diff --git a/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch b/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch new file mode 100644 index 000000000000..fb551646b7c6 --- /dev/null +++ b/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch @@ -0,0 +1,44 @@ +From 04933c578f51aa1f536991318dc5aede57f81c0d Mon Sep 17 00:00:00 2001 +From: Attila Lendvai +Date: Sat, 30 Jan 2021 14:02:02 +0100 +Subject: [PATCH 1/2] clef-service: accept default CONFIGDIR from the + environment + +--- + packaging/bee-clef-service | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service +index 10bcd92..34c7edd 100755 +--- a/packaging/bee-clef-service ++++ b/packaging/bee-clef-service +@@ -1,16 +1,21 @@ + #!/usr/bin/env sh + + start() { +- KEYSTORE=/var/lib/bee-clef/keystore +- CONFIGDIR=/var/lib/bee-clef ++ if [ -z "$CONFIGDIR" ]; then ++ CONFIGDIR=/var/lib/bee-clef ++ fi ++ if [ -z "$PASSWORD_FILE" ]; then ++ PASSWORD_FILE=${CONFIGDIR}/password ++ fi ++ KEYSTORE=${CONFIGDIR}/keystore ++ SECRET=$(cat ${PASSWORD_FILE}) + CHAINID=5 +- SECRET=$(cat /var/lib/bee-clef/password) + # clef with every start sets permissions back to 600 +- (sleep 4; chmod 660 /var/lib/bee-clef/clef.ipc) & ++ (sleep 4; chmod 660 ${CONFIGDIR}/clef.ipc) & + ( sleep 2; cat << EOF + { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } } + EOF +-) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath /var/lib/bee-clef ++) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} + } + + stop() { +-- +2.29.2 + diff --git a/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch b/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch new file mode 100644 index 000000000000..611aed0b890a --- /dev/null +++ b/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch @@ -0,0 +1,25 @@ +From 1a1ab986245e8b74648a1a0adb5d1c7019561d18 Mon Sep 17 00:00:00 2001 +From: Attila Lendvai +Date: Sat, 30 Jan 2021 15:24:57 +0100 +Subject: [PATCH 2/2] nix diff for substituteAll + +--- + packaging/bee-clef-service | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service +index 34c7edd..31e9d95 100755 +--- a/packaging/bee-clef-service ++++ b/packaging/bee-clef-service +@@ -15,7 +15,7 @@ start() { + ( sleep 2; cat << EOF + { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } } + EOF +-) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} ++) | @clefBinary@ --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules @out@/share/bee-clef/rules.js --nousb --4bytedb-custom @out@/share/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR} + } + + stop() { +-- +2.29.2 + diff --git a/pkgs/applications/networking/bee/bee-clef.nix b/pkgs/applications/networking/bee/bee-clef.nix new file mode 100644 index 000000000000..a94386ea3f11 --- /dev/null +++ b/pkgs/applications/networking/bee/bee-clef.nix @@ -0,0 +1,57 @@ +{ version ? "release", stdenv, lib, substituteAll, fetchFromGitHub, go-ethereum }: + +stdenv.mkDerivation rec { + pname = "bee-clef"; + version = "0.4.7"; + + src = fetchFromGitHub { + owner = "ethersphere"; + repo = "bee-clef"; + rev = "refs/tags/v${version}"; + sha256 = "1sfwql0kvnir8b9ggpqcyc0ar995gxgfbhqb1xpfzp6wl0g3g4zz"; + }; + + buildInputs = [ go-ethereum ]; + + clefBinary = "${go-ethereum}/bin/clef"; + + patches = [ + ./0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch + ./0002-nix-diff-for-substituteAll.patch + ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin/ + mkdir -p $out/share/bee-clef/ + mkdir -p $out/lib/systemd/system/ + cp packaging/bee-clef.service $out/lib/systemd/system/ + substituteAll packaging/bee-clef-service $out/share/bee-clef/bee-clef-service + substituteAll ${./ensure-clef-account} $out/share/bee-clef/ensure-clef-account + substituteAll packaging/bee-clef-keys $out/bin/bee-clef-keys + cp packaging/rules.js packaging/4byte.json $out/share/bee-clef/ + chmod +x $out/bin/bee-clef-keys + chmod +x $out/share/bee-clef/bee-clef-service + chmod +x $out/share/bee-clef/ensure-clef-account + patchShebangs $out/ + ''; + + meta = with lib; { + # homepage = "https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/bee-clef/"; + homepage = "https://docs.ethswarm.org/docs/installation/bee-clef"; + description = "External signer for Ethereum Swarm Bee"; + longDescription = '' + clef is go-ethereum's external signer. + + bee-clef is a package that starts up a vanilla clef instance as a systemd service, + but configured in such a way that is suitable for bee (relaxed security for + automated operation). + + This package contains the files necessary to run the bee-clef service. + ''; + license = with licenses; [ bsd3 ]; + maintainers = with maintainers; [ attila-lendvai ]; + platforms = go-ethereum.meta.platforms; + }; +} diff --git a/pkgs/applications/networking/bee/ensure-clef-account b/pkgs/applications/networking/bee/ensure-clef-account new file mode 100644 index 000000000000..def67ff9cc33 --- /dev/null +++ b/pkgs/applications/networking/bee/ensure-clef-account @@ -0,0 +1,47 @@ +#!/usr/bin/env sh + +set -e + +# NOTE This file is called by the systemd service in its preStart +# hook, but it's not Nix specific in any way. Ideally, the same file +# should be called from the postinst scripts of the other packages, +# but... the world is not ideal. + +# What follows was extracted from, and should be in sync with +# https://github.com/ethersphere/bee-clef/tree/master/packaging + +DATA_DIR="$1" +CONFIG_DIR="$2" +PASSWORD_FILE=${DATA_DIR}/password +MASTERSEED=${DATA_DIR}/masterseed.json +KEYSTORE=${DATA_DIR}/keystore + +echo "ensure-clef-account $DATA_DIR $CONFIG_DIR" + +if ! test -f ${PASSWORD_FILE}; then + < /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 > ${PASSWORD_FILE} + chmod 0400 ${PASSWORD_FILE} + echo "Initialized ${PASSWORD_FILE} from /dev/urandom" +fi + +if ! test -f ${MASTERSEED}; then + parse_json() { echo $1|sed -e 's/[{}]/''/g'|sed -e 's/", "/'\",\"'/g'|sed -e 's/" ,"/'\",\"'/g'|sed -e 's/" , "/'\",\"'/g'|sed -e 's/","/'\"---SEPERATOR---\"'/g'|awk -F=':' -v RS='---SEPERATOR---' "\$1~/\"$2\"/ {print}"|sed -e "s/\"$2\"://"|tr -d "\n\t"|sed -e 's/\\"/"/g'|sed -e 's/\\\\/\\/g'|sed -e 's/^[ \t]*//g'|sed -e 's/^"//' -e 's/"$//' ; } + SECRET=$(cat ${PASSWORD_FILE}) + CLEF="@clefBinary@ --configdir ${DATA_DIR} --keystore ${KEYSTORE} --stdio-ui" + $CLEF init >/dev/null << EOF +$SECRET +$SECRET +EOF + $CLEF newaccount >/dev/null << EOF +$SECRET +EOF + $CLEF setpw 0x$(parse_json $(cat ${KEYSTORE}/*) address) >/dev/null << EOF +$SECRET +$SECRET +$SECRET +EOF + $CLEF attest $(sha256sum ${CONFIG_DIR}/rules.js | cut -d' ' -f1 | tr -d '\n') >/dev/null << EOF +$SECRET +EOF + echo "Clef data dir initialized" +fi diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e72c391cc682..889f66ba1eff 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2916,6 +2916,8 @@ in version = "unstable"; }; + bee-clef = callPackage ../applications/networking/bee/bee-clef.nix { }; + beets = callPackage ../tools/audio/beets { pythonPackages = python3Packages; };