From f3abba15c64f17962290dd6d4d7bac358c25813d Mon Sep 17 00:00:00 2001
From: s3krit <pugh@s3kr.it>
Date: Thu, 10 Sep 2020 17:22:20 +0200
Subject: [PATCH] Add deb and RPM repository config and documentation (#1676)

Co-authored-by: Parity Releases <releases@parity.io>
Co-authored-by: Demi Marie Obenour <demiobenour@gmail.com>
---
 polkadot/.gitignore                           |  2 +
 polkadot/.rpm/polkadot.spec                   | 48 +++++++++++++++++
 polkadot/Cargo.toml                           | 33 ++++++++++++
 polkadot/README.md                            | 53 +++++++++++++++++--
 .../packaging/deb-maintainer-scripts/postinst | 17 ++++++
 polkadot/scripts/packaging/polkadot.service   | 38 +++++++++++++
 6 files changed, 186 insertions(+), 5 deletions(-)
 create mode 100644 polkadot/.rpm/polkadot.spec
 create mode 100644 polkadot/scripts/packaging/deb-maintainer-scripts/postinst
 create mode 100644 polkadot/scripts/packaging/polkadot.service

diff --git a/polkadot/.gitignore b/polkadot/.gitignore
index c3383780e6..a654e51fd7 100644
--- a/polkadot/.gitignore
+++ b/polkadot/.gitignore
@@ -7,5 +7,7 @@ runtime/wasm/target/
 .idea
 .vscode
 polkadot.*
+!polkadot.service
+!.rpm/*
 .DS_Store
 .cargo
diff --git a/polkadot/.rpm/polkadot.spec b/polkadot/.rpm/polkadot.spec
new file mode 100644
index 0000000000..06fa0f5750
--- /dev/null
+++ b/polkadot/.rpm/polkadot.spec
@@ -0,0 +1,48 @@
+%define debug_package %{nil}
+
+Name: polkadot
+Summary: Implementation of a https://polkadot.network node in Rust based on the Substrate framework.
+Version: @@VERSION@@
+Release: @@RELEASE@@%{?dist}
+License: GPLv3
+Group: Applications/System
+Source0: %{name}-%{version}.tar.gz
+
+Requires: systemd, shadow-utils
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+
+%description
+%{summary}
+
+
+%prep
+%setup -q
+
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}
+cp -a * %{buildroot}
+
+%post
+config_file="/etc/default/polkadot"
+getent group polkadot >/dev/null || groupadd -r polkadot
+getent passwd polkadot >/dev/null || \
+    useradd -r -g polkadot -d /home/polkadot -m -s /sbin/nologin \
+    -c "User account for running polkadot as a service" polkadot
+if [ ! -e "$config_file" ]; then
+    echo 'POLKADOT_CLI_ARGS=""' > /etc/default/polkadot
+fi
+exit 0
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%{_bindir}/*
+/usr/lib/systemd/system/polkadot.service
diff --git a/polkadot/Cargo.toml b/polkadot/Cargo.toml
index e66ef5a329..324d02142e 100644
--- a/polkadot/Cargo.toml
+++ b/polkadot/Cargo.toml
@@ -4,9 +4,12 @@ path = "src/main.rs"
 
 [package]
 name = "polkadot"
+description = "Implementation of a https://polkadot.network node in Rust based on the Substrate framework."
+license = "GPL-3.0-only"
 version = "0.8.23"
 authors = ["Parity Technologies <admin@parity.io>"]
 edition = "2018"
+readme = "README.md"
 
 [dependencies]
 cli = { package = "polkadot-cli", path = "cli" }
@@ -79,3 +82,33 @@ runtime-benchmarks=["cli/runtime-benchmarks"]
 service-rewr= [
 	"cli/service-rewr",
 ]
+
+# Configuration for building a .deb package - for use with `cargo-deb`
+[package.metadata.deb]
+name = "polkadot"
+extended-description = "Implementation of a https://polkadot.network node in Rust based on the Substrate framework."
+section = "misc"
+maintainer = "martin@parity.io"
+license-file = ["LICENSE", "0"]
+# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html
+maintainer-scripts = "scripts/packaging/deb-maintainer-scripts"
+assets = [
+	["target/release/polkadot", "/usr/bin/", "755"],
+	["scripts/packaging/polkadot.service", "/lib/systemd/system/", "644"]
+]
+conf-files = [
+	"/etc/default/polkadot"
+]
+
+# Configuration for building an .rpm package - for use with `cargo-rpm`
+[package.metadata.rpm]
+package = "polkadot"
+
+[package.metadata.rpm.cargo]
+buildflags = ["--release"]
+
+[package.metadata.rpm.targets]
+polkadot = { path = "/usr/bin/polkadot" }
+
+[package.metadata.rpm.files]
+"../scripts/packaging/polkadot.service" = { path = "/usr/lib/systemd/system/polkadot.service", mode = "644" }
diff --git a/polkadot/README.md b/polkadot/README.md
index 5d55065cf2..f990a03e9c 100644
--- a/polkadot/README.md
+++ b/polkadot/README.md
@@ -12,13 +12,56 @@ information about installing the `polkadot` binary and developing on the codebas
 specific guides, like how to be a validator, see the
 [Polkadot Wiki](https://wiki.polkadot.network/docs/en/).
 
+## Installation
+
+If you just wish to run a Polkadot node without compiling it yourself, you may
+either run the latest binary from our
+[releases](https://github.com/paritytech/polkadot/releases) page, or install
+Polkadot from one of our package repositories.
+
+Installation from the debian or rpm repositories will create a `systemd`
+service that can be used to run a Polkadot node. This is disabled by default,
+and can be started by running `systemctl start polkadot` on demand (use
+`systemctl enable polkadot` to make it auto-start after reboot). By default, it
+will run as the `polkadot` user.  Command-line flags passed to the binary can
+be customised by editing `/etc/default/polkadot`. This file will not be
+overwritten on updating polkadot. You may also just run the node directly from
+the command-line.
+
+### Debian-based (Debian, Ubuntu)
+
+Currently supports Debian 10 (Buster) and Ubuntu 20.04 (Focal), and
+derivatives. Run the following commands as the `root` user.
+
+```
+# Import the security@parity.io GPG key
+gpg --recv-keys --keyserver hkps://keys.mailvelope.com 9D4B2B6EB8F97156D19669A9FF0812D491B96798
+gpg --export 9D4B2B6EB8F97156D19669A9FF0812D491B96798 > /usr/share/keyrings/parity.gpg
+# Add the Parity repository and update the package index
+echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list
+apt update
+# Install polkadot
+apt install polkadot
+
+```
+
+### RPM-based (Fedora, CentOS)
+
+Currently supports Fedora 32 and CentOS 8, and derivatives.
+
+```
+# Install dnf-plugins-core (This might already be installed)
+dnf install dnf-plugins-core
+# Add the repository and enable it
+dnf config-manager --add-repo https://releases.parity.io/rpm/polkadot.repo
+dnf config-manager --set-enabled polkadot
+# Install polkadot (You may have to confirm the import of the GPG key, which
+# should have the following fingerprint: 9D4B2B6EB8F97156D19669A9FF0812D491B96798)
+dnf install polkadot
+```
+
 ## Building
 
-### Use a Provided Binary
-
-If you want to connect to one of the networks supported by this repo, you can go to the latest
-release and download the binary that is provided.
-
 ### Install via Cargo
 
 If you want to install Polkadot in your PATH, you can do so with with:
diff --git a/polkadot/scripts/packaging/deb-maintainer-scripts/postinst b/polkadot/scripts/packaging/deb-maintainer-scripts/postinst
new file mode 100644
index 0000000000..3ac5cd04c3
--- /dev/null
+++ b/polkadot/scripts/packaging/deb-maintainer-scripts/postinst
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+action="$1"
+config_file="/etc/default/polkadot"
+
+if [ "$action" = "configure" ]; then
+  # Make user and group
+  getent group polkadot >/dev/null 2>&1 || addgroup --system polkadot
+  getent passwd polkadot >/dev/null 2>&1 ||
+    adduser --system --home /home/polkadot --disabled-password \
+    --ingroup polkadot polkadot
+  if [ ! -e "$config_file" ]; then
+    echo 'POLKADOT_CLI_ARGS=""' > /etc/default/polkadot
+  fi
+fi
diff --git a/polkadot/scripts/packaging/polkadot.service b/polkadot/scripts/packaging/polkadot.service
new file mode 100644
index 0000000000..af3978d9c3
--- /dev/null
+++ b/polkadot/scripts/packaging/polkadot.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=Polkadot Node
+After=network.target
+Documentation=https://github.com/paritytech/polkadot
+
+[Service]
+EnvironmentFile=-/etc/default/polkadot
+ExecStart=/usr/bin/polkadot $POLKADOT_CLI_ARGS
+User=polkadot
+Group=polkadot
+Restart=always
+RestartSec=120
+MemoryHigh=5400M
+MemoryMax=5500M
+CapabilityBoundingSet=
+LockPersonality=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateMounts=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RemoveIPC=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
+RestrictNamespaces=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@clock @module @mount @reboot @swap @privileged
+UMask=0027
+
+[Install]
+WantedBy=multi-user.target