104 lines
3.1 KiB
Bash
Executable File
104 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [[ -n "$CERC_SCRIPT_DEBUG" ]]; then
|
|
set -x
|
|
fi
|
|
|
|
set -e
|
|
|
|
TMKMS_HOME=/root/tmkms
|
|
INPUT_PRIV_KEY_FILE=$TMKMS_HOME/tmp/priv_validator_key.json
|
|
TMKMS_SECRETS_DIR=$TMKMS_HOME/secrets
|
|
TMKMS_STATE_DIR=$TMKMS_HOME/state
|
|
|
|
# Initialize tmkms config if priv_validator_key does not exist
|
|
if [[ ! -f "$TMKMS_HOME/tmkms.toml" ]]; then
|
|
echo "Initializing tmkms configuration..."
|
|
|
|
tmkms init $TMKMS_HOME
|
|
else
|
|
echo "tmkms configuration already exists. Skipping initialization."
|
|
fi
|
|
|
|
# Configure tmkms.toml and handle key import/copy based on TMKMS_MODE
|
|
case "$TMKMS_MODE" in
|
|
"yubihsm")
|
|
# Add chain configuration for yubihsm
|
|
# TODO: Take password from env var
|
|
cat <<EOF > $TMKMS_HOME/tmkms.toml
|
|
|
|
[[chain]]
|
|
id = "$CHAIN_ID"
|
|
key_format = { type = "cosmos-json", account_key_prefix = "${KEY_PREFIX}pub", consensus_key_prefix = "${KEY_PREFIX}valconspub" }
|
|
state_file = "$TMKMS_STATE_DIR/priv_validator_state.json"
|
|
|
|
[[validator]]
|
|
chain_id = "$CHAIN_ID"
|
|
addr = "tcp://$NODE_IP:$NODE_PORT"
|
|
secret_key = "$TMKMS_SECRETS_DIR/kms-identity.key"
|
|
protocol_version = "v0.34"
|
|
reconnect = true
|
|
|
|
[[providers.yubihsm]]
|
|
adapter = { type = "usb" }
|
|
auth = { key = 1, password = "password" }
|
|
EOF
|
|
|
|
# Setup YubiHSM
|
|
tmkms yubihsm setup -c $TMKMS_HOME/tmkms.toml
|
|
|
|
# Import the private validator key into tmkms for yubihsm (only if not already present)
|
|
if ! tmkms yubihsm keys list | grep -q "0x0001:"; then
|
|
echo "Importing private validator key into tmkms for yubihsm..."
|
|
tmkms yubihsm keys import -i 1 $INPUT_PRIV_KEY_FILE -c $TMKMS_HOME/tmkms.toml
|
|
else
|
|
echo "Key 0x0001 already present in YubiHSM. Skipping import."
|
|
fi
|
|
;;
|
|
|
|
"softsign")
|
|
# Add chain configuration for softsign
|
|
cat <<EOF > $TMKMS_HOME/tmkms.toml
|
|
|
|
[[chain]]
|
|
id = "$CHAIN_ID"
|
|
key_format = { type = "cosmos-json", account_key_prefix = "${KEY_PREFIX}pub", consensus_key_prefix = "${KEY_PREFIX}valconspub" }
|
|
state_file = "$TMKMS_STATE_DIR/priv_validator_state.json"
|
|
|
|
[[validator]]
|
|
chain_id = "$CHAIN_ID"
|
|
addr = "tcp://$NODE_IP:$NODE_PORT"
|
|
secret_key = "$TMKMS_SECRETS_DIR/kms-identity.key"
|
|
protocol_version = "v0.34"
|
|
reconnect = true
|
|
|
|
[[providers.softsign]]
|
|
key_type = "consensus"
|
|
path = "$TMKMS_SECRETS_DIR/priv_validator_key"
|
|
chain_ids = ["$CHAIN_ID"]
|
|
EOF
|
|
|
|
# Import the private validator key into tmkms for softsign (only if not already present)
|
|
if [[ ! -f "$TMKMS_SECRETS_DIR/priv_validator_key" ]]; then
|
|
echo "Importing private validator key into tmkms for softsign..."
|
|
tmkms softsign import $INPUT_PRIV_KEY_FILE $TMKMS_SECRETS_DIR/priv_validator_key
|
|
else
|
|
echo "Softsign key already present. Skipping import."
|
|
fi
|
|
;;
|
|
|
|
*)
|
|
echo "Error: TMKMS_MODE environment variable not set or invalid. Please set it to 'yubihsm' or 'softsign'."
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Remove the original input private validator key file after processing
|
|
if [[ -f "$INPUT_PRIV_KEY_FILE" ]]; then
|
|
rm -rf $INPUT_PRIV_KEY_FILE
|
|
fi
|
|
|
|
# Start tmkms
|
|
echo "Starting tmkms..."
|
|
tmkms start --config $TMKMS_HOME/tmkms.toml
|