Required tools
KIRA requires the installation of two tools, Cosign and Bash-utils, in order to secure the network and simplify the execution of various tasks.
Cosign
All KIRA Release Files are signed using sigstore cosign tool. Cosign is a digital signature utility that is used to verify the authenticity and integrity of a file. When a file is signed with a digital signature, it provides a way to verify that the file has not been tampered with, and also to verify the identity of the person or entity who signed the file. It is used in Kira to sign and verify the authenticity of data, such as proprietary tools, binaries and scripts.
Bash
Copy
# Assume root permissions
sudo -s
# Install essential dependencies
apt-get install -y wget
# Download Cosign
COSIGN_VERSION="v2.0.0" && \
UBUNTU_AGENT="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" && \
if [[ "$(uname -m)" == *"ar"* ]] ; then ARCH="arm64"; else ARCH="amd64" ; fi && \
cd /tmp && PLATFORM=$(uname) && declare -l FILE="cosign-${PLATFORM}-${ARCH}" && rm -rfv ./$FILE ./${FILE}.sig && \
wget --user-agent="$UBUNTU_AGENT" https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/$FILE -O ./$FILE && \
wget --user-agent="$UBUNTU_AGENT" https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/${FILE}.sig -O ./${FILE}.sig
# If you do NOT have cosign installed already you should check that the "$FILE" has one of the below hashes
# Hashes are only for the 'linux' platform, for other platforms please refer to the github repository
COSIGN_HASH_ARM="8132cb2fb99a4c60ba8e03b079e12462c27073028a5d08c07ecda67284e0c88d" && \
COSIGN_HASH_AMD="169a53594c437d53ffc401b911b7e70d453f5a2c1f96eb2a736f34f6356c4f2b" && \
FILE_HASH=$(sha256sum ./$FILE | awk '{ print $1 }' | xargs || echo -n "") && \
if [ "$FILE_HASH" != "$COSIGN_HASH_ARM" ] && [ "$FILE_HASH" != "$COSIGN_HASH_AMD" ] ; then
echoErr "ERROR: Failed to download cosign tool, expected checksum to be '$COSIGN_HASH_ARM' or '$COSIGN_HASH_AMD', but got '$FILE_HASH'"
exit 1
else
echo "Cosign tool downloaded successfully."
fi
# Save cosign public key
cat > ./sigstore-cosign.pub << EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhyQCx0E9wQWSFI9ULGwy3BuRklnt
IqozONbbdbqz11hlRJy9c7SG+hdcFl9jE9uE/dwtuwU2MqU9T/cN0YkWww==
-----END PUBLIC KEY-----
EOL
# Verify cosign release
cosign verify-blob --key="./sigstore-cosign.pub" --signature="./${FILE}.sig" "./$FILE"
# Move cosign to bin directory
chmod +x -v ./$FILE && mv -fv ./$FILE /usr/local/bin/cosign
# Check cosign version
cosign version
Add KIRA’s public key
Bash
Copy
# Save KIRA public key allowing to verify signed releases
KIRA_COSIGN_PUB=/usr/keys/kira-cosign.pub && mkdir -p /usr/keys && \
cat > $KIRA_COSIGN_PUB << EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/IrzBQYeMwvKa44/DF/HB7XDpnE+
f+mU9F/Qbfq25bBWV2+NlYMJv3KvKHNtu3Jknt6yizZjUV4b8WGfKBzFYw==
-----END PUBLIC KEY-----
EOL
# Add key to env
echo "export KIRA_COSIGN_PUB=\"$KIRA_COSIGN_PUB\"" >> /etc/profile
Bash-utils
Bash-utils is a collection of utility functions and aliases for Bash shell scripts developed specifically for KIRA to streamline and simplify the process of executing tasks within the network. It provides various functions for managing environment variables, displaying information, and handling errors.
The prerequisite to securely install BU is COSIGN tool that will guarantee the integrity of the files. It MUST be installed and KIRA’s public key added before proceeding.
Always source /etc/profile with . /etc/profile when starting a new terminal to use BU.
Bash
Copy
# assume root permissions
sudo -s && . /etc/profile
# Install essential dependencies
apt-get install -y wget
# Define version of BU you want to install
TOOLS_VERSION="v0.3.46"
# Download BU script
if [ -z "$KIRA_COSIGN_PUB" ] ; then
echo "ERROR: KIRA_COSIGN_PUB variable is not set. Please refer to cosign installation to add KIRA's public key path as variable."
exit
fi && \
cd /tmp && FILE_NAME="bash-utils.sh" && rm -rfv ./$FILE_NAME ./${FILE_NAME}.sig && \
UBUNTU_AGENT="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" && \
wget --user-agent="$UBUNTU_AGENT" "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}" -O ./$FILE_NAME && \
wget --user-agent="$UBUNTU_AGENT" "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}.sig" -O ./${FILE_NAME}.sig
# Verify cosign release
cosign verify-blob --key "$KIRA_COSIGN_PUB" --signature "/tmp/${FILE_NAME}.sig" "/tmp/$FILE_NAME" --insecure-ignore-tlog --insecure-ignore-sct
# Install BU
chmod +x ./$FILE_NAME && ./$FILE_NAME bashUtilsSetup && ./etc/profile
# Verify version of BU
bu bashUtilsVersion
Dependencies
Go
Bash
Copy
setGlobEnv GOROOT /usr/local/go && setGlobEnv GOPATH /home/go && setGlobEnv GOBIN /usr/local/go/bin && \
loadGlobEnvs && setGlobPath $GOROOT && setGlobPath $GOPATH && setGlobPath $GOBIN && loadGlobEnvs && \
( go clean -modcache -cache -n || : ) && rm -rfv "$GOROOT" "$GOBIN" "$GOPATH" && GO_VERSION="1.18.2" && \
GO_TAR="go$GO_VERSION.$(getPlatform)-$(getArch).tar.gz" && cd /tmp && safeWget ./$GO_TAR https://dl.google.com/go/$GO_TAR \
"fc4ad28d0501eaa9c9d6190de3888c9d44d8b5fb02183ce4ae93713f67b8a35b,e54bec97a1a5d230fc2f9ad0880fcbabb5888f30ed9666eca4a91c5a32e86cbc" && \
tar -C /usr/local -xf $GO_TAR &>/dev/null && go version
Systemd alternative (requires python2 package)
Systemd is a useful service manager that detects errors or memory overflow in the Sekai node and keeps it keeps it running even after system restarts or power outages.
Bash
Copy
wget https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl.py -O /usr/local/bin/systemctl2 && \
chmod +x /usr/local/bin/systemctl2 && \
systemctl2 --version
Others
Bash
Copy
apt-get install jq
SEKAI installation
Login as admin & load environment variables.
Bash
Copy
sudo -s
Set desired SEKAI release version and binaries repo as env variables within /etc/profile (with bash-utils or manually). Sourcing /etc/profile is necessary.
Bash
Copy
setGlobEnv SEKAI_VERSION "v0.3.20" && \
setGlobEnv SEKAI_REPO "$HOME/sekai" && \
setGlobEnv NETWORK_NAME "test" && \
setGlobEnv SEKAID_HOME "~/.sekaid-$NETWORK_NAME" && \
loadGlobEnvs
Clone repository and install
Bash
Copy
rm -fr $SEKAI_REPO && rm -fr $GOBIN/sekaid && mkdir $SEKAI_REPO && cd $SEKAI_REPO && \
git clone https://github.com/KiraCore/sekai.git -b $SEKAI_VERSION $SEKAI_REPO && \
chmod -R 777 ./scripts && make install && \
echo "SUCCESS installed sekaid $(sekaid version)" || echo "FAILED"
Verify successful installation
Bash
Copy
sekaid version --long
Alternative installation processes
Using Binaries
Bash
Copy
cd /tmp && \
PLATFORM="$(getPlatform)" && \
ARCHITECURE="$(getArch)" && \
BIN_DEST="/usr/local/bin/sekaid" && \
safeWget ./sekaid.deb "https://github.com/KiraCore/sekai/releases/download/$SEKAI_VERSION/sekai-${PLATFORM}-${ARCHITECURE}.deb" \
"$KIRA_COSIGN_PUB" && dpkg-deb -x ./sekaid.deb ./sekaid && cp -fv "sekaid/bin/sekaid" $BIN_DEST && chmod -v 755 $BIN_DEST && \
echoInfo "INFO: Installed bash-utils: " && bashUtilsVersion && \
echoInfo "INFO: Installed sekaid: " && sekaid version
Using Kira Manager
For a detailed KM setup walkthrough, visit testnet.kira.network.
(Testing) Using a Docker base-image release
Erase previous instances (Optional)
Bash
Copy
docker rm -f $(docker ps -a -q) && \
docker image prune -a -f
Load base-image in container
Bash
Copy
IMG_VERSION="v0.13.14"
BASE_NAME="test" && BASE_IMG="ghcr.io/kiracore/docker/base-image:$IMG_VERSION" && \
docker run -i -t -d --privileged --net bridge --name $BASE_NAME --hostname test.local $BASE_IMG /bin/bash
Enter container
Bash
Copy
docker start -i $(timeout 3 docker ps --no-trunc -aqf "name=^${BASE_NAME}$" 2> /dev/null || echo -n "")
Install Sekai
Bash
Copy
rm -fr $SEKAI_REPO && rm -fr $GOBIN/sekaid && mkdir $SEKAI_REPO && cd $SEKAI_REPO && \
git clone https://github.com/KiraCore/sekai.git -b $SEKAI_VERSION $SEKAI_REPO && \
chmod -R 777 ./scripts && make install && \
echo "SUCCESS installed sekaid $(sekaid version)" || echo "FAILED"
Delete container
Bash
Copy
docker rm -f $(timeout 3 docker ps --no-trunc -aqf "name=^${BASE_NAME}$" 2> /dev/null || echo -n "")