Unverified Commit d6ce4c00 authored by s3krit's avatar s3krit Committed by GitHub
Browse files

Add deb and RPM repository config and documentation (#1676)



Co-authored-by: default avatarParity Releases <releases@parity.io>
Co-authored-by: default avatarDemi Marie Obenour <demiobenour@gmail.com>
parent b32dcc44
Pipeline #106214 passed with stages
in 18 minutes and 20 seconds
......@@ -7,5 +7,7 @@ runtime/wasm/target/
.idea
.vscode
polkadot.*
!polkadot.service
!.rpm/*
.DS_Store
.cargo
%define debug_package %{nil}
Name: polkadot
Summary: Implementation of a https://polkadot.network node in Rust based on the Substrate framework.
Version: @@VERSION@@
Release: @@RELEASE@@%{?dist}
License: GPLv3
Group: Applications/System
Source0: %{name}-%{version}.tar.gz
Requires: systemd, shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%description
%{summary}
%prep
%setup -q
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}
cp -a * %{buildroot}
%post
config_file="/etc/default/polkadot"
getent group polkadot >/dev/null || groupadd -r polkadot
getent passwd polkadot >/dev/null || \
useradd -r -g polkadot -d /home/polkadot -m -s /sbin/nologin \
-c "User account for running polkadot as a service" polkadot
if [ ! -e "$config_file" ]; then
echo 'POLKADOT_CLI_ARGS=""' > /etc/default/polkadot
fi
exit 0
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_bindir}/*
/usr/lib/systemd/system/polkadot.service
......@@ -4,9 +4,12 @@ path = "src/main.rs"
[package]
name = "polkadot"
description = "Implementation of a https://polkadot.network node in Rust based on the Substrate framework."
license = "GPL-3.0-only"
version = "0.8.23"
authors = ["Parity Technologies <admin@parity.io>"]
edition = "2018"
readme = "README.md"
[dependencies]
cli = { package = "polkadot-cli", path = "cli" }
......@@ -79,3 +82,33 @@ runtime-benchmarks=["cli/runtime-benchmarks"]
service-rewr= [
"cli/service-rewr",
]
# Configuration for building a .deb package - for use with `cargo-deb`
[package.metadata.deb]
name = "polkadot"
extended-description = "Implementation of a https://polkadot.network node in Rust based on the Substrate framework."
section = "misc"
maintainer = "martin@parity.io"
license-file = ["LICENSE", "0"]
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html
maintainer-scripts = "scripts/packaging/deb-maintainer-scripts"
assets = [
["target/release/polkadot", "/usr/bin/", "755"],
["scripts/packaging/polkadot.service", "/lib/systemd/system/", "644"]
]
conf-files = [
"/etc/default/polkadot"
]
# Configuration for building an .rpm package - for use with `cargo-rpm`
[package.metadata.rpm]
package = "polkadot"
[package.metadata.rpm.cargo]
buildflags = ["--release"]
[package.metadata.rpm.targets]
polkadot = { path = "/usr/bin/polkadot" }
[package.metadata.rpm.files]
"../scripts/packaging/polkadot.service" = { path = "/usr/lib/systemd/system/polkadot.service", mode = "644" }
......@@ -12,12 +12,55 @@ information about installing the `polkadot` binary and developing on the codebas
specific guides, like how to be a validator, see the
[Polkadot Wiki](https://wiki.polkadot.network/docs/en/).
## Building
## Installation
If you just wish to run a Polkadot node without compiling it yourself, you may
either run the latest binary from our
[releases](https://github.com/paritytech/polkadot/releases) page, or install
Polkadot from one of our package repositories.
Installation from the debian or rpm repositories will create a `systemd`
service that can be used to run a Polkadot node. This is disabled by default,
and can be started by running `systemctl start polkadot` on demand (use
`systemctl enable polkadot` to make it auto-start after reboot). By default, it
will run as the `polkadot` user. Command-line flags passed to the binary can
be customised by editing `/etc/default/polkadot`. This file will not be
overwritten on updating polkadot. You may also just run the node directly from
the command-line.
### Debian-based (Debian, Ubuntu)
Currently supports Debian 10 (Buster) and Ubuntu 20.04 (Focal), and
derivatives. Run the following commands as the `root` user.
```
# Import the security@parity.io GPG key
gpg --recv-keys --keyserver hkps://keys.mailvelope.com 9D4B2B6EB8F97156D19669A9FF0812D491B96798
gpg --export 9D4B2B6EB8F97156D19669A9FF0812D491B96798 > /usr/share/keyrings/parity.gpg
# Add the Parity repository and update the package index
echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list
apt update
# Install polkadot
apt install polkadot
### Use a Provided Binary
```
### RPM-based (Fedora, CentOS)
If you want to connect to one of the networks supported by this repo, you can go to the latest
release and download the binary that is provided.
Currently supports Fedora 32 and CentOS 8, and derivatives.
```
# Install dnf-plugins-core (This might already be installed)
dnf install dnf-plugins-core
# Add the repository and enable it
dnf config-manager --add-repo https://releases.parity.io/rpm/polkadot.repo
dnf config-manager --set-enabled polkadot
# Install polkadot (You may have to confirm the import of the GPG key, which
# should have the following fingerprint: 9D4B2B6EB8F97156D19669A9FF0812D491B96798)
dnf install polkadot
```
## Building
### Install via Cargo
......
#!/bin/sh
set -e
action="$1"
config_file="/etc/default/polkadot"
if [ "$action" = "configure" ]; then
# Make user and group
getent group polkadot >/dev/null 2>&1 || addgroup --system polkadot
getent passwd polkadot >/dev/null 2>&1 ||
adduser --system --home /home/polkadot --disabled-password \
--ingroup polkadot polkadot
if [ ! -e "$config_file" ]; then
echo 'POLKADOT_CLI_ARGS=""' > /etc/default/polkadot
fi
fi
[Unit]
Description=Polkadot Node
After=network.target
Documentation=https://github.com/paritytech/polkadot
[Service]
EnvironmentFile=-/etc/default/polkadot
ExecStart=/usr/bin/polkadot $POLKADOT_CLI_ARGS
User=polkadot
Group=polkadot
Restart=always
RestartSec=120
MemoryHigh=5400M
MemoryMax=5500M
CapabilityBoundingSet=
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
PrivateMounts=true
PrivateTmp=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
RemoveIPC=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@clock @module @mount @reboot @swap @privileged
UMask=0027
[Install]
WantedBy=multi-user.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment