Collaboration with cryptoanarchy deb repo? #3898
Replies: 21 comments
-
I can see that idea and if a trusted community builds around that repo it can be a source to make installs of apps easier and get interesting for a project like RaspiBlitz. @Kixunil keep us updated. |
Beta Was this translation helpful? Give feedback.
-
What would be the best approach in your opinion? To wait until every piece of Raspiblitz is packaged or to have mixed version first? Mixed version seems to be easier to me, but maybe there's a very good reason to avoid it? |
Beta Was this translation helpful? Give feedback.
-
Is it possible to start with apps like wasabi/btcpayserver/qpay while keeping bitcoin/lnd like it is for the time beeing? Also can you maybe give on the next Lightning Hackday a short overview how you plan to build up a community review over that repo? |
Beta Was this translation helpful? Give feedback.
-
Since bitcoin and lnd are dependencies of all others doing it in the opposite direction is not great, but it is technically possible. We could create special packages that contain nothing and provide the necessary features (configuration mainly) and have I think the overview is short enough to write it here. :)
I don't plan to attend Lightning Hackday in person at this moment (this could change, but unlikely, especially due to Corona, I'm surprised it wasn't canceled yet), but I would be interested in remote participation if possible. |
Beta Was this translation helpful? Give feedback.
-
The Lightning Hackday will be online/remote - so there will be a chance. Maybe it makes sense to start first a new kind of device to use your repo for - is there a open router or a NAS based on debian for which the repo can be used to easily build a node plugin? Once there is a good trusted codechain governance we could think about changing the lnd & bitcoind installs. |
Beta Was this translation helpful? Give feedback.
-
I don't know about existing Debian-based routers/NAS. I did some basic tests on Odroid H2 with freshly installed Debian 10 and it looks good. I will definitely test more. I'd like to finish RTL (working on it right now) before serious testing. |
Beta Was this translation helpful? Give feedback.
-
@Kixunil just a heads up, that we are moving to 64bit arm (aarch64) with the next release. We should look into this more as using the repo would make the installations much quicker especially using:
My question is how much can we keep up with the quick version iteration of the apps like ThunderHub? Building from source leaves a lot of freedom, but as I understand we would need to update in https://github.com/Kixunil/cryptoanarchy-deb-repo-builder first to be able to test the latest releases. |
Beta Was this translation helpful? Give feedback.
-
Great to hear that! I already have someone testing 64 bit version of the repository on RPi 4 and it seems to mostly work, though not entirely without problems.
Depends on what your requirements are. If you want to review every single release with zero trust in the author, it'd be tough. However, if you assume the author of the app is trusted, then it's very easy most of the time - just add a changelog entry and re-run tests. As an example, latest BTCPayServer update was trivial, just needed to update the tests as BTCPay improved some flows. On the other hand some things need other changes - changed APIs, signature validation, new useful features, configuration migrations. In the specific case of ThunderHub, there was a significant roadblock regarding breaking change of root path. This means my version is lagging behind as I didn't have the time to resolve it properly. There's multi-stage testing going on - first the automated tests are run (x86_64 only, though). If they succeed, the package is added to After an app was in Exceptions when an update can bypass experimental are highly critical bugs. E.g. in the past there was a bug in ThunderHub that could completely knock out LND. So the updated package went straight to |
Beta Was this translation helpful? Give feedback.
-
For v1.8 we will have some refactoring todo anyway .. I will mark this for a closer look and teamdiscuss again. |
Beta Was this translation helpful? Give feedback.
-
Feel free to ask any questions if something needs to be clarified! I should be flexible enough to reserve time for more interactive communication if needed. |
Beta Was this translation helpful? Give feedback.
-
Very cool. This would solve the problem of not being able to run on a VM, as he run on Quebes OS with Debian. Also, the packaging style helps upgrade and remove of services, using native debian tool (APT). |
Beta Was this translation helpful? Give feedback.
-
I don't understand, everything is handled for the user. |
Beta Was this translation helpful? Give feedback.
-
@Kixunil Sorry if Im misinterpreting something. I was because of the need to add your key and reacg your repository. The plan is each user self hosting it, and using a main repo for updates on releases? |
Beta Was this translation helpful? Give feedback.
-
@nyxnor various people have various levels of trust. Those who trust me (and Microsoft) sufficiently can just add those keys/repositories and then everything works with Since most packages are deterministic I have hopes for some nice multi party verification scheme one day in the future. |
Beta Was this translation helpful? Give feedback.
-
Hi @Kixunil to give it a closer look in preparation for v1.8 in regards to #43 I tried to use it on a clean RaspberryPi - with this base image that we also use for RaspiBlitz v1.7: https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2021-04-09/ I floowed the setup steps: https://github.com/debian-cryptoanarchy/cryptoanarchy-deb-repo-builder#how-to-setup-the-beta-debian-repository But when I for example want to install
What did I miss? How to fix this? |
Beta Was this translation helpful? Give feedback.
-
Beta doesn't have packages compiled for arm64, experimental has. I like to avoid blatantly publishing the instructions for experimental, so that noobs wouldn't use it. I can send it using Keybase, do you use it? |
Beta Was this translation helpful? Give feedback.
-
@Kixunil I dont use keybase for messaging .. I thinks ist safe to post instructions here - and it has the name experimental in it, so it should quite clear that this is just for testing. |
Beta Was this translation helpful? Give feedback.
-
OK, if any noob sees this I'm not providing support for it to people unfamiliar with command line. There's a different key, which you can just wget and import to system keyring. Then Note that BTCPayServer doesn't work because MS doesn't provide deb packages. (I hope to build them on my own, but didn't have time yet.) ThunderHub doesn't work because npm sucks at cross compilation of native code. Other things should work fine. |
Beta Was this translation helpful? Give feedback.
-
@Kixunil ok so this seems to work so far on my test raspberrypi-64bit:
It also looks good when i install the |
Beta Was this translation helpful? Give feedback.
-
@rootzoll @Kixunil reading the code I would think that |
Beta Was this translation helpful? Give feedback.
-
Correct, it's hard-coded because it relies on Nginx anyway to properly route requests to different apps. |
Beta Was this translation helpful? Give feedback.
-
Hi, I'd like to explore the possibility of collaboration with cryptoanarchy deb repository, which approaches the topic of making a Bitcoin full node with accompanying software using Debian packages.
The advantages of Debian packaging
apt-get install X
andX
gets installed and configured together with its dependencies automatically.debconf
and other tooling.debconf
makes it possible to avoid irrelevant configuration options (e.g. port numbers) without missing the important questions (e.g. "Your disk space is low, select another location for Bitcoin timechain data")Replaces
, obviously)The disadvantages of Debian packages
Current status of my project
Cryptoanarchy deb repo builder is currently experimental and so I wouldn't advise to integrate it into raspiblitz at this moment. This issue is meant to open the discussion about sharing our resources in order to create a better system, hopefully sooner.
Things that might be relevant/interesting for raspiblitz, in no particular order:
btc-rpc-proxy
to make permissions even more granular. This is a notable exception to the above because there's zero security benefit running it under a different user thanbitcoin-mainnet
btc-rpc-proxy
is automatically configured to use correct RPC port ofbitcoind
and it's automatically, correctly reconfigured when it's changed usingdpkg-reconfiure
. Making this work was a bit tedious, so there are plans to make it even cleaner./var/lib/bitcoin-mainnet
dbconfig
(not to be confused withdebconf
) to automatically, correctly configure the databaseelectrs
requiring the absence of pruning. In this case, there's a special packagebitcoin-fullchain-mainnet
that's only responsible for configuration - has no code, nor services. The installation of this package turns off pruning.electrs
then depends on this package. (Actually, during writing of this I realized, I forgot to add this dependency correctly. :D Will be easy fix soon.)Interesting planned features
What I need to know
We have discussed this briefly at LNConf, so as far as I remember, this is interesting for you. I'd like to know some things to understand how should I continue.
Disclaimer/clarification
Raspberry Pi is currently not my target platform. I have some specific requirements about automation and UX. As much as I like to contribute to Open Source projects, I can't afford to do this kind of contribution without getting anything back. I'm seeking balanced cooperation, where I provide a framework for doing the things described above and support for that framework and get back help with testing and packaging new things. I figured it's better to be open and honest about this. Hope we can find some common ground.
Beta Was this translation helpful? Give feedback.
All reactions