+44

pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch

··· 1 1 + From 04933c578f51aa1f536991318dc5aede57f81c0d Mon Sep 17 00:00:00 2001 2 2 + From: Attila Lendvai <attila@lendvai.name> 3 3 + Date: Sat, 30 Jan 2021 14:02:02 +0100 4 4 + Subject: [PATCH 1/2] clef-service: accept default CONFIGDIR from the 5 5 + environment 6 6 + 7 7 + --- 8 8 + packaging/bee-clef-service | 15 ++++++++++----- 9 9 + 1 file changed, 10 insertions(+), 5 deletions(-) 10 10 + 11 11 + diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service 12 12 + index 10bcd92..34c7edd 100755 13 13 + --- a/packaging/bee-clef-service 14 14 + +++ b/packaging/bee-clef-service 15 15 + @@ -1,16 +1,21 @@ 16 16 + #!/usr/bin/env sh 17 17 + 18 18 + start() { 19 19 + - KEYSTORE=/var/lib/bee-clef/keystore 20 20 + - CONFIGDIR=/var/lib/bee-clef 21 21 + + if [ -z "$CONFIGDIR" ]; then 22 22 + + CONFIGDIR=/var/lib/bee-clef 23 23 + + fi 24 24 + + if [ -z "$PASSWORD_FILE" ]; then 25 25 + + PASSWORD_FILE=${CONFIGDIR}/password 26 26 + + fi 27 27 + + KEYSTORE=${CONFIGDIR}/keystore 28 28 + + SECRET=$(cat ${PASSWORD_FILE}) 29 29 + CHAINID=5 30 30 + - SECRET=$(cat /var/lib/bee-clef/password) 31 31 + # clef with every start sets permissions back to 600 32 32 + - (sleep 4; chmod 660 /var/lib/bee-clef/clef.ipc) & 33 33 + + (sleep 4; chmod 660 ${CONFIGDIR}/clef.ipc) & 34 34 + ( sleep 2; cat << EOF 35 35 + { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } } 36 36 + EOF 37 37 + -) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath /var/lib/bee-clef 38 38 + +) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} 39 39 + } 40 40 + 41 41 + stop() { 42 42 + -- 43 43 + 2.29.2 44 44 +

+25

pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch

··· 1 1 + From 1a1ab986245e8b74648a1a0adb5d1c7019561d18 Mon Sep 17 00:00:00 2001 2 2 + From: Attila Lendvai <attila@lendvai.name> 3 3 + Date: Sat, 30 Jan 2021 15:24:57 +0100 4 4 + Subject: [PATCH 2/2] nix diff for substituteAll 5 5 + 6 6 + --- 7 7 + packaging/bee-clef-service | 2 +- 8 8 + 1 file changed, 1 insertion(+), 1 deletion(-) 9 9 + 10 10 + diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service 11 11 + index 34c7edd..31e9d95 100755 12 12 + --- a/packaging/bee-clef-service 13 13 + +++ b/packaging/bee-clef-service 14 14 + @@ -15,7 +15,7 @@ start() { 15 15 + ( sleep 2; cat << EOF 16 16 + { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } } 17 17 + EOF 18 18 + -) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} 19 19 + +) | @clefBinary@ --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules @out@/share/bee-clef/rules.js --nousb --4bytedb-custom @out@/share/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} 20 20 + } 21 21 + 22 22 + stop() { 23 23 + -- 24 24 + 2.29.2 25 25 +

+57

pkgs/applications/networking/bee/bee-clef.nix

··· 1 1 + { version ? "release", stdenv, lib, substituteAll, fetchFromGitHub, go-ethereum }: 2 2 + 3 3 + stdenv.mkDerivation rec { 4 4 + pname = "bee-clef"; 5 5 + version = "0.4.7"; 6 6 + 7 7 + src = fetchFromGitHub { 8 8 + owner = "ethersphere"; 9 9 + repo = "bee-clef"; 10 10 + rev = "refs/tags/v${version}"; 11 11 + sha256 = "1sfwql0kvnir8b9ggpqcyc0ar995gxgfbhqb1xpfzp6wl0g3g4zz"; 12 12 + }; 13 13 + 14 14 + buildInputs = [ go-ethereum ]; 15 15 + 16 16 + clefBinary = "${go-ethereum}/bin/clef"; 17 17 + 18 18 + patches = [ 19 19 + ./0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch 20 20 + ./0002-nix-diff-for-substituteAll.patch 21 21 + ]; 22 22 + 23 23 + dontBuild = true; 24 24 + 25 25 + installPhase = '' 26 26 + mkdir -p $out/bin/ 27 27 + mkdir -p $out/share/bee-clef/ 28 28 + mkdir -p $out/lib/systemd/system/ 29 29 + cp packaging/bee-clef.service $out/lib/systemd/system/ 30 30 + substituteAll packaging/bee-clef-service $out/share/bee-clef/bee-clef-service 31 31 + substituteAll ${./ensure-clef-account} $out/share/bee-clef/ensure-clef-account 32 32 + substituteAll packaging/bee-clef-keys $out/bin/bee-clef-keys 33 33 + cp packaging/rules.js packaging/4byte.json $out/share/bee-clef/ 34 34 + chmod +x $out/bin/bee-clef-keys 35 35 + chmod +x $out/share/bee-clef/bee-clef-service 36 36 + chmod +x $out/share/bee-clef/ensure-clef-account 37 37 + patchShebangs $out/ 38 38 + ''; 39 39 + 40 40 + meta = with lib; { 41 41 + # homepage = "https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/bee-clef/"; 42 42 + homepage = "https://docs.ethswarm.org/docs/installation/bee-clef"; 43 43 + description = "External signer for Ethereum Swarm Bee"; 44 44 + longDescription = '' 45 45 + clef is go-ethereum's external signer. 46 46 + 47 47 + bee-clef is a package that starts up a vanilla clef instance as a systemd service, 48 48 + but configured in such a way that is suitable for bee (relaxed security for 49 49 + automated operation). 50 50 + 51 51 + This package contains the files necessary to run the bee-clef service. 52 52 + ''; 53 53 + license = with licenses; [ bsd3 ]; 54 54 + maintainers = with maintainers; [ attila-lendvai ]; 55 55 + platforms = go-ethereum.meta.platforms; 56 56 + }; 57 57 + }

+47

pkgs/applications/networking/bee/ensure-clef-account

··· 1 1 + #!/usr/bin/env sh 2 2 + 3 3 + set -e 4 4 + 5 5 + # NOTE This file is called by the systemd service in its preStart 6 6 + # hook, but it's not Nix specific in any way. Ideally, the same file 7 7 + # should be called from the postinst scripts of the other packages, 8 8 + # but... the world is not ideal. 9 9 + 10 10 + # What follows was extracted from, and should be in sync with 11 11 + # https://github.com/ethersphere/bee-clef/tree/master/packaging 12 12 + 13 13 + DATA_DIR="$1" 14 14 + CONFIG_DIR="$2" 15 15 + PASSWORD_FILE=${DATA_DIR}/password 16 16 + MASTERSEED=${DATA_DIR}/masterseed.json 17 17 + KEYSTORE=${DATA_DIR}/keystore 18 18 + 19 19 + echo "ensure-clef-account $DATA_DIR $CONFIG_DIR" 20 20 + 21 21 + if ! test -f ${PASSWORD_FILE}; then 22 22 + < /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 > ${PASSWORD_FILE} 23 23 + chmod 0400 ${PASSWORD_FILE} 24 24 + echo "Initialized ${PASSWORD_FILE} from /dev/urandom" 25 25 + fi 26 26 + 27 27 + if ! test -f ${MASTERSEED}; then 28 28 + parse_json() { echo $1|sed -e 's/[{}]/''/g'|sed -e 's/", "/'\",\"'/g'|sed -e 's/" ,"/'\",\"'/g'|sed -e 's/" , "/'\",\"'/g'|sed -e 's/","/'\"---SEPERATOR---\"'/g'|awk -F=':' -v RS='---SEPERATOR---' "\$1~/\"$2\"/ {print}"|sed -e "s/\"$2\"://"|tr -d "\n\t"|sed -e 's/\\"/"/g'|sed -e 's/\\\\/\\/g'|sed -e 's/^[ \t]*//g'|sed -e 's/^"//' -e 's/"$//' ; } 29 29 + SECRET=$(cat ${PASSWORD_FILE}) 30 30 + CLEF="@clefBinary@ --configdir ${DATA_DIR} --keystore ${KEYSTORE} --stdio-ui" 31 31 + $CLEF init >/dev/null << EOF 32 32 + $SECRET 33 33 + $SECRET 34 34 + EOF 35 35 + $CLEF newaccount >/dev/null << EOF 36 36 + $SECRET 37 37 + EOF 38 38 + $CLEF setpw 0x$(parse_json $(cat ${KEYSTORE}/*) address) >/dev/null << EOF 39 39 + $SECRET 40 40 + $SECRET 41 41 + $SECRET 42 42 + EOF 43 43 + $CLEF attest $(sha256sum ${CONFIG_DIR}/rules.js | cut -d' ' -f1 | tr -d '\n') >/dev/null << EOF 44 44 + $SECRET 45 45 + EOF 46 46 + echo "Clef data dir initialized" 47 47 + fi

+2

pkgs/top-level/all-packages.nix

··· 2916 2916 version = "unstable"; 2917 2917 }; 2918 2918 2919 2919 + bee-clef = callPackage ../applications/networking/bee/bee-clef.nix { }; 2920 2920 + 2919 2921 beets = callPackage ../tools/audio/beets { 2920 2922 pythonPackages = python3Packages; 2921 2923 };