Merge pull request #132 from dedis/apt-package

deb packaging for dvoting (without unikernel)

Author: jbsv

.gitignore

@@ -6,3 +6,4 @@ web/app/node_modules
 .idea
 
 memcoin
+deb-package/dist/**

Makefile

@@ -22,4 +22,8 @@ test_integration:
 	go test ./integration
 
 build:
-	go build -ldflags="-X $(versionFlag) -X $(timeFlag)" ./cli/memcoin
+	go build -ldflags="-X $(versionFlag) -X $(timeFlag)" ./cli/memcoin
+
+deb:
+	GOOS=linux GOARCH=amd64 make build
+	cd deb-package; ./build-deb.sh; cd ..

deb-package/README.md

@@ -0,0 +1,121 @@
+# Packaging D-Voting in an installable .deb file
+
+## Requirements
+
+- gem
+- build-essential
+- git
+- fpm (`sudo gem install fpm`)
+- go (see https://go.dev/doc/install)
+
+```sh
+sudo apt install rubygems build-essential git
+```
+
+## Get the code
+
+```sh
+git clone --branch packaging https://github.com/dedis/d-voting.git --recursive 
+```
+
+## Build the deb package
+
+from the root folder, use make:
+
+```sh
+make deb
+```
+
+Make sure that a git tag exist, i.e `git describe` shows your tag.
+
+The resulting .deb can be found in the `dist/` folder.
+
+## Things to do after install
+
+### Network config
+
+Ensure that the public address is correct. For instance, in `network.env`, replace:
+```sh
+export dela_public="//localhost:9000"
+```
+with the node's public address:
+```sh
+export dela_public="//172.16.253.150:9000"
+```
+
+### Leader's node
+
+Get the token and certificate (24h * 30 = 720):
+
+```sh
+sudo memcoin --config /var/opt/dedis/dvoting/data/dela minogrpc token \
+    --expiration 720h
+```
+
+This result, which looks like as follow, will be given to node's operators:
+
+```
+--token b6VhdQEPXKOtZHpng8E8jw== --cert-hash oNeyrA864P2cP+TT6IE6GvkeEI/Ec4rOlZWEWiQkQKk=
+```
+
+### Participants (node's operators)
+
+Join the network. This operation will make the node share its certificate to the
+MASTER node, which, in turn, will share its known certificates to the node. Note
+that the certificates are stored in the DB, which means that this operation must
+be re-done in case the DB is reset.
+
+```sh
+sudo memcoin --config /var/opt/dedis/dvoting/data/dela minogrpc join \
+    --address <MASTER NODE ADDRESS> --token <TOKEN> --cert-hash <CERT HASH>
+```
+
+Example of `<MASTER NODE ADDRESS>`: `'//172.16.253.150:9000'`
+
+Get the node's address and public key:
+
+```sh
+sudo memcoin --config /var/opt/dedis/dvoting/data/dela ordering export
+```
+
+This will yield a base64 encoded string `<ADDRESS>:<PUB KEY>`.
+
+It will have to be provided to EPFL.
+
+## Setup the chain, from EPFL
+
+**1: Create the chain**:
+
+Do not forget to include ourself, the EPFL node!
+
+```sh
+sudo memcoin --config /var/opt/dedis/dvoting/data/dela ordering setup \
+    --member <RESULT FROM ordering export>\
+    --member <...>
+    ...
+```
+
+**2: grant access for each node to sign transactions on the evoting smart contract**:
+
+```sh
+PK=<> # taken from the "ordering export", the part after ":"
+sudo memcoin --config /var/opt/dedis/dvoting/data/dela pool add \
+    --key /home/user/master.key \
+    --args go.dedis.ch/dela.ContractArg --args go.dedis.ch/dela.Access \
+    --args access:grant_id --args 0300000000000000000000000000000000000000000000000000000000000000 \
+    --args access:grant_contract --args go.dedis.ch/dela.Evoting \
+    --args access:grant_command --args all \
+    --args access:identity --args $PK \
+    --args access:command --args GRANT
+```
+
+You should also grant access to the master key.
+
+### Test
+
+```sh
+sudo memcoin --config /var/opt/dedis/dvoting/data/dela e-voting scenarioTest \
+    --proxy-addr1 "http://192.168.232.133:9080" \
+    --proxy-addr2 "http://192.168.232.134:9080" \
+    --proxy-addr3 "http://192.168.232.135:9080"
+```

deb-package/build-deb.sh

@@ -0,0 +1,62 @@
+#! /usr/bin/env bash
+set -xe
+
+# cleanup previous installations
+rm -rf deb
+
+# create binaries dir
+INSTALL_DIR="deb/opt/dedis/dvoting/bin"
+mkdir -p $INSTALL_DIR
+
+DVOTING_CLI_DIR="$PWD/.."
+cp $DVOTING_CLI_DIR/memcoin $INSTALL_DIR
+
+# Prometheus Node Exporter
+NE_DIR="deb/opt/exporter"
+NE_VERSION="1.3.1"
+mkdir -p ${NE_DIR}
+wget https://github.com/prometheus/node_exporter/releases/download/v${NE_VERSION}/node_exporter-${NE_VERSION}.linux-amd64.tar.gz
+tar xfz node_exporter-${NE_VERSION}.linux-amd64.tar.gz
+mv node_exporter-${NE_VERSION}.linux-amd64/* ${NE_DIR}/
+rm -rf node_exporter-${NE_VERSION}.linux-amd64*
+
+# add config files
+cp -a pkg/etc deb
+cp -a pkg/lib deb
+cp -a pkg/opt deb
+cp -a pkg/var deb
+
+# add folders
+mkdir -p deb/var/log/dedis/dvoting
+
+# adjust permissions
+find deb ! -perm -a+r -exec chmod a+r {} \;
+
+# get version from git without v prefix
+GITVERSION=$(git describe --abbrev=0 --tags)
+VERSION=${GITVERSION:1}
+if [[ -z "${ITERATION}" ]]
+then
+  ITERATION="0"
+fi
+
+# fpm needs an existing output directory
+OUTPUT_DIR="dist"
+mkdir -p $OUTPUT_DIR
+
+fpm \
+    --force -t deb -a all -s dir -C deb -n dedis-dvoting -v ${VERSION} \
+    --iteration ${ITERATION} \
+    --deb-user dvoting \
+    --deb-group dvoting \
+    --depends net-tools \
+    --before-install pkg/before-install.sh \
+    --after-install pkg/after-install.sh \
+    --before-remove pkg/before-remove.sh \
+    --after-remove pkg/after-remove.sh \
+    --url https://dedis.github.com/dedis/dvoting \
+    --description 'D-Voting package' \
+    --package dist .
+
+# cleanup
+rm -rf ./deb

deb-package/pkg/after-install.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# fix permissions
+# dvoting:dedis will be applied automatically on sub dirs
+chown root:root /opt/dedis
+
+# allow ls in sub dirs
+chmod 755 /opt/dedis
+chmod 755 /opt/exporter
+
+chown root:root /lib/systemd/system
+
+enable_service() {
+SERVICE=$1
+# Inspired from Debian packages (e.g. /var/lib/dpkg/info/openssh-server.postinst)
+# was-enabled defaults to true, so new installations run enable.
+if deb-systemd-helper --quiet was-enabled ${SERVICE}; then
+    # Enables the unit on first installation, creates new
+    # symlinks on upgrades if the unit file has changed.
+    deb-systemd-helper enable ${SERVICE} >/dev/null || true
+else
+    # Update the statefile to add new symlinks (if any), which need to be
+    # cleaned up on purge. Also remove old symlinks.
+    deb-systemd-helper update-state ${SERVICE} >/dev/null || true
+fi
+}
+
+DVOTING_SERVICE=dvoting.service
+enable_service ${DVOTING_SERVICE}
+systemctl start ${DVOTING_SERVICE}
+
+ln -s /opt/dedis/dvoting/bin/memcoin /usr/bin/memcoin
+
+enable_service exporter.service
+systemctl start exporter.service

deb-package/pkg/after-remove.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Inspired from Debian packages (e.g. /var/lib/dpkg/info/openssh-server.postinst)
+# In case this system is running systemd, we make systemd reload the unit files
+# to pick up changes.
+if [ -d /run/systemd/system ] ; then
+    systemctl --system daemon-reload >/dev/null || true
+fi
+
+if [ -x "/usr/bin/deb-systemd-helper" ]; then
+    deb-systemd-helper purge dvoting.service >/dev/null
+fi

deb-package/pkg/before-install.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# create dvoting group
+if ! getent group dvoting >/dev/null; then
+    groupadd -r dvoting
+fi
+
+# create dedis group
+if ! getent group dedis >/dev/null; then
+    groupadd -r dedis
+fi
+
+# create dvoting user
+if ! getent passwd dvoting >/dev/null; then
+useradd -M -r -g dedis -d /var/opt/dedis/dvoting \
+-s /usr/sbin/nologin -c "D-Voting user" dvoting
+fi
+
+# modify user to be in these groups
+usermod -aG dedis dvoting

deb-package/pkg/before-remove.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# stop service
+systemctl stop dvoting.service
+systemctl stop exporter.service
+
+rm -f /usr/bin/memcoin

deb-package/pkg/etc/dedis/dvoting/network.env

@@ -0,0 +1,6 @@
+export proxy_addr="0.0.0.0:9080"
+export prometheus_addr="0.0.0.0:9100"
+export node_exporter_addr="0.0.0.0:9101"
+
+export dela_listen="tcp://0.0.0.0:9000"
+export dela_public="//localhost:9000"

deb-package/pkg/lib/systemd/system/dvoting.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=D-Voting Node Service
+After=network.target
+
+[Service]
+User=dvoting
+
+ExecStartPre=/bin/rm -f /var/opt/dedis/dvoting/data/dela/daemon.sock
+ExecStart=/opt/dedis/dvoting/bin/start-dvoting
+
+KillSignal=SIGINT
+
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

deb-package/pkg/lib/systemd/system/exporter.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Prometheus Node Service
+
+[Service]
+User=dvoting
+
+ExecStart=/opt/dedis/dvoting/bin/start-exporter
+
+KillSignal=SIGINT
+
+Restart=on-failure
+RestartSec=1
+
+[Install]
+WantedBy=multi-user.target

deb-package/pkg/opt/dedis/dvoting/bin/start-dvoting

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+sleep 5
+
+source /opt/dedis/dvoting/config/config.env
+source /etc/dedis/dvoting/network.env
+
+echo "Starting ${dela_bin} on ${dela_listen} using folder ${dela_data} ..."
+
+LLVL=info ${dela_bin} --config ${dela_data} start --postinstall --promaddr ${prometheus_addr} --proxyaddr ${proxy_addr} --listen ${dela_listen} --public ${dela_public} --proxykey ${dela_proxy_pk}

deb-package/pkg/opt/dedis/dvoting/bin/start-exporter

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+source /etc/dedis/dvoting/network.env
+
+/opt/exporter/node_exporter --web.listen-address=${node_exporter_addr} --collector.systemd

deb-package/pkg/opt/dedis/dvoting/config/config.env

@@ -0,0 +1,4 @@
+# dela config
+export dela_bin="/opt/dedis/dvoting/bin/memcoin"
+export dela_data="/var/opt/dedis/dvoting/data/dela"
+export dela_proxy_pk=3c07e93b9d99032366f7d92697f8dc1337bf8bb617b3faa6389e94d18e3d0e40

deb-package/pkg/var/opt/dedis/dvoting/data/dela/access.json

@@ -0,0 +1 @@
+{"\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000":"eyJFeHByZXNzaW9ucyI6eyJnby5kZWRpcy5jaC9kZWxhLkFjY2VzczphbGwiOnsiSWRlbnRpdGllcyI6W3siTmFtZSI6IkJMUy1DVVJWRS1CTjI1NiIsIkRhdGEiOiJRaEx0WXhPTmkvK0JDT25maDVBSHoyRmkraUxOSnFrVllpMGRPdnc4Y053MDBLMytoS25SNEVoWEUrcWE2bzlKK09wbHNjL2JMeDBSVU9NdmdVQ1VQQ0tDRFk0WC9iblBaNEpZblJNdDdmYURCVnhFRGpsVmVmZ3lGZy9MeWpXbGNlZkJvTTJ5Rlh4NWlZNTZyQTZHblBBMUowbE9ZdThibmU2OUZrQUhyVmM9In1dLCJNYXRjaGVzIjpbWzBdXX19fQ=="}