-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmanage_validator_keys.sh
executable file
·287 lines (263 loc) · 12.2 KB
/
manage_validator_keys.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
#!/bin/bash
# Dir to install staking-deposit-cli
STAKING_DEPOSIT_CLI_DIR=$HOME
# Path to validator_keys, contains validator_key folder with keystore*.json files
KEYPATH=$STAKING_DEPOSIT_CLI_DIR/staking-deposit-cli/validator_keys
# Initialize variable
OFFLINE_MODE=false
# Base directory with scripts
BASE_DIR=$HOME/git/ethforge
# For testnet
LAUNCHPAD_URL="https://holesky.launchpad.ethstaker.cc"
# Load functions
source $BASE_DIR/functions.sh
function downloadStakingDepositCLI() {
if [ -d $STAKING_DEPOSIT_CLI_DIR/staking-deposit-cli ]; then
ohai "staking-deposit-tool already downloaded."
return
fi
ohai "Installing staking-deposit-tool"
#Install dependencies
sudo apt install jq curl -y
#Setup variables
RELEASE_URL="https://api.github.com/repos/ethereum/staking-deposit-cli/releases/latest"
BINARIES_URL="$(curl -s $RELEASE_URL | jq -r ".assets[] | select(.name) | .browser_download_url" | grep linux-amd64.tar.gz$)"
BINARY_FILE="staking-deposit-cli.tar.gz"
ohai "Downloading URL: $BINARIES_URL"
# Dir to install staking-deposit-cli
cd $STAKING_DEPOSIT_CLI_DIR
# Download binary
wget -O $BINARY_FILE $BINARIES_URL
# Extract archive
tar -xzvf $BINARY_FILE -C $STAKING_DEPOSIT_CLI_DIR
# Cleanup
rm staking-deposit-cli.tar.gz
# Rename
mv staking_deposit-cli*amd64 staking-deposit-cli
cd staking-deposit-cli
}
function generateNewValidatorKeys() {
if network_isConnected; then
if whiptail --title "Offline Key Generation" --defaultno --yesno "$MSG_OFFLINE" 20 78; then
network_down
OFFLINE_MODE=true
ohai "Network is offline mode"
fi
fi
NETWORK="holesky"
if ! whiptail --title "Information on Secret Recovery Phrase Mnemonic" --yesno "$MSG_INTRO" 25 78; then exit; fi
if network_isConnected; then whiptail --title "Warning: Internet Connection Detected" --msgbox "$MSG_INTERNET" 18 78; fi
while true; do
ETHADDRESS=$(whiptail --title "Ethereum Withdrawal Address" --inputbox "$MSG_ETHADDRESS" 15 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
if [ -z $ETHADDRESS ]; then exit; fi #pressed cancel
if [[ "${ETHADDRESS}" =~ ^0x[a-fA-F0-9]{40}$ ]]; then
break
else
whiptail --title "Error" --msgbox "Invalid ETH address. Try again." 8 78
fi
done
cd $STAKING_DEPOSIT_CLI_DIR/staking-deposit-cli
./deposit new-mnemonic --chain $NETWORK --execution_address $ETHADDRESS
if [ $? -eq 0 ]; then
loadKeys
if [ $OFFLINE_MODE == true ]; then
network_up
ohai "Network is online"
fi
else
ohai "Error with staking-deposit-cli. Try again."
exit
fi
}
function importValidatorKeys() {
KEYPATH=$(whiptail --title "Import Validator Keys from Offline Generation or Backup" --inputbox "$MSG_PATH" 16 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
if [ -d "$KEYPATH" ]; then
if whiptail --title "Important Information" --defaultno --yesno "$MSG_IMPORT" 20 78; then
loadKeys
fi
else
ohai "$KEYPATH does not exist. Try again."
exit
fi
}
function addRestoreValidatorKeys() {
if whiptail --title "Offline Key Generation" --defaultno --yesno "$MSG_OFFLINE" 20 78; then
network_down
OFFLINE_MODE=true
ohai "Network is down"
fi
NETWORK="holesky"
if [ -z $NETWORK ]; then exit; fi # pressed cancel
if ! whiptail --title "Information on Secret Recovery Phrase Mnemonic" --yesno "$MSG_INTRO" 25 78; then exit; fi
if network_isConnected; then whiptail --title "Warning: Internet Connection Detected" --msgbox "$MSG_INTERNET" 18 78; fi
while true; do
ETHADDRESS=$(whiptail --title "Ethereum Withdrawal Address" --inputbox "$MSG_ETHADDRESS" 15 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
if [ -z $ETHADDRESS ]; then exit; fi #pressed cancel
if [[ "${ETHADDRESS}" =~ ^0x[a-fA-F0-9]{40}$ ]]; then
break
else
whiptail --title "Error" --msgbox "Invalid ETH address. Try again." 8 78
fi
done
NUMBER_NEW_KEYS=$(whiptail --title "# of New Keys" --inputbox "How many keys to generate?" 8 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
START_INDEX=$(whiptail --title "# of Existing Keys" --inputbox "How many validator keys were previously made? Also known as the starting index." 10 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
whiptail --title "Keystore Password" --msgbox "Reminder to use the same keystore password as existing validators." 10 78
cd $STAKING_DEPOSIT_CLI_DIR/staking-deposit-cli
./deposit existing-mnemonic --chain $NETWORK --execution_address $ETHADDRESS --folder $(dirname $KEYPATH) --validator_start_index $START_INDEX --num_validators $NUMBER_NEW_KEYS
if [ $? -eq 0 ]; then
loadKeys
if [ $OFFLINE_MODE == true ]; then
network_up
ohai "Network is online"
fi
else
ohai "Error with staking-deposit-cli. Try again."
exit
fi
}
# Load validator keys into validator client
function loadKeys() {
getClientVC
ohai "Loading PubKeys into $VC Validator"
sudo systemctl stop validator
ohai "Stopping validator to import keys"
case $VC in
Lighthouse)
sudo lighthouse account validator import \
--network $NETWORK \
--datadir /var/lib/lighthouse \
--directory=$KEYPATH \
--reuse-password
sudo chown -R validator:validator /var/lib/lighthouse/validators
sudo chmod 700 /var/lib/lighthouse/validators
;;
Lodestar)
sudo mkdir -p /var/lib/lodestar/validators
cd /usr/local/bin/lodestar
sudo ./lodestar validator import \
--network $NETWORK \
--dataDir="/var/lib/lodestar/validators" \
--keystore=$KEYPATH
sudo chown -R validator:validator /var/lib/lodestar/validators
sudo chmod 700 /var/lib/lodestar/validators
;;
Teku)
while true; do
# Get keystore password
TEKU_PASS=$(whiptail --title "Teku Keystore Password" --inputbox "Enter your keystore password" 10 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
VERIFY_PASS=$(whiptail --title "Verify Password" --inputbox "Confirm your keystore password" 10 78 --ok-button "Submit" 3>&1 1>&2 2>&3)
if [[ "${TEKU_PASS}" = $VERIFY_PASS ]]; then
ohai "Password is same."
break
else
whiptail --title "Error" --msgbox "Passwords not the same. Try again." 8 78
fi
done
echo $TEKU_PASS >$HOME/validators-password.txt
# Create password file for each keystore
for f in $KEYPATH/keystore*.json; do sudo cp $HOME/validators-password.txt $KEYPATH/$(basename $f .json).txt; done
sudo mkdir -p /var/lib/teku_validator/validator_keys
sudo cp $KEYPATH/keystore* /var/lib/teku_validator/validator_keys
sudo chown -R validator:validator /var/lib/teku_validator
sudo chmod -R 700 /var/lib/teku_validator
rm $HOME/validators-password.txt
;;
Nimbus)
sudo /usr/local/bin/nimbus_beacon_node deposits import \
--data-dir=/var/lib/nimbus_validator $KEYPATH
sudo chown -R validator:validator /var/lib/nimbus_validator
sudo chmod -R 700 /var/lib/nimbus_validator
;;
esac
sudo systemctl start validator
ohai "Starting validator"
#Rename Imported Keys Dir
KEYFOLDER=${KEYPATH}_$(date +%F_%H-%M-%S)
mv $KEYPATH $KEYFOLDER
getLAUNCHPAD_URL
MSG_LAUNCHPAD="1) Visit the Launchpad: $LAUNCHPAD_URL
\n2) Upload your deposit_data-#########.json found in the directory:
\n$KEYFOLDER
\n3) Connect the Launchpad with your wallet, review and accept terms.
\n4) Complete the ETH deposit transaction(s). One transaction for each validator."
#generate listing from api, show output
whiptail --title "Next Steps: Upload Deposit Data File to Launchpad" --msgbox "$MSG_LAUNCHPAD" 19 78
ohai "Finished loading keys. Press enter to continue."
read
promptViewLogs
}
function getClientVC() {
VC=$(cat /etc/systemd/system/validator.service | grep Description= | awk -F'=' '{print $2}' | awk '{print $1}')
}
function promptViewLogs() {
if whiptail --title "Validator Keys Imported - $VC" --yesno "Would you like to view logs and confirm everything is running properly?" 8 78; then
sudo bash -c 'journalctl -fu validator | ccze'
fi
}
function setMessage() {
MSG_INTRO="During this step, your Secret Recovery Phrase (also known as a "mnemonic") and an accompanying set of validator keys will be generated specifically for you. For comprehensive information regarding these keys, please refer to: https://kb.beaconcha.in/ethereum-staking/ethereum-2-keys
\nThe importance of safeguarding both the Secret Recovery Phrase and the validator keys cannot be overstated, as they are essential for accessing your funds. Exposure of these keys may lead to theft. To learn how to securely store them, visit: https://www.ledger.com/blog/how-to-protect-your-seed-phrase
\nFor enhanced security, it is strongly recommended that you create the Wagyu Key Gen (https://wagyu.gg) application on an entirely disconnected offline machine. A viable approach to this includes transferring the application onto a USB stick, connecting it to an isolated offline computer, and running it from there. Afterwards, copy your keys back to this machine and import.
\nContinue?"
MSG_OFFLINE="To ensure maximum security of your secret recovery phrase, it's important to operate this tool in an offline environment.
\nBe certain that your secret recovery phrase remains offline from the internet throughout the process.
\nDisconnecting from the internet might cut off computer access. Ensure you can recover access to this machine or VPS.
\nWould you like to disable the internet while generating keys for enhanced security?"
MSG_INTERNET="Being connected to the internet while using this tool drastically increases the risk of exposing your Secret Recovery Phrase.
\nYou can avoid this risk by having a live OS such as Tails installed on a USB drive and run on a computer with network capabilities disabled.
\nYou can visit https://tails.net/install/ for instructions on how to download, install, and run Tails on a USB device.
\nIf you have any questions you can get help at https://dsc.gg/ethstaker"
MSG_PATH="Enter the path to your keystore files.
\nDirectory contains keystore-m.json file(s).
\nExample: $KEYPATH"
MSG_ETHADDRESS="Ensure that you have control over this address.
\nETH address secured by a hardware wallet is recommended.
\nIn checksum format, enter your Withdrawal Address:"
MSG_IMPORT="Importing validator keys:
\n1) I acknowledge that if migrating from another node, I must wait for at least two finished epochs before proceeding further.
\n2) I acknowledge that if migrating from another node, I have deleted the keys from the previous machine. This ensures that the keys will NOT inadvertently restart and run in two places.
\n3) Lastly, these validator keys are NOT operational on any other machine (such as a cloud hosting service or DVT).
\nContinue?"
}
menuMain() {
# Define the options for the main menu
OPTIONS=(
1 "Generate new validator keys"
2 "Import validator keys from offline key generation or backup"
3 "Add new or regenerate existing validator keys from Secret Recovery Phrase"
- ""
99 "Exit"
)
while true; do
# Display the main menu and get the user's choice
CHOICE=$(whiptail --clear --cancel-button "Back" \
--backtitle "Toolset for ETH" \
--title "ethforge - Validator Key Management" \
--menu "Choose a category:" \
0 42 0 \
"${OPTIONS[@]}" \
3>&1 1>&2 2>&3)
if [ $? -gt 0 ]; then # user pressed <Cancel> button
break
fi
# Handle the user's choice
case $CHOICE in
1)
generateNewValidatorKeys
;;
2)
importValidatorKeys
;;
3)
addRestoreValidatorKeys
;;
99)
break
;;
esac
done
}
setWhiptailColors
setMessage
downloadStakingDepositCLI
menuMain