bee-clef: init at 0.4.7

2021-01-22 16:25:15 +01:00 · 2021-01-22 16:25:15 +01:00 · 3f144583c9
commit 3f144583c9
parent 0dc5f1f6d6
5 changed files with 175 additions and 0 deletions
--- a/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch
+++ b/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch
@ -0,0 +1,44 @@
 From 04933c578f51aa1f536991318dc5aede57f81c0d Mon Sep 17 00:00:00 2001
 From: Attila Lendvai <attila@lendvai.name>
 Date: Sat, 30 Jan 2021 14:02:02 +0100
 Subject: [PATCH 1/2] clef-service: accept default CONFIGDIR from the
 environment
 ---
 packaging/bee-clef-service | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
 diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service
 index 10bcd92..34c7edd 100755
 --- a/packaging/bee-clef-service
 +++ b/packaging/bee-clef-service
@@ -1,16 +1,21 @@
 #!/usr/bin/env sh
 start() {
 -    KEYSTORE=/var/lib/bee-clef/keystore
 -    CONFIGDIR=/var/lib/bee-clef
 +    if [ -z "$CONFIGDIR" ]; then
 +        CONFIGDIR=/var/lib/bee-clef
 +    fi
 +    if [ -z "$PASSWORD_FILE" ]; then
 +        PASSWORD_FILE=${CONFIGDIR}/password
 +    fi
 +    KEYSTORE=${CONFIGDIR}/keystore
 +    SECRET=$(cat ${PASSWORD_FILE})
     CHAINID=5
 -    SECRET=$(cat /var/lib/bee-clef/password)
     # clef with every start sets permissions back to 600
 -    (sleep 4; chmod 660 /var/lib/bee-clef/clef.ipc) &
 +    (sleep 4; chmod 660 ${CONFIGDIR}/clef.ipc) &
     ( sleep 2; cat << EOF
 { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } }
 EOF
 -) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath /var/lib/bee-clef
 +) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR}
 }
 stop() {
 -- 
 2.29.2
--- a/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch
+++ b/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch
@ -0,0 +1,25 @@
 From 1a1ab986245e8b74648a1a0adb5d1c7019561d18 Mon Sep 17 00:00:00 2001
 From: Attila Lendvai <attila@lendvai.name>
 Date: Sat, 30 Jan 2021 15:24:57 +0100
 Subject: [PATCH 2/2] nix diff for substituteAll
 ---
 packaging/bee-clef-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service
 index 34c7edd..31e9d95 100755
 --- a/packaging/bee-clef-service
 +++ b/packaging/bee-clef-service
@@ -15,7 +15,7 @@ start() {
     ( sleep 2; cat << EOF
 { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } }
 EOF
 -) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR}
 +) | @clefBinary@ --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules @out@/share/bee-clef/rules.js --nousb --4bytedb-custom @out@/share/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR}
 }
 stop() {
 -- 
 2.29.2
--- a/pkgs/applications/networking/bee/bee-clef.nix
+++ b/pkgs/applications/networking/bee/bee-clef.nix
@ -0,0 +1,57 @@
 { version ? "release", stdenv, lib, substituteAll, fetchFromGitHub, go-ethereum }:
 stdenv.mkDerivation rec {
  pname = "bee-clef";
  version = "0.4.7";
  src = fetchFromGitHub {
    owner = "ethersphere";
    repo = "bee-clef";
    rev = "refs/tags/v${version}";
    sha256 = "1sfwql0kvnir8b9ggpqcyc0ar995gxgfbhqb1xpfzp6wl0g3g4zz";
  };
  buildInputs = [ go-ethereum ];
  clefBinary = "${go-ethereum}/bin/clef";
  patches = [
    ./0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch
    ./0002-nix-diff-for-substituteAll.patch
  ];
  dontBuild = true;
  installPhase = ''
    mkdir -p $out/bin/
    mkdir -p $out/share/bee-clef/
    mkdir -p $out/lib/systemd/system/
    cp packaging/bee-clef.service $out/lib/systemd/system/
    substituteAll packaging/bee-clef-service $out/share/bee-clef/bee-clef-service
    substituteAll ${./ensure-clef-account} $out/share/bee-clef/ensure-clef-account
    substituteAll packaging/bee-clef-keys $out/bin/bee-clef-keys
    cp packaging/rules.js packaging/4byte.json $out/share/bee-clef/
    chmod +x $out/bin/bee-clef-keys
    chmod +x $out/share/bee-clef/bee-clef-service
    chmod +x $out/share/bee-clef/ensure-clef-account
    patchShebangs $out/
  '';
  meta = with lib; {
    # homepage = "https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/bee-clef/";
    homepage = "https://docs.ethswarm.org/docs/installation/bee-clef";
    description = "External signer for Ethereum Swarm Bee";
    longDescription = ''
      clef is go-ethereum's external signer.
      bee-clef is a package that starts up a vanilla clef instance as a systemd service,
      but configured in such a way that is suitable for bee (relaxed security for
      automated operation).
      This package contains the files necessary to run the bee-clef service.
    '';
    license = with licenses; [ bsd3 ];
    maintainers = with maintainers; [ attila-lendvai ];
    platforms = go-ethereum.meta.platforms;
  };
 }
--- a/pkgs/applications/networking/bee/ensure-clef-account
+++ b/pkgs/applications/networking/bee/ensure-clef-account
@ -0,0 +1,47 @@
 #!/usr/bin/env sh
 set -e
 # NOTE This file is called by the systemd service in its preStart
 # hook, but it's not Nix specific in any way. Ideally, the same file
 # should be called from the postinst scripts of the other packages,
 # but... the world is not ideal.
 # What follows was extracted from, and should be in sync with
 # https://github.com/ethersphere/bee-clef/tree/master/packaging
 DATA_DIR="$1"
 CONFIG_DIR="$2"
 PASSWORD_FILE=${DATA_DIR}/password
 MASTERSEED=${DATA_DIR}/masterseed.json
 KEYSTORE=${DATA_DIR}/keystore
 echo "ensure-clef-account $DATA_DIR $CONFIG_DIR"
 if ! test -f ${PASSWORD_FILE}; then
    < /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 > ${PASSWORD_FILE}
    chmod 0400 ${PASSWORD_FILE}
    echo "Initialized ${PASSWORD_FILE} from /dev/urandom"
 fi
 if ! test -f ${MASTERSEED}; then
    parse_json() { echo $1|sed -e 's/[{}]/''/g'|sed -e 's/", "/'\",\"'/g'|sed -e 's/" ,"/'\",\"'/g'|sed -e 's/" , "/'\",\"'/g'|sed -e 's/","/'\"---SEPERATOR---\"'/g'|awk -F=':' -v RS='---SEPERATOR---' "\$1~/\"$2\"/ {print}"|sed -e "s/\"$2\"://"|tr -d "\n\t"|sed -e 's/\\"/"/g'|sed -e 's/\\\\/\\/g'|sed -e 's/^[ \t]*//g'|sed -e 's/^"//' -e 's/"$//' ; }
    SECRET=$(cat ${PASSWORD_FILE})
    CLEF="@clefBinary@ --configdir ${DATA_DIR} --keystore ${KEYSTORE} --stdio-ui"
    $CLEF init >/dev/null << EOF
 $SECRET
 $SECRET
 EOF
    $CLEF newaccount >/dev/null << EOF
 $SECRET
 EOF
    $CLEF setpw 0x$(parse_json $(cat ${KEYSTORE}/*) address) >/dev/null << EOF
 $SECRET
 $SECRET
 $SECRET
 EOF
    $CLEF attest $(sha256sum ${CONFIG_DIR}/rules.js | cut -d' ' -f1 | tr -d '\n') >/dev/null << EOF
 $SECRET
 EOF
    echo "Clef data dir initialized"
 fi
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -2916,6 +2916,8 @@ in
    version = "unstable";
  };
  bee-clef = callPackage ../applications/networking/bee/bee-clef.nix { };
  beets = callPackage ../tools/audio/beets {
    pythonPackages = python3Packages;
  };