Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/attila-lendvai/guix-crypto

Guix channel for blockchain and crypto related packages
https://github.com/attila-lendvai/guix-crypto

Last synced: 3 months ago
JSON representation

Guix channel for blockchain and crypto related packages

Host: GitHub
URL: https://github.com/attila-lendvai/guix-crypto
Owner: attila-lendvai
License: gpl-3.0
Created: 2022-01-31T09:53:34.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-08-16T13:00:43.000Z (5 months ago)
Last Synced: 2024-08-16T14:24:46.068Z (5 months ago)
Language: Scheme
Size: 611 KB
Stars: 7
Watchers: 3
Forks: 0
Open Issues: 3
Metadata Files:
- Readme: README.org
- License: COPYING

Awesome Lists containing this project

README

        # -*- mode: org; coding: utf-8-unix; fill-column: 80 -*-

* What

This is a channel for the [[https://www.gnu.org/software/guix/][GNU Guix]] package manager. It is a home for crypto and

blockchain related packages and services that are [[#why][not eligible]] for Guix proper.

* Status

This channel is established and can be expected to get timely updates. If not,

Pull Requests are welcome, too.

For now it mostly contains binary packages and service code to install and run

[[https://www.ethswarm.org/][Swarm]] Bee nodes, and the necessary support services (e.g. an Ethereum node, a

Clef wallet manager, etc).

* Where

The project's [[https://codeberg.org/attila.lendvai/guix-crypto][Codeberg page]] is the primary communication channel.

* How

This git repository is a Guix channel that can be added to the =channels.scm=

file of your [[https://guix.gnu.org/][Guix System]] by inserting the following /channel introduction/ into

=/etc/guix/channels.scm=:

#+BEGIN_SRC scheme

  (channel

   (name 'crypto) ; short name for nicer guix pull output

   (url "https://codeberg.org/attila.lendvai/guix-crypto.git")

   (branch "main")

   (introduction

    (make-channel-introduction

     "a6a78768c2f9d0f0e659b0788001e37e23dc26e4"

     (openpgp-fingerprint

      "69DA 8D74 F179 7AD6 7806  EE06 FEFA 9FE5 5CF6 E3CD"))))

#+END_SRC

For the time being, this channel depends on [[https://gitlab.com/nonguix/nonguix][Nonguix]] (for the

=binary-build-system=), therefore pulling from this channel will also pull and

compile the Nonguix channel. See [[https://gitlab.com/nonguix/nonguix/-/issues/164][this]] and [[https://gitlab.com/nonguix/nonguix/-/issues/36][this]] for further details.

** Swarm

The snippet below is an example of how to start multiple [[https://docs.ethswarm.org/][Bee]] nodes that join a

swarm. First, add these services to your =config.scm=:

#+BEGIN_SRC scheme

(operating-system

  ...

  (services

   ...

   (service

    swarm-service-type

    (swarm-service-configuration

     (bee-configurations

      ;; Generate configuration entries for two Bee node instances.

      (indexed-bee-configurations

       2

       (bee-config-values

        (resolver-options        "[an Ethereum mainnet endpoint]")

        (blockchain-rpc-endpoint "https://xdai.fairdatasociety.org/")

        (full-node               #true)

        (swap-enable             #true)

        (swap-initial-deposit    0))))))))

#+END_SRC

Afterwards:

 - =guix system reconfigure config.scm= to apply the changes.

 - =herd status= to see if services are running properly.

 - =less /var/log/swarm/mainnet/bee-0.log= to check the logs of the Bee nodes.

 - =less /var/log/openethereum/gnosis.log= to check the logs of the Gnosis node.

 - =herd display-address bee-mainnet-0= to display the node's Ethereum address.

You will need to fund your Bee nodes to join a swarm. Follow the instructions in

the Bee logs and the [[https://docs.ethswarm.org/][official documentation]].

* Why

The crux of the issue is that [[https://guix.gnu.org/][Guix proper]] doesn't accept binary packages, and

compiling crypto/blockchain related projects properly is not trivial. Any

mistake at compilation (e.g. by using a different version of a dependency) may

introduce bugs into the final executable file that could result in losing money

or worse.

Ideally, these mission-critical projects would all be /reproducible build/, even

across OS installations. Then we could have source-based packages in Guix proper

to build them reproducibly, and at the end of the build we could authenticate

the resulting binaries by comparing ours to the officially released ones, that

are cryptographically signed by upstream.

Until this ideal world is reached, this channel will serve as a home for crypto

related Guix services, and package definitions. These package definitions

download, authenticate and then patch the *official binary releases* so that

they can run in the Guix environment.

Further readings on this topic:

- go-ethereum [[https://github.com/ethereum/go-ethereum/issues/18292][GitHub issue]] on reproducible builds

- [[https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5778115/][Reproducibility vs. Replicability: A Brief History of a Confused Terminology]]

- [[https://programming-journal.org/2023/7/1/][Building a Secure Software Supply Chain with GNU Guix]]