Faq update + misc edits (#2653)

* update faq with permissions help, link in migration guide and importing keys

* add link to Git for Windows

* update windows install
This commit is contained in:
0xmiel 2021-06-16 11:55:58 +02:00 committed by GitHub
parent 1c3314f08b
commit 96c489bb3d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 76 additions and 6 deletions

View File

@ -1,6 +1,6 @@
# Frequently Asked Questions # Frequently Asked Questions
## Nimbus ## General
### How do I fix the discovered new external address warning log? ### How do I fix the discovered new external address warning log?
@ -48,6 +48,67 @@ To add an additional validator, just follow [the same steps](./keys.md) as you d
> Note that a single Nimbus instance is able to handle multiple validators. > Note that a single Nimbus instance is able to handle multiple validators.
## Folder Permissions
To protect against key loss, Nimbus requires that files and directories be owned by the user running the application. Furthermore, they should not be readable by others.
It may happen that the wrong permissions are applied, particularly when creating the directories manually.
The following errors are a sign of this:
- `Data folder has insecure ACL`
- `Data directory has insecure permissions`
- `File has insecure permissions`
Here is how to fix them.
### Linux/ BSD / MacOS
Run:
```
# Changing ownership to `user:group` for all files/directories in <data-dir>.
chown user:group -R <data-dir>
# Set permissions to (rwx------ 0700) for all directories starting from <data-dir>
find <data-dir> -type d -exec chmod 700 {} \;
# Set permissions to (rw------- 0600) for all files inside <data-dir>/validators
find <data-dir>/validators -type f -exec chmod 0600 {} \;
# Set permissions to (rw------- 0600) for all files inside <data-dir>/secrets
find <data-dir>/secrets -type f -exec chmod 0600 {} \;
```
In sum:
- Directories `<data-dir>`, `<data-dir>/validators`, `<data-dir>/secrets` MUST be owned by user and have `rwx------` or `0700`permissions set.
- Files stored inside `<data-dir>`, `<data-dir>/validators`, `/secrets` MUST be owned by user and have `rw------` or `0600` permission set.
### Windows
From inside `Git Bash`, run:
```
# Set permissions for all the directories starting from <data-dir>
find <data-dir> -type d -exec icacls {} /inheritance:r /grant:r $USERDOMAIN\\$USERNAME:\(OI\)\(CI\)\(F\) \;
# Set permissions for all the files inside <data-dir>/validators
find <data-dir>/validators -type f -exec icacls {} /inheritance:r /grant:r $USERDOMAIN\\$USERNAME:\(F\) \;
# Set permissions for all the files inside <data-dir>/secrets
find <data-dir>/secrets -type f -exec icacls {} /inheritance:r /grant:r $USERDOMAIN\\$USERNAME:\(F\) \;
```
> **N.B.** Make sure you run the above from inside `Git Bash`, these commands will not work from inside the standard Windows Command Prompt. If you don't already have a `Git Bash` shell, you'll need to install [Git for Windows](https://gitforwindows.org/).
In sum:
- Directories `<data-dir>`, `<data-dir>/validators`, `<data-dir>/secrets` MUST be owned by user and have permissions set for the user only (OI)(CI)(F). All inherited permissions should be removed.
- Files which are stored inside <data-dir>, <data-dir>/validators, <data-dir>/secrets MUST be owned by user and have permissions set for the user only (F). All inherited permissions should be removed.
## Validating ## Validating

View File

@ -53,12 +53,14 @@ To build Nimbus on windows, the Mingw-w64 build environment is recommended.
Install Mingw-w64 for your architecture using the "[MinGW-W64 Online Installer](https://sourceforge.net/projects/mingw-w64/files/)": Install Mingw-w64 for your architecture using the "[MinGW-W64 Online Installer](https://sourceforge.net/projects/mingw-w64/files/)":
* select your architecture in the setup menu (`i686` on 32-bit, `x86_64` on 64-bit) 1. Select your architecture in the setup menu (`i686` on 32-bit, `x86_64` on 64-bit)
* set threads to `win32` 2. Set threads to `win32`
* set exceptions to "dwarf" on 32-bit and "seh" on 64-bit. 3. Set exceptions to "dwarf" on 32-bit and "seh" on 64-bit.
* Change the installation directory to `C:\mingw-w64` and add it to your system PATH in `"My Computer"/"This PC" -> Properties -> Advanced system settings -> Environment Variables -> Path -> Edit -> New -> C:\mingw-w64\mingw64\bin` (`C:\mingw-w64\mingw32\bin` on 32-bit) 4. Change the installation directory to `C:\mingw-w64` and add it to your system PATH in `"My Computer"/"This PC" -> Properties -> Advanced system settings -> Environment Variables -> Path -> Edit -> New -> C:\mingw-w64\mingw64\bin` (`C:\mingw-w64\mingw32\bin` on 32-bit)
Install [Git for Windows](https://gitforwindows.org/) and use a "Git Bash" shell to clone and build nimbus-eth2. Install [Git for Windows](https://gitforwindows.org/) and use a "Git Bash" shell to clone and build `nimbus-eth2`.
> **Note:** If the online installer isn't working you can try installing`Mingw-w64` through [MSYS2](https://www.msys2.org/).
### Android ### Android

View File

@ -35,6 +35,10 @@ build/nimbus_beacon_node deposits import --data-dir=build/data/shared_mainnet_0
Don't worry, this is entirely normal. Your validator client needs both your signing keystore(s) and the password encrypting it to import your [key](https://blog.ethereum.org/2020/05/21/keys/) (since it needs to decrypt the keystore in order to be able to use it to sign on your behalf). Don't worry, this is entirely normal. Your validator client needs both your signing keystore(s) and the password encrypting it to import your [key](https://blog.ethereum.org/2020/05/21/keys/) (since it needs to decrypt the keystore in order to be able to use it to sign on your behalf).
>**Note:** If you come across an error, it's probably because the wrong permissions have been set on either a folder or file. See [here](faq.md#folder-permissions) for how to fix this.
## Storage ## Storage
When you import your keys into Nimbus, your validator signing key(s) are stored in the `build/data/shared_<prater or mainnet>_0/` folder, under `secrets` and `validators` - **make sure you keep these folders backed up somewhere safe.** When you import your keys into Nimbus, your validator signing key(s) are stored in the `build/data/shared_<prater or mainnet>_0/` folder, under `secrets` and `validators` - **make sure you keep these folders backed up somewhere safe.**

View File

@ -85,6 +85,9 @@ To be extra sure that your validator has stopped, wait a few epochs and confirm
To import you validator key(s), follow the instructions [outlined here](./keys.md). To import you validator key(s), follow the instructions [outlined here](./keys.md).
> To check that your key(s) has been successfully imported, look for a file named after your public key in `build/data/shared_mainet_0/secrets/`. > To check that your key(s) has been successfully imported, look for a file named after your public key in `build/data/shared_mainet_0/secrets/`.
>
> If you run into an error at this stage, it's probably because the wrong permissions have been set on either a folder or file. See [here](faq.md#folder-permissions) for how to fix this.
## Step 4 - Import your slashing protection history ## Step 4 - Import your slashing protection history