Compare commits

...

27 Commits

Author SHA1 Message Date
nolash
b131ec9ff2
Bump clicada 2022-01-01 10:12:40 +00:00
nolash
5d244aafa9 Revert "Update pip path"
This reverts commit a8e19a0a6d.
2022-01-01 09:36:21 +00:00
nolash
a8e19a0a6d
Update pip path 2022-01-01 09:34:05 +00:00
nolash
396300556c
Update clicada 2021-12-17 08:03:50 +00:00
nolash
c934360a92
Add alternate settings topic to readme 2021-12-09 07:12:49 +01:00
nolash
ab11beb038
Auto-config with ~/.config/cic/clicada 2021-12-09 06:49:45 +01:00
nolash
ca16a1b02b
Remove port in pip setup 2021-12-06 17:44:18 +01:00
nolash
ef6ab7a4b2
Add explicit python3 to pylocation 2021-12-06 10:32:18 +01:00
nolash
8209f7b090
Skip python plugin directive for uwsgi (doesn't work in ubuntu), explicit python3 2021-12-06 10:09:38 +01:00
nolash
be12809aeb
Add cic cli 2021-12-05 08:46:02 +01:00
nolash
e4a85a9cac
Add pylocation script 2021-12-05 07:54:44 +01:00
nolash
52acfda7fc
Dynamic python path for systemd exec 2021-12-04 17:41:38 +01:00
nolash
a2e96f18b9
Upgrade deps 2021-12-04 12:46:33 +01:00
nolash
5ff9542d95
Ensure user local bin dir exists 2021-11-16 06:06:49 +01:00
nolash
ed9a195ff3
Rename migrate script 2021-11-14 12:50:32 +01:00
nolash
6cc6d22d34
Fix migrate root path calc 2021-11-13 08:12:50 +01:00
nolash
14819057a9
Update cic-cache 2021-11-13 07:50:24 +01:00
nolash
1faeb96f42
Remove erroneous openethereum dep 2021-11-12 05:45:19 +01:00
nolash
c415ab52f3
Clarify reuse of parity binary - more 2021-11-12 05:39:08 +01:00
nolash
6184e409cb
Clarify reuse of parity binary 2021-11-12 05:38:06 +01:00
nolash
8f5297eb97
Add bloxberg systemd installer 2021-11-12 05:33:46 +01:00
nolash
e75d135a2b
Upgrade clicada 2021-11-11 18:55:22 +01:00
nolash
53afc83dbe
Add readme, avoid forced gpg import (and trust) for main user gpg config 2021-11-11 18:42:29 +01:00
nolash
cffc207b24
Add enc key to correct homedir, finish env for systemd 2021-11-11 11:33:18 +01:00
nolash
64d7e032a0
Turn off bloxberg install by default 2021-11-11 08:29:55 +01:00
nolash
341194291a
Add systemd initialization 2021-11-11 08:29:03 +01:00
nolash
6c7050888f
Correct gpg tty on su/sudo 2021-11-10 11:32:14 +01:00
27 changed files with 753 additions and 86 deletions

174
README.md Normal file
View File

@ -0,0 +1,174 @@
# CIC STAFF CLIENT
Services installer temporarily for internal use by GE.
## Dependencies
The os-level dependencies below must be met both at install and run time.
The version numbers are the version numbers used at implmentation time. It may very well work with earlier versions of the components, as long as they are not too old. An internet connection will be needed if the python dependencies cannot be resolved locally, either through a local repository or an existing package cache.
- systemd (249)
- gcc (11.1.0)
- git (2.33.0)
- python (>= 3.9)
- pip (20.3.4)
- sqlite (3.36.0)
For the optional bloxberg node build (`INSTALL_EVM=bloxberg`), additionally these dependencies must be met, aswell as a working internet connection:
- rustup (1.24.3)
- clang (12.0.1)
- cmake (3.21.2)
## Installation settings
The examples below assume working directory of the cic-staff-installer repository root.
<!--The `CIC_ROOT_URL` environment variable points to a location where top-level configuration settings can be found. These are individual files named after the environment variables they are setting, whose contents are signed by the trusted key defined in `CIC_SETUP_TRUSTED_FINGERPRINT`.-->
### cic-stack docker-compose cluster settings
To use against the cic-stack docker-compose local cluster:
```
export RPC_PROVIDER=http://localhost:63545
export CIC_ROOT_URL=file://`pwd`/var
```
If you want to select python packages from a specific repository only, also add:
```
export PIP_INDEX_URL=<url>
export PIP_EXTRA_INDEX_URL=<url>
```
#### Bloxberg
If you want to build the bloxberg mode executable (be warned, that's a long wait), add:
```
export INSTALL_EVM=bloxberg
```
If you wish, you can use an existing openethereum executable instead. Make sure `<path_to_binary> --version` shows `2.7.2`, and then set:
```
export OPENETHEREUM_PATH=<path_to_binary>
```
## Installation
To proceed with the installation, enter:
```
bash setup.sh
```
During the installation you will be prompted to enter your name, email and as password for the gnupg setup.
The gnupg key will both be used to authenticate using HTTP HOBA when necessary, aswell as encrypt local cached content.
## Running the services
```
systemctl --user start cic-cache-tracker
systemctl --user start cic-cache-server
```
Verify that they are running
```
systemctl --user status cic-cache-tracker
systemctl --user status cic-cache-server
```
The bloxberg node, if installed, runs in the same manner:
```
systemctl --user start bloxberg
systemctl --user status bloxberg
```
## Using `clicada`
It should now be possible to run `clicada` without any extra settings needed.
Please refer to the documentation on `clicada` for details on how to use the tool.
## Files and directories
The installation produces a number of files in the user home directory, some of which may be edited directly to change behavior of the program.
All paths relative to `$HOME`
| location | description | editable |
|-|-|-|
| `.config/cic/cache/*.ini` | Configuration file(s) for the `cic-cache-*` services | yes |
| `.config/cic/cache/*.ini` | Configuration file(s) for the `cic-cache-*` services | yes |
| `.config/cic/clicada/*.ini` | Configuration file(s) for the `clicada` tool | yes |
| `.config/cic/staff-client/key_fingerprint` | gnupg key fingerprint for key used by clicada for authentication | no |
| `.config/cic/staff-client/user.asc` | gnupg public key used by cicada for authentication | no |
| `.config/cic/staff-client/.gnupg` | gnupg homedir used by cicada for authentication | no |
| `.config/systemd/user/cic-cache-*.service` | systemd user service definition file for `cic-cache-*` services | yes, with `systemctl --user edit <service>` |
| `.config/systemd/user/bloxberg.service` | systemd user service definition file for bloxberg | yes, with `systemctl --user edit <service>` |
| `.config/environment.d/01-cic-cache-*.conf` | environment variables for systemd user services | yes |
| `.local/share/cic/.gnupg` | gnupg homedir for holding trust keys for global cic configurations | no |
| `.local/share/cic/clicada/.secret` | A gnupg encrypted symmetric secret used to encrypt local cached content | no |
| `.local/share/io.parity.ethereum/bloxberg` | Bloxberg chain data | no |
| `.config/io.parity.ethereum/bloxberg` | Bloxberg configurations and chain data | bootnode.toml and bootnode.txt only |
## Installing as a different user
You may want to create a dedicated user for the installation, so as to not pollute your regular user data directories.
Since the services are run using systemd, a simple `su` or `sudo` will not be sufficient in this case.
Perhaps the simplest solution is to launch a new login shell within the systemd vm using the following command:
```
machinectl login
```
Another alternative can be to open an `ssh` session.
## Advanced topics
### Changing the resource settings trusted key
The top-level settings for the applications are set from files in `<repo_root>/var/cic-staff-client`. These files are signed with PGP, and the trusted key(s) for signing are in `<repo_root>/keys`.
In order to define alternate settings, a different key must be imported and trusted, and this key must sign the new settings files.
The code below assumes the key with fingerprint `F3FAF668E82EF5124D5187BAEF26F4682343F692`:
```
echo "F3FAF668E82EF5124D5187BAEF26F4682343F692:6:" >> <repo_root>/keys/trust
gpg -a F3FAF668E82EF5124D5187BAEF26F4682343F692 --export > <repo_root>/keys/F3FAF668E82EF5124D5187BAEF26F4682343F692.asc
```
Now the private key holder can ceate the same contents as in `<repo_root>/var`, e.g. to set `CIC_REGISTRY_ADDRESS` in `<repo_root>/var/alt`:
```
mkdir -vp var/alt/cic-staff-client
d=`mktemp -d`
echo -n 0xcf60ebc445b636a5ab787f9e8bc465a2a3ef8299 > $d/CIC_REGISTRY_ADDRESS
gpg -a -s -u F3FAF668E82EF5124D5187BAEF26F4682343F692 -o var/alt/cic-staff-client/CIC_REGISTRY_ADDRESS $d/CIC_REGISTRY_ADDRESS
```
Running the process again you would replace this:
```
export CIC_ROOT_URL=file://`pwd`/var/alt
```

View File

@ -0,0 +1,46 @@
#!/bin/bash
if [ ! -z "$PYTHON_BIN_PATH" ]; then
>&2 echo "PYTHON_BIN_PATH already set to $PYTHON_BIN_PATH"
echo -n $PYTHON_BIN_PATH
else
set +a
set +e
d=`mktemp -d`
u=`dd if=/dev/urandom bs=16 count=1 2> /dev/null | hexdump -v -n 16 -e '1/1 "%02x"'`
mkdir -p $d/$u
cat <<EOF >> $d/setup.py
from setuptools import setup
setup(
name="$u",
version="0.0.0",
packages=[
"$u",
],
entry_points={
"console_scripts": [
"$u.bin=$u:main",
],
},
)
EOF
cat <<EOF >> $d/$u/__init__.py
def main():
pass
EOF
pushd $d > /dev/null
python3 setup.py --quiet sdist
pip3 install -q dist/${u}-0.0.0.tar.gz
p=`which $u.bin`
pip3 uninstall -q -y $u
export PYTHON_BIN_PATH=$(dirname $p)
echo -n $PYTHON_BIN_PATH
popd > /dev/null
set -e
set -a
fi

View File

@ -1,5 +0,0 @@
#!/bin/bash
t=`mktemp`
f=`python -c "import cic_cache; import os; s = os.path.dirname(cic_cache.__file__); print(os.path.join(s, 'runnable', 'daemons', 'server.py'))"`
uwsgi --wsgi-file $f --http $SERVER_HOST:$SERVER_PORT --pyargv "-c $HOME/.config/cic/cache $@"

1
keys/trust Normal file
View File

@ -0,0 +1 @@
0826EDA1702D1E87C6E2875121D2E7BB88C2A746:6:

View File

@ -1,2 +1,69 @@
cic-cache==0.2.1a10
clicada==0.0.1a7
alembic==1.4.2
amqp==2.6.1
asn1crypto==1.4.0
attrs==21.2.0
billiard==3.6.4.0
cbor2==5.4.1
celery==4.4.7
certifi==2021.10.8
cffi==1.14.6
chainlib==0.0.13
chainlib-eth==0.0.13
chainsyncer==0.0.7
charset-normalizer==2.0.7
cic==0.0.2
cic-cache==0.3.0a2
cic-eth-registry==0.6.2
cic-types==0.2.1a5
clicada==0.0.2a3
coincurve==15.0.0
confini==0.5.3
cryptography==3.2.1
cytoolz==0.11.0
erc20-faucet==0.3.2
eth-accounts-index==0.1.2
eth-address-index==0.2.4
eth-contract-registry==0.7.2
eth-erc20==0.1.2
eth-hash==0.3.2
eth-token-index==0.2.4
eth-typing==2.2.2
eth-utils==1.10.0
funga==0.5.1
funga-eth==0.5.1
hexathon==0.1.0
http-hoba-auth==0.2.1a3
http-token-auth==0.0.1a6
idna==3.3
json-rpc==1.13.0
jsonschema==3.2.0
kombu==4.6.11
Mako==1.1.5
MarkupSafe==2.0.1
moolb==0.2.0
okota==0.2.4
phonenumbers==8.12.12
potaahto==0.1.0
psycopg2==2.8.6
pycparser==2.20
pycryptodome==3.10.1
pyrsistent==0.18.0
pysha3==1.0.2
python-dateutil==2.8.2
python-editor==1.0.4
python-gnupg==0.4.7
pytz==2021.3
PyYAML==5.3.1
redis==3.5.3
requests==2.26.0
rlp==2.0.1
semver==2.13.0
six==1.15.0
SQLAlchemy==1.3.20
toolz==0.11.1
urllib3==1.26.7
usumbufu==0.3.3a3
uWSGI==2.0.19.1
vine==1.3.0
vobject==0.9.6.1
websocket-client==0.57.0

3
root_requirements.txt Normal file
View File

@ -0,0 +1,3 @@
cic-cache==0.3.0a2
clicada==0.0.2a3
cic==0.0.2

View File

@ -1,15 +1,16 @@
#!/bin/bash
want_cic_cache_version=0.2.1a10
want_cicada_version=0.0.1a7
want_evm=bloxberg
want_cic_cache_version=0.3.0a2
want_cicada_version=0.0.2a3
#INSTALL_EVM=bloxberg
. aux/bdbg/bdbg.sh
_level=2
_debug=1
PIP_EXTRA_ARGS=$PIP_EXTRA_ARGS
PIP_EXTRA_INDEX_URL=${PIP_EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net:8433}
PIP_EXTRA_INDEX_URL=${PIP_EXTRA_INDEX_URL:-https://pip.grassrootseconomics.net}
PIP_INDEX_URL=${PIP_INDEX_URL:-"https://pypi.org/simple"}
CIC_SETUP_TRUSTED_FINGERPRINT=${CIC_SETUP_TRUSTED_FINGERPRINT:-0826EDA1702D1E87C6E2875121D2E7BB88C2A746}
CIC_ROOT_URL=${CIC_ROOT_URL:-https://root.grassrootseconomics.net}
@ -20,18 +21,23 @@ if [ "$UID" -eq 0 ]; then
fi
. setup_check.sh
. setup_path.sh
mkdir -vp $HOME/.local/bin
dbg $dbg_debug "importing keys"
for f in ./keys/*.asc; do
gpg --import $f
done
mkdir -vp $HOME/.local/share/cic/.gnupg
chmod 700 $HOME/.local/share/cic/.gnupg
for f in ./keys/*.asc; do
gpg --homedir $HOME/.local/share/cic/.gnupg --import $f
done
gpg --homedir $HOME/.local/share/cic/.gnupg --import-ownertrust ./keys/trust
t=`mktemp`
dbg $dbg_debug "identify root values"
set -e
# check if we have existing setup
if [ ! -f "$HOME/.config/cic/staff-client/key_fingerprint" ]; then
dbg $dbg_debug "load default environment"
@ -41,8 +47,10 @@ if [ ! -f "$HOME/.config/cic/staff-client/key_fingerprint" ]; then
for c in ${config_directives[@]}; do
v=${!c}
if [ -z "$v" ]; then
v=`curl -X GET $CIC_ROOT_URL/cic-staff-client/$c`
#gpg --verify $v
d=`mktemp -d`
curl -X GET $CIC_ROOT_URL/cic-staff-client/$c -o $d/$c
gpg --homedir $HOME/.local/share/cic/.gnupg --verify $d/$c
v=`gpg --homedir $HOME/.local/share/cic/.gnupg -d $d/$c`
echo $v >> $t
dbg $dbg_debug "fetched environment variable $v"
else
@ -50,17 +58,12 @@ if [ ! -f "$HOME/.config/cic/staff-client/key_fingerprint" ]; then
fi
done
echo seting
cat $t
set -a
. $t
set +a
# DATABASE_NAME set here works as long as only one database is involved...
export DATABASE_PREFIX=$HOME/.local/share/cic/cache/${DATABASE_PREFIX:-staffclient}
#export DATABASE_HOST=${DATABASE_HOST:-localhost}
#export DATABASE_PORT=${DATABASE_PORT:-5432}
export DATABASE_ENGINE=sqlite
export DATABASE_DRIVER=pysqlite
export DATABASE_DEBUG=0
@ -74,14 +77,14 @@ if [ ! -f "$HOME/.config/cic/staff-client/key_fingerprint" ]; then
else
t=`mktemp`
gpg --export -a $AUTH_KEY > $t
#gpg --list-packets $t | awk '/issuer fpr/ { print $9; }' | cut -b -40 > $HOME/.config/cic/staff-client/key_fingerprint
#gpg --list-packets $t | awk '/keyid:/ { print $2; }'
#gpg --list-packets $t | awk '/keyid:/ { print $2; }' > $HOME/.config/cic/staff-client/key_fingerprint
#fp=`cat $HOME/.config/cic/staff-client/key_fingerprint`
echo -n $AUTH_KEY > $HOME/.config/cic/staff-client/key_fingerprint
dbg $dbg_info "using key $AUTH_KEY"
fi
export AUTH_KEY=`cat $HOME/.config/cic/staff-client/key_fingerprint`
export AUTH_KEYRING_PATH=$HOME/.config/cic/staff-client/.gnupg
export AUTH_DB_PATH=$HOME/.local/share/cic/clicada
fi
set +e
dbg $dbg_debug "checking installed versions"
@ -118,24 +121,10 @@ if [ $update -gt 0 ]; then
debug_flag="-v"
fi
pip install --index-url $PIP_INDEX_URL --extra-index-url $PIP_EXTRA_INDEX_URL $PIP_EXTRA_ARGS $debug_flag -r requirements.txt
dbg $dbg_debug "executing database migrations"
update_path $HOME/.local/bin
fi
#dbg $dbg_info "using CIC_REGISTRY $CIC_REGISTRY_ADDRESS"
#if [ -z "$CIC_TRUST_ADDRESS" ]; then
# u="$CIC_ROOT_URL/cic_trust_address"
# dbg $dbg_trace "retrieve trust address from $u"
# curl -X GET $u -o cic_trust_address
# gpg --verify cic_trust_address
# export CIC_TRUST_ADDRESS=`gpg -d cic_trust_address`
#fi
#dbg $dbg_info "using CIC_TRUST_ADDRESS $CIC_TRUST_ADDRESS"
#popd
dbg $dbg_debug "installing configurations"
t=`mktemp`
if [ -f $HOME/.config/cic/cache/config.ini ]; then
@ -150,24 +139,33 @@ if [ -d $HOME/.config/cic/clicada/config.ini ]; then
dbg $dbg_debug "migrating existing clicada configuration"
clicada_config_flag="-c $HOME/.config/cic/clicada"
fi
clicada --dumpconfig ini $clicada_config_flag > $t
mkdir -vp $HOME/.config/cic/clicada
mv -v $t $HOME/.config/cic/clicada/config.ini
t=`mktemp`
cic-cache-trackerd --dumpconfig env $cic_cache_config_flag -vv > $t
set -a
. $t
set +a
dbg $dbg_debug "execute database migrations"
mkdir -vp $HOME/.local/share/cic/cache
python ../cic-internal-integration/apps/cic-cache/scripts/migrate.py -c /home/lash/.config/cic/cache/
migrate_cic_cache.py -c $HOME/.config/cic/cache/
if [ ! -z $want_evm ]; then
. setup_${want_evm}.sh
t=`mktemp`
clicada --dumpconfig env $clicada_config_flag -vv > $t
set -a
. $t
set +a
. setup_systemd.sh
if [ ! -z $INSTALL_EVM ]; then
. setup_${INSTALL_EVM}.sh
fi

View File

@ -1,8 +1,13 @@
. aux/bdbg/bdbg.sh
. setup_path.sh
GIT_OPENETHEREUM=${GIT_OPENETHEREUM:-https://github.com/openethereum/openethereum}
OPENETHEREUM_PATH=${OPENETHEREUM_PATH:-$HOME/.local/bin/parity}
openethereum_dir=`realpath $(dirname $OPENETHEREUM_PATH)`
default_openethereum_run=$HOME/.local/share/bloxberg
OPENETHEREUM_RUN=${OPENETHEREUM_RUN:-$default_openethereum_run}
default_openethereum_run=$HOME/.local/share/io.parity.ethereum/bloxberg
default_openethereum_config=$HOME/.config/io.parity.ethereum/bloxberg
export OPENETHEREUM_RUN=${OPENETHEREUM_RUN:-$default_openethereum_run}
export OPENETHEREUM_CONFIG=${OPENETHEREUM_CONFIG:-$default_openethereum_config}
install_env=
if [ ! -f $OPENETHEREUM_PATH ]; then
@ -15,33 +20,28 @@ if [ ! -f $OPENETHEREUM_PATH ]; then
git checkout 2662d1925ec794f3ad7c5759b2412ff5128d259b
rustup install 1.47.0
cargo build --release --features final
cp -v $t/target/release/parity $HOME/.local/bin/
export OPENETHEREUM_PATH=$HOME/.local/bin/parity
else
dbg $dbg_info "found bloxberg node executable in $OPENETHEREUM_PATH"
fi
OPENETHEREUM_RUN=$HOME/.local/share/bloxberg
#OPENETHEREUM_RUN=$HOME/.local/share/bloxberg
if [ ! -d $OPENETHEREUM_RUN ]; then
mkdir -vp $OPENETHEREUM_RUN/bootnode
touch $OPENETHEREUM_RUN/bootnode.pwd
dd if=/dev/urandom bs=32 count=1 2> /dev/null | hexdump -v -n 32 -e '1/1 "%02x"' > $OPENETHEREUM_RUN/bootnode.pwd
chmod 400 $OPENETHEREUM_RUN/bootnode.pwd
mkdir -vp $OPENETHEREUM_CONFIG
touch $OPENETHEREUM_CONFIG/bootnode.pwd
dd status=xfer if=/dev/urandom bs=32 count=1 2> /dev/null | hexdump -v -n 32 -e '1/1 "%02x"' > $OPENETHEREUM_CONFIG/bootnode.pwd
chmod -v 400 $OPENETHEREUM_CONFIG/bootnode.pwd
./aux/bash-templater/templater.sh var/bloxberg/bootnode.toml > $OPENETHEREUM_CONFIG/bootnode.toml
cp -v var/bloxberg/bloxberg.json $OPENETHEREUM_CONFIG/
cp -v var/bloxberg/bootnodes.txt $OPENETHEREUM_CONFIG/
cp -v systemd/bloxberg.service $HOME/.config/systemd/user/
./aux/bash-templater/templater.sh systemd/env/01-bloxberg.conf > $HOME/.config/environment.d/01-bloxberg.conf
systemctl --user daemon-reload
fi
_IFS=$IFS
IFS=:
read -rapaths <<< "$PATH"
matchpath=
for f in ${paths[@]}; do
if [ "$f" == "$openethereum_dir" ]; then
matchpath=1
fi
done
if [ -z "$matchpath" ]; then
dbg dbg_info "Adding bloxberg executable path $openethereum_dir to \$PATH"
export PATH=$PATH:$openethereum_dir
echo "export PATH=\$PATH:$openethereum_dir" >> $HOME/.bashrc
fi
update_path $openethereum_dir
if [ ! -z "$install_env" ]; then
popd

View File

@ -7,7 +7,11 @@ function checkk {
fi
}
exec=(clang git rustup gcc cmake pip python3 psql postgres)
if [ "$INSTALL_EVM" == "bloxberg"] ; then
exec=(systemctl git gcc pip python3 sqlite3 clang rustup cmake)
else
exec=(systemctl git gcc pip python3 sqlite3)
fi
for e in ${exec[@]}; do
dbg $dbg_trace "Checking for dependency $e"

View File

@ -1,3 +1,5 @@
export GPG_TTY=$(tty)
echo You have not selected a key to use. We will now make a new one.
echo The personal details you provide below will not be shared anywhere without getting your permission first.
@ -16,9 +18,7 @@ while [ -z $pgp_ok ]; do
echo -n "(Yes/No): "
read pgp_r
r=${pgp_r:0:1}
if [ "$r" == "y" ]; then
pgp_ok=1
elif [ "$r" == "Y" ]; then
if [[ "$r" =~ ^[yY] ]]; then
pgp_ok=1
fi
echo
@ -31,17 +31,42 @@ echo "If you lose this passphrase you WILL lose access to your key PERMANENTLY."
echo "Keep it secret."
echo -e "Keep it safe.\e[0m"
stty -echo
password_match=
while [ -z $password_match ]; do
echo
echo -n "password: "
read password
echo
echo -n "password again: "
read password_again
echo
if [ "$password" == "$password_again" ]; then
password_match=1
else
echo "passwords do not match, try again"
fi
done
stty echo
password_file=`mktemp`
touch $password_file
chmod -v 600 $password_file
echo -n $password > $password_file
t=`mktemp -d`
gpg --homedir $t --quick-gen-key "$pgp_name (CIC staff client signing key) <$pgp_email>" secp256k1 sign 0
gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --quick-gen-key "$pgp_name (CIC staff client signing key) <$pgp_email>" secp256k1 sign 0
echo -e "\e[0;93mNow let's see if you've forgotten your passphrase already"
echo -e "Please enter it again at the given prompts to import the newly created key into your environment\e[0m"
mkdir -vp $HOME/.config/cic/staff-client/.gnupg
chmod 0700 -v $HOME/.config/cic/staff-client/.gnupg
gpg --homedir $t --export-secret-keys | gpg --homedir $HOME/.config/cic/staff-client/.gnupg --import
#gpg --homedir $HOME/.config/cic/staff-client/.gnupg --export -a > $HOME/.config/cic/staff-client/user.asc
gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --export-secret-keys | gpg --pinentry-mode loopback --passphrase-file $password_file --homedir $HOME/.config/cic/staff-client/.gnupg --import
gpg --homedir $HOME/.config/cic/staff-client/.gnupg --export -a > $HOME/.config/cic/staff-client/user.asc
gpg --list-packets $HOME/.config/cic/staff-client/user.asc | awk '/issuer fpr/ { print $9; }' | cut -b -40 > $HOME/.config/cic/staff-client/key_fingerprint
gpg --homedir $HOME/.config/cic/staff-client/.gnupg --pinentry-mode loopback --passphrase-file $password_file --quick-add-key `cat $HOME/.config/cic/staff-client/key_fingerprint` default encrypt 0
shred -v $password_file

18
setup_path.sh Normal file
View File

@ -0,0 +1,18 @@
function update_path {
pathdir=$1
_IFS=$IFS
IFS=:
read -rapaths <<< "$PATH"
matchpath=
for f in ${paths[@]}; do
if [ "$f" == "$pathdir" ]; then
matchpath=1
fi
done
if [ -z "$matchpath" ]; then
dbg $dbg_info "Adding executable path $pathdir to \$PATH"
export PATH=$PATH:$pathdir
echo "export PATH=\$PATH:$pathdir" >> $HOME/.bashrc
fi
IFS=$_IFS
}

29
setup_systemd.sh Normal file
View File

@ -0,0 +1,29 @@
mkdir -vp $HOME/.config/systemd/user
mkdir -vp $HOME/.config/environment.d
. aux/bdbg/bdbg.sh
_level=2
_debug=1
cp -v systemd/cic-cache-server.service $HOME/.config/systemd/user/
cp -v systemd/bloxberg.service $HOME/.config/systemd/user/
dbg $dbg_debug "writing rendered services file $p"
export PYTHON_BIN_PATH=`. aux/pylocation/pylocation.sh 2> /dev/null`
dbg $dbg_info "using python bin path $PYTHON_BIN_PATH for systemd executables"
PYTHON_BIN_PATH=$PYTHON_BIN_PATH ./aux/bash-templater/templater.sh systemd/cic-cache-tracker.service > $HOME/.config/systemd/user/cic-cache-tracker.service
for f in systemd/env/*.conf; do
b=`basename $f`
p=$HOME/.config/environment.d/$b
dbg $dbg_debug "writing rendered environment file $p"
./aux/bash-templater/templater.sh $f > $p
done
#cp -v systemd/env/*.conf $HOME/.config/environment.d/
cp -v systemd/bin/cic_cache_server_start.sh $HOME/.local/bin/
chmod -v 750 $HOME/.local/bin/cic_cache_server_start.sh
systemctl --user daemon-reload

View File

@ -0,0 +1,5 @@
#!/bin/bash
t=`mktemp`
f=`python3 -c "import cic_cache; import os; s = os.path.dirname(cic_cache.__file__); print(os.path.join(s, 'runnable', 'daemons', 'server.py'))"`
uwsgi --master --enable-threads --wsgi-file $f --http $SERVER_HOST:$SERVER_PORT --pyargv "-c $HOME/.config/cic/cache $@"

9
systemd/bloxberg.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Bloxberg openethereum node
After=network.target
[Service]
ExecStart=/bin/bash -c ${OPENETHEREUM_PATH} --config ${OPENETHEREUM_CONFIG}/bootnode.toml
[Install]
WantedBy=network.target

View File

@ -0,0 +1,10 @@
[Unit]
Description=CIC transaction cache syncer
After=network.target
[Service]
ExecStart=%h/.local/bin/cic_cache_server_start.sh -vv
Restart=always
[Install]
WantedBy=network.target

View File

@ -3,12 +3,8 @@ Description=CIC transaction cache syncer
After=network.target
[Service]
Environment="RPC_PROVIDER=http://localhost:8545"
Environment="CHAIN_SPEC=evm:byzantium:8995:bloxberg"
Environment="CIC_REGISTRY=ADDRESS={{CIC_REGISTRY_ADDRESS}}"
Environment="CIC_TRUST_ADDRESS={{CIC_TRUST_ADDRESS}}"
ExecStart="cic-cache-trackerd -c %h/.config/cic/cache"
ExecStart={{PYTHON_BIN_PATH}}/cic-cache-trackerd -c %h/.config/cic/cache
Restart=always
[Install]
After=network.target
WantedBy=network.target

2
systemd/env/01-bloxberg.conf vendored Normal file
View File

@ -0,0 +1,2 @@
OPENETHEREUM_PATH={{OPENETHEREUM_PATH}}
OPENETHEREUM_CONFIG={{OPENETHEREUM_CONFIG}}

6
systemd/env/01-cic-cache-server.conf vendored Normal file
View File

@ -0,0 +1,6 @@
RPC_PROVIDER={{RPC_PROVIDER}}
CHAIN_SPEC={{CHAIN_SPEC}}
SERVER_HOST=localhost
SERVER_PORT=8313
TX_CACHE_URL=http://localhost:8313
#META_URL=

View File

@ -1,2 +1,2 @@
RPC_PROVIDER={{RPC_PROVIDER=http://localhost:8545}}
CHAIN_SPEC={{CHAIN_SPEC=evm:byzantium:8995:bloxberg}}
RPC_PROVIDER={{RPC_PROVIDER}}
CHAIN_SPEC={{CHAIN_SPEC}}

136
var/bloxberg/bloxberg.json Normal file
View File

@ -0,0 +1,136 @@
{
"name": "Bloxberg",
"engine": {
"authorityRound": {
"params": {
"maximumUncleCountTransition": 5006743,
"maximumUncleCount": 0,
"stepDuration": "5",
"validators" : {
"multi": {
"0": {
"list": ["0xaa84378fa41da83a9b6523ba46e45a664fbebfc8"]
},
"100": {
"contract": "0x9850711951a84ef8a2a31a7868d0dca34b0661ca"
},
"5006743": {
"safeContract": "0x9850711951a84ef8a2a31a7868d0dca34b0661ca"
}
}
}
}
}
},
"params": {
"gasLimitBoundDivisor": "0x400",
"maximumExtraDataSize": "0x20",
"minGasLimit": "0x7A1200",
"networkID" : "0x2323",
"eip140Transition": "0x0",
"eip211Transition": "0x0",
"eip214Transition": "0x0",
"eip658Transition": "0x0",
"eip145Transition": 5006743,
"eip1014Transition": 5006743,
"eip1052Transition": 5006743,
"eip1283Transition": 5006743,
"eip1344Transition": 5006743,
"eip1706Transition": 5006743,
"eip1884Transition": 5006743,
"eip2028Transition": 5006743
},
"genesis": {
"seal": {
"authorityRound": {
"step": "0x0",
"signature": "0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
}
},
"difficulty": "0x20000",
"gasLimit": "0x7A1200"
},
"accounts": {
"0x0000000000000000000000000000000000000001": { "balance": "1", "builtin": { "name": "ecrecover", "pricing": { "linear": { "base": 3000, "word": 0 } } } },
"0x0000000000000000000000000000000000000002": { "balance": "1", "builtin": { "name": "sha256", "pricing": { "linear": { "base": 60, "word": 12 } } } },
"0x0000000000000000000000000000000000000003": { "balance": "1", "builtin": { "name": "ripemd160", "pricing": { "linear": { "base": 600, "word": 120 } } } },
"0x0000000000000000000000000000000000000004": { "balance": "1", "builtin": { "name": "identity", "pricing": { "linear": { "base": 15, "word": 3 } } } },
"0x0000000000000000000000000000000000000005": { "builtin": { "name": "modexp", "activate_at": 0, "pricing": { "modexp": { "divisor": 20 } } } },
"0x0000000000000000000000000000000000000006": {
"builtin": {
"name": "alt_bn128_add",
"activate_at": 0,
"pricing": {
"alt_bn128_const_operations": {
"price": 500
}
}
}
},
"0000000000000000000000000000000000000007": {
"builtin": {
"name": "alt_bn128_mul",
"pricing": {
"0": {
"price": {
"alt_bn128_const_operations": {
"price": 40000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_const_operations": {
"price": 6000
}
}
}
}
}
},
"0000000000000000000000000000000000000008": {
"builtin": {
"name": "alt_bn128_pairing",
"pricing": {
"0": {
"price": {
"alt_bn128_pairing": {
"base": 100000,
"pair": 80000
}
}
},
"5006743": {
"info": "Istanbul HF",
"price": {
"alt_bn128_pairing": {
"base": 45000,
"pair": 34000
}
}
}
}
}
},
"0x0000000000000000000000000000000000000009": {
"builtin": {
"name": "blake2_f",
"pricing": {
"5006743": {
"info": "Istanbul HF",
"price": {
"blake2_f": {
"gas_per_round": 1
}
}
}
}
}
},
"0xab59a1ea1ac9af9f77518b9b4ad80942ade35088": { "balance": "100000000000000000000000000000000" }
}
}

View File

@ -0,0 +1,35 @@
# File bootnode.toml
[parity]
chain = "{{OPENETHEREUM_CONFIG}}/bloxberg.json"
base_path = "{{OPENETHEREUM_RUN}}/bootnode"
[network]
port = 30303
reserved_peers = "{{OPENETHEREUM_CONFIG}}/bootnodes.txt"
# reserved_only = true
max_peers = 100
snapshot_peers = 25
#nat = "extip:217.197.85.156"
[rpc]
port = 8545
#apis = ["web3", "eth", "net", "personal", "parity", "parity_set", "traces", "rpc", "parity_accounts"]
apis = ["eth", "net" ]
interface = "all"
cors = ["*"]
[websockets]
disable = true
port = 8546
interface = "all"
origins = ["all"]
[account]
password = ["{{OPENETHEREUM_CONFIG}}/bootnode.pwd"]
[footprint]
tracing = "on"
pruning = "archive"
pruning_history = 256
cache_size_db = 2000

View File

@ -0,0 +1,17 @@
#MPDL Bootnode and Authority
enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@141.5.98.231:30304
enode://a7a53baf91b612b25b84993c964beb987879bfe7430cf6acb55bd721b9c0d96ceb1849049b1dcc0aa6e86fa1e2234280581b16c1265d56644fb09085e6906034@130.183.206.234:30304
enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@141.5.98.231:30303
enode://e6b181c16d20194029c220ce886fdc7a745cb37ee655c3b41ea744ec89143db6731a1c01ff3c40b39f969079090ad34e0e3319e47b0d22a8d510ff1f7b5a9ac7@130.183.206.234:30303
#GeorgiaTech
enode://4d9e6925ef3a92315283a655e856aa29dd516172c4f38d2a8fcd58c233a2cd80c57b507fed3bf351b1ac0611e8c7fefd6fb1c49de2d0d15eb1816d43629ac4ba@3.14.148.213:30303
#CMU
enode://ce0154eb13c1c038017151dd1ff4d736178ffedc33f5e11fe694c247eb09279886d253c3c775486eb709a65057901e2788098f991c58e6ad26ff957a8f45253e@128.2.25.89:30303
#UCL
enode://e41a38d659f13d47f3d88c5178e0cfe97487d3568000b85ae3a4abbcc35404d2628cee8a7e9071b63802542bafd886447ecf1d02fc663be0534779094a3e4fd1@128.16.12.165:30303
#Sarajevo
enode://6959137e1c66384e82ce6d9ba7e09bb0e56817f4834416448b98f646a335168c2967760a1daa5e3ec5ac2a3401be1cd05927568cdebf49c25d4770f5bb8fbfd7@195.222.43.21:30303
#Zurich
enode://6173beaabd1a82d41e3615da2a755e99f3bd53e04737e2ae2f02a004c42445d8dfd1d87aadfafabc4c45a1df2a80f359ab628c93522d1dac70690a9689912bbc@129.132.178.74:30303
#Internet Security
enode://bc50cf41d29f346f43f84ee7d03b21cd2d4176cd759cd0d26ce04c16448d4c8611c4eab4c5543e29075c758c0afc2fd6743fa38f48dc0ed1f016efbb5c5a7654@194.94.127.78:30303

View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
owEBfQKC/ZANAwAIASHS57uIwqdGAaw2YgpDSEFJTl9TUEVDYY1AikNIQUlOX1NQ
RUM9ZXZtOmJ5emFudGl1bTo4OTk2OmJsb3hiZXJniQIzBAABCAAdFiEECCbtoXAt
HofG4odRIdLnu4jCp0YFAmGNQIoACgkQIdLnu4jCp0ZtMg/+PZJjTa05dxCO4A/J
1/A+I+HuBFt4LQY+mjTnDeCRF3cjgKrUfF+D6nIIbCMsL+F/HlN9NO2x0RvdkGkg
k6whux+HBl7WxGQAGPlFIAJTz+xGhQ9gJD6djuILjNcWKtfzpCdEBq5nXnlcK6xo
X1gbSQgaHvIiau6qPHobKF9EciF99QB2f/3BSAeZpge3wOxC4NIibPL1o/QwEJrx
QcNCoxRvI0Nvx51AfJ/VoyW/WbYOgrOVv8ZYqhpuPMC8MYFOzJByN73p5JNA2qGg
BF5WHOARBiEXH3xAVcnvKSegqh8o3ZeQT6mwc6vzHmBA1BTiPeT256rQwDkXaaFY
TXXbg/1uvCyPUoXJgyH8FErs/7iYZo7tOy7qGEV8IM+O4IpVxogq7VVJj4UlFEJN
Sggjon/4aGc6dTThdkxn2FhJzTY7fPDjlNoxVRYxOzL96nSmLM5fslOYBUt9QZXP
QkNRlhbxyhpZ+MODmzqt5JRLMLPSdLCd7zVf//zlYVjeb4PCzr7/CeGHhwmyyBj3
oc9waZ1bLspIAJxHzuK4cQq/MAsRlL/Mo+DHKOPgtXF5xoW1Cvt/bOAdgl9A7tHE
ttwZAWw9FUmSpxfQbfV+R3zvgxC1wUGfqElMa5xT5iK1Vm0IYUBEFrUeqGbyAZwe
3WNmOQJ0w1A4a/lPMDI8wcUVmV0=
=5hcY
-----END PGP MESSAGE-----

View File

@ -0,0 +1,19 @@
-----BEGIN PGP MESSAGE-----
owGbwMvMwMGoeOn57o5Dy90Y10QliTh7OscHubp7BocERcY7urgEuQYHJ/Y6TMQm
bmtQkZxmZpCalGxiYppkZmyWaJqYZG5hnmaZagEUMzNNNEo0Tk2zMLK05OpkMmZh
YORgkBVTZOFQe7uwQFeu/dij9kCY5axMIFsYuDgFYCLX/vH/L+QPX/Jvu5zLVudE
hX3fpKdM3ma0IU5vw0ye6X+jZrfslLphllHHr775QO31zYFeCiELZ75JlHtdGSAQ
WTNRfnewr13spQ3/oi8c5jhY5JQj+2THY5EKrhX1TnufWBiLvszNe5WjXbDtCJd5
p+2n4LVyTSvOhqxaeOL/cZ1PnTV/Jp37oqHjbXgh2OBb72WtI4JTHCaVHp3BI1PM
uoPV+iu/xcltS+u+m0wqFw866Pz2An9WkqLzwnOfT2X5/Zq1K0tsJ9spscVtOx1z
Svp/Gi/uLjWwrPH5q/0uSsP7bvvDV5O1NY+dYy5zSF4r4ZCbYCbPnbXT9rVQyKc5
TX7Hbyvf3fdwQ46WzoqWhvvprb+iymymREU/EJiwSXVz7bGoDa9dwo4WOgjE/pj6
fl6WVsLaC9VTNtlfOJXGPOP7xuRjF1XeCCX/dOib4codJfXlqOaFGU8/XznB2PzY
/1G/5MIdDksW/7ToC5X+vzjd+EVC49rHkfOTtkpNvyPjODn8/4xHTW2f77cvZmk7
oKPD/OUVT3TNDC3f92q/zJfK23yYalh3xMRitdTRWYstLswP/ctw9q/Mp345z273
w0HvK5ue/ftnLnlZ4eXG29Izz0hbvtuippPzNXXaP0bFDMYPa3k55gd7Bs8oNT09
9Z7ZG5mDJlN45tr1XvCwdIif1KP9f7n/I3fV/Xe+rqtKWJIk+P8N64aua6ss2LQU
LwMA
=YNnV
-----END PGP MESSAGE-----

View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
owGbwMvMwMGoeOn57o5Dy90Y1wQlCTp7OseHBIUGh8Q7urgEuQYHJ/Y6TMUQtHVN
MrY0ME91TkwxN0k0MDA0TjYytXQxtTA3cXQ1TzMyckl2Sna2NHXm6mQyZmFg5GCQ
FVNk4VB7u7BAV6792KP2QJilrEwgCxi4OAVgIleD+f8nMstfi1+2rzu1aaLUuyWq
PAxHpu3bGOr0kHNu2ttjHEbBe0qzXzS9MX58MPCXuH3LAknu7wUr9l+qOyietf9s
/rvphUwfvL2sb3tYntorLx/9ctqFXceEG7RCY6eWvX98clHN6cIJcutmZU0TYS7/
taFQd9LF50w83QvnFbYVNO7Sydm76N1rTb0oPrs1SdqLXY4yZn5iut+stPHIacVd
bjvEsi1177DP3WMk5rbCueS4zS0N7p0bS/xMeE+rBs/97la1yCREcu79H/9iWxvf
nLFKtPgx22XNzSz2uDd3jib+ynue2+rzIbtSXirgl8fV5ylaNnmxLz9f+nNKfwt3
v9y0tji/o25Wb06K/dwwZ3an5tIoS+F0F4c4Z8+KZSem2rvPEMhfP0XTzLbIZ9Xi
Q7v1lXlzEzYWHrA4zm//zdu8fO9HF86oreUhp++9Obs9p0LA0ux/X8WTZcKcbyWs
zxzVZn9kkaub8XG3a/CMB83bHmx98nKC+mw2Xx6p3FxX3s2xeVus1B4GLLN6vY3t
8mU5A/VEe6VZN18xPPw32VBol9FcfkO7Khd5a8eDRxaYO90MyLuu2FXcVjFtwzPP
7O9SO24oRh9pnb39xq3jnRFPrjBUmK/ScFwc/tyeyWfRAYZ/Z09JnnoQXdWfVl8Y
Wcq1zefghqra24ereD9O1e088OqAb919tglP9m+eu2cxZ+qyNV/m/hdLuuEJAA==
=+uzd
-----END PGP MESSAGE-----

View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
owEBdQKK/ZANAwAIASHS57uIwqdGAawuYghNRVRBX1VSTGGNQJhNRVRBX1VSTD1o
dHRwOi8vbG9jYWxob3N0OjYzMzgwCokCMwQAAQgAHRYhBAgm7aFwLR6HxuKHUSHS
57uIwqdGBQJhjUCYAAoJECHS57uIwqdG2GsP/3VH0vlEXC+X0Nh8ufRLdtBiw73J
LNTGNXslIg3szwGGgaHjNoARpluZjJ6AvH83s7jYV/OFuip+zwBIcqRZ4BT0rtEf
YlojiVnEIkIahbxYlD+gIU37WjbiBcpPAqYErYDaJhEyUzGD9aLhLg0r+TImHLUH
/WRWioEwSdAAzetzkY0R3aNtEZlolxvt7HumSOIMKNX7qQHpnpPUOqergsiwN0J7
ynWAD1vgXaiZ3lI+8iyDWwQHpaTjHuRbFmROVhBRiFCY6xlyotYP8waGldEZVvnc
0mP5cRg2PogEuCO5cDQ+2vszR7N8xPpQKI/9Q3gUTv2gPj5Cy7ko4+N6bsTgQk7H
aX1jvUwaU0HBD0A//l6eGxl0gze5hrr4v/4O8MZLdzKfYPqgOzPcDgo42aykua7x
0zHWTCtmiy/PaW4/c+bPKvbMMUO5ZojRant4O+pCZ80CTkH18rkY2pcQGGGP+XTI
pDTKB1IdrvnVc508v59UaXoKHOKpaES8SqTe4XWZY9w/pr7alw9LjjEOu3mrNypT
/CszUjwx5FYRKQxLrF8fj7UuODX9bbUP9XAdggy6wwy8NWZbw1hxBlJRKgDvvvoK
jqGAkRig8yzhT6f0F7f5U3AVdCCFfZXWBWk0NCqT5oMHbI5VGMKLAdV8m8+ptyB+
GlDGJ7sdcwrUhM3U
=Va+P
-----END PGP MESSAGE-----

View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
owEBfAKD/ZANAwAIASHS57uIwqdGAaw1YgxUWF9DQUNIRV9VUkxhjUCcVFhfQ0FD
SEVfVVJMPWh0dHA6Ly9sb2NhbGhvc3Q6ODMxMwqJAjMEAAEIAB0WIQQIJu2hcC0e
h8bih1Eh0ue7iMKnRgUCYY1AnAAKCRAh0ue7iMKnRsGVD/41suPkAo85ue4IHY4g
yXl5IuxF6TPAkG9UPTB7Lb4RLmlmwsoN4oMssn0//QZJ/0l/vfJQqf0NPUhEwOWw
vnr8rK+l0jZ77pewP38aptMvq7S2TIXgrRYPwWKhwZFe0F5fUqk5nPxjdKoSCANE
eifd7Igf543x3oqahaM4W1jHe8JjzXPdKpqC/eubU5o3Uc8RDygM8Y3aTXR25siq
0D/yx5X3y5BbETKkTmkDRjowsMkYPLL6TWUdHspYYq0I224RVwOG408XWGDi4YJQ
z8PK4W+rR6oPUmcpTy+PgTdu7d16I1B1b4OqYeXmy6QK0TOK9KhxcsZlJiBYeJ7n
xMOVHA/9mAfagXsbovz7Hh+q4uebR4jmm/jwHP2tZMotrPuTfQJmdI7LSMwwB8Kk
/Amh2Kq2W0otcg2h7fTylmnCLVql+8j0ECykE7QcdeNFPNrlhEG1qi033adJ9CL+
JmDxGGGEKIyL4mK6qzZFeOQpUC8P9aFOXt79NbOtqvyNQtxxNiXNCJvH0gI3aYeY
+VDcINFjLTJQ88lcfCgLoZ4mFDP4PffKwyYf7GvdxI1Xrd7diniwwUHqvoIjHb3r
LGL0XNCaVkFH6bsHt2EIlR5/8aGl0G3189tM+i4IOW/sl+ktZAEupGEXNXjaN1IY
tG5M/oJuWUJzOPv7ZJql0PLWNw==
=IueR
-----END PGP MESSAGE-----