Launching Alphanet


#21

… maybe this will help somebody who is developing client for tezos-node

docker run --rm --net=container:tezos-alphanet marsmensch/tcpdump -i any --immediate-mode -w - | wireshark -k -i - -Y "http"

it is very usefull for sniffing rpc calls between ./tezos-client and ./tezos-node inside docker


#22

Is there a guide on how to setup tezos from scratch?
I want to compile everything in my (future) tezos node, even the operating system.
And of course I want the absolute minimum packages that are required in order for tezos to be able to run. Not a single line of code more.

I have also heard that arch linux distro is considered very secure. Or maybe tails disro?
What do you think?


#23

Everyone has a Linux distro they like, I’m partial to Debian.

Compiling everything is the way to go as you know all the intricacies of the system.

At a minimum:
Basic Intrusion Prevention:

You should only allow the Tezos port and SSH to operate.

Arch linux is a cutting edge distro and can be secure.


#24

Debian is too much! It is a whole distro.
As long as we are talking about UDOO, i think a minimal kernel and a minimal distro should be available.
A kernel and a distro capable to serve a safe Tezos node, and nothing more.
No unnecessary packages should be included, because whatever unnecessary package exists in the system it may become a security flaw, whenever an update is required for this package.


#25

You are speaking of a custom stack, very nice.
Arch all the way!
2c


#26

I hope the below packages are enough, arent they?
https://www.archlinux.org/packages/?sort=-arch&arch=x86_64&repo=Core&q=&maintainer=&flagged=

Even less than that.

For exampe Tezos in a UDOOx86 plugged in an ethernet rj45 connector doesnt need the following core packages of arch linux :

sdparm 1.10-1 An utility similar to hdparm but for SCSI devices
dosfstools 4.1-1 DOS filesystem utilities
wireless_tools 30.pre9-1 Tools allowing to manipulate the Wireless Extensions
rfkill 0.5-2 Tool for enabling and disabling wireless devices
crda 3.18-1 Central Regulatory Domain Agent for wireless networks
linux-atm 2.5.2-4 Drivers and tools to support ATM networking under Linux.
pcmciautils 018-7 Utilities for inserting and removing PCMCIA cards
pciutils 3.5.5-1 PCI bus configuration space access library and tools
gcc-fortran 7.2.0-3 Fortran front-end for GCC
hdparm 9.52-1 A shell utility for manipulating Linux IDE drive/driver parameters
ppp 2.4.7-4 A daemon which implements the Point-to-Point Protocol for dial-up networking
wpa_supplicant 1:2.6-8 A utility providing key negotiation for WPA wireless networks

Of course we need whatever is required in order for OCAML to work.


#27

Still waiting to see what Tezos settles on officially, but as you are progressing now let me point you in a different direction:

alpinelinux.org Grab the EXTENDED x86_64 version

As you are already thinking in terms of a Tezos only device, Alpine will server you very well!

https://alpinelinux.org/about/

Alpine Linux was designed with security in mind

Alpine uses musl which can be difficult to wrap your head around at first, keep at it, come out the other side knowing how to do some amazing things.

http://www.musl-libc.org/how.html

As soon as Tezos finalizes we will launch an Alpine how to, barring any more hiccups from them that is.


#28

Agree on alpinelinux. It is past my skills to compile my own, but if you look closely at github the alphanet docker image appears to run on alpine linux:


#29

For the alphanet maybe a precompiled distro from alpine linux suits well.
But for the production, I would not trust anything that is precompiled unless we talk about reproducible builds and gitian building.

On a quick search I made I couldnt find support for reproducible builds and gitian building for alpine linux. It is only in their wishlist. Am I wrong on this?

How can we trust a binary if it is not reproducible?


#30

Alpine is a base install you can do whatever you want with it, compile whatever you need.

@cc_tez is just pointing out that Alpine is solid and lightweight does no more or less than one needs.

Tezos is using Docker in part because it is an easy way to get participation, makes sense. In a production environment paranoia is where it is at, everyone has their own poison.


#31

It is paranoia because it is not an ordinary software. It is MONEY. Money has always been the ultimate paranoia. From the dawn of history, everybody has been cautious and paranoid with money.

Furthermore I was thinking whether oCaml programming language suits the best for Tezos protocol needs. I cannot see the reflection property in oCaml. I am confident that the reflection property will be needed. There is another ML language, named reFLect. It is a low level hardware language that claims to support reflection. What do you think about it? Do you have any opinion? Could it be used to programm a node that implements the Tezos protocol, in a low level hardware reflective language?

We are talking about money, money turns everyone paranoid, so formal verification is not only needed in software, but also in hardware. For example, does UDOO hardware support formal verification? If yes what kind of temporal logic does it use? I like CTL or CTL*


What do you all think of the Tezos Septemeber Update?
#32

Are you talking about AES cryptographic algorithm?
The yes: Intel Atom® x5-E8000 Processor

Security & Reliability:

  • Intel® AES New Instructions
  • Secure Key
  • Execute Disable Bit

#33

You are right. A hardware that supports the AES NI instruction set, is the first formaly verified of its kind. Thats a really good step for UDOO.


#34

Hi everyone,
I am taking a stab at launching my node per instructions. I have docker up and running and script downloaded. I am stuck at step 2. Launch a docker container to form a working tezos node. I enter ./alphanet.sh start and get this return

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.32/version: dial unix /var/run/docker.sock: connect: permission denied

I am a newbie to this so missing a critical step is a possibility. I at least would like so guidance as to where start looking.

thx


#35

Try to use command sudo ./alphanet.sh start


#36

Had same problem and it worked for me. Beautiful.