Move yocto code here with uv+ruff

.gitignore

@@ -0,0 +1,41 @@
+# Mac OS X
+.DS_Store
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+.ruff_cache
+
+# Virtual Environment
+.env
+.venv
+env/
+venv/
+ENV/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# NPM
+node_modules/

.python-version

@@ -0,0 +1 @@
+3.13

README.md

@@ -1,2 +1,17 @@
 # deploy
 Seismic's home base for deploying
+
+
+## Install python dependencies
+
+First install python3
+
+Then create a virtualenv:
+
+`python3 -m venv venv`
+
+Source it: `source venv/bin/activate`
+
+Install `uv`:
+`pip install uv`
+

azure_devbox/README.md

@@ -0,0 +1,43 @@
+# Azure Devbox
+
+## Setting up the VM
+* Go to the `Create a virtual machine` page
+
+### Basics
+* Virtual machine name: [give it a name]
+* Region: `EAST US 2`
+* Availability Zone: `Zone 2`
+* Security type: `Confidential virtual machine`
+* Image: `Ubuntu Server 24.04 LTS (Confidential VM) - x64 Gen2`. It will nested under `Ubuntu 24.04 LTS - All Plans including Ubuntu Pro`
+* Size: `Standard E8as v6 (8 vcpus, 64 GiB memory)`. Other sizes probably work too, but I haven't tested them. Smaller sizes may not be able to run Reth
+* Select inbound ports: [I often pick allow all]
+
+### Disks
+Turn on `Confidential OS disk encryption`
+
+For OS disk size, the default (30GiB) is usually fine. However, if Reth runs for a long time (or restores from a snapshot with a lot of state), the OS disk size should be large (e.x. 1 TiB)
+
+### Networking
+Turn on `Delete public IP and NIC when VM is deleted`
+
+### Create
+You are ready to click the blue `create` button
+
+
+## Installing Dependencies
+`setup.sh` is a script that installs all the necessary dependencies for the devbox. Copy `setup.sh` to the devbox. Then run it:
+```
+chmod +x setup.sh
+./setup.sh
+```
+
+### While running the script
+Handle interactive prompts: You may need to press enter, type yes, etc.
+If a purple prompt appears, press escape to accept the default provided
+
+## Post Installation
+- You need to exit and re-enter the shell to get the environment variables to be set, particularly for cargo/rust to work
+- On the azure machine, add your ssh pub key to `~/.ssh/authorized_keys` so that you can ssh into the machine
+  - `../ssh/authorized_keys` has a list of keys for the company if you intend to have others use the box
+- Copy over the devnet.conf supervisorctl config to /etc/supervisor/conf.d/devnet.conf - it may need to be adjusted per your use case. e.g actions runners have a differnt conf becuase reth builds in a differnt spot, then reload supervisor so the conf is active
+- (Optional) Generate a new ssh key for the machine itself with `ssh-keygen -t ed25519 -C "your_email@example.com"` and add it to github

azure_devbox/devnet.conf

@@ -0,0 +1,43 @@
+[supervisord]
+environment=RUST_BACKTRACE="full",
+    RUST_LOG="info"
+
+[program:reth]
+command=/home/azureuser/seismic-reth/target/release/seismic-reth
+    node
+    -vvvv
+    --dev
+    --dev.block-max-transactions 1
+    --http
+    --http.addr 127.0.0.1
+    --http.port 8545
+    --http.api all
+    --ws
+    --ws.addr 127.0.0.1
+    --ws.port 8546
+    --ws.api all
+    --authrpc.addr 127.0.0.1
+    --authrpc.port 8551
+    --port 30303
+    --discovery.port 30303
+    --metrics 9001
+    --datadir /home/azureuser/.reth
+    --log.file.directory /home/azureuser/.reth/logs
+autostart=true
+autorestart=true
+startsecs=10
+stdout_logfile=/var/log/reth.log
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/reth.err
+stderr_logfile_maxbytes=0
+
+
+[program:enclave-server]
+command=/home/azureuser/enclave/target/release/seismic-enclave-server
+autostart=true
+autorestart=true
+startsecs=10
+stdout_logfile=/var/log/enclave.log
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/enclave.err
+stderr_logfile_maxbytes=0

azure_devbox/setup.sh

@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+
+# Exit immediately if any command fails, and treat unset variables as errors
+set -euo pipefail
+
+echo "Updating package information..."
+sudo apt-get -yq update
+
+# Install Basic Dev Tools
+echo "Installing basic dev tools..."
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -yq \
+  build-essential \
+  ocaml \
+  ocamlbuild \
+  automake \
+  autoconf \
+  libtool \
+  wget \
+  python-is-python3 \
+  libssl-dev \
+  git \
+  cmake \
+  perl \
+  libcurl4-openssl-dev \
+  protobuf-compiler \
+  libprotobuf-dev \
+  debhelper \
+  reprepro \
+  unzip \
+  pkgconf \
+  libboost-dev \
+  libboost-system-dev \
+  libboost-thread-dev \
+  lsb-release \
+  libsystemd0 \
+  clang \
+  tpm2-tools \
+  libtss2-dev
+
+# Downgrade to Node.js 18 for compatibility
+echo "Installing Compatible Node.js..."
+sudo apt purge nodejs npm
+wget https://nodejs.org/dist/v18.19.1/node-v18.19.1-linux-x64.tar.xz
+sudo tar -xJf node-v18.19.1-linux-x64.tar.xz -C /usr/ --strip-components=1
+rm node-v18.19.1-linux-x64.tar.xz
+
+# Install SGX SDK
+# Followed instructions from https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/main/QuoteGeneration
+# Note: The SGX driver is pre-installed by Azure, while the sdk is not. 
+## You can confirm the driver is installed by running 
+## 'grep CONFIG_X86_SGX /boot/config-$(uname -r)' and seeing 'CONFIG_X86_SGX=y'
+# Note: the latest sgx sdk distro will change over time
+## find the latest sdk distro here: https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu24.04-server/
+SGX_SDK_BIN="sgx_linux_x64_sdk_2.26.100.0.bin"
+echo "Installing SGX SDK..."
+if [ ! -d "/opt/intel" ]; then
+  sudo mkdir /opt/intel
+fi
+cd /opt/intel
+sudo wget -O ./"$SGX_SDK_BIN" "https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu24.04-server/$SGX_SDK_BIN"
+sudo chmod +x "$SGX_SDK_BIN"
+echo "Current directory: $(pwd)"
+echo "yes" | sudo ./"$SGX_SDK_BIN"
+sudo chown "$USER:$USER" "/opt/intel/sgxsdk/environment"
+export PKG_CONFIG_PATH=${PKG_CONFIG_PATH:-""}
+export LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-""}
+source "/opt/intel/sgxsdk/environment"
+sudo rm -f "$SGX_SDK_BIN"
+cd $HOME
+
+# Install SGX Software Packages
+# See https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf
+echo "Installing SGX Software Packages..."
+wget -O sgx_debian_local_repo.tgz https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu24.04-server/sgx_debian_local_repo.tgz
+tar xzf sgx_debian_local_repo.tgz
+echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
+wget -O intel-sgx-deb.key https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
+cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq update
+# sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install libsgx-epid libsgx-quote-ex libsgx-dcap-ql # necessary for 22.04 but not 24.04
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install libsgx-dcap-ql-dev libsgx-dcap-quote-verify-dev # missing from installation guide, but necessary on some architectures? 
+sudo usermod -aG sgx "$USER"
+sudo usermod -aG sgx_prv "$USER"
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install libsgx-dcap-default-qpl
+rm sgx_debian_local_repo.tgz
+rm -rf sgx_debian_local_repo
+rm intel-sgx-deb.key
+
+# Build DCAP Quote Generation
+echo "Building DCAP Quote Generation..."
+git clone --recurse-submodules https://github.com/intel/SGXDataCenterAttestationPrimitives.git
+cd SGXDataCenterAttestationPrimitives/QuoteGeneration/
+./download_prebuilt.sh
+make
+cd $HOME
+rm -rf SGXDataCenterAttestationPrimitives
+
+# Setup qncl file 
+# based on https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/main/QuoteGeneration/qcnl/linux/sgx_default_qcnl_azure.conf
+# need to replace the /etc/sgx_default_qcnl.conf with this json for pccs to work
+echo "Setting up qncl file..."
+cat << 'EOF' | sudo tee /etc/sgx_default_qcnl.conf >/dev/null
+{
+    "pccs_url": "https://global.acccache.azure.net/sgx/certification/v4/",
+    "use_secure_cert": true,
+    "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/",
+    "pccs_api_version": "3.1",
+    "retry_times": 6,
+    "retry_delay": 5,
+    "local_pck_url": "http://169.254.169.254/metadata/THIM/sgx/certification/v4/",
+    "pck_cache_expire_hours": 48,
+    "verify_collateral_cache_expire_hours": 48,
+    "custom_request_options" : {
+        "get_cert" : {
+            "headers": {
+                "metadata": "true"
+            },
+            "params": {
+                "api-version": "2021-07-22-preview"
+            }
+        }
+    }
+}
+EOF
+
+# Install Rust
+# Note: you need to exit and the shell and re-enter to get the environment variables to be set
+echo "Installing Rust..."
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+
+# Install Docker
+## Add Docker's official GPG key:
+echo "Installing Docker..."
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq update
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install ca-certificates curl
+sudo install -m 0755 -d /etc/apt/keyrings
+sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
+## Add the repository to Apt sources:
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq update
+## Install Docker Packeges:
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+## set up docker group
+sudo usermod -aG docker $USER
+newgrp docker
+
+# Install supervisorctl
+echo "Installing supervisorctl..."
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install supervisor
+
+# Install lz4 for tar compression
+echo "Installing lz4..."
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install lz4
+
+# restart services to make sure things are as updated as possible
+echo "Restarting services..."
+sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install needrestart 
+sudo needrestart
+
+echo "All done!"

datadisk/README.md

@@ -0,0 +1,27 @@
+# Data Disk
+
+This directory contains scripts for setting up and managing a data disk for the enclave. This is particularly useful for saving encrypted snapshots of the enclave state, so that new nodes can snapsync with the existing nodes.
+
+## Usage
+
+### Configuration
+
+The disk configuration is stored in `disk.conf`. You can edit this file to change the disk, partition, and mount point. Scripts expect this file to be in the same directory as the scripts.
+
+### Initialize the disk
+
+To initialize the disk, run the `init_disk.sh` script. This will partition the disk, format it as ext4, and create a mount point at `/mnt/datadisk`.
+
+WARNING: This will erase all existing data on the disk. This script is intended for use on a new disk, not on an existing disk.
+
+```bash
+sudo ./init_disk.sh --force
+```
+
+### Unmount the disk
+
+To unmount the disk, run the `unmount_disk.sh` script.
+
+### Mount the disk
+
+To mount a previously initialized disk, run the `mount_disk.sh` script.

datadisk/datadisk.conf

@@ -0,0 +1,3 @@
+DISK="/dev/sdb"
+PARTITION="${DISK}1"
+MOUNT_POINT="/mnt/datadisk"

datadisk/init_disk.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+. "$(dirname "$0")/datadisk.conf"
+
+if [ "$1" != "--force" ]; then
+    echo "This script will ERASE all data on $DISK by partitioning and formatting it."
+    echo "If you really want to do this, run:"
+    echo "    $0 --force"
+    exit 1
+fi
+
+echo "!!! WARNING: You are about to erase all data on $DISK !!!"
+sleep 5
+
+# Partition the disk (single primary partition)
+# Note: whitespace is important here
+echo "Partitioning the disk..."
+fdisk "$DISK" <<EOF
+n
+p
+1
+
+
+w
+EOF
+sleep 2
+
+# Format the partition
+echo "Formatting the partition as ext4..."
+mkfs.ext4 "$PARTITION"
+
+# Create mount point if it doesn't exist
+if [ ! -d "$MOUNT_POINT" ]; then
+    echo "Creating mount directory at $MOUNT_POINT..."
+    mkdir "$MOUNT_POINT"
+fi
+
+# Mount the partition
+echo "Mounting $PARTITION to $MOUNT_POINT..."
+mount "$PARTITION" "$MOUNT_POINT"
+
+# Add to fstab
+UUID=$(blkid -s UUID -o value "$PARTITION")
+echo "UUID=$UUID $MOUNT_POINT ext4 defaults,nofail 0 2" >> /etc/fstab
+
+echo "Done! Disk initialized, formatted, mounted, and set for persistence."