This project aims to simplify the packaging of various Ethereum nodes for Debian-based systems, providing a streamlined approach to generate Debian packages for multiple Ethereum clients. It is actively under development, and you can check the roadmap for upcoming features.
-
Add the repository signing key:
sudo curl -fsSL https://packages.eth-pkg.com/keys/ethpkg-archive-keyring.asc -o /usr/share/keyrings/ethpkg-archive-keyring.asc
-
Add the repository to sources.list:
sudo echo "deb [arch=amd64 signed-by=/usr/share/keyrings/ethpkg-archive-keyring.asc] http://packages.eth-pkg.com bookworm main" | sudo tee -a /etc/apt/sources.list.d/ethpkg.list
-
Update package lists:
sudo apt update
Once the repository is added, you can install the clients using apt. Note that some clients might require additional runtime dependencies.
Besu
-
Install Java 17:
sudo apt -y install wget curl wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.deb sudo apt install ./jdk-17_linux-x64_bin.deb
-
Set up Java environment:
cat <<'EOF' | sudo tee /etc/profile.d/jdk.sh export JAVA_HOME=/usr/lib/jvm/jdk-17/ export PATH=\$PATH:\$JAVA_HOME/bin EOF source /etc/profile.d/jdk.sh sudo ln -s /usr/lib/jvm/jdk-17-oracle-x64 /usr/lib/jvm/jdk-17 java -version
-
Install Besu:
sudo apt install eth-node-besu
-
Verify installation:
besu --data-path <YOUR_DATA_DIR>
Erigon
-
Install Erigon:
sudo apt install eth-node-erigon
-
Verify installation:
erigon
Geth
-
Install Geth:
sudo apt install eth-node-geth
-
Verify installation:
geth
Lodestar
-
Install Node.js:
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - sudo apt install -y nodejs -
Install Lodestar:
sudo apt install eth-node-lodestar
-
Verify installation:
lodestar
Nethermind
-
Install .NET runtime:
wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb sudo dpkg -i packages-microsoft-prod.deb rm packages-microsoft-prod.deb sudo apt update sudo apt install -y aspnetcore-runtime-7.0
-
Install Nethermind:
sudo apt install eth-node-nethermind
-
Verify installation:
nethermind -dd <YOUR_DATA_DIR>
Lighthouse
-
Install Lighthouse:
sudo apt install eth-node-lighthouse
-
Verify installation:
lighthouse
Nimbus-eth2
-
Install Nimbus-eth2:
sudo apt install eth-node-nimbus-eth2
-
Verify installation:
nimbus_beacon_node
Prysm
-
Install Prysm:
sudo apt install eth-node-prysm
-
Verify installation:
beacon-chain
Teku
-
Install Java 17:
sudo apt -y install wget curl wget https://download.oracle.com/java/17/latest/jdk-17_linux-x64_bin.deb sudo apt install ./jdk-17_linux-x64_bin.deb
-
Set up Java environment:
cat <<'EOF' | sudo tee /etc/profile.d/jdk.sh export JAVA_HOME=/usr/lib/jvm/jdk-17/ export PATH=\$PATH:\$JAVA_HOME/bin EOF source /etc/profile.d/jdk.sh sudo ln -s /usr/lib/jvm/jdk-17-oracle-x64 /usr/lib/jvm/jdk-17 java -version
-
Install Teku:
sudo apt install eth-node-teku
-
Verify installation:
teku
To begin building packages, you need to install pkg-builder. Refer to the pkg-builder README for installation instructions.
-
Navigate to the directory you want to package:
cd debian-12/amd64/eth-node-nimbus-eth2/24.3.0-1 -
Create an environment:
pkg-builder env create
-
Build the package:
pkg-builder package
-
Verify the build:
pkg-builder verify --no-package true
There are several methods to verify builds:
- Verify by rebuilding on your own machine.
- Verify by building using GitHub Actions.
- Verify that the hashes of distributed packages through apt match those provided in
pkg-builder-verify.toml.
For detailed instructions, please refer to the section on how to build packages.
Note that verification cannot be performed inside a Docker image due to the current lack of support for stacking kernel namespaces with sbuild.
This method offers weak verifiability because GitHub Actions runners use uniform machines, which increases the likelihood of matching hashes. However, hashes might differ on locally built packages due to non-uniformity of machines. Running this verification is still recommended as it guarantees reproducibility on GitHub Actions and is easy to perform. (note: The built packages are built against multiple machines to check hashes.)
To verify through GitHub Actions:
- Fork the repository.
- Select a release to verify (e.g.,
releases/bookworm/amd64/eth-node-erigon/2.60.0-1). - Create a branch named
verify/bookworm/amd64/eth-node-erigon/2.60.0-1(replacereleaseswithverify). - Push the branch to GitHub and create a PR.
- Wait for the action runner to complete.
Note: You cannot create any branch starting with verify/* on this repository to avoid dummy PRs.
Packages distributed through apt or downloadable from GitHub releases can be verified to ensure their hashes match the ones in pkg-builder-verify.toml. Follow these steps:
-
Download the package:
mkdir /tmp/tempdir && cd /tmp/tempdir sudo apt download <package_name>
-
Check the SHA1 sum:
sha1sum <package_name>*.deb
-
Verify the hash:
cat releases/bookworm/amd64/<package_name>/pkg-builder-verify.toml
Example for Teku:
sudo apt download eth-node-teku
sha1sum eth-node-teku_24.4.0-1_amd64.deb
cat releases/bookworm/amd64/eth-node-teku/24.4.0-1/pkg-builder-verify.tomlThis process utilizes debcrafter and pkg-builder to create reproducible environments. debcrafter aids in generating reproducible Debian directories from detailed specification files (.sss and .sps). While debcrafter already supports reproducible builds, it doesn't pin environment dependencies, which led to the development of pkg-builder. Pkg-builder employs debcrafter to establish minimal environments for building packages in line with Debian's best practices. This includes tools like sbuild, piuparts, lintian, and autopkgtest to ensure fully functional packages.
pkg-builder enhances debcrafter by adding package pinning, checking against hashes, and supporting multiple programming languages such as C, .NET, Java, Rust, Go, and Nim. It also supports various Linux backends for packaging, including Noble Numbat, Jammy, and Debian 12. Additionally, pkg-builder ensures that all tools work together in a uniform manner, addressing the challenge of using these tools consistently and correctly.
debcrafter also makes it possible to create modular and dependent Debian packages, simplifying the handling of package relationships. Without debcrafter, the eth-node project would not be possible.
One significant challenge in Debian packaging is the requirement for a separate git repository per package, which can hinder support for numerous applications. While Debian packaging promotes reproducible builds, this requirement poses some limitations. Furthermore, not everyone uses git repositories, making it difficult to track which packages are updated. Having a monorepo simplifies this by providing a clear view of what is shipped and what is in development. Through debcrafter, it is very easy to have one organization’s interconnected packages in one repository and manage different versions, updates, and relationships together without having to rehost the source code of the original packages. Since the source code is just one input to the package process, tracking it in the packaging repository host makes little sense. Simple patching allows for including only the patched files with their patches in the repository, saving cognitive overhead and git space.