LaconicNetwork/tmkms-stack
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Add env variable to set tmkms mode

Browse Source
This commit is contained in:
Shreerang Kale 2025-06-12 18:02:43 +05:30 committed by nabarun
parent 491bb8d7d7
commit 03e7d23691
3 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
stack-orchestrator/compose/docker-compose-tmkms.yml
View File

@ -8,6 +8,7 @@ services:
NODE_IP: ${NODE_IP} NODE_IP: ${NODE_IP}
NODE_PORT: ${NODE_PORT:-26659} NODE_PORT: ${NODE_PORT:-26659}
KEY_PREFIX: ${KEY_PREFIX} KEY_PREFIX: ${KEY_PREFIX}
TMKMS_MODE: ${TMKMS_MODE:-softsign}
volumes: volumes:
- tmkms-data:/root/tmkms - tmkms-data:/root/tmkms
- ../config/tmkms/run.sh:/opt/run.sh - ../config/tmkms/run.sh:/opt/run.sh

16
stack-orchestrator/config/tmkms/run.sh
View File

@ -12,11 +12,12 @@ TMKMS_SECRETS_DIR=$TMKMS_HOME/secrets
TMKMS_STATE_DIR=$TMKMS_HOME/state TMKMS_STATE_DIR=$TMKMS_HOME/state
# Initialize tmkms config if priv_validator_key does not exist # Initialize tmkms config if priv_validator_key does not exist
if [[ ! -f "$TMKMS_SECRETS_DIR/priv_validator_key" ]]; then if [[ ! -f "$TMKMS_HOME/tmkms.toml" ]]; then
echo "Initializing tmkms configuration..." echo "Initializing tmkms configuration..."
# TODO: run tmkms yubihsm setup
tmkms init $TMKMS_HOME tmkms init $TMKMS_HOME
else
echo "tmkms configuration already exists. Skipping initialization."
fi fi
# Configure tmkms.toml and handle key import/copy based on TMKMS_MODE # Configure tmkms.toml and handle key import/copy based on TMKMS_MODE
@ -43,12 +44,15 @@ case "$TMKMS_MODE" in
auth = { key = 1, password = "password" } auth = { key = 1, password = "password" }
EOF EOF
# Import the private validator key into tmkms for yubihsm (only if not already present) # Setup YubiHSM
tmkms yubihsm setup -c $TMKMS_HOME/tmkms.toml
# TODO: Check yubihsm keys list # Import the private validator key into tmkms for yubihsm (only if not already present)
if [[ ! -f "$TMKMS_SECRETS_DIR/priv_validator_key" ]]; then if ! tmkms yubihsm keys list | grep -q "0x0001:"; then
echo "Importing private validator key into tmkms for yubihsm..." echo "Importing private validator key into tmkms for yubihsm..."
tmkms yubihsm keys import -i 1 $INPUT_PRIV_KEY_FILE -c $TMKMS_HOME/tmkms.toml tmkms yubihsm keys import -i 1 $INPUT_PRIV_KEY_FILE -c $TMKMS_HOME/tmkms.toml
else
echo "Key 0x0001 already present in YubiHSM. Skipping import."
fi fi
;; ;;
@ -78,6 +82,8 @@ EOF
if [[ ! -f "$TMKMS_SECRETS_DIR/priv_validator_key" ]]; then if [[ ! -f "$TMKMS_SECRETS_DIR/priv_validator_key" ]]; then
echo "Importing private validator key into tmkms for softsign..." echo "Importing private validator key into tmkms for softsign..."
tmkms softsign import $INPUT_PRIV_KEY_FILE $TMKMS_SECRETS_DIR/priv_validator_key tmkms softsign import $INPUT_PRIV_KEY_FILE $TMKMS_SECRETS_DIR/priv_validator_key
else
echo "Softsign key already present. Skipping import."
fi fi
;; ;;

2
stack-orchestrator/container-build/cerc-tmkms/build.sh
View File

@ -7,4 +7,4 @@ source ${CERC_CONTAINER_BASE_DIR}/build-base.sh
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# TODO: Use BACKEND=yubihsm build command arg # TODO: Use BACKEND=yubihsm build command arg
docker build -t cerc/tmkms:local --build-arg BACKEND=yubihsm ${build_command_args} -f ${SCRIPT_DIR}/Dockerfile ${SCRIPT_DIR} docker build -t cerc/tmkms:local ${build_command_args} -f ${SCRIPT_DIR}/Dockerfile ${SCRIPT_DIR}