Cleaning, fixing Elgamal parameter set, run jwt-keypair post install, tls

Author: biscofil

Dockerfile

@@ -7,10 +7,6 @@ ENV APACHE_DOCUMENT_ROOT=/var/www/html/public
 RUN sed -ri -e 's!/var/www/html!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/sites-available/*.conf
 RUN sed -ri -e 's!/var/www/!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf
 
-RUN echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
-    && echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
-    && echo "xdebug.remote_autostart=off" >> /usr/local/etc/php/conf.d/xdebug.ini
-
 # Set the working directory
 WORKDIR /var/www/html
 
@@ -33,6 +29,6 @@ RUN chown -R www-data:www-data .
 
 # Install project dependencies
 RUN composer install
-RUN composer dump-autoload -o
+RUN composer dump-autoload
 
 RUN php artisan storage:link

README.md

@@ -25,34 +25,24 @@ helm repo update
 helm install ingress-nginx ingress-nginx/ingress-nginx
 # wait some time!
 
-# Install a private registry
-cd setup/registry
-./install.sh install
-# ./uninstall.sh
-
-# Create regcred in node namespace
-./setup/registry/install.sh regcred <namespace>
-
 ```
 
 # Install
 
 ```shell
-
 docker build -t biscofil/kairos_php:webserver .
 docker tag biscofil/kairos_php:webserver biscofil/kairos_php:webserver-1.0.0
-docker push biscofil/kairos_php:webserver-1.0.0
+kind load docker-image biscofil/kairos_php:webserver-1.0.0
 
-docker tag biscofil/kairos_php:webserver docker-registry.127.0.0.1.nip.io/kairos_php:webserver-1.0.0
+docker tag biscofil/kairos_php:webserver docker.io/kairos_php:webserver-1.0.0
 # echo registryPass | docker login -u admin docker-registry.127.0.0.1.nip.io --password-stdin
-docker push docker-registry.127.0.0.1.nip.io/kairos_php:webserver-1.0.0
+kind load docker-image docker.io/kairos_php:webserver-1.0.0
 
 # SSL
 
 ./cert.sh
 
 openssl req -x509 -nodes -days 2 -newkey rsa:2048 -keyout ingress-tls.key -out ingress-tls.crt -subj "/CN=kairos-webserver.127.0.0.1.nip.io"
-
 kubectl delete secret my-tls-secret 
 kubectl create secret tls my-tls-secret --key ingress-tls.key --cert ingress-tls.crt
 rm ingress-tls.key ingress-tls.crt
@@ -63,10 +53,9 @@ helm package helm
 
 # Deploy one node
 kubectl create ns node1
-# TODO generate random values in helm_secret.ini
-# php artisan key:generate
-# php artisan generate:jwt-keypair
-
+# generate random values into helm_secret.ini
+python3 generate_secret_ini_file.py
+# TODO: manually insert missing values in helm_secret.ini
 kubectl create secret generic kairos-secrets --from-env-file=helm_secret.ini --namespace node1
 helm install kairos Kairos-0.1.0.tgz --namespace node1 -f values.yaml
 helm upgrade kairos Kairos-0.1.0.tgz --namespace node1 -f values.yaml
@@ -82,59 +71,6 @@ helm upgrade kairos Kairos-0.1.0.tgz --namespace node1 -f values.yaml
     - remove folder creation in docker image
 - adapt `php artisan generate:jwt-keypair` to kubernertes
 
-# Legacy (deprecated)
-
-```shell
-#install docker (https://docs.docker.com/engine/install/ubuntu/)
-sudo apt-get update
-sudo apt-get install \
-    apt-transport-https \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
-echo \
-  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
-  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io
-
-# install docker-compose (https://docs.docker.com/compose/install/)
-sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-sudo chmod +x /usr/local/bin/docker-compose
-sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
-
-
-# disable SSL commenting 000-default.conf
-mkdir helios
-
-U_ID=$(id -u $USER) G_ID=$(id -u $USER) docker-compose up -d
-docker pull certbot/certbot
-# RUN docker run -it --rm -v $(pwd)/letsencrypt/c.....
-# enable SSL commenting 000-default.conf
-U_ID=$(id -u $USER) G_ID=$(id -u $USER) docker-compose down
-U_ID=$(id -u $USER) G_ID=$(id -u $USER) docker-compose up -d
-# php artisan key:generate
-# php artisan generate:jwt-keypair
-# php artisan storage:link
-```
-
-# Adding SSL to the server domain.xyz (deprecated)
-
-```shell
-docker pull certbot/certbot
-U_ID=$(id -u $USER) G_ID=$(id -u $USER) docker-compose build
-U_ID=$(id -u $USER) G_ID=$(id -u $USER) docker-compose up -d
-U_ID=$(id -u $USER) G_ID=$(id -u $USER) docker-compose down
-docker run -it --rm -v $(pwd)/letsencrypt/certs:/etc/letsencrypt -v $(pwd)/letsencrypt/data:/data/letsencrypt \
-    certbot/certbot certonly \
-    --webroot \
-    --webroot-path=/data/letsencrypt \
-    -d domain.xyz \
-    --email your@email.com \
-    --agree-tos
-```
 
 # Docker changes (deprecated)
 

app/Voting/CryptoSystems/ElGamal/EGParameterSet.php

@@ -48,15 +48,14 @@ public function __construct(BigInteger $g, BigInteger $p, BigInteger $q)
     }
 
     /**
-     *
+     * TODO these can change, from one peer to the other
+     * TODO share your parameter with others
      */
     public static function getDefault(): self
     {
         $p = BI(config('kairos.elgamal.p'), config('kairos.elgamal.base')); // prime p
-        // NOTE: Q,G are inverted!!!
-        $g = BI(config('kairos.elgamal.q'), config('kairos.elgamal.base'));
-        // NOTE: Q,G are inverted!!!
-        $q = BI(config('kairos.elgamal.g'), config('kairos.elgamal.base'));
+        $g = BI(config('kairos.elgamal.g'), config('kairos.elgamal.base'));
+        $q = BI(config('kairos.elgamal.q'), config('kairos.elgamal.base'));
         return new static($g, $p, $q);
     }
 

generate_secret_ini_file.py

@@ -0,0 +1,41 @@
+import secrets
+import string
+import base64
+import logging
+
+
+def generate_password(size):
+  # Generate a secure password
+  alphabet = string.ascii_letters + string.digits # + string.punctuation
+  return ''.join(secrets.choice(alphabet) for i in range(size))
+
+def generate_base64_password(size):
+  binary_string = secrets.token_bytes(size)
+  return base64.b64encode(binary_string).decode()
+
+config = {}
+with open("helm_secret.ini.example", "r") as f:
+  for line in f.readlines():
+    try:
+      if not line.strip():
+        continue
+      if "=" not in line:
+        key=line
+        value=""
+      else:
+        key, value = line.split('=')
+      key = key.strip()
+      value = value.strip()
+      config[key] = value
+    except ValueError:
+      # syntax error
+      logging.error(f"Syntax error in line: {line}")
+      pass
+
+config['JWT_SECRET'] = generate_password(64)
+config['DB_PASSWORD'] = generate_password(32)
+config['APP_KEY'] = 'base64:' + generate_base64_password(64)
+
+with open("helm_secret.ini", "w") as f:
+  for key, value in config.items():
+    f.write(f"{key}={value}\n")

helm/templates/db-env-configmap.yaml …lm/templates/database-env-configmap.yamlhelm/templates/db-env-configmap.yaml renamed to helm/templates/database-env-configmap.yaml helm/templates/db-env-configmap.yaml renamed to helm/templates/database-env-configmap.yaml

@@ -8,4 +8,4 @@ data:
   MYSQL_DATABASE: laravel
   # MYSQL_ROOT_PASSWORD: from secret
   SERVICE_NAME: mysql
-  SERVICE_TAGS: dev
+  SERVICE_TAGS: dev

helm/templates/job-init.yaml

@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: kairos-init
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    spec:
+      initContainers:
+      - name: init-cont
+        image: busybox:1.31
+        command: ['sh', '-c', 'echo -e "Checking for the availability of MySQL Server deployment"; while ! nc -z {{.Values.database.serviceName}} 3306; do sleep 1; printf "-"; done; echo -e "  >> MySQL DB Server has started";']
+      containers:
+      - image: "{{ .Values.image }}:{{ .Chart.AppVersion }}"
+        imagePullPolicy: Always
+        name: kairos-init
+        envFrom:
+          - configMapRef:
+              name: kairos-webserver-env
+          - secretRef:
+              name: kairos-secrets
+        command: ["/bin/sh"]
+        args:
+          - -c
+          - >-
+              php artisan generate:jwt-keypair
+        resources:
+          requests:
+            ephemeral-storage: "100Mi"
+      restartPolicy: Never
+      volumes:
+        - name: kairos-webserver-claim
+          persistentVolumeClaim:
+            claimName: kairos-webserver-claim
+  backoffLimit: 1

helm/templates/webserver-env-configmap.yaml

@@ -65,7 +65,8 @@ data:
   # FACEBOOK_CLIENT_SECRET: from secret
 
   # base 16
-  # ELGAMAL_G: from secret
-  # ELGAMAL_P: from secret
-  # ELGAMAL_Q: from secret
+  # TODO these should change
+  ELGAMAL_G: 75ee80f0a161dd0c025ac818db8d52d193a46655fe0ebd3c289a949f42185f58f2f88f825dcdb3e3e98c0598af87599728f4f0719a8f68b133e82eb1bc4e3b6b8a377a5c6b812d656efcde578fdf515ac6ef628f1564ac907745d53bc6213b74f0cc303bbe68f3ab2220dcacd0ceece7aac3a675aaa0604885a1fb1374e6c08f2dcf503e58ac6487be73b8ab2a10fa62a79522cbc777b6321fd346e0d36ee5a7291955117d8bb4284901eb26804bd2286a14af52f5301c489c80dfeafb7ce496af58479a4c6f57f29ec8c9e4f6b88deb06f5d120859d2d4de06e57b0476f8263f7a4a35f67ed21a4a927109fa89a6b7f4976e98e3ddb3cd232c516b1da5cc555
+  ELGAMAL_P: 815901aa6d3ced6a0bd488c617351e322c8aef8f9f90adf331a2583d8082ac46f74345a1e1cf561facbdf3239bc3f0ee71618b5d016266caafd48439b034a38f6560cd6b671e3a80248b46809ad8de7a4cc7250469611d59dae8d8af5c6d0f9f3665f9857e04e1134dc94b270e93341449ea503617447ecb83b2c01602878c070d080da464c974d9951c35c1a553407345ee31ebc4a29a3488d5a54702a971ee0a1ea4da93fcf64105040893ff4bec23ca11e8cffa279e899a46891137c28e85f5a2fc9c637af6d26f6b5deba3d60580df41c334ea123331f8b0adeb43ea64a037e0c5ac168c47ce421bc9718ba8357099a0221f778599acd917607f3e3024d7
+  ELGAMAL_Q: 87974deb793421ce3891540d906ac0806b85a2b95adc211a82ef8b659f8d9d25
 

helm/templates/webserver-ingress.yaml

@@ -6,10 +6,10 @@ metadata:
   name: kairos-ingress
 spec:
   ingressClassName: nginx
-  # tls:
-  # - hosts:
-  #   - {{ .Values.host }}
-  #   secretName: my-tls-secret
+  tls:
+  - hosts:
+    - {{ .Values.host }}
+    secretName: docker-registry-tls-secret
   rules:
   - host: "{{ .Values.host }}"
     http:

helm_secret.ini.example

@@ -12,14 +12,3 @@ GOOGLE_CLIENT_SECRET=
 
 FACEBOOK_CLIENT_ID=
 FACEBOOK_CLIENT_SECRET=
-
-# base 10
-#ELGAMAL_P=16328632084933010002384055033805457329601614771185955389739167309086214800406465799038583634953752941675645562182498120750264980492381375579367675648771293800310370964745767014243638518442553823973482995267304044326777047662957480269391322789378384619428596446446984694306187644767462460965622580087564339212631775817895958409016676398975671266179637898557687317076177218843233150695157881061257053019133078545928983562221396313169622475509818442661047018436264806901023966236718367204710755935899013750306107738002364137917426595737403871114187750804346564731250609196846638183903982387884578266136503697493474682071
-#ELGAMAL_G=61329566248342901292543872769978950870633559608669337131139375508370458778917
-#ELGAMAL_Q=14887492224963187634282421537186040801304008017743492304481737382571933937568724473847106029915040150784031882206090286938661464458896494215273989547889201144857352611058572236578734319505128042602372864570426550855201448111746579871811249114781674309062693442442368697449970648232621880001709535143047913661432883287150003429802392229361583608686643243349727791976247247948618930423866180410558458272606627111270040091203073580238905303994472202930783207472394578498507764703191288249547659899997131166130259700604433891232298182348403175947450284433411265966789131024573629546048637848902243503970966798589660808533
-
-# base 16
-ELGAMAL_G=87974deb793421ce3891540d906ac0806b85a2b95adc211a82ef8b659f8d9d25
-ELGAMAL_P=815901aa6d3ced6a0bd488c617351e322c8aef8f9f90adf331a2583d8082ac46f74345a1e1cf561facbdf3239bc3f0ee71618b5d016266caafd48439b034a38f6560cd6b671e3a80248b46809ad8de7a4cc7250469611d59dae8d8af5c6d0f9f3665f9857e04e1134dc94b270e93341449ea503617447ecb83b2c01602878c070d080da464c974d9951c35c1a553407345ee31ebc4a29a3488d5a54702a971ee0a1ea4da93fcf64105040893ff4bec23ca11e8cffa279e899a46891137c28e85f5a2fc9c637af6d26f6b5deba3d60580df41c334ea123331f8b0adeb43ea64a037e0c5ac168c47ce421bc9718ba8357099a0221f778599acd917607f3e3024d7
-ELGAMAL_Q=75ee80f0a161dd0c025ac818db8d52d193a46655fe0ebd3c289a949f42185f58f2f88f825dcdb3e3e98c0598af87599728f4f0719a8f68b133e82eb1bc4e3b6b8a377a5c6b812d656efcde578fdf515ac6ef628f1564ac907745d53bc6213b74f0cc303bbe68f3ab2220dcacd0ceece7aac3a675aaa0604885a1fb1374e6c08f2dcf503e58ac6487be73b8ab2a10fa62a79522cbc777b6321fd346e0d36ee5a7291955117d8bb4284901eb26804bd2286a14af52f5301c489c80dfeafb7ce496af58479a4c6f57f29ec8c9e4f6b88deb06f5d120859d2d4de06e57b0476f8263f7a4a35f67ed21a4a927109fa89a6b7f4976e98e3ddb3cd232c516b1da5cc555
-

setup/cluster/cluster-config.yaml

@@ -0,0 +1,3 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: kind-server