How to run pseudo-airgapped hs-airdrop using Docker

[pinheadmz]

SOURCE: #2 (comment)

by: @benjie

Please feel free to add this as a guide to your website if you would like. I do not require attribution.

Originally posted here: #2 (comment)

DISCLAIMER: THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

---

First, create this Dockerfile in an empty directory:

FROM node

RUN git clone https://github.com/handshake-org/hs-airdrop.git /hs-airdrop
WORKDIR /hs-airdrop
RUN yarn
RUN mkdir -p /root/.hs-tree-data/nonces
RUN curl -Lo /root/.hs-tree-data/tree.bin https://github.com/handshake-org/hs-tree-data/raw/master/tree.bin
RUN curl -Lo /root/.hs-tree-data/faucet.bin https://github.com/handshake-org/hs-tree-data/raw/master/faucet.bin
RUN curl -Lo /root/.hs-tree-data/proof.json https://github.com/handshake-org/hs-tree-data/raw/master/proof.json
RUN curl -Lo /root/.hs-tree-data/nonces/172.bin https://github.com/handshake-org/hs-tree-data/raw/master/nonces/172.bin

In that directory, run the following commands:

mkdir keys
cp ~/.ssh/id_rsa ~/.ssh/id_rsa.pub keys
# Change the password on your SSH key
ssh-keygen -p -f keys/id_rsa

docker build -t hs-airdrop .

docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash

You'll now be running a non-networked container. This is not as secure as it could be if you properly air-gapped, but it's better than nothing. Inside the container you can check there's no network connectivity:

ping 8.8.8.8

Should give an error - so you know there's no internet. Now run the airdrop command:

./bin/hs-airdrop /ssh/id_rsa <YOUR_WALLET_ADDRESS> 0.010

(0.010 is the mining fee recommended by namebase.io)

You'll probably get an error about not being able to fetch the nonce; this is likely because bucket 172 above is incorrect for you. Exit the docker bash shell, edit the Dockerfile above to contain the correct bucket number (in BOTH PLACES on that final line), then run again:

docker build -t hs-airdrop .

docker run --rm -it --network none --name no-net --volume=$(pwd)/keys:/ssh hs-airdrop bash

Issue the ./bin/hs-airdrop command again and hopefully this time it will work.

[sj26]

(0.010 is the mining fee recommended by namebase.io)

From https://www.namebase.io/airdrop:

[0xdevalias]

Only your master key will be included in the tree (no subkeys). To see whether you're in the tree, you can pass your key fingerprint (short ID, long ID, etc) to the [id] option. Note that you'll need a raw export of your secret key ring in standard PGP packets in order for the airdrop tool to be able to read it. It won't be able to read GnuPG's new database format.

Originally posted by @chjj in #2 (comment)

---

Edit: I originally shared the snippet above for visibility, and because I thought it may enable people to check if their key exists within the hs-airdrop tree without having to pass their private key to the tool, but on further exploration, I don't believe this is actually the case.

Looking at the usage from running the tool itself, it looks like you still need to provide [key-file] to use [id]:

# ./bin/hs-airdrop  -h

  hs-airdrop (v0.10.0)

  This tool will create the proof necessary to
  collect your faucet reward, airdrop reward, or
  sponsor reward on the Handshake blockchain.

  Usage: $ hs-airdrop [key-file] [id] [addr] [options]
         $ hs-airdrop [key-file] [addr] [options]
         $ hs-airdrop [addr]
         
..snip..

[0xdevalias]

You'll probably get an error about not being able to fetch the nonce; this is likely because bucket 172 above is incorrect for you. Exit the docker bash shell, edit the Dockerfile above to contain the correct bucket number (in BOTH PLACES on that final line), then run again

For those searching/wondering, the error looks something like this:

# ./bin/hs-airdrop /ssh/MYKEY MYWALLET
Passphrase:
Attempting to create proof.
This may take a bit.
Decrypting nonce...
Downloading: https://github.com/handshake-org/hs-tree-data/raw/master/nonces/123.bin...
Error: getaddrinfo EAI_AGAIN github.com
    at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:69:26)

See the solution in the original post: #106 (comment)

[fionn]

If you don't know what bucket corresponds to your key, create executable get_nonce.sh with content

#!/bin/bash

for i in {000..255}; do
    curl -Lo "/root/.hs-tree-data/nonces/$i.bin" \
    "https://github.com/handshake-org/hs-tree-data/raw/master/nonces/$i.bin"
done

and replace the last line in Dockerfile with

COPY get_nonce.sh get_nonce.sh
RUN ./get_nonce.sh

to download all buckets as a single layer.