Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to run pseudo-airgapped hs-airdrop using Docker #106

Open
pinheadmz opened this issue Mar 11, 2020 · 4 comments
Open

How to run pseudo-airgapped hs-airdrop using Docker #106

pinheadmz opened this issue Mar 11, 2020 · 4 comments

Comments

@pinheadmz
Copy link
Member

SOURCE: #2 (comment)

by: @benjie

Please feel free to add this as a guide to your website if you would like. I do not require attribution.

Originally posted here: #2 (comment)

DISCLAIMER: THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

First, create this Dockerfile in an empty directory:

FROM node

RUN git clone https://github.com/handshake-org/hs-airdrop.git /hs-airdrop
WORKDIR /hs-airdrop
RUN yarn
RUN mkdir -p /root/.hs-tree-data/nonces
RUN curl -Lo /root/.hs-tree-data/tree.bin https://github.com/handshake-org/hs-tree-data/raw/master/tree.bin
RUN curl -Lo /root/.hs-tree-data/faucet.bin https://github.com/handshake-org/hs-tree-data/raw/master/faucet.bin
RUN curl -Lo /root/.hs-tree-data/proof.json https://github.com/handshake-org/hs-tree-data/raw/master/proof.json
RUN curl -Lo /root/.hs-tree-data/nonces/172.bin https://github.com/handshake-org/hs-tree-data/raw/master/nonces/172.bin

In that directory, run the following commands:

mkdir keys
cp ~/.ssh/id_rsa ~/.ssh/id_rsa.pub keys
# Change the password on your SSH key
ssh-keygen -p -f keys/id_rsa

docker build -t hs-airdrop .

docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash

You'll now be running a non-networked container. This is not as secure as it could be if you properly air-gapped, but it's better than nothing. Inside the container you can check there's no network connectivity:

ping 8.8.8.8

Should give an error - so you know there's no internet. Now run the airdrop command:

./bin/hs-airdrop /ssh/id_rsa <YOUR_WALLET_ADDRESS> 0.010

(0.010 is the mining fee recommended by namebase.io)

You'll probably get an error about not being able to fetch the nonce; this is likely because bucket 172 above is incorrect for you. Exit the docker bash shell, edit the Dockerfile above to contain the correct bucket number (in BOTH PLACES on that final line), then run again:

docker build -t hs-airdrop .

docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash

Issue the ./bin/hs-airdrop command again and hopefully this time it will work.
@sj26
Copy link

sj26 commented May 5, 2021

(0.010 is the mining fee recommended by namebase.io)

From https://www.namebase.io/airdrop:

image

@0xdevalias
Copy link

0xdevalias commented May 5, 2021
edited
Loading

Only your master key will be included in the tree (no subkeys). To see whether you're in the tree, you can pass your key fingerprint (short ID, long ID, etc) to the [id] option. Note that you'll need a raw export of your secret key ring in standard PGP packets in order for the airdrop tool to be able to read it. It won't be able to read GnuPG's new database format.

Originally posted by @chjj in #2 (comment)

Edit: I originally shared the snippet above for visibility, and because I thought it may enable people to check if their key exists within the hs-airdrop tree without having to pass their private key to the tool, but on further exploration, I don't believe this is actually the case.

Looking at the usage from running the tool itself, it looks like you still need to provide [key-file] to use [id]:

# ./bin/hs-airdrop  -h

  hs-airdrop (v0.10.0)

  This tool will create the proof necessary to
  collect your faucet reward, airdrop reward, or
  sponsor reward on the Handshake blockchain.

  Usage: $ hs-airdrop [key-file] [id] [addr] [options]
         $ hs-airdrop [key-file] [addr] [options]
         $ hs-airdrop [addr]
         
..snip..

@0xdevalias 0xdevalias mentioned this issue May 5, 2021
Open
@0xdevalias
Copy link

You'll probably get an error about not being able to fetch the nonce; this is likely because bucket 172 above is incorrect for you. Exit the docker bash shell, edit the Dockerfile above to contain the correct bucket number (in BOTH PLACES on that final line), then run again

For those searching/wondering, the error looks something like this:

# ./bin/hs-airdrop /ssh/MYKEY MYWALLET
Passphrase:
Attempting to create proof.
This may take a bit.
Decrypting nonce...
Downloading: https://github.com/handshake-org/hs-tree-data/raw/master/nonces/123.bin...
Error: getaddrinfo EAI_AGAIN github.com
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:69:26)

See the solution in the original post: #106 (comment)

@natevw natevw mentioned this issue May 10, 2021
Open
@fionn
Copy link

fionn commented May 26, 2021

If you don't know what bucket corresponds to your key, create executable get_nonce.sh with content

#!/bin/bash

for i in {000..255}; do
    curl -Lo "/root/.hs-tree-data/nonces/$i.bin" \
    "https://github.com/handshake-org/hs-tree-data/raw/master/nonces/$i.bin"
done

and replace the last line in Dockerfile with

COPY get_nonce.sh get_nonce.sh
RUN ./get_nonce.sh

to download all buckets as a single layer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sj26 @0xdevalias @fionn @pinheadmz