在路上 ……

Linux系统运维与架构

java jdk安装不再赘述

安装Android sdk-tools

1.下载Android sdk-tools安装包,下载页面https://developer.android.com/studio

下载地址:https://dl.google.com/android/repository/sdk-tools-darwin-4333796.zip

2.创建ANDROID_HOME目录,我以~/Android目录为例

    mkdir ~/Android
    unzip -d ~/Android sdk-tools-darwin-4333796.zip

3.修改环境变量文件~/.bash_profile

ANDROID_HOME=/Users/USERNAME/Android
export PATH=$PATH:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools

source ~/.bash_profile 使环境变量生效

4.使用sdkmanager安装需要的sdk包

sdkmanager --list  列出已安装和可用的包
sdkmanager --licenses 列出6个SDK包的licenses,全都接受一次
sdkmanager platform-tools 安装平台工具包
sdkmanager "build-tools;28.0.3" 安装需要的版本的build工具包

安装Gradle

1.下载

下载页面https://gradle.org/releases/

2.安装

安装参考页面https://gradle.org/install/

3.修改环境变量文件~/.bash_profile

export PATH=$PATH:/opt/gradle/bin

source ~/.bash_profile 使环境变量生效

4.验证安装是否成功

#gradle -v

Welcome to Gradle 5.6.3!

Here are the highlights of this release:
 - Incremental Groovy compilation
 - Groovy compile avoidance
 - Test fixtures for Java projects
 - Manage plugin versions via settings script

For more details see https://docs.gradle.org/5.6.3/release-notes.html


------------------------------------------------------------
Gradle 5.6.3
------------------------------------------------------------

Build time:   2019-10-18 00:28:36 UTC
Revision:     bd168bbf5d152c479186a897f2cea494b7875d13

Kotlin:       1.3.41
Groovy:       2.5.4
Ant:          Apache Ant(TM) version 1.9.14 compiled on March 12 2019
JVM:          1.8.0_77 (Oracle Corporation 25.77-b03)
OS:           Mac OS X 10.11.6 x86_64

编译前准备

进入项目目录,配置好build.gradle,gradle.properties等等相关文件
./gradlew tasks 列出任务列表,同时会将一切缺少的依赖自动安装好

如果一切就绪,没任何错误的话,就会列出所有可执行的task了

然后就可以执行gradle build进行编译了

编译好的APK文件在--项目目录/app/build/outputs/apk目录下

对APK进行签名

如果需要发布的APK包,需要用私钥进行签名

1.使用 keytool 生成一个私钥,如下所示:

keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias

上面的示例会提示您输入密钥库和密钥的密码,并提示您在“Distinguished Name”字段中为您的密钥输入相应的名称。随后,它会生成一个名为 my-release-key.jks 的密钥库文件,并将其保存在当前目录中(您可以根据自己的喜好将其移至任何位置)。该密钥库包含一个有效期为 10,000 天的密钥。

2.对APK进行签名

2.1 使用 zipalign 对齐未签名的 APK:

zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk

2.2 通过 apksigner 使用您的私钥为 APK 签名:

apksigner sign --ks my-release-key.jks --out my-app-release.apk my-app-unsigned-aligned.apk

以上两个工具在ANDROID_HOME目录build-tools对应的版本目录下可以找到


一,环境准备

1, 创建所需目录

cd /etc/pki/
mkdir CA
cd CA
mkdir certs crl newcerts private

2,创建所需文件

创建证书起始序列号

echo 01 > serial

创建CA 签发证书列表文件

touch index.txt

创建openssl配置文件

vi openssl.cnf

内容如下:

[ ca ]
# `man ca`
default_ca = CA_default

[ CA_default ]
# Directory and file locations.
dir               = /etc/pki/CA
certs             = $dir/certs
crl_dir           = $dir/crl
new_certs_dir     = $dir/newcerts
database          = $dir/index.txt
serial            = $dir/serial
RANDFILE          = $dir/private/.rand

# The root key and root certificate.
private_key       = $dir/private/ca.key.pem
certificate       = $dir/certs/ca.cert.pem

# For certificate revocation lists.
crlnumber         = $dir/crlnumber
crl               = $dir/crl/ca.crl.pem
crl_extensions    = crl_ext
default_crl_days  = 30

# SHA-1 is deprecated, so use SHA-2 instead.
default_md        = sha256

name_opt          = ca_default
cert_opt          = ca_default
default_days      = 365
preserve          = no
policy            = policy_strict

[ policy_strict ]
# The root CA should only sign intermediate certificates that match.
# See the POLICY FORMAT section of `man ca`.
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page.
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
# Options for the `req` tool (`man req`).
default_bits        = 2048
distinguished_name  = req_distinguished_name
string_mask         = utf8only

# SHA-1 is deprecated, so use SHA-2 instead.
default_md          = sha256

# Extension to add when the -x509 option is used.
x509_extensions     = v3_ca

req_extensions = v3_req

[ req_distinguished_name ]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName                     = Country Name (2 letter code)
stateOrProvinceName             = State or Province Name
localityName                    = Locality Name
0.organizationName              = Organization Name
organizationalUnitName          = Organizational Unit Name
commonName                      = Common Name
emailAddress                    = Email Address

# Optionally, specify some defaults.
countryName_default             = CN
stateOrProvinceName_default     = China
localityName_default            =
0.organizationName_default      = Dp2u
#organizationalUnitName_default =
#emailAddress_default           =

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = dp2u.com
DNS.2 = *.dp2u.com

[ v3_ca ]
# Extensions for a typical CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature, cRLSign, keyCertSign

[ v3_intermediate_ca ]
# Extensions for a typical intermediate CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign

[ usr_cert ]
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = client, email
nsComment = "OpenSSL Generated Client Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection

[ server_cert ]
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[ crl_ext ]
# Extension for CRLs (`man x509v3_config`).
authorityKeyIdentifier=keyid:always

[ ocsp ]
# Extension for OCSP signing certificates (`man ocsp`).
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, OCSPSigning

二,签发步骤

1,生成 CA

1.1 生成CA私钥

openssl ecparam -genkey -name prime256v1 |openssl ec -out private/ca.key.pem

1.2 生成CA根证书

openssl req -config openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem

生成过程中需要填写几个参数,示例如下:

Country Name (2 letter code) [CN]:
State or Province Name [China]:
Locality Name []:Beijing
Organization Name [Dp2u]:
Organizational Unit Name []:Dp2u Root CA
Common Name []:Dp2uROOTCA 
Email Address []:ops@dp2u.com

2. 生成服务器证书

2.1 生成服务器私钥

openssl ecparam -genkey -name prime256v1 |openssl ec -out private/node1.key.pem

2.2 生成服务器证书请求文件

openssl req -config openssl.cnf -new -key private/node1.key.pem -out certs/node1.csr.pem

生成过程中也需要回答几个参数,示例如下:

Country Name (2 letter code) [CN]:
State or Province Name [China]:
Locality Name []:Beijing
Organization Name [Dp2u]:
Organizational Unit Name []:Node1
Common Name []:node1.dp2u.com
Email Address []:ops@dp2u.com

2.3 签发服务器证书

openssl ca -config openssl.cnf -extensions server_cert -days 1095 -md sha256 -in certs/node1.csr.pem -out certs/node1.cert.pem

输出示例如下:

Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Feb 20 03:27:00 2019 GMT
            Not After : Feb 19 03:27:00 2022 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = China
            organizationName          = Dp2u
            organizationalUnitName    = Node1
            commonName                = node1.dp2u.com
            emailAddress              = ops@dp2u.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                OpenSSL Generated Server Certificate
            X509v3 Subject Key Identifier: 
                8F:A2:F7:D3:B0:09:85:D7:65:22:C8:66:C7:50:7A:37:12:7A:A5:20
            X509v3 Authority Key Identifier: 
                keyid:1B:22:83:F0:8F:4B:32:B6:54:03:1D:80:8F:03:72:F8:25:B9:5B:5E
                DirName:/C=CN/ST=China/L=Beijing/O=Dp2u/OU=Dp2u Root CA/CN=Dp2uROOTCA/emailAddress=ops@dp2u.com
                serial:FB:09:DF:58:48:31:4C:6B

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Subject Alternative Name: 
                DNS:dp2u.com, DNS:*.dp2u.com
Certificate is to be certified until Feb 19 03:27:00 2022 GMT (1095 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

回答两个y就可以签发出服务器证书了

至此ca和服务器证书都已生成完毕

CA的根证书是 certs/ca.cert.pem

CA的证书私钥是 private/ca.key.pem

服务器的证书是 certs/node1.cert.pem

服务器的证书私钥是 private/node1.key.pem


校验服务器证书:

openssl verify -verbose -CAfile /etc/pki/CA/certs/ca.cert.pem node1.cert.pem

从服务器证书导出服务器公钥

openssl x509 -pubkey -noout -in node1.cert.pem > node1.pubkey.pem


前言

因为要给家里老人装台电脑,出于简单省事又便宜的考虑,咸鱼上收了个Intel NUC7i5BNK,CPU是Intel 7代i5-7260U,集成的显卡是Iris 620,可intel官网只给出了win10的驱动,看来是彻底不支持在NUC上装win7了啊。可家里老人能会用win7已经不容易了,再让他们去学习适应win10,实在是太辛苦,于是就有了这篇折腾的记录。

一,准备工作

下载需要的文件及驱动

  1. windows 7 SP1 原版ISO,cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso
  2. 两个win7的补丁程序,一个是 2990941,用于给win7添加NVME驱动。一个是 3087873,修复打了上面补丁后可能出现的蓝屏情况。
    BTW: 现在微软居然不直接提供下载了,还要把下载地址发到邮箱再去下载,下载是两个exe文件,执行后会解压出来是msu格式的补丁文件,留待使用。
  3. Intel NMVE驱动,因为我买的是Intel 760P m2接口NVME ssd,所以需要准备相应的驱动,如果你们用其他品牌的NVME ssd,也需要下载相应的驱动。
    官方网址:https://downloadcenter.intel.com/zh-cn/download/27518/-ssd-NVMe-Microsoft-windows-?product=129831,下载地址:https://downloadmirror.intel.com/27518/eng/Client-x64.zip
  4. Intel 200系列芯片组 USB3.0驱动,官方网址:https://downloadcenter.intel.com/download/22824/Intel-USB-3-0-eXtensible-Host-Controller-Driver-for-Intel-8-9-100-Series-and-Intel-C220-C610-Chipset-Family,下载地址:https://downloadmirror.intel.com/22824/eng/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2.zip

准备工作目录及文件

  1. 找一个剩余空间至少15G的硬盘分区,推荐使用ssd,否则后面mount镜像文件时会很慢,这里我以D盘为例,新建工作目录w7sp2
  2. 在D:\w7sp2目录下新建 mount,driver,hotfix 三个目录
  3. 将上面第二步下载的两个补丁文件放入hotfix目录
  4. 将上面第三第四步下载的驱动,解压后放入driver目录
  5. 使用UltraISO打开windows 7 原版ISO,进入sources目录,将boot.wim和install.wim两个文件提取到D:\w7sp2目录下

二,正式开始封装

打开CMD命令行窗口,切换到D:w7sp2工作目录下

D:
cd D:\w7sp2

给win7boot程序添加NVME驱动和USB3驱动

dism /mount-wim /wimfile:D:\w7sp2\boot.wim /index:2 /mountdir:D:\W7SP2\mount
dism /image:D:\w7sp2\mount /add-driver /driver:D:\w7sp2\driver /Recurse
dism /unmount-wim /mountdir:D:\w7sp2\mount /commit

给win7安装程序添加补丁及驱动

dism /mount-wim /wimfile:D:\w7sp2\install.wim /index:4 /mountdir:D:\W7SP2\mount
dism /image:D:\w7sp2\mount /add-package /packagepath:D:\w7sp2\hotfix
dism /image:D:\w7sp2\mount /add-driver /driver:D:\w7sp2\driver /Recurse
dism /unmount-wim /mountdir:D:\w7sp2\mount /commit

将w7sp2目录下封装好的boot.wim和install.wim通过UltraISO添加回win7原版 ISO
将ISO另存为一个新文件,别直接覆盖原版ISO

三,制作U盘,安装系统

这时就可以用UltraISO打开新生成的ISO,写入硬盘镜像功能制作win7安装U盘了
安装过程就和普通的安装无任何区别了。

四,安装后

安装后,大部分驱动都可以用驱动精灵之类的搞定,唯独Intel核心显卡驱动搞不定,使用for win10的驱动会提示不支持的CPU。
经过搜索,终于找到了安装方法:
先在系统-设备管理器-标准VGA显示-属性-详细信息-硬件ID,查看当前设备的信息,记录下来,类似于“PCIVEN_8086&DEV_5926”这样的,重要的是DEV后面的这四位数字。
下载intel核心显卡驱动zip包版本,下载地址:https://downloadmirror.intel.com/26836/eng/win64_154519.4678.zip,解压后,在Graphics目录下,找到igdlh64.inf文件,用记事本打开,查找刚才记下的DEV后的数字5926,找到这样一行“%iKBLULTGT3E15% = iKBLD_w10, PCIVEN_8086&DEV_5926”
igdlh64-1.PNG
将这行复制下来,然后向上查找“iSKLWSGT4”,在这行的下面添加一行,把刚才复制的内容贴上来,然后修改一下,修改为“%iKBLULTGT3E15% = iSKLD_w7, PCIVEN_8086&DEV_5926”
改完后应该是这个样子
igdlh64-2.PNG
保存后,就可以回到上一层目录,执行setup安装显卡驱动了


pre-install:安装依赖包:

apt install lcov pandoc autoconf-archive liburiparser-dev libdbus-1-dev libglib2.0-dev dbus-x11 libssl-dev \
autoconf automake libtool pkg-config gcc  libcurl4-gnutls-dev libgcrypt20-dev libcmocka-dev uthash-dev

一,下载及安装TPM 模拟器

IBMTPM模拟器项目页面:https://sourceforge.net/projects/ibmswtpm2/files/
下载最新的版本wget https://jaist.dl.sourceforge.net/project/ibmswtpm2/ibmtpm1332.tar.gz

mkdir ibmtpm1332
cd ibmtpm1332/
tar zxvf  ../ibmtpm1332.tar.gz
cd src/
make
cp tpm_server /usr/local/bin/

增加tpm-server.service
vi /lib/systemd/system/tpm-server.service

[Unit]
Description=TPM2.0 Simulator Server Daemon
Before=tpm2-abrmd.service

[Service]
ExecStart=/usr/local/bin/tpm_server 
Restart=always
Environment=PATH=/usr/bin:/usr/local/bin

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl start tpm-server.service

确认tpm模拟器启动正常

二,安装TPM2相关软件包

1,安装tpm2_tss

添加TSS用户
useradd --system --user-group tss

下载地址:
wget https://github.com/tpm2-software/tpm2-tss/releases/download/2.1.0/tpm2-tss-2.1.0.tar.gz

tar zxvf tpm2-tss-2.1.0.tar.gz
cd tpm2-tss-2.1.0/
./configure --enable-unit --enable-integration
make check
make install
ldconfig
cd ..

2,安装tpm2_abrmd

下载地址:
wget https://github.com/tpm2-software/tpm2-abrmd/releases/download/2.0.2/tpm2-abrmd-2.0.2.tar.gz

tar zxvf tpm2-abrmd-2.0.2.tar.gz
cd tpm2-abrmd-2.0.2/
ldconfig
./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-systemdsystemunitdir=/lib/systemd/system
make
make install

cp /usr/local/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service /usr/share/dbus-1/system-services/

重启 DBUS
pkill -HUP dbus-daemon

修改system tpm2-abrmd.service服务配置
vi /lib/systemd/system/tpm2-abrmd.service
将“ExecStart=/usr/local/sbin/tpm2-abrmd”修改为“ExecStart=/usr/local/sbin/tpm2-abrmd --tcti="libtss2-tcti-mssim.so.0:host=127.0.0.1,port=2321"”

systemctl daemon-reload
systemctl start tpm2-abrmd.service
查看status,确认服务正常启动

3,安装tpm2_tools

git clone https://github.com/tpm2-software/tpm2-tools.git
cd tpm2-tools/
./bootstrap
./configure
make

测试tpm2-tools工具连接abrmd服务是否正常
./tools/tpm2_getrandom 4

没问题的话
make install

安装完毕

执行tpm2_pcrlist,查看是否正常输出

三,tpm2常用命令

设定tpm相关密码(-o ownership password,-e endorsement password,-l lockout password):tpm2_takeownership -o 1 -e 1 -l 1

Create a Primary Object in endorsement hierarchy, with objectpass as the object password, with RSA keys & SHA256 name hash algorithm, with object context saved in file po.ctx:
tpm2_createprimary -H e -K 11 -g 0x000b -G 0x0001 -C po.ctx -P 1

Create a RSA key under the previous primary key, with subobjectpass as the object password, with SHA256 name hash algorithm, with public portion saved in key.pub and private portion saved in key.priv:
tpm2_create -c po.ctx -P 11 -K 111 -g 0x000b -G 0x0001 -u key.pub -r key.priv

Load the created RSA key:
tpm2_load -c po.ctx -P 11 -u key.pub -r key.priv -n key.name -C obj.ctx

Encrypt file data.in with RSA key:
tpm2_rsaencrypt -c obj.ctx -o data.encrypt data.in

Decrypt with RSA key:
tpm2_rsadecrypt -c obj.ctx -I data.encrypt -P 111 -o data.decrypt

使用tpm2_quote对PCR签名,使用OpenSSL校验签名的步骤:

# Generate an ECC key
openssl ecparam -name prime256v1 -genkey -noout -out private.ecc.pem
openssl ec -in private.ecc.pem -out public.ecc.pem -pubout

# Load the private key for signing
tpm2_loadexternal -Q -G ecc -r private.ecc.pem -o key.ctx

# Sign in the TPM and verify with OSSL
tpm2_quote -C key.ctx -G sha256 -L sha256:16,17,18 -f plain -q 11aabb -s pcr.out.signed -m pcr.in.raw
openssl dgst -verify public.ecc.pem -keyform pem -sha256 -signature pcr.out.signed pcr.in.raw 

备注:在使用tpm2_quote时,会报错如下:

ERROR: Could not convert signature hash algorithm selection, got: "sha256"

google查了半天也没结果,最后只能看源码,发现在tools/tpm2_quote.c第191开始的这段代码:
tpm2-tools-quote.png
将命令行输入的-G参数后的值做个转换,然后与预定义的flags比较
但是不知道是什么情况,这里用了“tpm2_alg_util_flags_sig”,去lib/tpm2_alg_util.c里查了定义,flags_sig里并没有sha256,所以导致报错
tpm2_lib_alg_util.png
但是我尝试使用定义里的ecdsa之类的算法,也会报另外一个错:

ERROR: Tss2_Sys_Quote(0x2C3) - tpm:parameter(2):hash algorithm not supported or not appropriate
ERROR: Unable to run tpm2_quote

而这可能就是tpm模拟器不支持了,不知道真实物理tpm芯片是不是支持,以后有条件再测试下

解决办法:暂时只能修改tpm2_quote的代码,将192行 “tpm2_alg_util_flags_sig”改为“tpm2_alg_util_flags_hash”,然后重新编译即可


以太坊多节点私链

一,安装以太坊客户端

系统版本:Ubuntu 16.04

添加Geth repository

apt install software-properties-common
add-apt-repository -y ppa:ethereum/ethereum

升级apt,安装Geth和Supervisor(将Geth作为服务运行)

apt update
apt -y install ethereum supervisor python-pip curl

升级pip & Supervisor

pip install pip --upgrade
pip install supervisor --upgrade
sed -i "s#usr/bin#usr/local/bin#g" /lib/systemd/system/supervisor.service

配置 Geth Supervisor Service – Copy and paste this into /etc/supervisor/conf.d/geth.conf

vi /etc/supervisor/conf.d/geth.conf
[program:geth]
command=bash -c '/usr/bin/geth'
autostart=true
autorestart=true
stderr_logfile=/var/log/supervisor/geth.err.log
stdout_logfile=/var/log/supervisor/geth.out.log

Start supervisor, which will auto-start Geth

systemctl enable supervisor
systemctl start supervisor

至此,以太坊公链就安装好了,运行geth就会自动开始同步区块

二,搭建私链

创建私链目录

mkdir /data/testchain

创建创始块json文件

vi genesis.json
{
    "config": {
        "chainId": 2018,
        "homesteadBlock": 0
    },
    "coinbase" : "0x0000000000000000000000000000000000000000",
    "difficulty" : "0x400",
    "gasLimit" : "0x2fefd8",
    "nonce" : "0x0000000000000142",
    "mixhash" : "0x0000000000000000000000000000000000000000000000000000000000000000",
    "parentHash" : "0x0000000000000000000000000000000000000000000000000000000000000000",
    "timestamp" : "0x00",
    "alloc": {
    }
}

创建创始块

geth init  genesis.json --datadir /data/testchain/
WARN [02-06|17:46:00] No etherbase set and no accounts found as default 
INFO [02-06|17:46:00] Allocated cache and file handles         database=/root/testchain/geth/chaindata cache=16 handles=16
INFO [02-06|17:46:00] Writing custom genesis block 
INFO [02-06|17:46:00] Successfully wrote genesis state         database=chaindata                      hash=ac4e66…7f2921
INFO [02-06|17:46:00] Allocated cache and file handles         database=/root/testchain/geth/lightchaindata cache=16 handles=16
INFO [02-06|17:46:00] Writing custom genesis block 
INFO [02-06|17:46:00] Successfully wrote genesis state         database=lightchaindata

启动私链

geth  --datadir /data/testchain/ --networkid 2018 --rpc --rpcport "8845" --rpccorsdomain "*" --port "30333" --nodiscover

这样,第一个私链节点就已正常启动了,rpc端口和p2p端口都是可以自己随意定义的

第二个节点,前几步和之前一样,只是最后一步启动节点时的命令稍有变化

先查看第一个节点的nodeinfo,用于第二个节点启动
在第一个节点上连接到ipc console

geth attach /data/testchain/geth.ipc
Welcome to the Geth JavaScript console!

instance: Geth/Roadchain/v1.7.3-stable-4bb3c89d/linux-amd64/go1.9
coinbase: 0x81e71d34e8a9e4382c36fd90c3f234549106addd
at block: 6 (Tue, 06 Feb 2018 17:54:11 CST)
 datadir: /root/testchain
 modules: admin:1.0 debug:1.0 eth:1.0 miner:1.0 net:1.0 personal:1.0 rpc:1.0 txpool:1.0 web3:1.0

> admin.nodeInfo
{
  enode: "enode://1f9cf6ef261966099b2d3498a2517a900318c141bea00edac71f1617dc6987852ce0239eea2d6490bd2af07409b2d623072ce3c1d3f3074dd914f31ba06a7c2f@[::]:30333?discport=0",
  id: "1f9cf6ef261966099b2d3498a2517a900318c141bea00edac71f1617dc6987852ce0239eea2d6490bd2af07409b2d623072ce3c1d3f3074dd914f31ba06a7c2f",
  ip: "::",
  listenAddr: "[::]:30333",
  name: "Geth/Roadchain/v1.7.3-stable-4bb3c89d/linux-amd64/go1.9",
  ports: {
    discovery: 0,
    listener: 30333
  },
  protocols: {
    eth: {
      difficulty: 788096,
      genesis: "0x3782eafbc5ab71618f9a6aaa3506a385c50c20d3682ade9ea817e9025cadf804",
      head: "0x74ae4f44d9326a000cd4920e2f9cf4d85ff1b7289c5b04af91a6cc1b8ba032df",
      network: 2018
    }
  }
}

enode的信息就是我们需要记录的enode://1f9cf6ef261966099b2d3498a2517a900318c141bea00edac71f1617dc6987852ce0239eea2d6490bd2af07409b2d623072ce3c1d3f3074dd914f31ba06a7c2f@[::]:30333

这里需要把@后面的'[::]'替换为服务器的IP,例如192.168.1.11

下面开始在第二节点上启动geth

geth  --datadir /data/testchain/ --networkid "2018" --rpc --rpcport "8845" --rpccorsdomain "*"  --port "30333"  --bootnodes "enode://1f9cf6ef261966099b2d3498a2517a900318c141bea00edac71f1617dc6987852ce0239eea2d6490bd2af07409b2d623072ce3c1d3f3074dd914f31ba06a7c2f@192.168.1.11:30333"

现在就可以在两个节点上geth console中分别执行admin.peers查看两个节点是否都看到了对方

三,附加操作

创建账户
在geth console中执行,12345678就是账户密码,请自行修改

> personal.newAccount("12345678")
"0x81e71d34e8a9e4382c36fd90c3f234549106addd"

解锁账户

personal.unlockAccount("0x81e71d34e8a9e4382c36fd90c3f234549106addd","12345678")

单机挖矿和停止挖矿

> miner.start()
null
> miner.stop()
true

查看账户余额

eth.getBalance("0x81e71d34e8a9e4382c36fd90c3f234549106addd")

通过创始块预分配账户余额
按照上面的步骤将第一节点启动后,创建一个账户,复制地址
编辑genesis.json,在alloc段,增加如下内容:

    "alloc": {
        "0x81e71d34e8a9e4382c36fd90c3f234549106addd": { "balance": "20000000000000000000" }
    }

这里的地址就是刚才创建的地址,后面的balance就是你想预分配的余额

然后将数据目录下的geth目录删掉,重新创建创始块(keystore目录不要动)

rm -rf /data/testchain/geth

然后再重新执行geth init创建创始块的命令,然后再启动geth,就可以在console中查看到账户被预分配的余额了


Typecho 强力驱动