bee-clef: init at 0.4.7

4 files changed, 173 insertions, 0 deletions

diff --git a/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch b/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch
new file mode 100644
index 00000000000..fb551646b7c
--- /dev/null
+++ b/pkgs/applications/networking/bee/0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch
@@ -0,0 +1,44 @@
+From 04933c578f51aa1f536991318dc5aede57f81c0d Mon Sep 17 00:00:00 2001
+From: Attila Lendvai <attila@lendvai.name>
+Date: Sat, 30 Jan 2021 14:02:02 +0100
+Subject: [PATCH 1/2] clef-service: accept default CONFIGDIR from the
+ environment
+
+---
+ packaging/bee-clef-service | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service
+index 10bcd92..34c7edd 100755
+--- a/packaging/bee-clef-service
++++ b/packaging/bee-clef-service
+@@ -1,16 +1,21 @@
+ #!/usr/bin/env sh
+ 
+ start() {
+-    KEYSTORE=/var/lib/bee-clef/keystore
+-    CONFIGDIR=/var/lib/bee-clef
++    if [ -z "$CONFIGDIR" ]; then
++        CONFIGDIR=/var/lib/bee-clef
++    fi
++    if [ -z "$PASSWORD_FILE" ]; then
++        PASSWORD_FILE=${CONFIGDIR}/password
++    fi
++    KEYSTORE=${CONFIGDIR}/keystore
++    SECRET=$(cat ${PASSWORD_FILE})
+     CHAINID=5
+-    SECRET=$(cat /var/lib/bee-clef/password)
+     # clef with every start sets permissions back to 600
+-    (sleep 4; chmod 660 /var/lib/bee-clef/clef.ipc) &
++    (sleep 4; chmod 660 ${CONFIGDIR}/clef.ipc) &
+     ( sleep 2; cat << EOF
+ { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } }
+ EOF
+-) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath /var/lib/bee-clef
++) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR}
+ }
+ 
+ stop() {
+-- 
+2.29.2
+
diff --git a/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch b/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch
new file mode 100644
index 00000000000..611aed0b890
--- /dev/null
+++ b/pkgs/applications/networking/bee/0002-nix-diff-for-substituteAll.patch
@@ -0,0 +1,25 @@
+From 1a1ab986245e8b74648a1a0adb5d1c7019561d18 Mon Sep 17 00:00:00 2001
+From: Attila Lendvai <attila@lendvai.name>
+Date: Sat, 30 Jan 2021 15:24:57 +0100
+Subject: [PATCH 2/2] nix diff for substituteAll
+
+---
+ packaging/bee-clef-service | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/packaging/bee-clef-service b/packaging/bee-clef-service
+index 34c7edd..31e9d95 100755
+--- a/packaging/bee-clef-service
++++ b/packaging/bee-clef-service
+@@ -15,7 +15,7 @@ start() {
+     ( sleep 2; cat << EOF
+ { "jsonrpc": "2.0", "id":1, "result": { "text":"$SECRET" } }
+ EOF
+-) | clef --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules /etc/bee-clef/rules.js --nousb --4bytedb-custom /etc/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR}
++) | @clefBinary@ --stdio-ui --keystore $KEYSTORE --configdir $CONFIGDIR --chainid $CHAINID --rules @out@/share/bee-clef/rules.js --nousb --4bytedb-custom @out@/share/bee-clef/4byte.json --pcscdpath "" --auditlog "" --loglevel 3 --ipcpath ${CONFIGDIR}
+ }
+ 
+ stop() {
+-- 
+2.29.2
+
diff --git a/pkgs/applications/networking/bee/bee-clef.nix b/pkgs/applications/networking/bee/bee-clef.nix
new file mode 100644
index 00000000000..a94386ea3f1
--- /dev/null
+++ b/pkgs/applications/networking/bee/bee-clef.nix
@@ -0,0 +1,57 @@
+{ version ? "release", stdenv, lib, substituteAll, fetchFromGitHub, go-ethereum }:
+
+stdenv.mkDerivation rec {
+  pname = "bee-clef";
+  version = "0.4.7";
+
+  src = fetchFromGitHub {
+    owner = "ethersphere";
+    repo = "bee-clef";
+    rev = "refs/tags/v${version}";
+    sha256 = "1sfwql0kvnir8b9ggpqcyc0ar995gxgfbhqb1xpfzp6wl0g3g4zz";
+  };
+
+  buildInputs = [ go-ethereum ];
+
+  clefBinary = "${go-ethereum}/bin/clef";
+
+  patches = [
+    ./0001-clef-service-accept-default-CONFIGDIR-from-the-envir.patch
+    ./0002-nix-diff-for-substituteAll.patch
+  ];
+
+  dontBuild = true;
+
+  installPhase = ''
+    mkdir -p $out/bin/
+    mkdir -p $out/share/bee-clef/
+    mkdir -p $out/lib/systemd/system/
+    cp packaging/bee-clef.service $out/lib/systemd/system/
+    substituteAll packaging/bee-clef-service $out/share/bee-clef/bee-clef-service
+    substituteAll ${./ensure-clef-account} $out/share/bee-clef/ensure-clef-account
+    substituteAll packaging/bee-clef-keys $out/bin/bee-clef-keys
+    cp packaging/rules.js packaging/4byte.json $out/share/bee-clef/
+    chmod +x $out/bin/bee-clef-keys
+    chmod +x $out/share/bee-clef/bee-clef-service
+    chmod +x $out/share/bee-clef/ensure-clef-account
+    patchShebangs $out/
+  '';
+
+  meta = with lib; {
+    # homepage = "https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/bee-clef/";
+    homepage = "https://docs.ethswarm.org/docs/installation/bee-clef";
+    description = "External signer for Ethereum Swarm Bee";
+    longDescription = ''
+      clef is go-ethereum's external signer.
+
+      bee-clef is a package that starts up a vanilla clef instance as a systemd service,
+      but configured in such a way that is suitable for bee (relaxed security for
+      automated operation).
+
+      This package contains the files necessary to run the bee-clef service.
+    '';
+    license = with licenses; [ bsd3 ];
+    maintainers = with maintainers; [ attila-lendvai ];
+    platforms = go-ethereum.meta.platforms;
+  };
+}
diff --git a/pkgs/applications/networking/bee/ensure-clef-account b/pkgs/applications/networking/bee/ensure-clef-account
new file mode 100644
index 00000000000..def67ff9cc3
--- /dev/null
+++ b/pkgs/applications/networking/bee/ensure-clef-account
@@ -0,0 +1,47 @@
+#!/usr/bin/env sh
+
+set -e
+
+# NOTE This file is called by the systemd service in its preStart
+# hook, but it's not Nix specific in any way. Ideally, the same file
+# should be called from the postinst scripts of the other packages,
+# but... the world is not ideal.
+
+# What follows was extracted from, and should be in sync with
+# https://github.com/ethersphere/bee-clef/tree/master/packaging
+
+DATA_DIR="$1"
+CONFIG_DIR="$2"
+PASSWORD_FILE=${DATA_DIR}/password
+MASTERSEED=${DATA_DIR}/masterseed.json
+KEYSTORE=${DATA_DIR}/keystore
+
+echo "ensure-clef-account $DATA_DIR $CONFIG_DIR"
+
+if ! test -f ${PASSWORD_FILE}; then
+    < /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 > ${PASSWORD_FILE}
+    chmod 0400 ${PASSWORD_FILE}
+    echo "Initialized ${PASSWORD_FILE} from /dev/urandom"
+fi
+
+if ! test -f ${MASTERSEED}; then
+    parse_json() { echo $1|sed -e 's/[{}]/''/g'|sed -e 's/", "/'\",\"'/g'|sed -e 's/" ,"/'\",\"'/g'|sed -e 's/" , "/'\",\"'/g'|sed -e 's/","/'\"---SEPERATOR---\"'/g'|awk -F=':' -v RS='---SEPERATOR---' "\$1~/\"$2\"/ {print}"|sed -e "s/\"$2\"://"|tr -d "\n\t"|sed -e 's/\\"/"/g'|sed -e 's/\\\\/\\/g'|sed -e 's/^[ \t]*//g'|sed -e 's/^"//' -e 's/"$//' ; }
+    SECRET=$(cat ${PASSWORD_FILE})
+    CLEF="@clefBinary@ --configdir ${DATA_DIR} --keystore ${KEYSTORE} --stdio-ui"
+    $CLEF init >/dev/null << EOF
+$SECRET
+$SECRET
+EOF
+    $CLEF newaccount >/dev/null << EOF
+$SECRET
+EOF
+    $CLEF setpw 0x$(parse_json $(cat ${KEYSTORE}/*) address) >/dev/null << EOF
+$SECRET
+$SECRET
+$SECRET
+EOF
+    $CLEF attest $(sha256sum ${CONFIG_DIR}/rules.js | cut -d' ' -f1 | tr -d '\n') >/dev/null << EOF
+$SECRET
+EOF
+    echo "Clef data dir initialized"
+fi