Installation
Installation
- Linux/Ubuntu
- Mac
Linux/ubuntu
Required Tools
KIRA requires the installation of two tools, Cosign and Bash-utils, in order to secure the network and simplify the execution of various tasks.
Cosign
https://github.com/sigstore/cosign
All KIRA Release Files are signed using sigstore cosign tool. Cosign is a digital signature utility that is used to verify the authenticity and integrity of a file. When a file is signed with a digital signature, it provides a way to verify that the file has not been tampered with, and also to verify the identity of the person or entity who signed the file. It is used in Kira to sign and verify the authenticity of data, such as proprietary tools, binaries and scripts.
# Assume root permissions
sudo -s
# Install essential dependencies
apt-get install -y wget
# Download Cosign
COSIGN_VERSION="v2.0.0" && \
UBUNTU_AGENT="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" && \
if [[ "$(uname -m)" == *"ar"* ]] ; then ARCH="arm64"; else ARCH="amd64" ; fi && \
cd /tmp && PLATFORM=$(uname) && declare -l FILE="cosign-${PLATFORM}-${ARCH}" && rm -rfv ./$FILE ./${FILE}.sig && \
wget --user-agent="$UBUNTU_AGENT" https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/$FILE -O ./$FILE && \
wget --user-agent="$UBUNTU_AGENT" https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/${FILE}.sig -O ./${FILE}.sig
# If you do NOT have cosign installed already you should check that the "$FILE" has one of the below hashes
# Hashes are only for the 'linux' platform, for other platforms please refer to the github repository
COSIGN_HASH_ARM="8132cb2fb99a4c60ba8e03b079e12462c27073028a5d08c07ecda67284e0c88d" && \
COSIGN_HASH_AMD="169a53594c437d53ffc401b911b7e70d453f5a2c1f96eb2a736f34f6356c4f2b" && \
FILE_HASH=$(sha256sum ./$FILE | awk '{ print $1 }' | xargs || echo -n "") && \
if [ "$FILE_HASH" != "$COSIGN_HASH_ARM" ] && [ "$FILE_HASH" != "$COSIGN_HASH_AMD" ] ; then
echoErr "ERROR: Failed to download cosign tool, expected checksum to be '$COSIGN_HASH_ARM' or '$COSIGN_HASH_AMD', but got '$FILE_HASH'"
exit 1
else
echo "Cosign tool downloaded successfully."
fi
# Save cosign public key
cat > ./sigstore-cosign.pub << EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhyQCx0E9wQWSFI9ULGwy3BuRklnt
IqozONbbdbqz11hlRJy9c7SG+hdcFl9jE9uE/dwtuwU2MqU9T/cN0YkWww==
-----END PUBLIC KEY-----
EOL
# Verify cosign release
cosign verify-blob --key="./sigstore-cosign.pub" --signature="./${FILE}.sig" "./$FILE"
# Move cosign to bin directory
chmod +x -v ./$FILE && mv -fv ./$FILE /usr/local/bin/cosign
# Check cosign version
cosign version
Add KIRA’s public key
# Save KIRA public key allowing to verify signed releases
KIRA_COSIGN_PUB=/usr/keys/kira-cosign.pub && mkdir -p /usr/keys && \
cat > $KIRA_COSIGN_PUB << EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/IrzBQYeMwvKa44/DF/HB7XDpnE+
f+mU9F/Qbfq25bBWV2+NlYMJv3KvKHNtu3Jknt6yizZjUV4b8WGfKBzFYw==
-----END PUBLIC KEY-----
EOL
# Add key to env
echo "export KIRA_COSIGN_PUB=\"$KIRA_COSIGN_PUB\"" >> /etc/profile
Bash-utils
https://github.com/KiraCore/tools/releases
Bash-utils is a collection of utility functions and aliases for Bash shell scripts developed specifically for KIRA to streamline and simplify the process of executing tasks within the network. It provides various functions for managing environment variables, displaying information, and handling errors.
The prerequisite to securely install BU is COSIGN tool that will guarantee the integrity of the files. It MUST be installed and KIRA’s public key added before proceeding.
Always source /etc/profile with . /etc/profile when starting a new terminal to use BU.
# assume root permissions
sudo -s && . /etc/profile
# Install essential dependencies
apt-get install -y wget
# Define version of BU you want to install
TOOLS_VERSION="v0.3.46"
# Download BU script
if [ -z "$KIRA_COSIGN_PUB" ] ; then
echo "ERROR: KIRA_COSIGN_PUB variable is not set. Please refer to cosign installation to add KIRA's public key path as variable."
exit
fi && \
cd /tmp && FILE_NAME="bash-utils.sh" && rm -rfv ./$FILE_NAME ./${FILE_NAME}.sig && \
UBUNTU_AGENT="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" && \
wget --user-agent="$UBUNTU_AGENT" "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}" -O ./$FILE_NAME && \
wget --user-agent="$UBUNTU_AGENT" "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}.sig" -O ./${FILE_NAME}.sig
# Verify cosign release
cosign verify-blob --key "$KIRA_COSIGN_PUB" --signature "/tmp/${FILE_NAME}.sig" "/tmp/$FILE_NAME" --insecure-ignore-tlog --insecure-ignore-sct
# Install BU
chmod +x ./$FILE_NAME && ./$FILE_NAME bashUtilsSetup && ./etc/profile
# Verify version of BU
bu bashUtilsVersion
Dependencies
Go
setGlobEnv GOROOT /usr/local/go && setGlobEnv GOPATH /home/go && setGlobEnv GOBIN /usr/local/go/bin && \
loadGlobEnvs && setGlobPath $GOROOT && setGlobPath $GOPATH && setGlobPath $GOBIN && loadGlobEnvs && \
( go clean -modcache -cache -n || : ) && rm -rfv "$GOROOT" "$GOBIN" "$GOPATH" && GO_VERSION="1.18.2" && \
GO_TAR="go$GO_VERSION.$(getPlatform)-$(getArch).tar.gz" && cd /tmp && safeWget ./$GO_TAR https://dl.google.com/go/$GO_TAR \
"fc4ad28d0501eaa9c9d6190de3888c9d44d8b5fb02183ce4ae93713f67b8a35b,e54bec97a1a5d230fc2f9ad0880fcbabb5888f30ed9666eca4a91c5a32e86cbc" && \
tar -C /usr/local -xf $GO_TAR &>/dev/null && go version
Systemd Alternative (requires Python2 Package)
Systemd is a useful service manager that detects errors or memory overflow in the Sekai node and keeps it keeps it running even after system restarts or power outages.
wget https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl.py -O /usr/local/bin/systemctl2 && \
chmod +x /usr/local/bin/systemctl2 && \
systemctl2 --version
Others
apt-get install jq
Sekai Installation
Login as admin & load environment variables.
sudo -s
Set desired SEKAI release version and binaries repo as env variables within /etc/profile (with bash-utils or manually). Sourcing /etc/profile is necessary.
setGlobEnv SEKAI_VERSION "v0.3.42" && \
setGlobEnv SEKAI_REPO "$HOME/sekai" && \
setGlobEnv NETWORK_NAME "test" && \
setGlobEnv SEKAID_HOME "~/.sekaid-$NETWORK_NAME" && \
loadGlobEnvs
Clone repository and install
rm -fr $SEKAI_REPO && rm -fr $GOBIN/sekaid && mkdir $SEKAI_REPO && cd $SEKAI_REPO && \
git clone https://github.com/KiraCore/sekai.git -b $SEKAI_VERSION $SEKAI_REPO && \
chmod -R 777 ./scripts && make install && \
echo "SUCCESS installed sekaid $(sekaid version)" || echo "FAILED"
Verify successful installation
sekaid version --long
Alternative Installation Processes
Using Binaries
cd /tmp && \
PLATFORM="$(getPlatform)" && \
ARCHITECURE="$(getArch)" && \
BIN_DEST="/usr/local/bin/sekaid" && \
safeWget ./sekaid.deb "https://github.com/KiraCore/sekai/releases/download/$SEKAI_VERSION/sekai-${PLATFORM}-${ARCHITECURE}.deb" \
"$KIRA_COSIGN_PUB" && dpkg-deb -x ./sekaid.deb ./sekaid && cp -fv "sekaid/bin/sekaid" $BIN_DEST && chmod -v 755 $BIN_DEST && \
echoInfo "INFO: Installed bash-utils: " && bashUtilsVersion && \
echoInfo "INFO: Installed sekaid: " && sekaid version
Using KIRA Manager
For a detailed KM setup walkthrough, visit the Testnet section.
(testing) Using a Docker Base-image Release
Erase previous instances (Optional)
docker rm -f $(docker ps -a -q) && \
docker image prune -a -f
Load base-image in container
IMG_VERSION="v0.13.14"
BASE_NAME="test" && BASE_IMG="[ghcr.io/kiracore/docker/base-image:](http://ghcr.io/kiracore/docker/kira-base:v0.11.4)$IMG_VERSION" && \
docker run -i -t -d --privileged --net bridge --name $BASE_NAME --hostname test.local $BASE_IMG /bin/bash
Enter container
docker start -i $(timeout 3 docker ps --no-trunc -aqf "name=^${BASE_NAME}$" 2> /dev/null || echo -n "")
Install Sekai
rm -fr $SEKAI_REPO && rm -fr $GOBIN/sekaid && mkdir $SEKAI_REPO && cd $SEKAI_REPO && \
git clone https://github.com/KiraCore/sekai.git -b $SEKAI_VERSION $SEKAI_REPO && \
chmod -R 777 ./scripts && make install && \
echo "SUCCESS installed sekaid $(sekaid version)" || echo "FAILED"
Delete container
docker rm -f $(timeout 3 docker ps --no-trunc -aqf "name=^${BASE_NAME}$" 2> /dev/null || echo -n "")
Mac
The installation process on macOS hasn't been fully tested and may have unresolved issues. We encourage users to report any problems and contribute to improvements.
Required Tools
Bash V5
Bash is the default command line interpreter for many Unix-based operating systems, including macOS. However MacOS, by default, comes with an older version of Bash (version 3.2.57) due to licensing reasons. Bash V5 is the latest major version and offers numerous improvements and features compared to previous versions. In KIRA, some commands used in scripts might require Bash V5 to properly execute.
# Install Bash V5
brew install bash
# Add Bash V5 to the list of acceptable shells
echo "/usr/local/bin/bash" | sudo tee -a /etc/shells
# Change your default shell to Bash V5
chsh -s /usr/local/bin/bash
# Restart your terminal and check version
echo $BASH_VERSION
Cosign
Cosign is a digital signature utility that is used to verify the authenticity and integrity of a file. When a file is signed with a digital signature, it provides a way to verify that the file has not been tampered with, and also to verify the identity of the person or entity who signed the file. It is used in Kira to sign and verify the authenticity of data, such as proprietary tools, binaries and scripts.
# Install essential dependencies
brew install wget
# Download Cosign
COSIGN_VERSION="v2.0.0" && \
MAC_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36" && \
if [[ "$(uname -m)" == *"ar"* ]] ; then ARCH="arm64"; else ARCH="amd64" ; fi && \
cd /tmp && PLATFORM=$(uname) && declare -l FILE="cosign-${PLATFORM}-${ARCH}" && rm -rfv ./$FILE ./${FILE}.sig && \
wget --user-agent="$MAC_AGENT" https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/$FILE -O ./$FILE && \
wget --user-agent="$MAC_AGENT" https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/${FILE}.sig -O ./${FILE}.sig
# If you do NOT have cosign installed already you should check that the "$FILE" has one of the below hashes
# Hashes are only for the 'mac' platform, for other platforms please refer to the github repository
COSIGN_HASH_ARM="9d7821e1c05da4b07513729cb00d1070c9a95332c66d90fa593ed77d8c72ca2a" && \
COSIGN_HASH_AMD="d2c8fc0edb42a1e9745da1c43a2928cee044f3b8a1b8df64088a384c7e6f5b5d" && \
FILE_HASH=$(shasum -a 256 ./$FILE | awk '{ print $1 }' | xargs || echo -n "") && \
if [ "$FILE_HASH" != "$COSIGN_HASH_ARM" ] && [ "$FILE_HASH" != "$COSIGN_HASH_AMD" ] ; then
echo "ERROR: Failed to download cosign tool, expected checksum to be '$COSIGN_HASH_ARM' or '$COSIGN_HASH_AMD', but got '$FILE_HASH'"
exit 1
else
echo "Cosign tool downloaded successfully."
fi
# Save cosign public key
cat > ./sigstore-cosign.pub << EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhyQCx0E9wQWSFI9ULGwy3BuRklnt
IqozONbbdbqz11hlRJy9c7SG+hdcFl9jE9uE/dwtuwU2MqU9T/cN0YkWww==
-----END PUBLIC KEY-----
EOL
# Verify cosign release
cosign verify-blob --key="./sigstore-cosign.pub" --signature="./${FILE}.sig" "./$FILE"
# Move cosign to bin directory
chmod +x ./$FILE && mv -fv ./$FILE /usr/local/bin/cosign
# Check cosign version
cosign version
Add KIRA’s public key
# Save KIRA public key allowing to verify signed releases
KIRA_COSIGN_PUB="$HOME/keys/kira-cosign.pub" && mkdir -p $HOME/keys && \
cat > $KIRA_COSIGN_PUB << EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/IrzBQYeMwvKa44/DF/HB7XDpnE+
f+mU9F/Qbfq25bBWV2+NlYMJv3KvKHNtu3Jknt6yizZjUV4b8WGfKBzFYw==
-----END PUBLIC KEY-----
EOL
# Add key to env
echo "export KIRA_COSIGN_PUB=\"$KIRA_COSIGN_PUB\"" >> /etc/profile
Bash-utils
https://github.com/KiraCore/tools/releases
The prerequisite to install BU is COSIGN tool that will guarantee the integrity of the files and Bash V5 for better compatibility. They MUST be installed and KIRA’s public key added before proceeding.
Unfortunately, certain commands within the bash-utils tool may not behave properly on macOS due to slight variations in command behavior, such as the 'sed' command, which exhibit differences between Mac and Linux platforms.
Bash-utils is a collection of utility functions and aliases for Bash shell scripts. It provides various functions for managing environment variables, displaying information, and handling errors. Bash-utils is used in KIRA to streamline and simplify the process of executing various tasks within the network.
sudo -s && . /etc/profile
TOOLS_VERSION="v0.3.46" && FILE_NAME="bash-utils.sh" && \
if [ -z "$KIRA_COSIGN_PUB" ] ; then
echo "ERROR: KIRA_COSIGN_PUB variable is not set. Please refer to cosign installation to add KIRA's public key path as variable."
exit
fi && \
wget "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}" -O ./$FILE_NAME && \
wget "https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION/${FILE_NAME}.sig" -O ./${FILE_NAME}.sig && \
cosign verify-blob --key="$KIRA_COSIGN_PUB" --signature=./${FILE_NAME}.sig ./$FILE_NAME && \
chmod -v 555 ./$FILE_NAME && ./$FILE_NAME bashUtilsSetup "/var/kiraglob" && . /etc/profile && \
echo "Installed bash-utils $(bash-utils bashUtilsVersion)"
Dependencies
Golang
Install Go
$GOBIN is required as environment variable for building SEKAI
setGlobEnv and setGlobPath are amongst the commands that do not behave properly. Consider adding/editing the environment variable manually.
# Install Go
brew install go
# Assume root permissions
sudo -s
# Set environment variables (manually)
goVersion=$(go version | awk '{print $3}' | cut -c 3-) && \
GOROOT="/usr/local/Cellar/go/$goVersion" && \
GOBIN="$GOROOT/bin" && \
GOPATH="$HOME/go" && \
PATH="$GOBIN:$GOPATH:$PATH"
# Add variables to /etc/profile
echo "export GOROOT=\"$GOROOT\"" >> /etc/profile
echo "export GOBIN=\"$GOBIN\"" >> /etc/profile
echo "export GOPATH=\"$GOPATH\"" >> /etc/profile
echo "export PATH=\"$PATH\"" >> /etc/profile
Others
brew install jq
Sekai Installation
Login as admin & load environment variables. Using bash shell and sourcing /etc/profile is necessary.
# Assume sudo
sudo -s && . /etc/profile
Set desired SEKAI release version and binaries repo (requires bash-utils).
setGlobEnv SEKAI_VERSION "v0.3.39" && \
setGlobEnv SEKAI_REPO "$HOME/sekai" && \
loadGlobEnvs
Clone repo and install
rm -fr $SEKAI_REPO && rm -fr $GOBIN/sekaid && mkdir $SEKAI_REPO && cd $SEKAI_REPO && \
git clone https://github.com/KiraCore/sekai.git -b $SEKAI_VERSION $SEKAI_REPO && \
chmod -R 777 ./scripts && make install && \
echo "SUCCESS installed sekaid $(sekaid version)" || echo "FAILED"
Alternative Installation Processes
Using Binaries
Unfortunately, it is not possible to install .deb packages on MacOS as of now.
Using KIRA Manager
For a detailed KM setup walkthrough, visit testnet.kira.network.
Starting & Testing
Start
cd $SEKAI_HOME/sekai && \
make network-start
Stop
cd $SEKAI_HOME/sekai && \
make network-stop
Integration Tests
# Full integration test (duration > 1h) :
make test-local
# Individual integration test :
# available integration tests can be found @ sekai/scripts/test-local/
make network-start && scripts/test-local/your-test.sh
