New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Package Monero for Debian so it can eventually also be added to projects like Tails #2395

Open
sanecito opened this Issue Sep 3, 2017 · 49 comments

Comments

@sanecito

sanecito commented Sep 3, 2017

Currently Monero isn't packaged for Debian which is a roadblock to Monero being adopted by Tails..

At time of writing it looks like there are no packages being tested or otherwise being worked on for Debian.

@dEBRUYNE-1

This comment has been minimized.

Contributor

dEBRUYNE-1 commented Sep 3, 2017

+enhancement

@privacycat

This comment has been minimized.

privacycat commented Sep 7, 2017

+enhancement
Agree. Monero is much more private and anonymous than Bitcoin. It's a no-brainer to package it for Debial so that ic could be adopted by Tails.

@anonimal

This comment has been minimized.

Contributor

anonimal commented Sep 7, 2017

A debian package would be nice, we do have snap ready to go though.

Note: re: tails, I don't see how running monero nodes at large over Tor would be a good thing for the monero network. This is why we have kovri. I'm assuming the demand is more for monero wallet + a remote node onion service?

@favioflamingo

This comment has been minimized.

favioflamingo commented Sep 7, 2017

If a debian package is created, is it possible to make sure that there is a monero-dev and libmonero package created as well? This way, other people can use the c++ funtions in external programs. I have just tried to use Monero as a library, but the examples only show how to work with static libs compiled with cmake.

@hyc

This comment has been minimized.

Contributor

hyc commented Sep 7, 2017

What exactly does "packaging for Debian" (or any other distro) actually mean? Do we have to actually provide scripts for their build system to build Monero binaries from source? Or are we simply providing the official getmonero.org binaries in a dpkg archive as opposed to a tar archive?

I assume the latter, because having large numbers of non-official binaries out there sounds like a security risk.

@favioflamingo

This comment has been minimized.

favioflamingo commented Sep 7, 2017

Speaking humbly, for debian packaging, you start with a source package. Given a source package, someone would be able to type apt-get source -b monero and get several debian packages with compiled binaries as a result. The /bin scripts would get put into a monero-cli kind of package, the libraries (-fPIC flag?) would get put into a libxmr0 package, and etcetera. Having dynamically linked libraries would be nice to have available in a package.

@diederikdehaas

This comment has been minimized.

diederikdehaas commented Oct 25, 2017

What exactly does "packaging for Debian" (or any other distro) actually mean? Do we have to actually provide scripts for their build system to build Monero binaries from source? Or are we simply providing the official getmonero.org binaries in a dpkg archive as opposed to a tar archive?
I assume the latter, because having large numbers of non-official binaries out there sounds like a security risk.

It is certainly not the latter. Debian will never distribute a binary that isn't build from source on their infrastructure.
It comes down to populating a debian directory which instructs the build system how to produce the package (so in a way the former). Then you'd have to file an ITP (Intention to Package) bug and find a sponsor (someone who's already a Debian Developer) to sponsor your package and when ready (s)he will upload it to the NEW queue after which an FTP master reviews the package (again) and if it meets the requirements accepts it into the archive.

Further reading:

But it's probably best to (first) contact Debian Bitcoin Packaging Team if someone intends to do that.
(Yes, I know monero != bitcoin, but wrt packaging it may be useful to put it under 1 umbrella team)

@favioflamingo

This comment has been minimized.

favioflamingo commented Oct 26, 2017

If someone can add a configuration in Cmake to make dynamically linked libs (soname=x.y.z, etc), then I could set up the git-buildpackage items to make it easy to compile debian packages in one command (pbuilder). You can see my work on the picocoin debian package as an example, though picocoin works with autotools as opposed to Cmake. I am trying to get picocoin into Debian repos at the moment as well.

@dma

This comment has been minimized.

dma commented Nov 13, 2017

Hey all,

I've made a stab at packaging monerod and monero GUI wallet for @subgraph OS. By default, all traffic exiting from Subgraph OS is over Tor, in case you weren't aware -- unless the user is using the sandboxed clearnet browser. So Monero users on SGOS would do so over Tor.

I just put downloadable packages on our website for testing, if all goes well, we'll drop them into our repo so users can apt-get install monero & they're good to go.

Download links / instructions for testing before we drop them into our repo:

https://subgraph.com/sgos/documentation/monero/

The commits of the packaging metadata:

Monero:

subgraph@8ef7d55

Monero Core:

https://github.com/subgraph/monero-core/commit/b63ac3aad2ad06b43b56945dd0a3114a76904262

@dma

This comment has been minimized.

dma commented Nov 21, 2017

As the above was really a first try mostly to re-implement "build.sh" as debian build rules, I've removed the old repos, and we're now re-doing the packages to build with pbuilder (as we do our other packages). On-going work is here in the "debian" branch of the below forked repos:

https://github.com/subgraph/monero
https://github.com/subgraph/monero-gui

Monero packages have been added to our master packages repo, but it's not building in travis-ci yet:

https://github.com/subgraph/subgraph-debian-packages

I'll update this thread when we have a final packaging we like. Almost there..

@CameronRuggles

This comment has been minimized.

CameronRuggles commented Jan 4, 2018

How is this progressing? Getting it added to TAILS is an exceedingly important project.
What currently needs to be done for Monero GUI to be added to the Debian packages?

@dma

This comment has been minimized.

dma commented Jan 4, 2018

Oh, I packaged it in a nice way several weeks ago, but didn't want to release it or announce it until had binary reproducibility (who would want to use a wallet packaged by a third party that isn't?).

I'd say I got almost there, but ran into some linker weirdness and then had to stop to work on something else. Also, not many people seemed to care and I had other priorities.

I'd recommend Subgraph over Tails for storing and using XMR, but that's just me :)

I'll be back on it soon and return to this thread when I have achieved byte-for-byte matches on the final .debs.

If you want to try our packages in Tails, you're welcome to:

https://subgraph.com/sgos/documentation/monero/

Those date from when monero-gui was still monero-core, I'll build some new ones and update the page sometime in the next few days.

@sanecito

This comment has been minimized.

sanecito commented Jan 4, 2018

Cool, keep us updated! I'll test it out on Tails and Subgraph when you put out the new builds and send some pizza/beer money your way from Tails or Subgraph. Will probably advertise it on the various Monero forums as well so you can get more people to test Monero (and Subgraph by proxy). Subgraph will probably be my live usb OS of choice when it comes out of alpha. Honored to have the president working on part of this issue! :)

Edit: Or I can hold off on announcing on any Monero forums you yourself don't announce on until you've got binary reproducibility (not sure if the next build would accomplish that?)

@dma

This comment has been minimized.

dma commented Jan 4, 2018

I'll return to it in the next week or so. I'll update this thread when I have a new version. I don't think I'm far from a fully reproducible build, which will be pretty awesome.

FWIW, Monero is the only Cryptocurrency project (besides BTC) that interests me at the moment because of its utility and active development/innovation.

@CameronRuggles

This comment has been minimized.

CameronRuggles commented Jan 4, 2018

@dma

This comment has been minimized.

dma commented Jan 4, 2018

Yeah, obviously I realize that, it is implied by the earlier remark about the current tangible utility of XMR vs other "privacy" coins, most of which are quite problematic to varying degrees.

Additionally, with the lack of a hardware wallet so far I would think exploit mitigation / system hardening in @subgraph OS would be something users want on hosts where they use a software wallet? But nobody replied here. We got no feedback at all - zero.

Anyways, as I said, I'll continue working on it and we'll make put it into our repo when our .deb can be reproducibly built.

@sanecito

This comment has been minimized.

sanecito commented Jan 4, 2018

Yep with the lack of a hardware wallet it would be awesome to use Monero on a more security focused OS!

Apologies for the lack of testing feedback.

  • What in particular are you looking for feedback, anything beyond reporting issues per the existing doc?
  • A simple 'instructions worked for me and were clear' from those who install it and system specs (e.g. CPU) so you know some amount of people tested it and what it works on?
  • Would feedback of the 'old' builds still be useful at this point to you or should I hold on asking other community members to test until the new builds?
  • What would be the best way to pass along feedback? Would you prefer comments in this thread or through Subgraph's 'Contact Us'? Open and close an issue for feedback (after official release) on https://github.com/subgraph/subgraph-debian-packages/issues?

I can pass along your requests in the open of the community meeting in two days depending on what you would like. In that way it'd reach the more active members who engage in the meeting or read the logs that get posted, but the community at large likely wouldn't be aware of it and use it until you post your release announcement on r/Monero, etc.

@dma

This comment has been minimized.

dma commented Jan 4, 2018

I dunno, nothing elaborate, maybe just: "I tried it, didn't work", or "I tried it, works".

Note that one doesn't need SGOS, any Debian derivative would do I think, including Tails.

Not grumbling or anything, I just juggle lots of priority things. This seemed important to some people, and was a longstanding dormant feature request, I picked it up & reported progress, but nobody seemed to care so I put it on backburner (also: holidays). I'll get back on it shortly!

@dEBRUYNE-1

This comment has been minimized.

Contributor

dEBRUYNE-1 commented Jan 4, 2018

I dunno, nothing elaborate, maybe just: "I tried it, didn't work", or "I tried it, works".

Note that this ticket is kind of "buried" and therefore not easily visible for potential testers. I'd recommend, once you finalize the new package(s), to put out a post on Reddit (r/monero) which calls for testers. I am sure you'll find a few interested people.

This seemed important to some people, and was a longstanding dormant feature request,

It is :) Please don't let the current lack of testing let you think otherwise.

@dma

This comment has been minimized.

dma commented Jan 4, 2018

Obviously, that's why I tweeted about it though to our 7000+ project followers and it was even retweeted by fluffypony. I am not sure even one person tried the .debs. Shrug.

@Gingeropolous

This comment has been minimized.

Contributor

Gingeropolous commented Jan 4, 2018

where do i find the .debs?

i dont tweet

edited to add - I found it, im a genius. Tried using the .deb on Ubuntu 16.

And of course it looks like I need to have boost installed.


[sudo] password for user: 
Selecting previously unselected package monero-core.
(Reading database ... 284426 files and directories currently installed.)
Preparing to unpack monero-core_0.11.1.0-1_amd64.deb ...
Unpacking monero-core (0.11.1.0-1) ...
dpkg: dependency problems prevent configuration of monero-core:
 monero-core depends on libboost-chrono1.62.0; however:
  Package libboost-chrono1.62.0 is not installed.
 monero-core depends on libboost-date-time1.62.0; however:
  Package libboost-date-time1.62.0 is not installed.
 monero-core depends on libboost-filesystem1.62.0; however:
  Package libboost-filesystem1.62.0 is not installed.
 monero-core depends on libboost-program-options1.62.0; however:
  Package libboost-program-options1.62.0 is not installed.
 monero-core depends on libboost-regex1.62.0; however:
  Package libboost-regex1.62.0 is not installed.
 monero-core depends on libboost-serialization1.62.0; however:
  Package libboost-serialization1.62.0 is not installed.
 monero-core depends on libboost-system1.62.0; however:
  Package libboost-system1.62.0 is not installed.
 monero-core depends on libboost-thread1.62.0; however:
  Package libboost-thread1.62.0 is not installed.
 monero-core depends on libqt5core5a (>= 5.7.0); however:
  Version of li
dpkg: error processing package monero-core (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 monero-core
user@user-VirtualBox:~$ 

oh boost.

edited again to add, it seems ubuntu is on boost 1.58 .

@dma

This comment has been minimized.

dma commented Jan 4, 2018

Ah, I see. I should have clarified, Debian stretch derived distro. Thanks for the feedback. Try forcing an install maybe? If it works, we can relax the dependency.

Those debs are a bit out of date. I'm building new packages now & will put them online later. We can move this discussion to avoid adding a lot of noise in here.

@Gingeropolous

This comment has been minimized.

Contributor

Gingeropolous commented Jan 5, 2018

indeed, I tend to get vociferous. I'm usually hanging out on freenode #monero

@dEBRUYNE-1

This comment has been minimized.

Contributor

dEBRUYNE-1 commented Jan 5, 2018

@dma Can you confirm that you updated the binaries / packages here?

https://subgraph.com/sgos/documentation/monero/

@dma

This comment has been minimized.

dma commented Jan 6, 2018

I have now. I just uploaded some packages I built today.

@Coded-Dude

This comment has been minimized.

Coded-Dude commented Jan 6, 2018

I tried building it for deb with the ubuntu dependencies, but it failed. I opened an issue before seeing this. you can close it if you like.....

@dma

This comment has been minimized.

dma commented Jan 21, 2018

Progress update: I've got monero and monero-gui debs building reproducibly! Monero-gui next, and then we're done. Next steps are to add a .desktop file and icons and stuff.

Monerod client

Build 1 (AWS/Debian 9):

admin@ip-10-0-0-240:~/dev/subgraph-debian-packages$ sha256sum /tmp/build-area/monero_0.11.0.0-2_amd64.deb
62ad9fb50bb7dc92f6298fccba6a4601a4c7d40fa175396115d1abd16ab90436 /tmp/build-area/monero_0.11.0.0-2_amd64.deb

Build 2 (dedicated box/Debian 9):

dma@spirit:~/dev/subgraph-debian-packages$ sha256sum /tmp/build-area/monero_0.11.0.0-2_amd64.deb
62ad9fb50bb7dc92f6298fccba6a4601a4c7d40fa175396115d1abd16ab90436 /tmp/build-area/monero_0.11.0.0-2_amd64.deb

Build 3 (local workstation/Subgraph OS):

user@subgraph:~/dev/subgraph-debian-packages$ sha256sum /tmp/build-area/monero_0.11.0.0-2_amd64.deb
62ad9fb50bb7dc92f6298fccba6a4601a4c7d40fa175396115d1abd16ab90436 /tmp/build-area/monero_0.11.0.0-2_amd64.deb

Monero GUI wallet

Build 1 (local workstation/Subgraph OS)

user@subgraph:~/dev/subgraph-debian-packages$ sha256sum /tmp/build-area/monero-gui_0.11.1.0-1_amd64.deb
d5b0295d55f9951a6995e2ecc1516898799b22686ed81ca07b05b493175f2f66 /tmp/build-area/monero-gui_0.11.1.0-1_amd64.deb

Build 2 (AWS/Debian 9)

admin@ip-10-0-0-240:~/dev/subgraph-debian-packages$ sha256sum /tmp/build-area/monero-gui_0.11.1.0-1_amd64.deb
d5b0295d55f9951a6995e2ecc1516898799b22686ed81ca07b05b493175f2f66 /tmp/build-area/monero-gui_0.11.1.0-1_amd64.deb

There some decisions to make for us, like: where does the blockchain data go? Do we start the daemon with systemd by default (feeling like no, as it can be started in GUI)? Appreciate thoughts on this.

I'll look at fixing this for Ubuntu later.

@sanecito

This comment has been minimized.

sanecito commented Jan 22, 2018

@fluffypony Can you provide some thoughts or ping one of the core 'stewards' about daemon and blockchain path suggestions?

@dma I've also paged the Monero dev channel as well to provide thoughts per your comment. Just FYI I haven't abandoned testing and I'm still trying to deal with Linux Mint dependencies issues as unfortunately the commands provided in the GUI readme do not get the necessary 1.62 boost libraries as as mentioned latest packages for Ubuntu is 1.58, I'll see what efforts are being made with regards to packaging libboost 1.62:

sudo apt install build-essential cmake libboost-all-dev miniupnpc libunbound-dev graphviz doxygen libunwind8-dev pkg-config libssl-dev libzmq3-dev
and
sudo apt install qml-module-qt-labs-settings qml-module-qtgraphicaleffects

Unpacking monero (0.11.0.0-1) ...
dpkg: dependency problems prevent configuration of monero:
monero depends on libboost-chrono1.62.0; however:
Package libboost-chrono1.62.0 is not installed.
monero depends on libboost-date-time1.62.0; however:
Package libboost-date-time1.62.0 is not installed.
monero depends on libboost-filesystem1.62.0; however:
Package libboost-filesystem1.62.0 is not installed.
monero depends on libboost-program-options1.62.0; however:
Package libboost-program-options1.62.0 is not installed.
monero depends on libboost-regex1.62.0; however:
Package libboost-regex1.62.0 is not installed.
monero depends on libboost-serialization1.62.0; however:
Package libboost-serialization1.62.0 is not installed.
monero depends on libboost-system1.62.0; however:
Package libboost-system1.62.0 is not installed.
monero depends on libboost-thread1.62.0; however:
Package libboost-thread1.62.0 is not installed.
monero depends on libssl1.1 (>= 1.1.0); however:
Package libssl1.1 is not installed.

@Gingeropolous Can you provide any suggestions as to getting the needed libboost dependencies sorted out? Haven't really dealt with boost before and have tried sifting through various forums, but struggled to come up with a solution. I imagine if you got it to work on Ubuntu by now the same solution should work for my Mint box.

@diederikdehaas

This comment has been minimized.

diederikdehaas commented Jan 22, 2018

@sanecito

This comment has been minimized.

sanecito commented Jan 22, 2018

Tried aptitude, but latest package in Synaptic package manager for libssl is 1.0.2g-1ubuntu4.10

libboost-all-dev is already installed at the requested version (1.58.0.1ubuntu1)
libboost-all-dev is already installed at the requested version (1.58.0.1ubuntu1)
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.

libssl-dev is already installed at the requested version (1.0.2g-1ubuntu4.10)
libssl-dev is already installed at the requested version (1.0.2g-1ubuntu4.10)
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.

Currently exploring using the libboost 1.62 package from Debian and getting past the Error:Dependency is not satisfiable: libboost-fiber-dev issue

Edit: @dma Stupid question, but what directory is the Monero package expecting libboost in? I've tried bootstrapping libboost into /usr/ and /usr/local

@diederikdehaas

This comment has been minimized.

diederikdehaas commented Jan 22, 2018

@hyc

This comment has been minimized.

Contributor

hyc commented Jan 28, 2018

There some decisions to make for us, like: where does the blockchain data go? Do we start the daemon with systemd by default (feeling like no, as it can be started in GUI)? Appreciate thoughts on this.

If you start it from systemd, it should probably have its own uid and a home directory in /var/spool/xxx or something, for storing the blockchain. But it's a good point that it can be started in the GUI. Might be best to leave it at that, thus running under the user's uid and in the user's home directory.

@danrmiller

This comment has been minimized.

Contributor

danrmiller commented Jan 28, 2018

@dma Can you point me to your debian control files like the buildinfo file?

@radfish

This comment has been minimized.

Contributor

radfish commented Jan 28, 2018

Thanks for packaging!

You can take a look at how it's done in the Arch package:
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=monero-git
https://aur.archlinux.org/cgit/aur.git/tree/monero.install?h=monero-git

Blockchain data dir is /var/lib/monero which is also the home dir of a dedicated user with that name. It is best for security to have a dedicated user for security isolation purpose, since monerod is internet-facing. Config file is in /etc/monero.conf. Log could go into syslog or /var/log/monero.

Systemd service exists in the repo. It should be installed, but not sarted automatically, although I think some packages on Debian do start services automatically (not a fan at all, since user should have a chance to edit the config before starting the service).

This setup works fine with the GUI wallet running under the normal user. See monero-wallet-qt package: https://aur.archlinux.org/packages/monero-wallet-qt

I would vote against starting the daemon from the GUI wallet. Having it as a standard systemd service is simple and least surprize to users.

@dma

This comment has been minimized.

dma commented Jan 29, 2018

@radfish @hyc I generally agree with all you're saying, and that's how I did it.

I have a reproducibly built .deb now with .desktop and icons.

Going to make an apparmor policy for monerod and then call it done as we aren't sandboxing the daemon in Subgraph OS. I believe the packages, which build in Debian 9, should work in Tails. Will update this ticket later on this (cc @danrmiller).

@CameronRuggles

This comment has been minimized.

CameronRuggles commented Feb 12, 2018

Any updates? Anything I can do to help as a fairly non-technical person?

Super excited for this.

@agx

This comment has been minimized.

agx commented Feb 21, 2018

I have filed a RFP (Request for packaging) in the Debian bug tracker (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890974).

@dma

This comment has been minimized.

dma commented Feb 21, 2018

Hey all, sorry for lack of updates, it's basically done for Subgraph OS. I'm happy with the packages. They build reproducibly, and I added icons, the desktop file, apparmor profile for monerod.. I'll update my last changes to our repo and then we'll write a blog post about it today or tomorrow. They can be built in Debian, though I imagine a maintainer might want to do some things differently.

@h01ger

This comment has been minimized.

h01ger commented Feb 21, 2018

@dma: where are your source packages? https://subgraph.com/sgos/documentation/monero/ only links to binary packages and both https://github.com/subgraph/monero and https://github.com/subgraph/monero-gui lack a debian/ subdirectory (needed to build source packages)

@dma

This comment has been minimized.

dma commented Feb 21, 2018

@h01ger Check the debian branch of both repositories. That documentation page is out of date, need to update it. I have some commits to the debian branches I haven't pushed yet. Just haven't had time to close this out.

@h01ger

This comment has been minimized.

h01ger commented Feb 21, 2018

@dma: thanks for the quick reply! and TBH, I was stupid/tired, I looked for branches with "git branch" instead of "git branch -av"... looking forward to your unpushed changes too!

@dma

This comment has been minimized.

dma commented Feb 21, 2018

@h01ger I'm happy with it. I hope Debian/Tails can benefit from it without much extra work. Our build environment pulls packages from the subgraph repo, but there are no subgraph dependencies for building monero and monero-gui (obviously), so those can be removed for a pristine Debian pbuilder build that's reproducible. I'll push the apparmor policy I made for monerod and whatever else is still not online & then I think we're (I'm) done..

@h01ger

This comment has been minimized.

h01ger commented Feb 21, 2018

@dma: the debian packaging looks very nice, kudos! (and many thanks too)

I just saw one instance of subgraphos specific changes, the systemd service requires the subgraph_metaproxy.service - so now I wonder how you would deal if I'd uploaded that package to Debian proper, without that requirement...

(and do take your time, I wont really do something within the next 24h anyway. but then, very probably!)

@h01ger

This comment has been minimized.

h01ger commented Feb 21, 2018

only monero/external/ seems a bit scary...

@dma

This comment has been minimized.

dma commented Feb 21, 2018

@h01ger yeah, right, in the systemd file is a subgraph dependency, which you won't want (I may even remove that - I just wanted to make sure monerod doesn't start connecting to the Internet until transparent tor-ification is up), forgot about that. If Debian packages Monero/Monero GUI, I imagine we'll drop ours and use Debian's. If we need to overload the systemd unit file, we can do that separately.

@sanecito

This comment has been minimized.

sanecito commented Apr 23, 2018

Hey folks, wishing to follow up on the great work you're doing packaging Monero for Debian. Has Monero v0.12 been packaged for Debian by chance given the documentation references v0.11 still? It's not much unfortunately, but I did send some Moneroj to SubGraph as thanks for prior work.

@sanecito

This comment has been minimized.

sanecito commented Jun 9, 2018

Just generic status update: Conversation earlier today in IRC on #monero-dev with @moneromooo-monero ... "Apparenly the person who did a debian package [ @dma ] is waiting for reproducible builds, which are on the way,."

Glad to see progress is still being made for users to easily have Monero on security/privacy focused OSes like Subgraph and Tails! Thanks for your continued work!

@jonassmedegaard

This comment has been minimized.

jonassmedegaard commented Jun 20, 2018

Monero entered Debian unstable earlier today. Health of the packaging can be monitored at https://tracker.debian.org/pkg/monero

@spth

This comment has been minimized.

spth commented Aug 24, 2018

Any news on progress getting a GUI into Debian?

Philipp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment