*update build script

This commit is contained in:
Derrick Hammer 2023-03-18 12:35:57 -04:00
parent 51bc9ccb32
commit 788781c31c
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
2 changed files with 165 additions and 279 deletions

View File

@ -18,6 +18,14 @@
"timers": "timers-browserify" "timers": "timers-browserify"
}, },
"devDependencies": { "devDependencies": {
"@types/node": "^18.15.3" "@scure/bip39": "^1.1.1",
"@skynetlabs/skynet-nodejs": "^2.9.0",
"@types/node": "^18.15.3",
"@types/read": "^0.0.29",
"cli-progress": "^3.12.0",
"esbuild": "^0.17.12",
"read": "^2.0.0",
"timers-browserify": "^2.0.12",
"typescript": "^5.0.2"
} }
} }

View File

@ -1,35 +1,27 @@
// This is the standard build script for a kernel module. // This is the standard build script for a kernel module.
import * as fs from "fs" import * as fs from "fs";
import { import read from "read";
addContextToErr, import * as bip39 from "@scure/bip39";
b64ToBuf, import { wordlist } from "@scure/bip39/wordlists/english.js";
bufToHex, //@ts-ignore
deriveRegistryEntryID, import { SkynetClient } from "@skynetlabs/skynet-nodejs";
entryIDToSkylink,
generateSeedPhraseDeterministic,
seedPhraseToSeed,
sha512,
taggedRegistryEntryKeys,
} from "libskynet"
import { generateSeedPhraseRandom, overwriteRegistryEntry, upload } from "libskynetnode"
import read from "read"
// Helper variables to make it easier to return empty values alongside errors. // Helper variables to make it easier to return empty values alongside errors.
const nu8 = new Uint8Array(0) const nu8 = new Uint8Array(0);
const nkp = { const nkp = {
publicKey: nu8, publicKey: nu8,
secretKey: nu8, secretKey: nu8,
} };
// readFile is a wrapper for fs.readFileSync that handles the try-catch for the // readFile is a wrapper for fs.readFileSync that handles the try-catch for the
// caller. // caller.
function readFile(fileName: string): [string, string | null] { function readFile(fileName: string): [string, string | null] {
try { try {
let data = fs.readFileSync(fileName, "utf8") let data = fs.readFileSync(fileName, "utf8");
return [data, null] return [data, null];
} catch (err) { } catch (err) {
return ["", "unable to read file: " + JSON.stringify(err)] return ["", "unable to read file: " + JSON.stringify(err)];
} }
} }
@ -37,10 +29,10 @@ function readFile(fileName: string): [string, string | null] {
// for the caller. // for the caller.
function readFileBinary(fileName: string): [Uint8Array, string | null] { function readFileBinary(fileName: string): [Uint8Array, string | null] {
try { try {
let data = fs.readFileSync(fileName, null) let data = fs.readFileSync(fileName, null);
return [data, null] return [data, null];
} catch (err) { } catch (err) {
return [nu8, "unable to read file: " + JSON.stringify(err)] return [nu8, "unable to read file: " + JSON.stringify(err)];
} }
} }
@ -48,55 +40,13 @@ function readFileBinary(fileName: string): [Uint8Array, string | null] {
// non-exception way. // non-exception way.
function writeFile(fileName: string, fileData: string): string | null { function writeFile(fileName: string, fileData: string): string | null {
try { try {
fs.writeFileSync(fileName, fileData) fs.writeFileSync(fileName, fileData);
return null return null;
} catch (err) { } catch (err) {
return "unable to write file: " + JSON.stringify(err) return "unable to write file: " + JSON.stringify(err);
} }
} }
// hardenedSeedPhrase will take a password, harden it with 100,000 iterations
// of hashing, and then turn it into a seed phrase.
function hardenedSeedPhrase(password: string): [string, string | null] {
let pw = password
// Add some hashing iterations to the password to make it stronger.
for (let i = 0; i < 1000000; i++) {
let passU8 = new TextEncoder().encode(password)
let hashIter = sha512(passU8)
password = bufToHex(hashIter)
}
return generateSeedPhraseDeterministic(password)
}
// seedPhraseToRegistryKeys will convert a seed phrase to the set of registry
// keys that govern the registry entry where the module is published.
function seedPhraseToRegistryKeys(seedPhrase: string): [any, Uint8Array, string | null] {
let [seed, errVSP] = seedPhraseToSeed(seedPhrase)
if (errVSP !== null) {
return [nkp, nu8, addContextToErr(errVSP, "unable to compute seed phrase")]
}
let [keypair, datakey, errTREK] = taggedRegistryEntryKeys(seed, "module-build", "module-key")
if (errTREK !== null) {
return [nkp, nu8, addContextToErr(errTREK, "unable to compute registry entry keys")]
}
return [keypair, datakey, null]
}
// seedPhraseToRegistryLink will take a seedPhrase as input and convert it to
// the registry link for the module.
function seedPhraseToRegistryLink(seedPhrase: string): [string, string | null] {
let [keypair, datakey, errSPTRK] = seedPhraseToRegistryKeys(seedPhrase)
if (errSPTRK !== null) {
return ["", addContextToErr(errSPTRK, "unable to compute registry keys")]
}
let [entryID, errDREID] = deriveRegistryEntryID(keypair.publicKey, datakey)
if (errDREID !== null) {
return ["", addContextToErr(errDREID, "unable to compute registry entry id")]
}
let registryLink = entryIDToSkylink(entryID)
return [registryLink, null]
}
// handlePass handles all portions of the script that occur after the password // handlePass handles all portions of the script that occur after the password
// has been requested. If no password needs to be requested, handlePass will be // has been requested. If no password needs to be requested, handlePass will be
// called with a null input. We need to structure the code this way because the // called with a null input. We need to structure the code this way because the
@ -110,41 +60,46 @@ function handlePass(password: string) {
if (!fs.existsSync(seedFile) && process.argv[2] === "prod") { if (!fs.existsSync(seedFile) && process.argv[2] === "prod") {
// The file does not exist, we need to confirm the // The file does not exist, we need to confirm the
// password. // password.
console.log() console.log();
console.log("No production entry found for module. Creating new production module...") console.log(
console.log("If someone can guess the password, they can push arbitrary changes to your module.") "No production entry found for module. Creating new production module..."
console.log("Please use a secure password.") );
console.log() console.log(
read({ prompt: "Confirm Password: ", silent: true }, function (err: any, confirmPassword: string) { "If someone can guess the password, they can push arbitrary changes to your module."
);
console.log("Please use a secure password.");
console.log();
read(
{ prompt: "Confirm Password: ", silent: true },
function (err: any, confirmPassword: string) {
if (err) { if (err) {
console.error("unable to fetch password:", err) console.error("unable to fetch password:", err);
process.exit(1) process.exit(1);
} }
if (password !== confirmPassword) { if (password !== confirmPassword) {
console.error("passwords do not match") console.error("passwords do not match");
process.exit(1) process.exit(1);
} }
password = password + moduleSalt handlePassConfirm(moduleSalt, password);
handlePassConfirm(password) }
}) );
} else { } else {
// If the seed file does exist, or if we are using dev, // If the seed file does exist, or if we are using dev,
// there's no need to confirm the password but we do // there's no need to confirm the password but we do
// need to pass the logic off to the handlePassConfirm // need to pass the logic off to the handlePassConfirm
// callback. // callback.
password = password + moduleSalt handlePassConfirm(moduleSalt, password);
handlePassConfirm(password)
} }
} catch (err) { } catch (err) {
console.error("Unable to read seedFile:", err) console.error("Unable to read seedFile:", err);
process.exit(1) process.exit(1);
} }
} }
// handlePassConfirm handles the full script after the confirmation password // handlePassConfirm handles the full script after the confirmation password
// has been provided. If not confirmation password is needed, this function // has been provided. If not confirmation password is needed, this function
// will be called anyway using the unconfirmed password as input. // will be called anyway using the unconfirmed password as input.
function handlePassConfirm(password: string) { function handlePassConfirm(seed: string, password: string) {
// Create the seedFile if it does not exist. For dev we just save the // Create the seedFile if it does not exist. For dev we just save the
// seed to disk outright, because this is a dev build and therefore not // seed to disk outright, because this is a dev build and therefore not
// security sensitive. Also the dev seed does not get pushed to the // security sensitive. Also the dev seed does not get pushed to the
@ -157,184 +112,107 @@ function handlePassConfirm(password: string) {
// devices. // devices.
if (!fs.existsSync(seedFile) && process.argv[2] !== "prod") { if (!fs.existsSync(seedFile) && process.argv[2] !== "prod") {
// Generate the seed phrase and write it to the file. // Generate the seed phrase and write it to the file.
let [seedPhrase, errGSP] = generateSeedPhraseRandom() let seedPhrase = bip39.generateMnemonic(wordlist);
if (errGSP !== null) { let errWF = writeFile(seedFile, seedPhrase);
console.error("Unable to generate seed phrase:", errGSP)
process.exit(1)
}
let errWF = writeFile(seedFile, seedPhrase)
if (errWF !== null) { if (errWF !== null) {
console.error("unable to write file:", errWF) console.error("unable to write file:", errWF);
process.exit(1) process.exit(1);
} }
} else if (!fs.existsSync(seedFile) && process.argv[2] === "prod") { } else if (!fs.existsSync(seedFile) && process.argv[2] === "prod") {
// Generate the seed phrase. // Generate the seed phrase.
let [seedPhrase, errGSP] = hardenedSeedPhrase(password) let seedPhrase = bip39.generateMnemonic(wordlist);
if (errGSP !== null) {
console.error("Unable to generate seed phrase:", errGSP)
process.exit(1)
}
let [registryLink, errSPTRL] = seedPhraseToRegistryLink(seedPhrase)
if (errSPTRL !== null) {
console.error("Unable to generate registry link:", errSPTRL)
process.exit(1)
}
// Write the registry link to the file. // Write the registry link to the file.
let errWF = writeFile(seedFile, registryLink)
if (errWF !== null) {
console.error("unable to write registry link file:", errWF)
process.exit(1)
}
} }
// Load or verify the seed. If this is prod, the password is used to // Load or verify the seed. If this is prod, the password is used to
// create and verify the seed. If this is dev, we just load the seed // create and verify the seed. If this is dev, we just load the seed
// with no password. // with no password.
let seedPhrase: string let seedPhrase: string;
let registryLink: string let registryLink: string;
if (process.argv[2] === "prod") { if (process.argv[2] === "prod") {
// Generate the seed phrase from the password. // Generate the seed phrase from the password.
let [sp, errGSP] = hardenedSeedPhrase(password) seedPhrase = bip39.generateMnemonic(wordlist);
if (errGSP !== null) {
console.error("Unable to generate seed phrase: ", errGSP)
process.exit(1)
}
let [rl, errSPTRL] = seedPhraseToRegistryLink(sp)
registryLink = rl
if (errSPTRL !== null) {
console.error("Unable to generate registry link:", errSPTRL)
process.exit(1)
}
let [registryLinkVerify, errRF] = readFile(seedFile)
if (errRF !== null) {
console.error("unable to read seedFile")
process.exit(1)
}
registryLinkVerify = registryLinkVerify.replace(/\n$/, "")
if (registryLink !== registryLinkVerify) {
console.error("Incorrect password")
process.exit(1)
}
seedPhrase = sp
} else { } else {
let [sp, errRF] = readFile(seedFile) let [sp, errRF] = readFile(seedFile);
if (errRF !== null) { if (errRF !== null) {
console.error("unable to read seed phrase for dev command from disk") console.error("unable to read seed phrase for dev command from disk");
process.exit(1) process.exit(1);
} }
let [rl, errSPTRL] = seedPhraseToRegistryLink(sp) seedPhrase = sp;
registryLink = rl
if (errSPTRL !== null) {
console.error("Unable to generate registry link:", errSPTRL)
process.exit(1)
}
// Write the registry link to the module skylink dev file.
let errWF = writeFile("build/module-skylink-dev", registryLink)
if (errWF !== null) {
console.error("unable to write registry link file:", errWF)
process.exit(1)
}
seedPhrase = sp
} }
// Upload the module to Skynet.
let [distFile, errRF] = readFileBinary("dist/index.js")
if (errRF !== null) {
console.error("unable to read dist file for module")
process.exit(1)
}
let metadata = { let metadata = {
Filename: "index.js", Filename: "index.js",
} };
console.log("Uploading module...") const client = new SkynetClient("https://web3portal.com");
upload(distFile, metadata) client
.then((result) => { .uploadFile("dist/index.js")
console.log("Updating module's registry entry...") .then((result: any) => {
// Update the v2 skylink. console.log("Immutable Link for module:", result);
let [keypair, datakey, errSPTRK] = seedPhraseToRegistryKeys(seedPhrase)
if (errSPTRK !== null) {
return ["", addContextToErr(errSPTRK, "unable to compute registry keys")]
}
let [bufLink, errBTB] = b64ToBuf(result)
if (errBTB !== null) {
return ["", addContextToErr(errBTB, "unable to decode skylink")]
}
overwriteRegistryEntry(keypair, datakey, bufLink)
.then(() => {
console.log("registry entry is updated")
console.log("Immutable Link for Module:", result)
console.log("Resolver Link for Module:", registryLink)
}) })
.catch((err: any) => { .catch((err: any) => {
console.log("unable to update registry entry:", err) console.error("unable to upload file", err);
}) process.exit(1);
}) });
.catch((err) => {
console.error("unable to upload file", err)
process.exit(1)
})
} }
// Add a newline for readability. // Add a newline for readability.
console.log() console.log();
// Check for a 'dev' or 'prod' input to the script. // Check for a 'dev' or 'prod' input to the script.
if (process.argv.length !== 3) { if (process.argv.length !== 3) {
console.error("need to provide either 'dev' or 'prod' as an input") console.error("need to provide either 'dev' or 'prod' as an input");
process.exit(1) process.exit(1);
} }
// Create the build folder if it does not exist. // Create the build folder if it does not exist.
if (!fs.existsSync("build")) { if (!fs.existsSync("build")) {
fs.mkdirSync("build") fs.mkdirSync("build");
} }
// Determine the seed file. // Determine the seed file.
let seedFile: string let seedFile: string;
if (process.argv[2] === "prod") { if (process.argv[2] === "prod") {
seedFile = "module-skylink" seedFile = "module-skylink";
} else if (process.argv[2] === "dev") { } else if (process.argv[2] === "dev") {
seedFile = "build/dev-seed" seedFile = "build/dev-seed";
} else { } else {
console.error("need to provide either 'dev' or 'prod' as an input") console.error("need to provide either 'dev' or 'prod' as an input");
process.exit(1) process.exit(1);
} }
// If doing a prod deployment, check whether the salt file exists. If it does // If doing a prod deployment, check whether the salt file exists. If it does
// not, create it. // not, create it.
let moduleSalt: string let moduleSalt: string;
if (!fs.existsSync(".module-salt")) { if (!fs.existsSync(".module-salt")) {
let [ms, errGSPR] = generateSeedPhraseRandom() moduleSalt = bip39.generateMnemonic(wordlist);
if (errGSPR !== null) { let errWF = writeFile(".module-salt", moduleSalt);
console.error("unable to generate module salt:", errGSPR)
process.exit(1)
}
moduleSalt = ms
let errWF = writeFile(".module-salt", moduleSalt)
if (errWF !== null) { if (errWF !== null) {
console.error("unable to write module salt file:", errWF) console.error("unable to write module salt file:", errWF);
process.exit(1) process.exit(1);
} }
} else { } else {
let [ms, errRF] = readFile(".module-salt") let [ms, errRF] = readFile(".module-salt");
if (errRF !== null) { if (errRF !== null) {
console.error("unable to read moduleSalt") console.error("unable to read moduleSalt");
process.exit(1) process.exit(1);
} }
ms = ms.replace(/\n$/, "") ms = ms.replace(/\n$/, "");
moduleSalt = ms moduleSalt = ms;
} }
// Need to get a password if this is a prod build. // Need to get a password if this is a prod build.
if (process.argv[2] === "prod") { if (process.argv[2] === "prod") {
read({ prompt: "Password: ", silent: true }, function (err: any, password: string) { read(
{ prompt: "Password: ", silent: true },
function (err: any, password: string) {
if (err) { if (err) {
console.error("unable to fetch password:", err) console.error("unable to fetch password:", err);
process.exit(1) process.exit(1);
} }
handlePass(password) handlePass(password);
}) }
);
} else { } else {
handlePass("") handlePass("");
} }