-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.min.c6085d78774aebb750d7046942580cb760904b89e8a2e673e6ea6ec3e858a918.js
1 lines (1 loc) · 12.9 KB
/
index.min.c6085d78774aebb750d7046942580cb760904b89e8a2e673e6ea6ec3e858a918.js
1
var suggestions=document.getElementById('suggestions'),userinput=document.getElementById('userinput');document.addEventListener('keydown',inputFocus);function inputFocus(a){a.keyCode===191&&(a.preventDefault(),userinput.focus()),a.keyCode===27&&(userinput.blur(),suggestions.classList.add('d-none'))}document.addEventListener('click',function(a){var b=suggestions.contains(a.target);b||suggestions.classList.add('d-none')}),document.addEventListener('keydown',suggestionFocus);function suggestionFocus(b){const d=suggestions.querySelectorAll('a'),e=[...d],a=e.indexOf(document.activeElement);let c=0;b.keyCode===38?(b.preventDefault(),c=a>0?a-1:0,d[c].focus()):b.keyCode===40&&(b.preventDefault(),c=a+1<e.length?a+1:a,d[c].focus())}(function(){var b=new FlexSearch({preset:'score',cache:!0,doc:{id:'id',field:['title','description','content'],store:['href','title','description']}}),c=[{id:0,href:"/docs/intro/install-repository/",title:"Install Repository",description:"Instructions on how to install our RPM repository.",content:'\u003ch2 id="bootstrap"\u003eBootstrap\u003c/h2\u003e\n\u003cpre\u003e\u003ccode class="language-bash"\u003ecat \u0026lt;\u0026lt; \'EOF\' | sudo tee /etc/yum.repos.d/staker.repo\n[staker]\nname=Mr Staker rpm repository\nbaseurl=https://rpm.staker.ltd/$basearch/\ngpgkey=https://keybase.io/mrstaker/pgp_keys.asc?fingerprint=8E0D38C40089F860005989ACFD6652320303527F\ngpgcheck=1\nrepo_gpgcheck=1\nenabled=1\nEOF\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003en.b If Keybase doesn\u0026rsquo;t work (because it\u0026rsquo;s rate limited, for example), you can try our backup instructions:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class="language-bash"\u003ecat \u0026lt;\u0026lt; \'EOF\' | sudo tee /etc/yum.repos.d/staker.repo\n[staker]\nname=Mr Staker rpm repository\nbaseurl=https://rpm.staker.ltd/$basearch/\ngpgkey=https://keys.openpgp.org/vks/v1/by-fingerprint/8E0D38C40089F860005989ACFD6652320303527F\ngpgcheck=1\nrepo_gpgcheck=1\nenabled=1\nEOF\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2 id="install-repository-package"\u003eInstall repository package\u003c/h2\u003e\n\u003cpre\u003e\u003ccode class="language-bash"\u003esudo yum -y install staker-repo\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe repository package bundles the following:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExported GPG public key used by yum and rpm to verify the repository metadata signature and packages signatures.\u003c/li\u003e\n\u003cli\u003eA configuration file \u003ccode\u003e/etc/yum.repos.d/staker.repo\u003c/code\u003e which shall be updated in the future to do our key rotation process.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll of the packages published in this repository have a dependency on our staker-repo package as this is how our signing key rotation works.\u003c/p\u003e\n\u003ch2 id="maintenance"\u003eMaintenance\u003c/h2\u003e\n\u003cp\u003eYou must update \u003ccode\u003estaker-repo\u003c/code\u003e at least once per year to make sure you have up to date release keys.\u003c/p\u003e\n'},{id:1,href:"/docs/intro/install-elrond/",title:"Install Elrond Packages",description:"Instructions on how to install our Elrond packages.",content:'\u003ch2 id="elrond-networks"\u003eElrond Networks\u003c/h2\u003e\n\u003cp\u003eWe produce three flavours for our packages:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eelrond-main\u003c/code\u003e - targeting Elrond Mainnet.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eelrond-test\u003c/code\u003e - targeting Elrond Testnet.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eelrond-dev\u003c/code\u003e - targeting Elrond Devnet.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThese packages are built using our \u003ca href="https://github.com/mr-staker/build-pkg/tree/main/recipes/elrond"\u003eelrond build-pkg\u003c/a\u003e build environment, then signed and published by our \u003ca href="https://github.com/mr-staker/repo-mgr"\u003erepo-mgr\u003c/a\u003e tool.\u003c/p\u003e\n\u003cpre\u003e\u003ccode class="language-bash"\u003e# installs our latest elrond-test package\nsudo yum install elrond-test\n\n# check which versions are available\nyum --showduplicates list elrond-test\nLast metadata expiration check: 0:02:46 ago on Sun Apr 25 22:47:04 2021.\nAvailable Packages\nelrond-test.x86_64 1.1.50-1 staker\nelrond-test.x86_64 1.1.51-1 staker\n\n# install older version because $reasons\nsudo yum install elrond-test-1.1.50\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eWe don\u0026rsquo;t plan to hold more than the last three versions for any particular build, but in general, you should be keeping up, otherwise, there\u0026rsquo;s a risk of your node getting slashed.\u003c/p\u003e\n\u003ch2 id="supported-distributions"\u003eSupported distributions\u003c/h2\u003e\n\u003cp\u003eThese are binaries built by \u003ca href="https://golang.org/"\u003eGo\u003c/a\u003e, so in general they should work pretty well across multiple Linux/amd64 distributions. Our builds should work well on Red Hat, Oracle Linux, (what\u0026rsquo;s left of) CentOS, or (yet to be released) Rocky Linux. Potentially, these builds could work on Amazon Linux as well, but AWS have a tradition for breaking compatibility with Red Hat, so this is not guaranteed. These are built and tested under Oracle Linux 8.3.\u003c/p\u003e\n\u003ch2 id="configure-the-installation"\u003eConfigure the installation\u003c/h2\u003e\n\u003cp\u003eWhile the packages can be manually configured, they have been built for the purpose of being plugged into a proper automation pipeline. For this purpose, we also provide a \u003ca href="https://github.com/mr-staker/elrond-cookbook"\u003eChef/Cinc cookbook\u003c/a\u003e.\u003c/p\u003e\n'},{id:2,href:"/docs/intro/install-zfs/",title:"Install ZFS Packages",description:"Instructions on how to install our ZFS packages.",content:'\u003ch2 id="zfs"\u003eZFS\u003c/h2\u003e\n\u003cp\u003eZFS is a centrepiece on our storage design. BtrFS is not there yet. Our packages provide support for OpenZFS v2 as Red Hat 8 (including CentOS, Oracle Linux, Rocky Linux rebuilds) lacks any v2 support i.e the packages which are part of the distribution repositories are still the old 0.8.x ZFS on Linux, so they are missing the improvements made since ZoL merged with OpenZFS.\u003c/p\u003e\n\u003cp\u003eThe package builds themselves are driven by the OpenZFS make targets. The only notable change is to rebuild noarch packages as deemed x86_64 packages to simplify repository maintenance.\u003c/p\u003e\n\u003cp\u003eThe installation is straightforward:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class="language-bash"\u003e# dkms is provided by EPEL, this is Oracle Linux example\n# kernel-devel is a prerequisite for dkms build\n# kernel-uek-devel is Oracle Linux specific\nsudo dnf install oracle-epel-release-el8 kernel-devel kernel-uek-devel\nsudo dnf install zfs zfs-dkms\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003ccode\u003ezfs-dkms\u003c/code\u003e builds the actual kernel module for the ZFS driver. Note that on the first run, the \u003ccode\u003ezfs\u003c/code\u003e module is not automatically loaded, therefore, it needs to be manually loaded:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class="language-bash"\u003esudo modprobe zfs\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2 id="supported-distributions"\u003eSupported distributions\u003c/h2\u003e\n\u003cp\u003eOur builds were made under Oracle Linux 8.3. They should run without issues under Red Hat / CentOS 8.\u003c/p\u003e\n'},{id:3,href:"/docs/intro/uninstall-repository/",title:"Uninstall Repository",description:"Instructions on how to uninstall our RPM repository.",content:'\u003ch2 id="procedure"\u003eProcedure\u003c/h2\u003e\n\u003cp\u003eWe\u0026rsquo;re sorry to see you go. Please provide feedback if you ran into difficulties and this is the reason for removing our package builds.\u003c/p\u003e\n\u003cp\u003eWe make it easy for you to remove everything:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class="language-bash"\u003esudo yum remove staker-repo zfs zfs-dkms\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThat\u0026rsquo;s it. It removes all our packages, GPG public key exports, and configuration files. It won\u0026rsquo;t remove the configuration files which you created as we have no way of tracking that.\u003c/p\u003e\n'},{id:4,href:"/docs/advanced-topics/signing-key-rotation/",title:"Signing Key Rotation",description:"Describes our signing key rotation.",content:'\u003ch2 id="rotation-policy"\u003eRotation policy\u003c/h2\u003e\n\u003cp\u003eOur keys have a cryptoperiod of 3 years which is the maximum recommended by \u003ca href="https://csrc.nist.gov/csrc/media/publications/sp/800-57-part-1/rev-3/archive/2012-07-10/documents/draft_sp800-57-part1-rev3_may2011.pdf"\u003eNIST SP 800-57\u003c/a\u003e. This is significantly shorter than most signing keys used by distribution/software maintainers, hence our use of bundled keyring via the \u003ccode\u003estaker-repo\u003c/code\u003e package to support key rotation.\u003c/p\u003e\n\u003cp\u003eIn practical terms a key isn\u0026rsquo;t used to sign releases for the full 3 years period as the key rotation needs transition periods. Therefore, the key lifecycle is as follows:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e1 year in seed mode. The key is created, but it is not actively signing/validating releases. The purpose is to provide some overlap with the key which is currently used for signing and validation (i.e the active key) and allow this key to be installed before being actively used.\u003c/li\u003e\n\u003cli\u003e1 year in active (sign/validate) mode. This is the key which is currently used to sign releases.\u003c/li\u003e\n\u003cli\u003e1 year in validate mode. This is a previously used active key which can still verify signatures, but no new releases are produced using this key.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe only exception to this rule is the 1st key ever used for signing releases which shall be in active mode for 2 years. There\u0026rsquo;s no key to fulfil the seed mode for the 1st year.\u003c/p\u003e\n\u003ch2 id="rotation-procedure"\u003eRotation procedure\u003c/h2\u003e\n\u003cp\u003eYou need to update the \u003ccode\u003estaker-repo\u003c/code\u003e package at least once per year in order to get a keyring which contains the signing key that shall be active for future releases. Should you fail to do so, you must follow the repository installation procedure and go through the bootstrap steps again to fix your installation of this repository.\u003c/p\u003e\n'},{id:5,href:"/docs/advanced-topics/infrastructure/",title:"Infrastructure",description:"Describes our repository infrastructure.",content:'\u003ch2 id="design"\u003eDesign\u003c/h2\u003e\n\u003cp\u003eThe RPM repositories themselves are nothing fancy. All they require is a basic HTTP server to be delivered.\u003c/p\u003e\n\u003cp\u003eOur repositories are published as Cloudflare pages and delivered via Cloudflare. This allows us to provide them at no cost for the community besides our use cases.\u003c/p\u003e\n\u003ch2 id="signing-key-delivery"\u003eSigning key delivery\u003c/h2\u003e\n\u003cp\u003eOur signing keys are delivered initially from Keybase i.e for repository bootstrap procedure. This is by design. If the signing key and the repository are delivered by the same server (which is a common example for quite a few software vendors), then the trust can not be established as the chain of custody may be broken. A compromised server could simply deliver a compromised signing key as well as a set of compromised packages signed with the key delivered by the same server. Essentially, all of the systems that use TOFU (no, not the fake cheese, but Trust On First Use) are subjected to this limitation as the supply chain can be attacked in this initial phase if not enough care is exercised.\u003c/p\u003e\n\u003cp\u003eWhile we deliver a keyring via our \u003ccode\u003estaker-repo\u003c/code\u003e package, the release itself is signed via a key initially delivered though Keybase. Furthermore, all of our RPM packages are also signed. Our repository configuration is set to check the signatures of both the repository metadata and the packages themselves.\u003c/p\u003e\n'},{id:6,href:"/docs/advanced-topics/",title:"Advanced Topics",description:"Advanced Topics documentation.",content:""},{id:7,href:"/docs/intro/",title:"Intro",description:"Intro documentation.",content:""},{id:8,href:"/docs/",title:"Docs",description:"Docs Doks.",content:""}];b.add(c),userinput.addEventListener('input',e,!0),suggestions.addEventListener('click',f,!0);function e(){var g=this.value,e=b.search(g,5),f=suggestions.childNodes,h=0,i=e.length,c;for(suggestions.classList.remove('d-none'),e.forEach(function(b){c=document.createElement('div'),c.innerHTML='<a href><span></span><span></span></a>',a=c.querySelector('a'),t=c.querySelector('span:first-child'),d=c.querySelector('span:nth-child(2)'),a.href=b.href,t.textContent=b.title,d.textContent=b.description,suggestions.appendChild(c)});f.length>i;)suggestions.removeChild(f[h])}function f(){while(suggestions.lastChild)suggestions.removeChild(suggestions.lastChild);return!1}})()