-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding amd64 debian packager, checksums, README updates. #312
Conversation
Once merged, this will supersede #265, I believe. |
@bobbinth correct. I forgot to mention in the PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left some comments, but they are mostly nits and I don't think this PR needs to be blocked because of them. Any necessary changes can be done on follow ups.
- name: Checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried git clone --depth=0
and got this error:
fatal: depth 0 is not a positive number
Shouldn't this be a 1
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can adjust to 1, this is the fetch-depth we use with other versions of this same process. If you would like can adjust, let me know.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it works then all good :) I assumed the CI would fail like it does locally
- 'main' | ||
- 'next' | ||
paths: | ||
- '**' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are the exact semantics here? The docs are not that clear.
What if I have a commit git commit --allow-empty
, will this trigger? Or more importantly, when a tag is pushed by itself?
What is the difference no not having this option?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It triggers when any commit is pushed with a tag and captures all paths, including the . directories such as the .github for adding to the work flow.
fetch-depth: 0 | ||
##### TAG Variable ##### | ||
- name: Adding TAG to ENV | ||
run: echo "GIT_TAG=`echo $(git describe --tags --abbrev=0)`" >> $GITHUB_ENV |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't GITHUB_REF
be used instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It could be , but I use a defined variable here as there have been edge cases with other projects that created problems. To avoid conflicts, went this route, if you wish I can adjust.
@@ -0,0 +1,11 @@ | |||
# This is a postinstallation script so the service can be configured and started when requested | |||
# | |||
sudo adduser --disabled-password --disabled-login --shell /usr/sbin/nologin --quiet --system --no-create-home --home /nonexistent miden |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The options --disabled-password
and --disable-login
seem to conflict with one another ref:
--disabled-login
Do not run passwd to set the password. The user won't be able to use her account until the password is set.
--disabled-password
Like --disabled-login, but logins are still possible (for example using SSH RSA keys) but not using password authentication.
Shouldn't this use --disabled-login
only?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also add GECOS
here --gecos Miden
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
--no-create-home
should make --home /nonexistent
unecessary:
--home DIR
Use DIR as the user's home directory, rather than the default specified by the configuration file. If the directory does not exist, it is created and skeleton files are copied.
...
--no-create-home
Do not create the home directory, even if it doesn't exist.
@@ -0,0 +1,11 @@ | |||
# This is a postinstallation script so the service can be configured and started when requested |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be missing the hashbang.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will invoke, adding in a commit to address this.
.github/workflows/deb_packager.yml
Outdated
push: | ||
branches: | ||
- 'main' | ||
- 'next' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
next
is the development/integration branch. I think we should release only from main
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed next
echo "Priority: optional" >> packaging/deb/miden-node/DEBIAN/control | ||
echo "Architecture: amd64" >> packaging/deb/miden-node/DEBIAN/control | ||
echo "Maintainer: [email protected]" >> packaging/deb/miden-node/DEBIAN/control | ||
echo "Description: miden-node binary package" >> packaging/deb/miden-node/DEBIAN/control |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also add:
echo "Homepage: https://polygon.technology/polygon-miden" >> packaging/deb/miden-node/DEBIAN/control
echo "Vcs-Git: [email protected]:0xPolygonMiden/miden-node.git" >> packaging/deb/miden-node/DEBIAN/control
echo "Vcs-Browser: https://github.com/0xPolygonMiden/miden-node" >> packaging/deb/miden-node/DEBIAN/control
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added
- '**' | ||
tags: | ||
- 'v*.*.*' | ||
- 'v*.*.*-*' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure we need this option, we use semver. Is the intent here to use the -*
to describe Debian's revision? I personally would avoid having a distro specific strategy here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this is building specifically debian packages, I included this. For RPM based building it will adjust accordingly as it is a separate builder.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can adjust to whatever is preferred versioning/tagging :)
- name: Cleaning repo | ||
run: cargo clean | ||
- name: Building for amd64 | ||
run: cargo build --release |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reviewer note: The concurrent
feature flag is enabled in the Cargo.toml
. So this should be enough as is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed the clean, note as I am using the standalone I always want to make sure that the node cleans the repo, but as long as it is not on a self hosted runner, this is just an extra step.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, the comment was not about the clean
, I was just leaving a comment for reference, explaining why we don't need a --features
flag in here.
.github/workflows/deb_packager.yml
Outdated
echo "Section: base" >> packaging/deb/miden-node/DEBIAN/control | ||
echo "Priority: optional" >> packaging/deb/miden-node/DEBIAN/control | ||
echo "Architecture: amd64" >> packaging/deb/miden-node/DEBIAN/control | ||
echo "Maintainer: [email protected]" >> packaging/deb/miden-node/DEBIAN/control |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The format here seems incomplete ref:
The package maintainer’s name and email address. The name must come first, then the email address inside angle brackets <> (in RFC822 format).
It should be Polygon Devops <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thank you for creating these! I left just one minor nit inline.
Also, a question for the future: we now have 2 copies of miden-node.toml
and genesis.toml
files. One set stored in packaging
and another in miden-node
directories. This means we'll need to keep them in sync as we change their formats. I wonder if there is a way to keep only one version of these files (either here or there).
I don't think we need to solve this in this PR though - so, just creating an issue so that we can figure out the right approach is fine for now.
```sh | ||
miden-node make-genesis -i $input_location_for_gensis.toml -o $output_for_gensis.dat_and_accounts | ||
``` | ||
The debian package has a checksum, you can verify this checksum by download the debian package and checksum file to the same directory and running the following command: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
potential typo: should "download" be "downloading"?
Also, should we say where the package and checksum can be downloaded from?
Created #318 for this. |
Adding debian packager for amd64
Checksum function for package
Updated Readme.md for packages and checksum
Added packager directory, contains postinst, postrm, and cloned copy of the toml files for miden. Note, these are just place holders and they should be adjusted.
Created service file.
Tested on Ubuntu 22