docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
@@ -1,10 +1,12 @@
|
||||
#!/bin/bash
|
||||
# Secure Validator Key Permissions
|
||||
# Run on Proxmox host after validator keys are deployed
|
||||
#!/usr/bin/env bash
|
||||
# Secure Validator Key Permissions (W1-19). Run on Proxmox host as root after validator keys are deployed.
|
||||
# Usage: sudo bash scripts/secure-validator-keys.sh [--dry-run]
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-$0}")" && pwd)"
|
||||
DRY_RUN=false
|
||||
[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true
|
||||
|
||||
# Colors
|
||||
GREEN='\033[0;32m'
|
||||
@@ -21,25 +23,29 @@ if ! command -v pct >/dev/null 2>&1; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "Error: This script must be run as root"
|
||||
if [[ $EUID -ne 0 ]] && [[ "$DRY_RUN" != true ]]; then
|
||||
echo "Error: This script must be run as root (or use --dry-run to preview)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$DRY_RUN" == true ]]; then
|
||||
log_info "DRY-RUN: would secure validator keys in VMIDs 1000-1004 (chmod 600/700, chown besu:besu)"
|
||||
fi
|
||||
|
||||
# Secure keys in validator containers
|
||||
for vmid in 1000 1001 1002 1003 1004; do
|
||||
if pct status "$vmid" 2>/dev/null | grep -q running; then
|
||||
log_info "Securing keys in container $vmid..."
|
||||
|
||||
# Set file permissions to 600 for key files
|
||||
pct exec "$vmid" -- find /keys/validators -type f \( -name "*.pem" -o -name "*.priv" -o -name "key" \) -exec chmod 600 {} \; 2>/dev/null || true
|
||||
|
||||
# Set directory permissions
|
||||
pct exec "$vmid" -- find /keys/validators -type d -exec chmod 700 {} \; 2>/dev/null || true
|
||||
|
||||
# Set ownership to besu:besu
|
||||
pct exec "$vmid" -- chown -R besu:besu /keys/validators 2>/dev/null || true
|
||||
|
||||
if [[ "$DRY_RUN" == true ]]; then
|
||||
log_info " [DRY-RUN] would: find /keys/validators -type f -exec chmod 600 {} \\;; chmod 700 dirs; chown -R besu:besu"
|
||||
else
|
||||
# Set file permissions to 600 for key files
|
||||
pct exec "$vmid" -- find /keys/validators -type f \( -name "*.pem" -o -name "*.priv" -o -name "key" \) -exec chmod 600 {} \; 2>/dev/null || true
|
||||
# Set directory permissions
|
||||
pct exec "$vmid" -- find /keys/validators -type d -exec chmod 700 {} \; 2>/dev/null || true
|
||||
# Set ownership to besu:besu
|
||||
pct exec "$vmid" -- chown -R besu:besu /keys/validators 2>/dev/null || true
|
||||
fi
|
||||
log_success "Container $vmid secured"
|
||||
else
|
||||
log_warn "Container $vmid is not running, skipping"
|
||||
|
||||
Reference in New Issue
Block a user