From 3723ef0501969ffe593371b16c0cea5fc847d3bb Mon Sep 17 00:00:00 2001
From: dappnodedev <diego@dappnode.io>
Date: Mon, 22 Jul 2024 13:31:53 +0200
Subject: [PATCH] Use latest staker pkg scripts

---
 GETTING_STARTED.md         |  6 ++--
 beacon-chain/Dockerfile    | 24 ++++++++------
 beacon-chain/entrypoint.sh | 65 ++++++++++++++++----------------------
 docker-compose.yml         | 15 +++++----
 validator/Dockerfile       | 20 +++++++-----
 validator/entrypoint.sh    | 65 ++++++++++++++++++--------------------
 6 files changed, 95 insertions(+), 100 deletions(-)

diff --git a/GETTING_STARTED.md b/GETTING_STARTED.md
index 7de3580..18ede6c 100644
--- a/GETTING_STARTED.md
+++ b/GETTING_STARTED.md
@@ -1,5 +1,3 @@
-## Welcome to the Holesky Consensus Client Teku
+## Welcome to the Consensus Client Teku
 
-- Your keystores should now be managed in the Web3Signer's [New Staking Brain](http://brain.web3signer-holesky.dappnode/)
-- Don't have the Web3Signer installed yet? It can be manually installed [here](http://my.dappnode/installer/dnp/web3signer-holesky.dnp.dappnode.eth)
-- All Staking Management has a new home in the Comprehensive [StakersUI](http://my.dappnode/stakers/holesky)
+- All Staking Management has a new home in the Comprehensive [StakersUI](http://my.dappnode/stakers/ethereum)
diff --git a/beacon-chain/Dockerfile b/beacon-chain/Dockerfile
index 1720e8c..ea5bbc8 100644
--- a/beacon-chain/Dockerfile
+++ b/beacon-chain/Dockerfile
@@ -4,22 +4,26 @@ FROM consensys/teku:$UPSTREAM_VERSION
 
 ARG NETWORK
 ARG P2P_PORT
+ARG DATA_DIR
 ARG STAKER_SCRIPTS_VERSION
-ARG JWT_SECRET_FILE=/jwtsecret
 
-COPY entrypoint.sh /usr/bin/entrypoint.sh
-COPY jwtsecret.hex ${JWT_SECRET_FILE}
-
-ENV JWT_SECRET_FILE=${JWT_SECRET_FILE} \
-    NETWORK=${NETWORK} \
+ENV JWT_SECRET_FILE=/jwtsecret \
     P2P_PORT=${P2P_PORT} \
-    DATA_DIR=/opt/teku/data \
+    DATA_DIR=${DATA_DIR} \
     STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION}
 
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY jwtsecret.hex ${JWT_SECRET_FILE}
+
 ADD ${STAKER_SCRIPTS_URL}/consensus_tools.sh /etc/profile.d/
 
 USER root
-RUN chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
-USER teku
 
-ENTRYPOINT [ "entrypoint.sh" ]
+RUN apt-get update && apt-get --yes install curl && \
+    chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
+
+# This env changes the variant
+# Placed at the end to regenerate the least amount of layers
+ENV NETWORK=${NETWORK}
+
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
diff --git a/beacon-chain/entrypoint.sh b/beacon-chain/entrypoint.sh
index 62a7339..74d3fb6 100755
--- a/beacon-chain/entrypoint.sh
+++ b/beacon-chain/entrypoint.sh
@@ -2,44 +2,35 @@
 
 SUPPORTED_NETWORKS="gnosis holesky mainnet lukso"
 CHECKPOINT_SYNC_FLAG="--initial-state"
-MEVBOOST_FLAGS="--builder-endpoint"
+MEVBOOST_FLAG_KEYS="--builder-endpoint"
+TEKU_FORMAT_CHECKPOINT_URL="$(echo "${CHECKPOINT_SYNC_URL}" | sed 's:/*$::')/eth/v2/debug/beacon/states/finalized"
 
 # shellcheck disable=SC1091 # Path is relative to the Dockerfile
 . /etc/profile
 
-handle_checkpoint() {
-
-    teku_checkpoint_url="$(echo "${CHECKPOINT_SYNC_URL}" | sed 's:/*$::')/eth/v2/debug/beacon/states/finalized"
-
-    set_checkpointsync_url "${CHECKPOINT_SYNC_FLAG}" "${teku_checkpoint_url}"
-}
-
-run_beacon() {
-    echo "[INFO - entrypoint] Starting beacon node"
-
-    # shellcheck disable=SC2086
-    exec /opt/teku/bin/teku \
-        --network="${NETWORK}" \
-        --data-base-path="${DATA_DIR}" \
-        --ee-endpoint="${ENGINE_API_URL}" \
-        --ee-jwt-secret-file="${JWT_SECRET_FILE}" \
-        --p2p-port="${P2P_PORT}" \
-        --rest-api-cors-origins="*" \
-        --rest-api-interface=0.0.0.0 \
-        --rest-api-port=3500 \
-        --rest-api-host-allowlist "*" \
-        --rest-api-enabled=true \
-        --rest-api-docs-enabled=true \
-        --metrics-enabled=true \
-        --metrics-interface 0.0.0.0 \
-        --metrics-port 8008 \
-        --metrics-host-allowlist "*" \
-        --log-destination=CONSOLE \
-        --validators-proposer-default-fee-recipient="${FEE_RECIPIENT}" ${EXTRA_OPTS}
-}
-
-format_graffiti
-set_beacon_config_by_network "${NETWORK}" "${SUPPORTED_NETWORKS}"
-handle_checkpoint
-set_mevboost_flag "${MEVBOOST_FLAGS}" # MEVBOOST: https://docs.teku.consensys.net/en/latest/HowTo/Builder-Network/
-run_beacon
+ENGINE_URL=$(get_engine_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}")
+VALID_FEE_RECIPIENT=$(get_valid_fee_recipient "${FEE_RECIPIENT}")
+CHECKPOINT_SYNC_FLAG=$(get_checkpoint_sync_flag "${CHECKPOINT_SYNC_FLAG}" "${TEKU_FORMAT_CHECKPOINT_URL}")
+MEVBOOST_FLAG=$(get_mevboost_flag "${NETWORK}" "${MEVBOOST_FLAG_KEYS}")
+
+echo "[INFO - entrypoint] Starting beacon node"
+
+# shellcheck disable=SC2086
+exec /opt/teku/bin/teku \
+    --network="${NETWORK}" \
+    --data-base-path="${DATA_DIR}" \
+    --ee-endpoint="${ENGINE_URL}" \
+    --ee-jwt-secret-file="${JWT_SECRET_FILE}" \
+    --p2p-port="${P2P_PORT}" \
+    --rest-api-cors-origins="*" \
+    --rest-api-interface=0.0.0.0 \
+    --rest-api-port=3500 \
+    --rest-api-host-allowlist "*" \
+    --rest-api-enabled=true \
+    --rest-api-docs-enabled=true \
+    --metrics-enabled=true \
+    --metrics-interface 0.0.0.0 \
+    --metrics-port 8008 \
+    --metrics-host-allowlist "*" \
+    --log-destination=CONSOLE \
+    --validators-proposer-default-fee-recipient="${VALID_FEE_RECIPIENT}" ${CHECKPOINT_SYNC_FLAG} ${MEVBOOST_FLAG} ${EXTRA_OPTS}
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e37277..6a27c2a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,21 +6,24 @@ services:
       args:
         UPSTREAM_VERSION: 24.6.1
         STAKER_SCRIPTS_VERSION: v0.1.0
+        DATA_DIR: /opt/teku/data
     environment:
       CHECKPOINT_SYNC_URL: ""
       FEE_RECIPIENT: ""
       EXTRA_OPTS: ""
       JAVA_OPTS: "-Xmx6g"
     volumes:
-      - "teku-holesky-data:/opt/teku/data"
+      - "teku-data:/opt/teku/data"
     restart: unless-stopped
-    # security_opt:
-    #   - "seccomp:unconfined"
+    security_opt:
+      - "seccomp:unconfined"
   validator:
     build:
       context: validator
       args:
         UPSTREAM_VERSION: 24.6.1
+        STAKER_SCRIPTS_VERSION: v0.1.0
+        DATA_DIR: /opt/teku/data
     environment:
       LOG_LEVEL: INFO
       GRAFFITI: validating_from_DAppNode
@@ -28,7 +31,7 @@ services:
       FEE_RECIPIENT: ""
       JAVA_OPTS: "-Xmx6g"
     restart: unless-stopped
-    # security_opt:
-    #   - "seccomp:unconfined"
+    security_opt:
+      - "seccomp:unconfined"
 volumes:
-  teku-holesky-data: {}
+  teku-data: {}
diff --git a/validator/Dockerfile b/validator/Dockerfile
index eb032a2..7c0c92d 100644
--- a/validator/Dockerfile
+++ b/validator/Dockerfile
@@ -4,26 +4,30 @@ FROM consensys/teku:${UPSTREAM_VERSION}
 
 ARG NETWORK
 ARG STAKER_SCRIPTS_VERSION
-ARG VALIDATOR_API_TOKEN_PATH=/opt/teku/data/validator/key-manager/validator-api-bearer
-ARG TLS_CERT_PATH=/tls/cert
 
 USER root 
 
-COPY /security/validator-api-bearer ${VALIDATOR_API_TOKEN_PATH}
-COPY /security/cert ${TLS_CERT_PATH}
-COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+ENV TLS_CERT_PATH=/tls/cert
 
 ENV DATA_DIR=/opt/teku/data \
     NETWORK=${NETWORK} \
+    VALIDATOR_PORT=3500 \
+    VALIDATOR_API_TOKEN_PATH=/opt/teku/data/validator/key-manager/validator-api-bearer \
     TLS_CERT_FILE_PATH=${TLS_CERT_PATH}/teku_client_keystore.p12 \
     TLS_CERTS_PASS_PATH=${TLS_CERT_PATH}/teku_keystore_password.txt \
-    VALIDATOR_API_TOKEN_PATH=${VALIDATOR_API_TOKEN_PATH} \
     STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION}
 
+COPY /security/validator-api-bearer ${VALIDATOR_API_TOKEN_PATH}
+COPY /security/cert ${TLS_CERT_PATH}
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+
 ADD ${STAKER_SCRIPTS_URL}/consensus_tools.sh /etc/profile.d/
 
-RUN chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
+RUN apt-get update && apt-get install ca-certificates --yes --no-install-recommends && apt-get clean && \
+    chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
 
-RUN apt-get update && apt-get install ca-certificates --yes --no-install-recommends && apt-get clean 
+# This env changes the variant
+# Placed at the end to regenerate the least amount of layers
+ENV NETWORK=${NETWORK}
 
 ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
diff --git a/validator/entrypoint.sh b/validator/entrypoint.sh
index 920dde0..35fd496 100755
--- a/validator/entrypoint.sh
+++ b/validator/entrypoint.sh
@@ -1,46 +1,41 @@
 #!/bin/sh
 
 SUPPORTED_NETWORKS="gnosis holesky mainnet lukso"
-MEVBOOST_FLAG_1="--validators-builder-registration-default-enabled=true"
-MEVBOOST_FLAG_2="--validators-proposer-blinded-blocks-enabled=true"
+# MEVBOOST: https://docs.teku.consensys.net/en/latest/HowTo/Builder-Network/
+MEVBOOST_FLAG_KEYS="--validators-builder-registration-default-enabled=true --validators-proposer-blinded-blocks-enabled=true"
 SKIP_MEVBOOST_URL="true"
 CLIENT="teku"
-VALIDATOR_PORT=3500
 
 # shellcheck disable=SC1091
 . /etc/profile
 
-run_validator() {
-
-  echo "[INFO - entrypoint] Starting validator client"
+VALID_GRAFFITI=$(get_valid_graffiti "${GRAFFITI}")
+VALID_FEE_RECIPIENT=$(get_valid_fee_recipient "${FEE_RECIPIENT}")
+SIGNER_API_URL=$(get_signer_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}")
+BEACON_API_URL=$(get_beacon_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}" "${CLIENT}")
+MEVBOOST_FLAGS=$(get_mevboost_flag "${MEVBOOST_FLAG_KEYS}" "${SKIP_MEVBOOST_URL}")
 
-  # Teku must start with the current env due to JAVA_HOME var
-  # shellcheck disable=SC2086
-  exec /opt/teku/bin/teku \
-    --log-destination=CONSOLE \
-    validator-client \
-    --network="${NETWORK}" \
-    --data-base-path="${DATA_DIR}" \
-    --beacon-node-api-endpoint="${BEACON_API_URL}" \
-    --validators-external-signer-url="${WEB3SIGNER_API_URL}" \
-    --metrics-enabled=true \
-    --metrics-interface 0.0.0.0 \
-    --metrics-port 8008 \
-    --metrics-host-allowlist=* \
-    --validator-api-enabled=true \
-    --validator-api-interface=0.0.0.0 \
-    --validator-api-port="${VALIDATOR_PORT}" \
-    --validator-api-host-allowlist=* \
-    --validators-graffiti="${GRAFFITI}" \
-    --validator-api-keystore-file="${TLS_CERT_FILE_PATH}" \
-    --validator-api-keystore-password-file="${TLS_CERT_PASS_PATH}" \
-    --validators-proposer-default-fee-recipient="${FEE_RECIPIENT}" \
-    --logging="${LOG_LEVEL}" ${EXTRA_OPTS}
-}
+echo "[INFO - entrypoint] Starting validator client"
 
-format_graffiti
-set_validator_config_by_network "${NETWORK}" "${SUPPORTED_NETWORKS}" "${CLIENT}"
-# MEVBOOST: https://docs.teku.consensys.net/en/latest/HowTo/Builder-Network/
-set_mevboost_flag "${MEVBOOST_FLAG_1}" "${SKIP_MEVBOOST_URL}"
-set_mevboost_flag "${MEVBOOST_FLAG_2}" "${SKIP_MEVBOOST_URL}"
-run_validator
+# Teku must start with the current env due to JAVA_HOME var
+# shellcheck disable=SC2086
+exec /opt/teku/bin/teku \
+  --log-destination=CONSOLE \
+  validator-client \
+  --network="${NETWORK}" \
+  --data-base-path="${DATA_DIR}" \
+  --beacon-node-api-endpoint="${BEACON_API_URL}" \
+  --validators-external-signer-url="${SIGNER_API_URL}" \
+  --metrics-enabled=true \
+  --metrics-interface 0.0.0.0 \
+  --metrics-port 8008 \
+  --metrics-host-allowlist=* \
+  --validator-api-enabled=true \
+  --validator-api-interface=0.0.0.0 \
+  --validator-api-port="${VALIDATOR_PORT}" \
+  --validator-api-host-allowlist=* \
+  --validators-graffiti="${VALID_GRAFFITI}" \
+  --validator-api-keystore-file="${TLS_CERT_FILE_PATH}" \
+  --validator-api-keystore-password-file="${TLS_CERT_PASS_PATH}" \
+  --validators-proposer-default-fee-recipient="${VALID_FEE_RECIPIENT}" \
+  --logging="${LOG_LEVEL}" ${MEVBOOST_FLAGS} ${EXTRA_OPTS}