Packaging clef option (#982)

649e64e5 · Ivan Vandot · GitHub · ebe79826 · 649e64e5 · 649e64e5
Commit 649e64e5 authored Nov 20, 2020 by Ivan Vandot Committed by GitHub Nov 20, 2020
7 changed files
--- a/cmd/bee/cmd/start.go
+++ b/cmd/bee/cmd/start.go
@@ -304,6 +304,7 @@ func (c *command) configureSigner(cmd *cobra.Command, logger logging.Logger) (co

 	logger.Infof("pss public key %x", crypto.EncodeSecp256k1PublicKey(&pssPrivateKey.PublicKey))

+	// postinst and post scripts inside packaging/{deb,rpm} depend and parse on this log output
 	overlayEthAddress, err := signer.EthereumAddress()
 	if err != nil {
 		return nil, err

--- a/packaging/bee.yaml
+++ b/packaging/bee.yaml
@@ -7,7 +7,7 @@
 ## enable clef signer
 # clef-signer-enable: false
 ## clef signer endpoint
-# clef-signer-endpoint: ""
+clef-signer-endpoint: /var/lib/bee-clef/clef.ipc
 ## config file (default is /home/<user>/.bee.yaml)
 config: /etc/bee/bee.yaml
 ## origins with CORS headers enabled

--- a/packaging/deb/postinst
+++ b/packaging/deb/postinst
 #!/bin/sh -e

 if [ "$1" = "configure" ]; then
+    START=true
    if [ -z "$2" ]; then
        . /usr/share/debconf/confmodule

@@ -14,11 +15,35 @@ if [ "$1" = "configure" ]; then
            /usr/bin/bee init --config /etc/bee/bee.yaml >/dev/null 2>&1
            chown -R bee:bee /var/lib/bee/keys
        fi
-        if [ -f /var/lib/bee/keys/swarm.key ]; then
-            parse_json() { echo $1|sed -e 's/[{}]/''/g'|sed -e 's/", "/'\",\"'/g'|sed -e 's/" ,"/'\",\"'/g'|sed -e 's/" , "/'\",\"'/g'|sed -e 's/","/'\"---SEPERATOR---\"'/g'|awk -F=':' -v RS='---SEPERATOR---' "\$1~/\"$2\"/ {print}"|sed -e "s/\"$2\"://"|tr -d "\n\t"|sed -e 's/\\"/"/g'|sed -e 's/\\\\/\\/g'|sed -e 's/^[ \t]*//g'|sed -e 's/^"//' -e 's/"$//' ; }
-            echo "Please make sure there is sufficient eth and bzz available on $(parse_json $(cat /var/lib/bee/keys/swarm.key) address)"
-            echo "You can get both goerli eth and goerli bzz from https://faucet.ethswarm.org"
+        db_input high bee/clef-enable || true
+        if db_go; then
+            db_get bee/clef-enable
+            if [ "$RET" = true ]; then
+                grep -v BEE_CLEF_SIGNER_ENABLE /etc/default/bee > /etc/default/bee.tmp
+                echo "BEE_CLEF_SIGNER_ENABLE=true" >> /etc/default/bee.tmp && mv /etc/default/bee.tmp /etc/default/bee
+            fi
        fi
+        set +e
+        RESP=$(BEE_CLEF_SIGNER_ENABLE=$RET /usr/bin/bee init --config /etc/bee/bee.yaml 2>&1)
+        set -e
+        case "$RESP" in
+            Error*)
+                START=false
+                echo "Enabled clef-signer but clef is not running."
+                echo "Check https://docs.ethswarm.org/ for more info and how to fix."
+                echo "Or install latest release of bee-clef from https://github.com/ethersphere/bee-clef and reinstall bee."
+                echo "Start bee with systemctl --no-reload start bee.service"
+                ;;
+            *)
+                ETH_ADDRESS=$(echo "$RESP" | grep ethereum | cut -d' ' -f6 | tr -d '"')
+                echo "Please make sure there is sufficient eth and bzz available on $ETH_ADDRESS address."
+                echo "You can get both goerli eth and goerli bzz from https://faucet.ethswarm.org."
+                ;;
+        esac
+    fi
+
+    if [ -S /var/lib/bee-clef/clef.ipc ]; then
+        chmod 660 /var/lib/bee-clef/clef.ipc
    fi

    deb-systemd-helper unmask bee.service >/dev/null || true
@@ -30,6 +55,8 @@ if [ "$1" = "configure" ]; then
    fi
    if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload >/dev/null || true
-        deb-systemd-invoke start bee.service >/dev/null || true
+        if [ $START = true ]; then
+            deb-systemd-invoke start bee.service >/dev/null || true
+        fi
    fi
 fi
\ No newline at end of file
--- a/packaging/deb/preinst
+++ b/packaging/deb/preinst
@@ -4,6 +4,9 @@ if [ "$1" = "install" ]; then
    if ! getent passwd bee > /dev/null; then
        useradd -r -d /var/lib/bee -s /sbin/nologin -U bee
    fi
+    if getent passwd bee-clef > /dev/null; then
+        usermod -a -G bee-clef bee > /dev/null
+    fi
    if ! test -d /var/lib/bee; then
        mkdir -p /var/lib/bee
        chmod 0750 /var/lib/bee

--- a/packaging/deb/templates
+++ b/packaging/deb/templates
@@ -2,3 +2,9 @@ Template: bee/ethereum-endpoint
 Type: string
 Description: Set ethereum endpoint for bee.
 Bee has SWAP enabled by default and needs ethereum endpoint to operate.
+
+Template: bee/clef-enable
+Type: boolean
+Description: Do you want to enable clef support?
+ It is recommended to use external signer with bee. Bee has support for clef.
+ Download and install latest bee-clef release from https://github.com/ethersphere/bee-clef
--- a/packaging/rpm/post
+++ b/packaging/rpm/post
 if [ $1 -eq 1 ] ; then
    # Initial installation
-    echo "Bee has SWAP enabled by default and needs ethereum endpoint to operate"
-    echo "Set ethereum endpoint for bee swap-endpoint inside /etc/bee/bee.yaml or BEE_SWAP_ENDPOINT inside /etc/default/bee"
+    echo "Bee has SWAP enabled by default and needs ethereum endpoint to operate."
+    echo "Set ethereum endpoint for bee swap-endpoint inside /etc/bee/bee.yaml"
    if [ ! -f /var/lib/bee/keys/libp2p.key ]; then
        /usr/bin/bee init --config /etc/bee/bee.yaml >/dev/null 2>&1
        chown -R bee:bee /var/lib/bee/keys
    fi
+    echo "It is recommended to use external signer with bee. Bee has support for clef."
+    echo "Download and install latest bee-clef release from https://github.com/ethersphere/bee-clef"
+    echo "Enable external signer setting clef-signer-enable to true inside /etc/bee/bee.yaml"
    if [ -f /var/lib/bee/keys/swarm.key ]; then
        parse_json() { echo $1|sed -e 's/[{}]/''/g'|sed -e 's/", "/'\",\"'/g'|sed -e 's/" ,"/'\",\"'/g'|sed -e 's/" , "/'\",\"'/g'|sed -e 's/","/'\"---SEPERATOR---\"'/g'|awk -F=':' -v RS='---SEPERATOR---' "\$1~/\"$2\"/ {print}"|sed -e "s/\"$2\"://"|tr -d "\n\t"|sed -e 's/\\"/"/g'|sed -e 's/\\\\/\\/g'|sed -e 's/^[ \t]*//g'|sed -e 's/^"//' -e 's/"$//' ; }
+        echo "If you don't want to use external signer even if we recommended it."
        echo "Please make sure there is sufficient eth and bzz available on $(parse_json $(cat /var/lib/bee/keys/swarm.key) address)"
        echo "You can get both goerli eth and goerli bzz from https://faucet.ethswarm.org"
    fi
    systemctl --no-reload preset bee.service &>/dev/null || :
    systemctl --no-reload enable bee.service &>/dev/null || :
-    echo "Service already enabled, after initial configuration"
+    echo "If you enabled external signer. Run"
+    echo "/usr/bin/bee init --config /etc/bee/bee.yaml 2>&1 | grep ethereum | cut -d' ' -f6 | tr -d '"'"
+    echo "Prefund that address at https://faucet.ethswarm.org"
+    echo "Service already enabled, after initial configuration."
    echo "Start service with systemctl --no-reload start bee.service"
 fi

 if [ $1 -eq 2 ] ; then
    # Upgrade
+    if [ -S /var/lib/bee-clef/clef.ipc ]; then
+        chmod 660 /var/lib/bee-clef/clef.ipc
+    fi
    systemctl --no-reload restart bee.service &>/dev/null || :
 fi
--- a/packaging/rpm/pre
+++ b/packaging/rpm/pre
@@ -3,6 +3,9 @@ if [ $1 -eq 1 ] ; then
    if ! getent passwd bee > /dev/null; then
        useradd -r -d /var/lib/bee -s /sbin/nologin -U bee
    fi
+    if getent passwd bee-clef > /dev/null; then
+        usermod -a -G bee-clef bee > /dev/null
+    fi
    if ! test -d /var/lib/bee; then
        mkdir -p /var/lib/bee
        chmod 0750 /var/lib/bee