get node info response to use masterClock frame for maxFrame field (#212) * fix: keys file remains null (#217) * Revert "Change volume mapping so .config folder is created inside node folder…" (#218) This reverts commit 27f50a92c6f5e340fd4106da828c6e8cdc12116b. * Docker split take 2 (#219) * split runtime docker files into a docker subfolder * split DOCKER-README.md * updated docker instructions * add restore command * add image update related tasks * add command to test if P2P port is visible * Remove bootstrap peer (#189) * Change bootstrap servers to DHT-only peers (#187) * support voucher file-based claims (#183) * Change bootstrap servers to DHT-only peers Changing my bootstrap servers to DHT-only peers with somewhat lower specs. One of the new ones is in the US and the other one is in Switzerland. Both use reliable providers and have 10Gbps network interfaces. --------- Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com> * Don't run self-test in DHT-only mode (#186) * support voucher file-based claims (#183) * Don't run self-test in DHT-only mode The node tries to create a self-test when ran with the `-dht-only` flag, but it doesn't load the KZG ceremony data in DHT-only mode which leads to a crash. Don't run self-test when the `-dht-only` flag is set. I tested by starting a node locally with and without existing self-test and with the `-dht-only` flag. --------- Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com> * Embed json files in binary (#182) * Embed ceremony.json in binary * Embed retroactive_peers.json in binary * Signers build and verification tasks (#181) * add signers specific Taskfile * add verify tasks * move signer task under signer folder * create docker image specific for signers * map current user into docker image and container * ignore node-tmp-* * add verify:build:internal * prevent tasks with docker commands from being run inside a container * rename *:internal to *:container * add README.md * add pem files to git * Updating Q Guide link (#173) * Update README.md Updated link to Quilibrium guide to new website * Update README.md --------- Co-authored-by: littleblackcloud <163544315+littleblackcloud@users.noreply.github.com> Co-authored-by: Agost Biro <5764438+agostbiro@users.noreply.github.com> Co-authored-by: Cassandra Heart <7929478+CassOnMars@users.noreply.github.com> Co-authored-by: Demipoet <161999657+demipoet@users.noreply.github.com> * Signer related fixes (#220) * add pems 16 and 17 * remove .bin extension from generated binaries * no more json files to copy to docker image * feat: recalibrate self-test on the fly (#221) * fix: switch RPC for peer and node info (#222) * replace binaries with patch build * add digests * Signatory #13 added * Signatory #4 added (#223) * Signatory #14 added * Signatory #17 added * Signatory #12 added * Signatory #3 added * Signatory #2 added * Signatory #16 added * Signatory #1 added * Signatory #8 added * remove binaries, release ready --------- Co-authored-by: AvAcalho <158583728+AvAcalho@users.noreply.github.com> Co-authored-by: Ravish Ahmad <ravishahmad16@gmail.com> Co-authored-by: luk <luk@luktech.dev> Co-authored-by: Marius Scurtescu <marius.scurtescu@gmail.com> Co-authored-by: littleblackcloud <163544315+littleblackcloud@users.noreply.github.com> Co-authored-by: Agost Biro <5764438+agostbiro@users.noreply.github.com> Co-authored-by: Demipoet <161999657+demipoet@users.noreply.github.com> Co-authored-by: 0xOzgur <29779769+0xOzgur@users.noreply.github.com>
209 lines
8.1 KiB
YAML
209 lines
8.1 KiB
YAML
# https://taskfile.dev
|
|
|
|
version: '3'
|
|
|
|
dotenv:
|
|
- '.env'
|
|
|
|
env:
|
|
GOEXPERIMENT: arenas
|
|
|
|
vars:
|
|
VERSION:
|
|
sh: cat ../node/config/version.go | grep -A 1 "func GetVersion() \[\]byte {" | grep -Eo '0x[0-9a-fA-F]+' | xargs printf "%d.%d.%d"
|
|
MAX_KEY_ID: 15
|
|
QUILIBRIUM_SIGNERS_IMAGE_NAME: 'quilibrium-signers'
|
|
USER_NAME:
|
|
sh: whoami
|
|
PARENT_FOLDER:
|
|
sh: dirname $(pwd)
|
|
SIGNING_KEYS_PEM_DIR: 'pems'
|
|
|
|
tasks:
|
|
status:
|
|
desc: Display configuration info.
|
|
cmds:
|
|
- echo -n "Version :" && echo " {{.VERSION}}"
|
|
- echo -n "Priv Key Path :" && echo " {{.SIGNING_KEY_PATH}}"
|
|
- echo -n "Pub Key Path :" && echo " {{.SIGNING_PUB_KEY_PATH}}"
|
|
- echo -n "Key ID :" && echo " {{.SIGNING_KEY_ID}}"
|
|
silent: true
|
|
|
|
hex:
|
|
desc: Print the hex representation of your public key.
|
|
cmds:
|
|
- cat {{.SIGNING_PUB_KEY_PATH}} | openssl ec -inform pem -pubin -noout -text
|
|
|
|
docker:build_image:
|
|
desc: Build the Quilibrium Signers docker image, unless it is already built.
|
|
aliases:
|
|
- image
|
|
preconditions:
|
|
- sh: 'test -z "$QUILIBRIUM_DOCKER_CONTAINER"'
|
|
msg: 'This command cannot be run inside the container'
|
|
cmds:
|
|
- |
|
|
docker build \
|
|
--build-arg USER_NAME={{.USER_NAME}} \
|
|
--build-arg UID=$(id -u) \
|
|
--build-arg GID=$(id -g) \
|
|
-t {{.QUILIBRIUM_SIGNERS_IMAGE_NAME}}:latest \
|
|
.
|
|
status:
|
|
- |
|
|
docker image inspect \
|
|
{{.QUILIBRIUM_SIGNERS_IMAGE_NAME}} \
|
|
>/dev/null 2>/dev/null
|
|
|
|
build:
|
|
desc: Build the Quilibrium node binaries by starting a container and starting the build inside the container.
|
|
preconditions:
|
|
- sh: 'test -z "$QUILIBRIUM_DOCKER_CONTAINER"'
|
|
msg: 'This command cannot be run inside the container'
|
|
deps:
|
|
- docker:build_image
|
|
cmds:
|
|
- docker run --name signers --rm -it -v {{.PARENT_FOLDER}}:/home/{{.USER_NAME}}/ceremonyclient -u {{.USER_NAME}} -w /home/{{.USER_NAME}}/ceremonyclient/signers {{.QUILIBRIUM_SIGNERS_IMAGE_NAME}} task build:container
|
|
|
|
build:shell:
|
|
desc: Start a shell in a build container.
|
|
aliases:
|
|
- shell
|
|
preconditions:
|
|
- sh: 'test -z "$QUILIBRIUM_DOCKER_CONTAINER"'
|
|
msg: 'This command cannot be run inside the container'
|
|
deps:
|
|
- docker:build_image
|
|
cmds:
|
|
- docker run --name signers --rm -it -v {{.PARENT_FOLDER}}:/home/{{.USER_NAME}}/ceremonyclient -u {{.USER_NAME}} -w /home/{{.USER_NAME}}/ceremonyclient/signers {{.QUILIBRIUM_SIGNERS_IMAGE_NAME}} bash
|
|
|
|
build:container:
|
|
desc: Build the Quilibrium node binaries, inside the Docker container.
|
|
dir: ../node
|
|
sources:
|
|
- '**/*.go'
|
|
generates:
|
|
- node-{{.VERSION}}-darwin-arm64
|
|
- node-{{.VERSION}}-linux-amd64
|
|
- node-{{.VERSION}}-linux-arm64
|
|
cmds:
|
|
- GOOS=darwin go build -ldflags "-s -w" -o node-{{.VERSION}}-darwin-arm64
|
|
- GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-amd64
|
|
- GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-{{.VERSION}}-linux-arm64
|
|
|
|
digest:
|
|
desc: Generate digests for node binaries.
|
|
deps: [build]
|
|
dir: ../node
|
|
sources:
|
|
- node-{{.VERSION}}-darwin-arm64
|
|
- node-{{.VERSION}}-linux-amd64
|
|
- node-{{.VERSION}}-linux-arm64
|
|
generates:
|
|
- node-{{.VERSION}}-*.dgst
|
|
cmds:
|
|
- openssl sha3-256 -out node-{{.VERSION}}-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64
|
|
- openssl sha3-256 -out node-{{.VERSION}}-linux-amd64.dgst node-{{.VERSION}}-linux-amd64
|
|
- openssl sha3-256 -out node-{{.VERSION}}-linux-arm64.dgst node-{{.VERSION}}-linux-arm64
|
|
|
|
sign:
|
|
desc: Generate signatures for node binaries.
|
|
deps: [digest]
|
|
dir: ../node
|
|
preconditions:
|
|
- sh: 'test -n "$SIGNING_KEY_PATH"'
|
|
msg: 'The path to the signing key must be set in SIGNING_KEY_PATH'
|
|
- sh: 'test -n "$SIGNING_KEY_ID"'
|
|
msg: 'The signing key id must be set in SIGNING_KEY_ID'
|
|
sources:
|
|
- node-{{.VERSION}}-*.dgst
|
|
generates:
|
|
- node-{{.VERSION}}-*.dgst.sig.{{.SIGNING_KEY_ID}}
|
|
cmds:
|
|
- openssl pkeyutl -sign -inkey {{.SIGNING_KEY_PATH}} -rawin -in node-{{.VERSION}}-darwin-arm64.dgst -out node-{{.VERSION}}-darwin-arm64.dgst.sig.{{.SIGNING_KEY_ID}}
|
|
- openssl pkeyutl -sign -inkey {{.SIGNING_KEY_PATH}} -rawin -in node-{{.VERSION}}-linux-amd64.dgst -out node-{{.VERSION}}-linux-amd64.dgst.sig.{{.SIGNING_KEY_ID}}
|
|
- openssl pkeyutl -sign -inkey {{.SIGNING_KEY_PATH}} -rawin -in node-{{.VERSION}}-linux-arm64.dgst -out node-{{.VERSION}}-linux-arm64.dgst.sig.{{.SIGNING_KEY_ID}}
|
|
|
|
verify:build:
|
|
desc: Verify that the existing binaries can be rebuilt exactly the same.
|
|
dir: ../node
|
|
preconditions:
|
|
- sh: 'test -z "$QUILIBRIUM_DOCKER_CONTAINER"'
|
|
msg: 'This command cannot be run inside the container'
|
|
deps:
|
|
- docker:build_image
|
|
cmds:
|
|
- docker run --name signers --rm -it -v {{.PARENT_FOLDER}}:/home/{{.USER_NAME}}/ceremonyclient -u {{.USER_NAME}} -w /home/{{.USER_NAME}}/ceremonyclient/signers {{.QUILIBRIUM_SIGNERS_IMAGE_NAME}} task verify:build:container
|
|
- diff node-{{.VERSION}}-darwin-arm64 node-tmp-darwin-arm64
|
|
- diff node-{{.VERSION}}-linux-amd64 node-tmp-linux-amd64
|
|
- diff node-{{.VERSION}}-linux-arm64 node-tmp-linux-arm64
|
|
|
|
verify:build:container:
|
|
desc: Verify that the existing binaries can be rebuilt exactly the same, inside tbe Docker container.
|
|
dir: ../node
|
|
sources:
|
|
- '**/*.go'
|
|
generates:
|
|
- node-tmp-darwin-arm64
|
|
- node-tmp-linux-amd64
|
|
- node-tmp-linux-arm64
|
|
cmds:
|
|
- GOOS=darwin go build -ldflags "-s -w" -o node-tmp-darwin-arm64
|
|
- GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o node-tmp-linux-amd64
|
|
- GOOS=linux GOARCH=arm64 go build -ldflags "-s -w" -o node-tmp-linux-arm64
|
|
- diff node-{{.VERSION}}-darwin-arm64 node-tmp-darwin-arm64
|
|
- diff node-{{.VERSION}}-linux-amd64 node-tmp-linux-amd64
|
|
- diff node-{{.VERSION}}-linux-arm64 node-tmp-linux-arm64
|
|
|
|
verify:digest:
|
|
desc: Verify that the existing digests are correct.
|
|
dir: ../node
|
|
cmds:
|
|
- openssl sha3-256 -out node-tmp-darwin-arm64.dgst node-{{.VERSION}}-darwin-arm64
|
|
- openssl sha3-256 -out node-tmp-linux-amd64.dgst node-{{.VERSION}}-linux-amd64
|
|
- openssl sha3-256 -out node-tmp-linux-arm64.dgst node-{{.VERSION}}-linux-arm64
|
|
- diff node-{{.VERSION}}-darwin-arm64.dgst node-tmp-darwin-arm64.dgst
|
|
- diff node-{{.VERSION}}-linux-amd64.dgst node-tmp-linux-amd64.dgst
|
|
- diff node-{{.VERSION}}-linux-arm64.dgst node-tmp-linux-arm64.dgst
|
|
|
|
verify:signatures:
|
|
desc: Verify all signatures.
|
|
dir: ../node
|
|
cmds:
|
|
- |
|
|
for i in {1..{{.MAX_KEY_ID}}}
|
|
do
|
|
if [ -f node-{{.VERSION}}-darwin-arm64.dgst.sig.$i ]
|
|
then
|
|
echo $i
|
|
echo "node-{{.VERSION}}-darwin-arm64"
|
|
openssl pkeyutl -verify -rawin -inkey {{.SIGNING_KEYS_PEM_DIR}}/$i.pem -pubin -sigfile node-{{.VERSION}}-darwin-arm64.dgst.sig.$i -in node-{{.VERSION}}-darwin-arm64.dgst
|
|
echo "node-{{.VERSION}}-linux-amd64"
|
|
openssl pkeyutl -verify -rawin -inkey {{.SIGNING_KEYS_PEM_DIR}}/$i.pem -pubin -sigfile node-{{.VERSION}}-linux-amd64.dgst.sig.$i -in node-{{.VERSION}}-linux-amd64.dgst
|
|
echo "node-{{.VERSION}}-linux-arm64"
|
|
openssl pkeyutl -verify -rawin -inkey {{.SIGNING_KEYS_PEM_DIR}}/$i.pem -pubin -sigfile node-{{.VERSION}}-linux-arm64.dgst.sig.$i -in node-{{.VERSION}}-linux-arm64.dgst
|
|
else
|
|
if [ -f node-{{.VERSION}}-linux-arm64.dgst.sig.$i ]
|
|
then
|
|
echo "$i is missing signatures"
|
|
else
|
|
if [ -f node-{{.VERSION}}-linux-amd64.dgst.sig.$i ]
|
|
then
|
|
echo "$i is missing signatures"
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
silent: true
|
|
|
|
clean:
|
|
desc: Remove temporary files, docker containers and image.
|
|
dir: ../node
|
|
preconditions:
|
|
- sh: 'test -z "$QUILIBRIUM_DOCKER_CONTAINER"'
|
|
msg: 'This command cannot be run inside the container'
|
|
cmds:
|
|
- rm -f node-tmp-*
|
|
- docker container rm -f signers
|
|
- docker image rm -f {{.QUILIBRIUM_SIGNERS_IMAGE_NAME}}
|