d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4fb2a27fbb271b13817afd3ef71fc8605e7c8c70
proxmox/scripts/secure-validator-keys.sh
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

56 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Secure Validator Key Permissions (W1-19). Run on Proxmox host as root after validator keys are deployed.
# Usage: sudo bash scripts/secure-validator-keys.sh [--dry-run]
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-$0}")" && pwd)"
DRY_RUN=false
[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true
# Colors
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARNING]${NC} $1"; }
if ! command -v pct >/dev/null 2>&1; then
echo "Error: pct command not found. This script must be run on Proxmox host."
exit 1
fi
if [[ $EUID -ne 0 ]] && [[ "$DRY_RUN" != true ]]; then
echo "Error: This script must be run as root (or use --dry-run to preview)"
exit 1
fi
if [[ "$DRY_RUN" == true ]]; then
log_info "DRY-RUN: would secure validator keys in VMIDs 1000-1004 (chmod 600/700, chown besu:besu)"
fi
# Secure keys in validator containers
for vmid in 1000 1001 1002 1003 1004; do
if pct status "$vmid" 2>/dev/null | grep -q running; then
log_info "Securing keys in container $vmid..."
if [[ "$DRY_RUN" == true ]]; then
log_info " [DRY-RUN] would: find /keys/validators -type f -exec chmod 600 {} \\;; chmod 700 dirs; chown -R besu:besu"
else
# Set file permissions to 600 for key files
pct exec "$vmid" -- find /keys/validators -type f \( -name "*.pem" -o -name "*.priv" -o -name "key" \) -exec chmod 600 {} \; 2>/dev/null || true
# Set directory permissions
pct exec "$vmid" -- find /keys/validators -type d -exec chmod 700 {} \; 2>/dev/null || true
# Set ownership to besu:besu
pct exec "$vmid" -- chown -R besu:besu /keys/validators 2>/dev/null || true
fi
log_success "Container $vmid secured"
else
log_warn "Container $vmid is not running, skipping"
fi
done
log_success "Validator key security check complete!"
Reference in New Issue View Git Blame Copy Permalink