deb - Debian package creation error with virtualenv ...
Bitcoin Core version 0.19.0.1 released
Merge #12769: Add systemd service to bitcoind in debian ...
[IDEA] [PROPOSAL] Monero Debian (deb) packages / Debian package repository deb.getmonero.org (I can do)
I have the skills to implement this if wanted. Possible User Experience This is a proposal, i.e. not implemented yet. Instructions for users, simplified. How to install monero using apt-get Download the repository signing key. wget https://www.getmonero.org/monero.asc Add the signing key. sudo apt-key --keyring /etc/apt/trusted.gpg.d/monero.gpg add ~/monero.asc Add APT repository. echo "deb https://deb.getmonero.org buster main" | sudo tee /etc/apt/sources.list.d/monero.list Update your package lists. sudo apt-get update Install monero. sudo apt-get install monero A few technical implementation details I would simply grab the binaries provided by getmonero.org, download them, check software (gpg) signatures, put these into deb packages, add these to a repository, and upload the repository. What I would not do is creating the binaries during package creation. While this is nice to have, it doesn't help user experience and blocks the progress on reaching this goal. See next chapter. Why simply put the pre-build Monero binaries into a deb package? 1) After bitcoin existing for more than 10 years, being popular and being in Debian unstable (sid) it still never made its way into Debian testing, let alone stable. Reason being explained that a difference in underlying libraries (even just security fixes) during compilation may result in a network split. Binaries compiled during packaging on different versions of Linux distributions might have different libraries that might cause a network fork / chain split. References:
(Note: above website saying Tags: fixed-upstream is probably a mistake as discussion at bottom says.) 2) The github issue of packaging monero stalled. 3) By shipping the same binaries as provided by getmonero.org reduces the chances of introducing a backdoor. Many Options
By adding Monero to Whonix repository, a effort for creating a separate Monero repository could be saved. I.e. instead of deb https://deb.getmonero.org buster main users could do deb https://deb.whonix.org buster main. It's really just about the upload location. By providing DNS, even upload to Whonix server can offer https://deb.getmonero.org.
Either I create the build instructions and source code of this implementation (Debian package and repository creation) the long term maintenance of putting new binaries into updated packages or only create build instructions and source code and someone from Monero team could create the actual deb packages and deb repository.
gpg signed debs. Either gpg signed debs or an apt repository. Or both. Your choice.
I'd start with Debian and perhaps Ubuntu packages for 64bit. Perhaps also 32bit. Potentially I could also do packaging for Feodra based distributions.
Timeline Doable quickly. The electrum (bitcoin) AppImage was recently added to a Debian package (binaries-freedom) by me and is now easily installable in Whonix. Pre-installed in testers version of Whonix already. About Me I am the founder of Whonix, which I am maintaining at present for more than 7 years. Whonix (formerly TorBOX) is a Debian GNU/Linux–based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. You can see an overview of packages I am maintaining on my github profile. To proof that this forum account adrelanos corresponds the same person maintaining whonix.org, it is added here. Questions What happened to, what is the successor of the forum funding system?
Why is does it take so long to shut down an node used only as a JSON-RPC server?
I'm trying to sync a full node that will only be used as a JSON-RPC server (no mining). I tried to modify the config file and added a service unit, so that the node can run in a low-end VPS with minimum RAM and CPU capabilities. The problem is that the server takes too long to stop, and it's terminated by the system, so it always start rewinding blocks that have been already downloaded. Here is my configuration file:
server=1 daemon=1 #debug=mempool debug=rpc # If run on the test network instead of the real bitcoin network # testnet=1 # You must set rpcuser and rpcpassword to secure the JSON-RPC api # Please make rpcpassword to something secure, `5gKAgrJv8CQr2CGUhjVbBFLSj29HnE6YGXvfykHJzS3k` for example. # Listen for JSON-RPC connections on (default: 8332 or testnet: 18332) rpcuser=myuser rpcpassword=pypassword rpcport=8332 # Enable blocks pruning #prune=550 # Limit dbcache=50 maxconnections=4 rpcthreads=2
And the service unit:
# It is not recommended to modify this file in-place, because it will # be overwritten during package upgrades. If you want to add further # options or overwrite existing ones then use # $ systemctl edit bitcoind.service # See "man systemd.service" for details. # Note that almost all daemon options could be specified in # /etc/bitcoin/bitcoin.conf [Unit] Description=Bitcoin daemon After=network.target [Service] ExecStart=/usbin/bitcoind -daemon=0 -datadir=/home/jsonrpc/bitcoin -conf=/home/jsonrpc/bitcoin/settings.conf ExecStop=/usbin/bitcoin-cli -datadir=/home/jsonrpc/bitcoin -conf=/home/jsonrpc/bitcoin/settings.conf stop # Creates /run/bitcoind owned by bitcoin #RuntimeDirectory=/home/jsonrpc/bitcoin WorkingDirectory=/home/jsonrpc/bitcoin User=jsonrpc Group=jsonrpc TimeoutStopSec=15m #CPUQuota=4% #MemoryLimit=128M #IOReadIOPSMax=10 #IOWriteIOPSMax=10 Type=simple #Restart=on-failure # Hardening measures #################### # Provide a private /tmp and /vatmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. # Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS #MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target
bitcoin daemon service gets stuck in the command-line
I modified bitcoin.service like follows
# It is not recommended to modify this file in-place, because it will # be overwritten during package upgrades. If you want to add further # options or overwrite existing ones then use # $ systemctl edit bitcoind.service # See "man systemd.service" for details. # Note that almost all daemon options could be specified in # /etc/bitcoin/bitcoin.conf [Unit] Description=Bitcoin daemon After=network.target [Service] ExecStart=/usbin/bitcoind -daemon -datadir=/home/deploy/.bitcoin -conf=/home/deploy/.bitcoin/bitcoin.conf -pid=/run/bitcoind.pid # Creates /run/bitcoind owned by bitcoin RuntimeDirectory=bitcoind User=deploy Group=deploy Type=forking PIDFile=/run/bitcoind.pid Restart=on-failure # Hardening measures #################### # Provide a private /tmp and /vatmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. # Commented out as it's not supported on Debian 8 or Ubuntu 16.04 LTS #MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target
so that the settings and data are kept under the user deploy's home directory, the only problem is that when I run the command to start the service, it gets stuck as if it wasn't running in daemon mode. Then I have to enter CTR-C to get the command prompt again.
$ sudo systemctl start bitcoind ^C $ sudo systemctl status bitcoind ● bitcoind.service - Bitcoin daemon Loaded: loaded (/lib/systemd/system/bitcoind.service; disabled; vendor preset: enabled) Active: activating (start) since Thu 2018-10-04 01:45:26 CEST; 25s ago Process: 51145 ExecStart=/usbin/bitcoind -daemon -datadir=/home/deploy/.bitcoin -conf=/home/deploy/.bitcoin/bitcoin.conf -pid=/run/bitcoind.pid (code=exited, status=0/SUCCESS) Tasks: 12 Memory: 578.0M CPU: 14.100s CGroup: /system.slice/bitcoind.service └─51147 /usbin/bitcoind -daemon -datadir=/home/deploy/.bitcoin -conf=/home/deploy/.bitcoin/bitcoin.conf -pid=/run/bitcoind.pid Oct 04 01:45:26 host systemd: Starting Bitcoin daemon... Oct 04 01:45:26 host systemd: bitcoind.service: PID file /run/bitcoind.pid not readable (yet?) after start: No such file or directory
Hello, i think that established DNM vendors should move out from centralized escrow and start their own direct store so loss of funds, LE seizures and exit scams and anonymart seems to fit very well the purpose. The whole point is that these personal vendors seller should be something considered disposable, son even in the case of hack/seizures no money should be lost and noone should be hamred. Starting from this point there is the necessity of these things: 1) Server should be bought anonymously and not linkable to anyone (i'm writing a guide about that) 2) No money or private keys should be stored on the server 3) Payment address should be signed with owner pgp key to prevent payment address substitution via hacking 4) All personal information should be encrypted when stored on the server and deleted as soon as they are not needed As i understand you have implemented 2 and 4 well, while currently 3 can not be implemented because of the payment address generation. I've tried to deploy anonymart on a fresh Debian 7 x64 but i had the following problems: 1) Composer run out of memory on a 512MB VPS. While this can be solved adding swap, this amount of ram is more than enough to run this type of webserver stack. Requiring more just for composer would be stupid, but you can simply add swap creation and deletion to your init/update script. 2) I had multiple troubles with ufw. I haven't understand yet how but it seems to to cut me out on ssh even when in your script it's specifically allowed. 3) Nginx show nothing in the error log but when i access the newly created hidden service it redirect me to /settings/create which outputs just "Whoops, looks like something went wrong." At that point i don't know how to troubleshoot the problem. 4) Are all these php dependencies really needed? What's the transmission composer package for? I fell like this is horrible for security and even worse assuming you have auto-update. Even if one of them is poorly coded, backdoored (or taken over and backdoored later) or anything else all install would be compromised. I understand the concept of 'not reinventing the wheel', but for the reduced features it offers, i feel like there's really too much required. Obviously that's just an opinion, but this list seems pretty huge even removing symfony and laravel components:
Installing fgrosse/php asn1 (1.3.1) Loading from cache
It would also be nice if there were integrated some sort of api, like for example a json list of the products so it would be easy to build a search engine for all anonymart based stores. I'm also working on modifying the init script to harden the server (add a waf, disable unsecure php functions ecc.).
the debian/rules file, the package's build files (since the upstream author may specify flags there too), the build system used (dh, cdbs etc.), the default compiler settings. To see the flags used you effectively need to at least compile the package: debian/rules build Trying things like. debian/rules -n What I would not do is creating the binaries during package creation. While this is nice to have, it doesn't help user experience and blocks the progress on reaching this goal. See next chapter. Why simply put the pre-build Monero binaries into a deb package? 1) After bitcoin existing for more than 10 years, being popular and being in Debian unstable (sid) it still never made its way into ... Debian Package Creation postinst as non-root. 0. Cannot create deb package. 1. How to build Mongodb 3.4 (mongod) for Debian 8 Jessie (stable)? Hot Network Questions Can visitors sell to CJ and Flick? Why can I say \input something but not \centerline something? What would be reasons NOT to invest in a small company that has great leadership, talented workers and an amazing product? Why do the ... The minimum supported miniUPnPc API version is set to 10. This keeps compatibility with Ubuntu 16.04 LTS and Debian 8 libminiupnpc-dev packages. Please note, on Debian this package is still vulnerable to CVE-2017-8798 (in jessie only) and CVE-2017-1000494 (both in jessie and in stretch). 0.19.0 change log Consensus This is a good HOWTO for creating a basic .deb file. It is suitable for creating .deb files for personal use but not stringent enough if you want to the package to be included in Debian / Ubuntu - for that you should read the Debian New Maintainer's Guide and/or the Ubuntu Packaging Guide (which I believe you've already tried).. A good tool for checking your .deb file for compliance is lintian ...
In this video series I plan to walk you through Debian package management, starting from the basics right through to what you will want to know as a systems administrator. In this episode we take ... Unix & Linux: How do I create a Debian package for a python progarm? Helpful? Please support me on Patreon: https://www.patreon.com/roelvandepaar With thanks... How To Create Debian Packages Note: Commands here are just for examples. They will NOT run as they are shown here. You have to adapt them to your own needs a... Learn to create a functioning debian package file for distribution on your Raspberry Pi. Instal the package on any RPi. We take you through a simple C program to creating a MAN page. In this video series I plan to walk you through Debian package management, starting from the basics right through to what you will want to know as a systems ...