ab611199fd
We're currently failing the auoptmated security review on snapcraft because the lotus binary has the execstack value set: https://linux.die.net/man/8/execstack This commit passes the appropriate flags to ld to disable the execstack flag when building the binaries for snapcraft: https://linux.die.net/man/1/ld We may want to consider disabling this as part of the main build. Research seems to indicate that allow the executable stack can lead to security issues, but I am not enough of a security expert to know for sure what the right call here is: https://f0rm2l1n.github.io/2022-04-02-What-is-happended-to-execstack/
97 lines
2.5 KiB
YAML
97 lines
2.5 KiB
YAML
name: lotus-filecoin
|
|
base: core20
|
|
version: latest
|
|
summary: filecoin daemon/client
|
|
icon: snap/local/icon.svg
|
|
description: |
|
|
Filecoin is a peer-to-peer network that stores files on the internet
|
|
with built-in economic incentives to ensure files are stored reliably over time
|
|
|
|
For documentation and additional information, please see the following resources
|
|
|
|
https://filecoin.io
|
|
|
|
https://fil.org
|
|
|
|
https://lotus.filecoin.io
|
|
|
|
https://github.com/filecoin-project/lotus
|
|
|
|
confinement: strict
|
|
|
|
parts:
|
|
lotus:
|
|
plugin: make
|
|
source: ./
|
|
build-snaps:
|
|
- go
|
|
- rustup
|
|
build-packages:
|
|
- git
|
|
- jq
|
|
- libhwloc-dev
|
|
- ocl-icd-opencl-dev
|
|
- pkg-config
|
|
stage-packages:
|
|
- libhwloc15
|
|
- ocl-icd-libopencl1
|
|
override-build: |
|
|
LDFLAGS="-z noexecstack" make lotus lotus-miner lotus-worker
|
|
cp lotus lotus-miner lotus-worker $SNAPCRAFT_PART_INSTALL
|
|
cp scripts/snap-lotus-entrypoint.sh $SNAPCRAFT_PART_INSTALL
|
|
|
|
layout:
|
|
/var/lib/lotus:
|
|
symlink: $SNAP_COMMON/lotus
|
|
/var/lib/lotus-miner:
|
|
symlink: $SNAP_COMMON/lotus-miner
|
|
/var/lib/lotus-worker:
|
|
symlink: $SNAP_COMMON/lotus-worker
|
|
|
|
apps:
|
|
lotus:
|
|
command: lotus
|
|
plugs:
|
|
- network
|
|
- network-bind
|
|
- home
|
|
environment:
|
|
FIL_PROOFS_PARAMETER_CACHE: $SNAP_USER_COMMON/filecoin-proof-parameters
|
|
LOTUS_PATH: $SNAP_COMMON/lotus
|
|
LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
|
|
LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
|
|
lotus-miner:
|
|
command: lotus-miner
|
|
plugs:
|
|
- network
|
|
- network-bind
|
|
- opengl
|
|
environment:
|
|
FIL_PROOFS_PARAMETER_CACHE: $SNAP_USER_COMMON/filecoin-proof-parameters
|
|
LOTUS_PATH: $SNAP_COMMON/lotus
|
|
LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
|
|
LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
|
|
lotus-worker:
|
|
command: lotus-worker
|
|
plugs:
|
|
- network
|
|
- network-bind
|
|
- opengl
|
|
environment:
|
|
FIL_PROOFS_PARAMETER_CACHE: $SNAP_USER_COMMON/filecoin-proof-parameters
|
|
LOTUS_PATH: $SNAP_COMMON/lotus
|
|
LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
|
|
LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
|
|
lotus-daemon:
|
|
command: snap-lotus-entrypoint.sh
|
|
daemon: simple
|
|
install-mode: disable
|
|
plugs:
|
|
- network
|
|
- network-bind
|
|
environment:
|
|
FIL_PROOFS_PARAMETER_CACHE: $SNAP_COMMON/filecoin-proof-parameters
|
|
LOTUS_PATH: $SNAP_COMMON/lotus
|
|
LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
|
|
LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
|