mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2025-01-03 00:27:38 +00:00
Update prysm.sh to include slasher and sig verify (#5543)
* Add gpg detached signature checks * Add slasher * Pull key * move recv after log * use shasum, download pgp keys * only download key if not present * revert bazelversion change * Actually fail and allow bypass Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
This commit is contained in:
Preston Van Loon
GitHub
parent
49ca0751b6
commit
a6a2ad4409
62
prysm.sh
62
prysm.sh
@ -10,6 +10,8 @@ set -eu
|
||||
# Use USE_PRYSM_VERSION to specify a specific release version.
|
||||
# Example: USE_PRYSM_VERSION=v0.3.3 ./prysm.sh beacon-chain
|
||||
|
||||
readonly PRYLABS_SIGNING_KEY=0AE0051D647BA3C1A917AF4072E33E4DF1A5036E
|
||||
|
||||
function color() {
|
||||
# Usage: color "31;5" "string"
|
||||
# Some valid values for color:
|
||||
@ -62,7 +64,7 @@ function get_realpath() {
|
||||
# Complain if no arguments were provided.
|
||||
if [ "$#" -lt 1 ]; then
|
||||
color "31" "Usage: ./prysm.sh PROCESS FLAGS."
|
||||
color "31" "PROCESS can be beacon-chain or validator."
|
||||
color "31" "PROCESS can be beacon-chain, validator, or slasher."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@ -81,7 +83,7 @@ case "$OSTYPE" in
|
||||
cygwin*) system="windows" ;;
|
||||
*) exit 1 ;;
|
||||
esac
|
||||
|
||||
readonly system
|
||||
|
||||
if [ "$system" == "windows" ]; then
|
||||
arch="amd64.exe"
|
||||
@ -103,13 +105,44 @@ function get_prysm_version() {
|
||||
fi
|
||||
}
|
||||
|
||||
function verify() {
|
||||
file=$1
|
||||
|
||||
hash shasum 2>/dev/null || { echo >&2 "shasum is not available. Not verifying integrity of downloaded binary."; return failed_verification; }
|
||||
hash gpg 2>/dev/null || { echo >&2 "gpg is not available. Not verifying integrity of downloaded binary."; return failed_verification; }
|
||||
|
||||
color "37" "Verifying binary integrity."
|
||||
|
||||
gpg --list-keys $PRYLABS_SIGNING_KEY >/dev/null 2>&1 || curl --silent https://prysmaticlabs.com/releases/pgp_keys.asc | gpg --import
|
||||
(cd $wrapper_dir; shasum -a 256 -c "${file}.sha256" || failed_verification)
|
||||
(cd $wrapper_dir; gpg -u $PRYLABS_SIGNING_KEY --verify "${file}.sig" $file || failed_verification)
|
||||
|
||||
color "32;1" "Verified ${file} has been signed by Prysmatic Labs."
|
||||
}
|
||||
|
||||
function failed_verification() {
|
||||
skip=${PRYSM_ALLOW_UNVERIFIED_BINARIES-0}
|
||||
if [[ $skip == 1 ]]; then
|
||||
return 0
|
||||
fi
|
||||
color "31" "Failed to verify Prysm binary. Please erase downloads in the \
|
||||
dist directory and run this script again. Alternatively, you can use a \
|
||||
A prior version by specifying environment variable USE_PRYSM_VERSION \
|
||||
with the specific version, as desired. Example: USE_PRYSM_VERSION=v1.0.0-alpha.5 \
|
||||
If you must wish to continue running an unverified binary, specific the \
|
||||
environment variable PRYSM_ALLOW_UNVERIFIED_BINARIES=1"
|
||||
exit 1
|
||||
}
|
||||
|
||||
get_prysm_version
|
||||
|
||||
color "37" "Latest Prysm version is $prysm_version."
|
||||
|
||||
BEACON_CHAIN_REAL="${wrapper_dir}/beacon-chain-${prysm_version}-${system}-${arch}"
|
||||
VALIDATOR_REAL="${wrapper_dir}/validator-${prysm_version}-${system}-${arch}"
|
||||
SLASHER_REAL="${wrapper_dir}/slasher-${prysm_version}-${system}-${arch}"
|
||||
|
||||
if [[ $1 == beacon-chain ]]; then
|
||||
if [[ ! -x $BEACON_CHAIN_REAL ]]; then
|
||||
color "34" "Downloading beacon chain@${prysm_version} to ${BEACON_CHAIN_REAL} (${reason})"
|
||||
file=beacon-chain-${prysm_version}-${system}-${arch}
|
||||
@ -120,7 +153,9 @@ if [[ ! -x $BEACON_CHAIN_REAL ]]; then
|
||||
else
|
||||
color "37" "Beacon chain is up to date."
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $1 == validator ]]; then
|
||||
if [[ ! -x $VALIDATOR_REAL ]]; then
|
||||
color "34" "Downloading validator@${prysm_version} to ${VALIDATOR_REAL} (${reason})"
|
||||
|
||||
@ -132,6 +167,21 @@ if [[ ! -x $VALIDATOR_REAL ]]; then
|
||||
else
|
||||
color "37" "Validator is up to date."
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $1 == slasher ]]; then
|
||||
if [[ ! -x $SLASHER_REAL ]]; then
|
||||
color "34" "Downloading slasher@${prysm_version} to ${SLASHER_REAL} (${reason})"
|
||||
|
||||
file=slasher-${prysm_version}-${system}-${arch}
|
||||
curl -L "https://prysmaticlabs.com/releases/${file}" -o $SLASHER_REAL
|
||||
curl --silent -L "https://prysmaticlabs.com/releases/${file}.sha256" -o "${wrapper_dir}/${file}.sha256"
|
||||
curl --silent -L "https://prysmaticlabs.com/releases/${file}.sig" -o "${wrapper_dir}/${file}.sig"
|
||||
chmod +x $SLASHER_REAL
|
||||
else
|
||||
color "37" "Slasher is up to date."
|
||||
fi
|
||||
fi
|
||||
|
||||
case $1 in
|
||||
beacon-chain)
|
||||
@ -142,11 +192,17 @@ case $1 in
|
||||
readonly process=$VALIDATOR_REAL
|
||||
;;
|
||||
|
||||
slasher)
|
||||
readonly process=$SLASHER_REAL
|
||||
;;
|
||||
|
||||
*)
|
||||
color "31" "Usage: ./prysm.sh PROCESS FLAGS."
|
||||
color "31" "PROCESS can be beacon-chain or validator."
|
||||
color "31" "PROCESS can be beacon-chain, validator, or slasher."
|
||||
;;
|
||||
esac
|
||||
|
||||
verify $process
|
||||
|
||||
color "36" "Starting Prysm $1 ${@:2}"
|
||||
exec -a "$0" "${process}" "${@:2}"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user