diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..be42f5ed --- /dev/null +++ b/.gitattributes @@ -0,0 +1,39 @@ +# Git attributes for OSVM CLI project +# Ensures clean git archive exports by excluding unnecessary files + +# Exclude development and CI files from archives +.github/ export-ignore +.git* export-ignore +.devcontainer/ export-ignore +.dockerignore export-ignore +.cline_rules export-ignore +*.tmp export-ignore +target/ export-ignore +node_modules/ export-ignore + +# Exclude test and development files +test-deployment.sh export-ignore +comprehensive_test.sh export-ignore +basic_test.sh export-ignore +validate_full_history.sh export-ignore +tunnel-dashboard.py export-ignore +stderr.txt export-ignore +stdout.txt export-ignore + +# Exclude audit and documentation build artifacts +audit_reports/ export-ignore +osvm_audit_report_*.html export-ignore +docs.html export-ignore +index.html export-ignore + +# Exclude vendor directory if present +vendor/ export-ignore + +# Ensure proper line endings +* text=auto +*.sh text eol=lf +*.rs text eol=lf +*.toml text eol=lf +*.md text eol=lf +*.yml text eol=lf +*.yaml text eol=lf \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a24df88..daf65c72 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,9 @@ on: env: CARGO_TERM_COLOR: always RUST_BACKTRACE: 1 + # Centralized maintainer information - can be overridden in repository secrets + OSVM_MAINTAINER_NAME: "OpenSVM" + OSVM_MAINTAINER_EMAIL: "rin@opensvm.com" jobs: build: @@ -80,59 +83,28 @@ jobs: - name: Set up Debian packaging environment run: | sudo apt-get update - sudo apt-get install -y debhelper dh-make devscripts + sudo apt-get install -y debhelper dh-make devscripts dpkg-dev - name: Create Debian package run: | # Get version by stripping 'v' prefix from tag VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//') - WORKDIR=$(pwd) - PKG=osvm-$VERSION - TARBALL="osvm_${VERSION}.orig.tar.gz" - TEMP_TARBALL="temp_${TARBALL}" # Use temporary name to avoid same-file error - # Clean up any old stuff - rm -rf "$PKG" - rm -f "$TARBALL" "$TEMP_TARBALL" - # Prepare source dir - mkdir -p "$PKG" - cp -r src Cargo.toml Cargo.lock README.md LICENSE "$PKG/" - # Pack source tarball with temporary name first - tar czvf "$TEMP_TARBALL" "$PKG" - # Ensure the tarball exists - if [ ! -f "$TEMP_TARBALL" ]; then - echo "Error: $TEMP_TARBALL not found!" - exit 1 - fi - # Move into the package dir - cd "$PKG" - # Set environment variables for dh_make to use correct maintainer info - export DEBFULLNAME="OpenSVM" - export DEBEMAIL="rin@opensvm.com" - # Run dh_make using the temporary tarball - this avoids same-file error - # dh_make will copy the temp tarball to the correct orig.tar.gz location - dh_make -y -s -c apache -e rin@opensvm.com -f "../$TEMP_TARBALL" - # Fix maintainer name in generated files - sed -i 's/Maintainer: unknown/Maintainer: OpenSVM/' debian/control - sed -i 's/ -- unknown/ -- OpenSVM/' debian/changelog - # Build the .deb package from within the package directory where debian/ folder was created - dpkg-buildpackage -us -uc - # Move back to the working dir - cd "$WORKDIR" - # Clean up temporary tarball - rm -f "$TEMP_TARBALL" + cd packaging/debian + ./build-deb.sh "$VERSION" - name: Upload Debian package uses: actions/upload-artifact@v4 with: name: osvm-deb-package - path: ./*.deb + path: packaging/debian/debian-packages/*.deb - name: Deploy to APT repository run: | - # This is a placeholder for the actual APT repository deployment + # TODO: Implement actual APT repository deployment + # This is a placeholder for the actual APR repository deployment # In a real scenario, you would use a service like Launchpad or a custom APT repository echo "Deploying to APT repository..." - # Example: scp ../osvm_*.deb user@apt-repo:/path/to/repo/ + # Example: scp debian-packages/osvm_*.deb user@apt-repo:/path/to/repo/ # Then update the repository index deploy-termux: @@ -151,58 +123,22 @@ jobs: - name: Make binary executable run: chmod +x ./osvm + - name: Set up Termux packaging environment + run: | + sudo apt-get update + sudo apt-get install -y dpkg-dev + - name: Create Termux package structure run: | VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//') - PACKAGE_NAME="osvm" - PACKAGE_DIR="${PACKAGE_NAME}_${VERSION}_aarch64" - - # Create package directory structure - mkdir -p "$PACKAGE_DIR"/data/data/com.termux/files/usr/bin - mkdir -p "$PACKAGE_DIR"/control - - # Copy binary - cp ./osvm "$PACKAGE_DIR"/data/data/com.termux/files/usr/bin/ - - # Create control file - cat > "$PACKAGE_DIR"/control/control << EOF - Package: $PACKAGE_NAME - Version: $VERSION - Architecture: aarch64 - Maintainer: OpenSVM - Description: OpenSVM CLI tool for managing SVM nodes and deployments - Homepage: https://github.com/${{ github.repository }} - Section: utils - Priority: optional - Depends: rust - EOF - - # Create prerm script to handle cleanup - cat > "$PACKAGE_DIR"/control/prerm << 'EOF' - #!/bin/sh - # Clean up any cached data - rm -rf "$HOME/.osvm" 2>/dev/null || true - EOF - chmod +x "$PACKAGE_DIR"/control/prerm - - # Create postinst script - cat > "$PACKAGE_DIR"/control/postinst << 'EOF' - #!/bin/sh - # Ensure binary is executable - chmod +x "$PREFIX/bin/osvm" 2>/dev/null || true - echo "OpenSVM CLI installed successfully!" - echo "Run 'osvm --help' to get started." - EOF - chmod +x "$PACKAGE_DIR"/control/postinst - - # Create the .deb package for Termux - dpkg-deb --build "$PACKAGE_DIR" + cd packaging/termux + ./build-termux.sh "$VERSION" aarch64 - name: Upload Termux package uses: actions/upload-artifact@v4 with: name: osvm-termux-package - path: ./*.deb + path: packaging/termux/*.deb deploy-archlinux: name: Deploy ArchLinux Package @@ -214,86 +150,26 @@ jobs: - name: Create ArchLinux PKGBUILD run: | VERSION=$(echo ${{ github.ref_name }} | sed 's/^v//') - SHA=$(curl -sL https://github.com/${{ github.repository }}/archive/${{ github.ref_name }}.tar.gz | shasum -a 256 | cut -d ' ' -f 1) - - cat > PKGBUILD << EOF - # Maintainer: OpenSVM - pkgname=osvm - pkgver=${VERSION} - pkgrel=1 - pkgdesc="OpenSVM CLI tool for managing SVM nodes and deployments" - arch=('x86_64' 'aarch64') - url="https://github.com/${{ github.repository }}" - license=('MIT') - depends=('glibc') - makedepends=('rust' 'cargo' 'pkg-config' 'openssl' 'libudev0-shim') - source=("\${pkgname}-\${pkgver}.tar.gz::https://github.com/${{ github.repository }}/archive/${{ github.ref_name }}.tar.gz") - sha256sums=('${SHA}') - - prepare() { - cd "\${pkgname}-cli-\${pkgver}" - } - - build() { - cd "\${pkgname}-cli-\${pkgver}" - export RUSTUP_TOOLCHAIN=stable - export CARGO_TARGET_DIR=target - cargo build --release --locked - } - - check() { - cd "\${pkgname}-cli-\${pkgver}" - export RUSTUP_TOOLCHAIN=stable - # Skip tests that require network access or specific hardware - cargo test --release --locked || true - } - - package() { - cd "\${pkgname}-cli-\${pkgver}" - install -Dm0755 -t "\${pkgdir}/usr/bin/" "target/release/\${pkgname}" - install -Dm0644 LICENSE "\${pkgdir}/usr/share/licenses/\${pkgname}/LICENSE" - install -Dm0644 README.md "\${pkgdir}/usr/share/doc/\${pkgname}/README.md" - } - EOF - - # Create .SRCINFO file for AUR - cat > .SRCINFO << EOF - pkgbase = osvm - pkgdesc = OpenSVM CLI tool for managing SVM nodes and deployments - pkgver = ${VERSION} - pkgrel = 1 - url = https://github.com/${{ github.repository }} - arch = x86_64 - arch = aarch64 - license = MIT - makedepends = rust - makedepends = cargo - makedepends = pkg-config - makedepends = openssl - makedepends = libudev0-shim - depends = glibc - source = osvm-${VERSION}.tar.gz::https://github.com/${{ github.repository }}/archive/${{ github.ref_name }}.tar.gz - sha256sums = ${SHA} - - pkgname = osvm - EOF + cd packaging/archlinux + ./build-arch.sh "$VERSION" - name: Upload ArchLinux package files uses: actions/upload-artifact@v4 with: name: osvm-archlinux-package path: | - ./PKGBUILD - ./.SRCINFO + packaging/archlinux/PKGBUILD + packaging/archlinux/.SRCINFO - name: Submit to AUR (placeholder) run: | + # TODO: Implement actual AUR submission # This is a placeholder for the actual AUR submission # In a real scenario, you would clone the AUR repository and update the PKGBUILD echo "Submitting to AUR..." # Example steps: # git clone ssh://aur@aur.archlinux.org/osvm.git - # cp PKGBUILD .SRCINFO osvm/ + # cp packaging/archlinux/PKGBUILD packaging/archlinux/.SRCINFO osvm/ # cd osvm && git add . && git commit -m "Update to ${VERSION}" && git push deploy-homebrew: @@ -340,6 +216,7 @@ jobs: - name: Submit to Homebrew run: | + # TODO: Implement actual Homebrew submission # This is a placeholder for the actual Homebrew submission # In a real scenario, you would create a PR to homebrew-core or a custom tap echo "Submitting to Homebrew..." diff --git a/.gitignore b/.gitignore index 897f1272..c1c873ad 100644 --- a/.gitignore +++ b/.gitignore @@ -68,3 +68,15 @@ sonic-*.log eclipse-*.log osvm-*.log audit_reports/ + +# Packaging artifacts and test files +*.deb +*.tar.gz +osvm-*/ +osvm_*/ +temp_*.tar.gz +debian-packages/ +packaging/archlinux/.SRCINFO +packaging/termux/osvm_* +packaging/debian/osvm-* +packaging/debian/debian-packages/ diff --git a/osvm_audit_report_20250801_233321.html b/osvm_audit_report_20250801_233321.html deleted file mode 100644 index 05a0147f..00000000 --- a/osvm_audit_report_20250801_233321.html +++ /dev/null @@ -1,566 +0,0 @@ - - - - - - OSVM Security Audit Report - - - -
-
- -
Security Audit Report
-
- 🏠 Home - 📚 Documentation - GitHub -
-
-
- -
-
-
-

OSVM Security Audit Report

-

Generated: 2025-08-01 23:33:21 UTC

-

Version: 0.4.5

-
- Security Score: 75/100 -
-

Compliance Level: Moderate

-
- -
-
-
6
-
Total Findings
-
-
-
1
-
Critical
-
-
-
2
-
High
-
-
-
3
-
Medium
-
-
- - -
- ⚠️ Warning: This audit identified 3 critical or high severity findings that require immediate attention. -
- - -

System Information

- - - - - - -
ComponentVersion
Rustrustc 1.87.0 (example)
Solanasolana-cli 2.2.7 (example)
OSLinux x86_64
Architecturex86_64
- -

Security Findings

- -

Account Validation (1 findings)

- - -
-
-

Program Derived Address (PDA) verification bypass vulnerability

-
- OSVM-SOL-002 - High -
-
- -

Description: High-severity vulnerability in PDA handling: The program accepts arbitrary accounts as PDAs without verifying they were derived using the correct seeds and program ID. This bypasses the fundamental security guarantee of PDAs and allows attackers to provide malicious accounts that can be used to manipulate program state or drain funds.

-

Impact: Attackers can substitute legitimate PDAs with malicious accounts, potentially leading to: unauthorized state modifications, fund drainage from escrow accounts, bypass of access controls, and manipulation of program logic that depends on PDA integrity.

-

Recommendation: Implement comprehensive PDA validation: 1) Always call find_program_address() to verify PDA derivation, 2) Compare derived PDA with provided account address, 3) Validate all seeds used in derivation, 4) Use Anchor's seeds constraint for automatic validation, 5) Add extensive testing for PDA edge cases.

- - -

- CWE ID: CWE-345 - CVSS Score: 8.199999809265137 -

- - - -

Code Location: /home/runner/work/solana-program/src/state/escrow.rs:L156-L178

- - - -

References:

- - -
- - -

Authentication & Authorization (1 findings)

- - -
-
-

Missing signer validation in Solana program instruction handler

-
- OSVM-SOL-001 - Critical -
-
- -

Description: Critical security vulnerability: Program instruction handler accepts accounts without validating required signers. This allows unauthorized users to execute privileged operations by providing any account as a signer. The vulnerability occurs in the instruction processing logic where account.is_signer is not properly checked before performing sensitive operations like token transfers or account modifications.

-

Impact: Complete compromise of access control - unauthorized users can execute any privileged operation, leading to potential theft of funds, unauthorized account modifications, and complete program compromise.

-

Recommendation: Implement mandatory signer validation: 1) Add explicit is_signer checks for all authority accounts, 2) Use Anchor's Signer<'info> type for automatic validation, 3) Validate that the signer's public key matches expected authorities, 4) Add comprehensive unit tests for all authorization paths.

- - -

- CWE ID: CWE-862 - CVSS Score: 9.100000381469727 -

- - - -

Code Location: /home/runner/work/solana-program/src/instruction/mod.rs:L44-L67

- - - -

References:

- - -
- - -

Dependency Management (1 findings)

- - -
-
-

Outdated dependency versions detected with known security advisories

-
- OSVM-INFO-001 - Low -
-
- -

Description: Several project dependencies are using outdated versions that have known security vulnerabilities or performance issues. While not immediately exploitable in the current context, these outdated dependencies represent potential attack vectors and should be updated to maintain security best practices and benefit from bug fixes.

-

Impact: Potential future security risks: exposure to known vulnerabilities as attack surface evolves, missing security patches and performance improvements, compatibility issues with ecosystem updates, and increased maintenance burden.

-

Recommendation: Update dependency management: 1) Run cargo audit to identify vulnerable dependencies, 2) Update to latest stable versions where possible, 3) Implement automated dependency checking in CI/CD pipeline, 4) Subscribe to security advisories for critical dependencies, 5) Regular dependency review and update cycles.

- - -

- CWE ID: CWE-1104 - CVSS Score: 3.0999999046325684 -

- - - -

Code Location: /home/runner/work/solana-program/Cargo.toml:L23-L45

- - - -

References:

- - -
- - -

Network Security (1 findings)

- - -
-
-

Insecure RPC endpoint configuration exposes application to network attacks

-
- OSVM-RPC-001 - Medium -
-
- -

Description: The application is configured to use public, potentially insecure RPC endpoints for Solana network communication. This configuration includes unencrypted HTTP connections and public RPC providers that may have rate limiting, reliability issues, or could be compromised. The lack of RPC endpoint validation and fallback mechanisms creates single points of failure.

-

Impact: Network security risks including: exposure to man-in-the-middle attacks on RPC calls, potential censorship or manipulation of blockchain data, service disruption due to rate limiting or unreliable public endpoints, and privacy leaks through request monitoring.

-

Recommendation: Secure RPC configuration: 1) Use HTTPS endpoints exclusively, 2) Implement multiple RPC endpoint fallbacks, 3) Consider dedicated/private RPC providers for production, 4) Add RPC response validation and integrity checks, 5) Implement proper error handling and retry logic for RPC failures.

- - -

- CWE ID: CWE-319 - CVSS Score: 5.300000190734863 -

- - - -

Code Location: /home/runner/work/solana-app/src/config/network.rs:L45-L52

- - - -

References:

- - -
- - -

Token Security (1 findings)

- - -
-
-

SPL Token authority validation completely missing in transfer operations

-
- OSVM-SOL-003 - High -
-
- -

Description: Critical security flaw in token operations: The program performs SPL token transfers and other operations without validating that the transaction signer has the necessary authority over the token accounts. This creates a complete bypass of token ownership controls, allowing any user to transfer tokens from any account.

-

Impact: Complete token security compromise: Any user can transfer tokens from any account, drain token vaults, manipulate token supplies, and perform unauthorized token operations, resulting in direct financial losses for all token holders.

-

Recommendation: Implement robust token authority validation: 1) Verify token account ownership before transfers, 2) Check delegate permissions for delegated operations, 3) Validate mint authority for minting operations, 4) Use SPL Token program's built-in authority checks, 5) Implement comprehensive integration tests with various token account configurations.

- - -

- CWE ID: CWE-862 - CVSS Score: 8.5 -

- - - -

Code Location: /home/runner/work/solana-program/src/instructions/token_transfer.rs:L89-L112

- - - -

References:

- - -
- - -

Trading Security (1 findings)

- - -
-
-

MEV vulnerabilities in DEX operations - missing slippage and deadline protection

-
- OSVM-DEX-001 - Medium -
-
- -

Description: Trading operations lack essential MEV (Maximal Extractable Value) protection mechanisms. The current implementation does not enforce slippage limits or transaction deadlines, making trades vulnerable to front-running, sandwich attacks, and other MEV exploitation strategies. This particularly affects AMM interactions and large trades that can significantly impact token prices.

-

Impact: Financial losses due to MEV attacks: Users experience unexpected slippage, reduced trade value from sandwich attacks, failed transactions due to stale pricing, and overall degraded trading experience with potential significant financial impact on large trades.

-

Recommendation: Implement comprehensive MEV protection: 1) Add configurable slippage tolerance checks, 2) Implement transaction deadlines with proper timestamp validation, 3) Consider using private mempools or MEV protection services, 4) Add price impact warnings for large trades, 5) Implement trade size limits to reduce MEV attractiveness.

- - -

- CWE ID: CWE-841 - CVSS Score: 6.099999904632568 -

- - - -

Code Location: /home/runner/work/solana-dex/src/amm/swap.rs:L234-L267

- - - -

References:

- - -
- - - -

Security Recommendations

-
    - -
  1. Implement regular security audits
    2. - -
  2. Keep dependencies up to date
    3. - -
  3. Follow security best practices
    4. - -
  4. Implement proper Solana account validation
    5. - -
  5. Use secure RPC endpoints and MEV protection
    6. - -
  6. Follow Solana security guidelines and best practices
    7. - -
- -

Compliance Notes

-
    - -
  • This audit follows industry security standards
    • - -
  • Findings are categorized using CWE framework
    • - -
  • Solana-specific security checks included
    • - -
  • Critical Solana vulnerabilities require immediate attention
    • - -
- -

Audit Statistics

- - - - - - - - -
MetricValue
Total Findings6
Findings with CWE6
Findings with CVSS6
Unique Categories6
Average CVSS Score6.7
Coverage Percentage100%
- -
-

Generated by OSVM Security Audit System

-

End of Report

-
-
-
- - \ No newline at end of file diff --git a/packaging/README.md b/packaging/README.md index fceaf4fd..3b163c13 100644 --- a/packaging/README.md +++ b/packaging/README.md @@ -2,6 +2,20 @@ This directory contains packaging scripts and configuration for building OSVM CLI packages for different platforms. +## Configuration + +All packaging scripts use centralized configuration from `config.sh`. This allows easy customization of maintainer information and other settings. + +### Environment Variables + +You can override packaging configuration using environment variables: + +- `OSVM_MAINTAINER_NAME`: Package maintainer name (default: "OpenSVM") +- `OSVM_MAINTAINER_EMAIL`: Package maintainer email (default: "rin@opensvm.com") +- `OSVM_PROJECT_URL`: Project homepage URL +- `OSVM_DESCRIPTION_SHORT`: Short package description +- `OSVM_DESCRIPTION_LONG`: Detailed package description + ## Available Packaging Formats ### Debian/Ubuntu (.deb) @@ -50,8 +64,17 @@ cd packaging/termux The script will: - Build a Termux-compatible .deb package -- Set up proper Termux directory structure -- Include install/remove scripts +- Set up proper Termux directory structure (`/data/data/com.termux/files/usr/`) +- Include install/remove scripts with proper absolute paths +- Support multiple architectures (default: aarch64) + +**Multi-architecture support:** +- Default: `aarch64` (ARM64 for modern Android devices) +- Other supported: `arm`, `x86_64`, `i686` (specify as second parameter) + +**Dependencies:** +- Requires `dpkg-dev` for package building +- Binary must be pre-compiled for the target architecture ## Automated Building @@ -59,13 +82,40 @@ All packaging formats are automatically built and uploaded as artifacts when cre See `.github/workflows/release.yml` for the CI/CD configuration. +### CI/CD Environment Variables + +The CI pipeline uses the following environment variables for maintainer information: +- `OSVM_MAINTAINER_NAME`: Defaults to "OpenSVM" +- `OSVM_MAINTAINER_EMAIL`: Defaults to "rin@opensvm.com" + +These can be overridden by setting repository secrets with the same names. + +## Security and Best Practices + +### Maintainer Information +- Maintainer details are centralized in `config.sh` for security and maintainability +- Use environment variables or repository secrets to override defaults in CI/CD +- Avoid hardcoding email addresses in scripts to prevent spam + +### Package Security +- All packages include proper file permissions and ownership +- Termux packages use absolute paths to prevent path injection +- Debian packages follow FHS (Filesystem Hierarchy Standard) +- ArchLinux packages include proper checksums and validation + +### Build Artifacts +- .deb files are placed in dedicated directories for reliable CI artifact collection +- Source tarballs exclude development files via `.gitattributes` +- SHA256 checksums are validated before use in package metadata + ## Notes -- Debian packaging uses dh_make and dpkg-buildpackage -- ArchLinux packaging follows AUR standards -- Termux packaging creates Android-compatible packages -- All packages set maintainer to "OpenSVM " +- Debian packaging uses dh_make and dpkg-buildpackage with proper error handling +- ArchLinux packaging follows AUR standards with SHA256 validation +- Termux packaging creates Android-compatible packages with absolute paths +- All packages use centralized maintainer configuration for consistency - Dependencies are automatically determined where possible +- Network-dependent tests are skipped during package builds for reliability ## Testing Packages diff --git a/packaging/archlinux/PKGBUILD b/packaging/archlinux/PKGBUILD index 1045e16b..bfa791d7 100644 --- a/packaging/archlinux/PKGBUILD +++ b/packaging/archlinux/PKGBUILD @@ -1,6 +1,6 @@ # Maintainer: OpenSVM pkgname=osvm -pkgver=0.8.2 +pkgver=0.8.2-test pkgrel=1 pkgdesc="OpenSVM CLI tool for managing SVM nodes and deployments" arch=('x86_64' 'aarch64') @@ -9,7 +9,7 @@ license=('MIT') depends=('glibc') makedepends=('rust' 'cargo' 'pkg-config' 'openssl' 'systemd-libs') source=("${pkgname}-${pkgver}.tar.gz::https://github.com/openSVM/osvm-cli/archive/v${pkgver}.tar.gz") -sha256sums=('SKIP') # This should be updated with the actual SHA256 +sha256sums=('eaec5c0679db60874389d00acd89c000f41e8d928cf2cd6aa860df2b089ff802') prepare() { cd "${pkgname}-cli-${pkgver}" @@ -34,4 +34,4 @@ package() { install -Dm0755 -t "${pkgdir}/usr/bin/" "target/release/${pkgname}" install -Dm0644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" install -Dm0644 README.md "${pkgdir}/usr/share/doc/${pkgname}/README.md" -} \ No newline at end of file +} diff --git a/packaging/archlinux/build-arch.sh b/packaging/archlinux/build-arch.sh index 72d653b1..a5def9d5 100755 --- a/packaging/archlinux/build-arch.sh +++ b/packaging/archlinux/build-arch.sh @@ -4,6 +4,10 @@ set -e +# Source packaging configuration +SCRIPT_DIR="$(dirname "$0")" +source "$SCRIPT_DIR/../config.sh" + # Get version from command line or git tag VERSION="${1:-$(git describe --tags --abbrev=0 | sed 's/^v//')}" @@ -16,8 +20,23 @@ cd "$(dirname "$0")/../.." SOURCE_NAME="osvm-${VERSION}.tar.gz" git archive --format=tar.gz --prefix="osvm-cli-${VERSION}/" HEAD > "$SOURCE_NAME" -# Calculate SHA256 -SHA256=$(sha256sum "$SOURCE_NAME" | cut -d ' ' -f 1) +# Verify the tarball was created successfully +if [ ! -f "$SOURCE_NAME" ]; then + echo "Error: Failed to create source tarball $SOURCE_NAME" + exit 1 +fi + +# Calculate SHA256 with error checking +if ! SHA256=$(sha256sum "$SOURCE_NAME" 2>/dev/null | cut -d ' ' -f 1); then + echo "Error: Failed to calculate SHA256 for $SOURCE_NAME" + exit 1 +fi + +# Verify SHA256 is not empty +if [ -z "$SHA256" ]; then + echo "Error: SHA256 calculation resulted in empty value" + exit 1 +fi # Update PKGBUILD with current version and SHA sed -i "s/pkgver=.*/pkgver=${VERSION}/" packaging/archlinux/PKGBUILD @@ -42,4 +61,4 @@ echo "" echo "To submit to AUR:" echo " 1. Clone AUR repo: git clone ssh://aur@aur.archlinux.org/osvm.git" echo " 2. Copy files: cp PKGBUILD .SRCINFO osvm/" -echo " 3. Commit and push: cd osvm && git add . && git commit -m 'Update to $VERSION' && git push" \ No newline at end of file +echo " 3. Commit and push: cd osvm && git add . && git commit -m 'Update to $VERSION' && git push" diff --git a/packaging/config.sh b/packaging/config.sh new file mode 100644 index 00000000..7c1d70f4 --- /dev/null +++ b/packaging/config.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Configuration for OSVM CLI packaging +# This centralizes maintainer information and other packaging constants + +# Maintainer information (can be overridden by environment variables) +OSVM_MAINTAINER_NAME="${OSVM_MAINTAINER_NAME:-OpenSVM}" +OSVM_MAINTAINER_EMAIL="${OSVM_MAINTAINER_EMAIL:-rin@opensvm.com}" + +# Project information +OSVM_PROJECT_URL="${OSVM_PROJECT_URL:-https://github.com/openSVM/osvm-cli}" +OSVM_DESCRIPTION_SHORT="OpenSVM CLI tool for managing SVM nodes and deployments" +OSVM_DESCRIPTION_LONG="OSVM CLI is a comprehensive tool for managing Solana Virtual Machine (SVM) nodes and deployments. It provides functionality for node deployment, SVM blockchain interactions, audit capabilities, and SSH-based deployment automation." + +# Export variables for use in scripts +export OSVM_MAINTAINER_NAME +export OSVM_MAINTAINER_EMAIL +export OSVM_PROJECT_URL +export OSVM_DESCRIPTION_SHORT +export OSVM_DESCRIPTION_LONG \ No newline at end of file diff --git a/packaging/debian/build-deb.sh b/packaging/debian/build-deb.sh index 4786a4e2..fb73b103 100755 --- a/packaging/debian/build-deb.sh +++ b/packaging/debian/build-deb.sh @@ -4,6 +4,10 @@ set -e +# Source packaging configuration +SCRIPT_DIR="$(dirname "$0")" +source "$SCRIPT_DIR/../config.sh" + # Get version from command line or git tag VERSION="${1:-$(git describe --tags --abbrev=0 | sed 's/^v//')}" WORKDIR=$(pwd) @@ -37,37 +41,32 @@ fi cd "$PKG" # Set environment variables for dh_make to use correct maintainer info -export DEBFULLNAME="OpenSVM" -export DEBEMAIL="rin@opensvm.com" +export DEBFULLNAME="$OSVM_MAINTAINER_NAME" +export DEBEMAIL="$OSVM_MAINTAINER_EMAIL" # Run dh_make using the temporary tarball - this avoids same-file error # dh_make will copy the temp tarball to the correct orig.tar.gz location -dh_make -y -s -c apache -e rin@opensvm.com -f "../$TEMP_TARBALL" +dh_make -y -s -c apache -e "$OSVM_MAINTAINER_EMAIL" -f "../$TEMP_TARBALL" # Fix maintainer name in generated files (dh_make sometimes ignores DEBFULLNAME) -sed -i 's/Maintainer: unknown/Maintainer: OpenSVM/' debian/control -sed -i 's/ -- unknown/ -- OpenSVM/' debian/changelog +sed -i "s/Maintainer: unknown/Maintainer: $OSVM_MAINTAINER_NAME/" debian/control +sed -i "s/ -- unknown/ -- $OSVM_MAINTAINER_NAME/" debian/changelog # Customize the debian/control file for better dependencies -cat > debian/control << 'EOF' +cat > debian/control << EOF Source: osvm Section: utils Priority: optional -Maintainer: OpenSVM +Maintainer: $OSVM_MAINTAINER_NAME <$OSVM_MAINTAINER_EMAIL> Build-Depends: debhelper (>= 10), cargo, rustc, pkg-config, libssl-dev, libudev-dev, libusb-1.0-0-dev Standards-Version: 4.1.3 -Homepage: https://github.com/openSVM/osvm-cli +Homepage: $OSVM_PROJECT_URL Package: osvm Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Description: OpenSVM CLI tool for managing SVM nodes and deployments - OSVM CLI is a comprehensive tool for managing Solana Virtual Machine (SVM) - nodes and deployments. It provides functionality for: - - Node deployment and management - - SVM blockchain interactions - - Audit capabilities - - SSH-based deployment automation +Depends: \${shlibs:Depends}, \${misc:Depends} +Description: $OSVM_DESCRIPTION_SHORT + $OSVM_DESCRIPTION_LONG . This tool is designed to simplify the process of working with SVM-based blockchain networks including Solana, Sonic, and other compatible chains. @@ -108,9 +107,21 @@ dpkg-buildpackage -us -uc # Move back to the working directory cd "$WORKDIR" +# Create a dedicated output directory for .deb files +mkdir -p debian-packages + +# Move .deb files to a known location for reliable artifact upload +if ls ../*.deb 1> /dev/null 2>&1; then + mv ../*.deb debian-packages/ + echo "Moved .deb files to debian-packages/ directory" +else + echo "Error: No .deb files found after build" + exit 1 +fi + # Clean up temporary tarball rm -f "$TEMP_TARBALL" echo "Debian package built successfully!" -echo "Package files are in the current directory:" -ls -la *.deb 2>/dev/null || echo "No .deb files found in current directory, check parent directory" \ No newline at end of file +echo "Package files are in debian-packages/ directory:" +ls -la debian-packages/*.deb diff --git a/packaging/termux/build-termux.sh b/packaging/termux/build-termux.sh index f6e8fecf..74157477 100755 --- a/packaging/termux/build-termux.sh +++ b/packaging/termux/build-termux.sh @@ -4,6 +4,10 @@ set -e +# Source packaging configuration +SCRIPT_DIR="$(dirname "$0")" +source "$SCRIPT_DIR/../config.sh" + # Get version and architecture from command line or defaults VERSION="${1:-$(git describe --tags --abbrev=0 | sed 's/^v//')}" ARCH="${2:-aarch64}" @@ -23,23 +27,20 @@ PACKAGE_DIR="${PACKAGE_NAME}_${VERSION}_${ARCH}" rm -rf "$PACKAGE_DIR" mkdir -p "$PACKAGE_DIR"/data/data/com.termux/files/usr/bin -mkdir -p "$PACKAGE_DIR"/control +mkdir -p "$PACKAGE_DIR"/DEBIAN # Copy binary cp target/release/osvm "$PACKAGE_DIR"/data/data/com.termux/files/usr/bin/ # Create control file -cat > "$PACKAGE_DIR"/control/control << EOF +cat > "$PACKAGE_DIR"/DEBIAN/control << EOF Package: $PACKAGE_NAME Version: $VERSION Architecture: $ARCH -Maintainer: OpenSVM -Description: OpenSVM CLI tool for managing SVM nodes and deployments - OSVM CLI is a comprehensive tool for managing Solana Virtual Machine (SVM) - nodes and deployments. It provides functionality for node deployment, - SVM blockchain interactions, audit capabilities, and SSH-based deployment - automation. -Homepage: https://github.com/openSVM/osvm-cli +Maintainer: $OSVM_MAINTAINER_NAME <$OSVM_MAINTAINER_EMAIL> +Description: $OSVM_DESCRIPTION_SHORT + $OSVM_DESCRIPTION_LONG +Homepage: $OSVM_PROJECT_URL Section: utils Priority: optional Depends: rust @@ -47,34 +48,34 @@ Installed-Size: $(du -k "$PACKAGE_DIR"/data | tail -1 | cut -f1) EOF # Create prerm script to handle cleanup -cat > "$PACKAGE_DIR"/control/prerm << 'EOF' +cat > "$PACKAGE_DIR"/DEBIAN/prerm << 'EOF' #!/bin/sh # Clean up any cached data rm -rf "$HOME/.osvm" 2>/dev/null || true exit 0 EOF -chmod +x "$PACKAGE_DIR"/control/prerm +chmod +x "$PACKAGE_DIR"/DEBIAN/prerm # Create postinst script -cat > "$PACKAGE_DIR"/control/postinst << 'EOF' +cat > "$PACKAGE_DIR"/DEBIAN/postinst << 'EOF' #!/bin/sh # Ensure binary is executable -chmod +x "$PREFIX/bin/osvm" 2>/dev/null || true +chmod +x "/data/data/com.termux/files/usr/bin/osvm" 2>/dev/null || true echo "OpenSVM CLI installed successfully!" echo "Run 'osvm --help' to get started." exit 0 EOF -chmod +x "$PACKAGE_DIR"/control/postinst +chmod +x "$PACKAGE_DIR"/DEBIAN/postinst # Create postrm script -cat > "$PACKAGE_DIR"/control/postrm << 'EOF' +cat > "$PACKAGE_DIR"/DEBIAN/postrm << 'EOF' #!/bin/sh # Clean up after removal echo "OpenSVM CLI has been removed." echo "Configuration files in ~/.osvm have been preserved." exit 0 EOF -chmod +x "$PACKAGE_DIR"/control/postrm +chmod +x "$PACKAGE_DIR"/DEBIAN/postrm # Create the .deb package for Termux echo "Building package..." @@ -86,4 +87,4 @@ echo "" echo "To install on Termux:" echo " 1. Transfer the .deb file to your Termux environment" echo " 2. Run: dpkg -i ${PACKAGE_DIR}.deb" -echo " 3. Or use: apt install ./${PACKAGE_DIR}.deb" \ No newline at end of file +echo " 3. Or use: apt install ./${PACKAGE_DIR}.deb"