qortal/AutoUpdates.md

# Auto Updates

## TL;DR: how-to

* Prepare new release version (see way below for details)
* Assuming you are in git 'master' branch, at HEAD
* Shutdown local node if running
* Build auto-update download: `tools/build-auto-update.sh` - uploads auto-update file into new git branch
* Restart local node
* Publish auto-update transaction using *private key* for **non-admin** member of "dev" group:
	`tools/publish-auto-update.pl non-admin-dev-member-private-key-in-base58`
* Wait for auto-update `ARBITRARY` transaction to be confirmed into a block
* Have "dev" group admins 'approve' auto-update using `tools/approve-auto-update.sh`
	This tool will prompt for *private key* of **admin** of "dev" group
* A minimum number of admins are required for approval, and a minimum number of blocks must pass also.
* Nodes will start to download, and apply, the update over the next 20 minutes or so (see CHECK_INTERVAL in AutoUpdate.java)

## Theory
* Using a specific git commit (e.g. abcdef123) we produce a determinstic JAR with consistent hash.
* To avoid issues with over-eager anti-virus / firewalls we obfuscate JAR using very simplistic XOR-based method.
* Obfuscated JAR is uploaded to various well-known locations, usually including github itself, referenced in settings.
* An `ARBITRARY` transaction is published by a **non-admin** member of the "dev" group (groupID 1) with:
	+ 'service' set to 1
	+ txGroupId set to dev groupID, i.e. 1 
and containing this data:
    + git commit's timestamp in milliseconds (8 bytes)
    + git commit's SHA1 hash (20 bytes)
    + SHA256 hash of *obfuscated* JAR (32 bytes)
* Admins of dev group approve above transaction until it reaches, or exceeds, dev group's approval threshold (e.g. 60%).
* Nodes notice approved transaction and begin auto-update process of:
    + checking transaction's timestamp is greater than node's current build timestamp
    + checking git commit timestamp (in data payload) is greater than node's current build timestamp
    + downloading update (obfuscated JAR) from various locations using git commit SHA1 hash
    + checking downloaded update's SHA256 hash matches hash in transaction's data payload
    + calling ApplyUpdate Java class to shutdown, update and restart node

## Obfuscation method
The same method is used to obfuscate and de-obfuscate:
* XOR each byte of the file with 0x5A

## Typical download locations
The git SHA1 commit hash is used to replace `%s` in various download locations, e.g.:
* https://github.com/Qortal/qortal/raw/%s/qortal.update
* https://raw.githubusercontent.com@151.101.16.133/Qortal/qortal/%s/qortal.update

These locations are part of the org.qortal.settings.Settings class and can be overriden in settings.json like:
```
  "autoUpdateRepos": [
    "http://mirror.qortal.org/auto-updates/%s",
    "https://server.host.name@1.2.3.4/Qortal/%s"
  ]
```
The latter entry is an example where the IP address is provided, bypassing name resolution, for situations where DNS is unreliable or unavailable.

## XOR tool
To help with manual verification of auto-updates, there is a XOR tool included in the Qortal JAR.
It can be used thus:
```
$ java -cp qortal.jar org.qortal.XorUpdate
usage: XorUpdate <input-file> <output-file>
$ java -cp qortal.jar org.qortal.XorUpdate qortal.jar qortal.update
$
```

## Preparing new release version

* Shutdown local node
* Modify `pom.xml` and increase version inside `<version>` tag
* Commit new `pom.xml` and push to github, e.g. `git commit -m 'Bumped to v1.4.2' -- pom.xml; git push`
* Tag this new commit with same version: `git tag v1.4.2`
* Push tag up to github: `git push origin v1.4.2`
Added AutoUpdates.md notes about the auto-update feature 2020-02-10 13:39:23 +00:00			`# Auto Updates`

Documentation updates 2021-02-06 10:59:31 +00:00			`## TL;DR: how-to`

More detail in AutoUpdates.md 2021-02-21 17:12:02 +00:00			`* Prepare new release version (see way below for details)`
Documentation updates 2021-02-06 10:59:31 +00:00			`* Assuming you are in git 'master' branch, at HEAD`
			`* Shutdown local node if running`
			* Build auto-update download: `tools/build-auto-update.sh` - uploads auto-update file into new git branch
			`* Restart local node`
			`* Publish auto-update transaction using private key for non-admin member of "dev" group:`
Fix file ending 2024-01-07 13:34:20 +00:00			`tools/publish-auto-update.pl non-admin-dev-member-private-key-in-base58`
Documentation updates 2021-02-06 10:59:31 +00:00			* Wait for auto-update `ARBITRARY` transaction to be confirmed into a block
			* Have "dev" group admins 'approve' auto-update using `tools/approve-auto-update.sh`
			`This tool will prompt for private key of admin of "dev" group`
			`* A minimum number of admins are required for approval, and a minimum number of blocks must pass also.`
			`* Nodes will start to download, and apply, the update over the next 20 minutes or so (see CHECK_INTERVAL in AutoUpdate.java)`

Added AutoUpdates.md notes about the auto-update feature 2020-02-10 13:39:23 +00:00			`## Theory`
			`* Using a specific git commit (e.g. abcdef123) we produce a determinstic JAR with consistent hash.`
			`* To avoid issues with over-eager anti-virus / firewalls we obfuscate JAR using very simplistic XOR-based method.`
			`* Obfuscated JAR is uploaded to various well-known locations, usually including github itself, referenced in settings.`
			* An `ARBITRARY` transaction is published by a non-admin member of the "dev" group (groupID 1) with:
			`+ 'service' set to 1`
			`+ txGroupId set to dev groupID, i.e. 1`
			`and containing this data:`
			`+ git commit's timestamp in milliseconds (8 bytes)`
			`+ git commit's SHA1 hash (20 bytes)`
			`+ SHA256 hash of obfuscated JAR (32 bytes)`
			`* Admins of dev group approve above transaction until it reaches, or exceeds, dev group's approval threshold (e.g. 60%).`
			`* Nodes notice approved transaction and begin auto-update process of:`
			`+ checking transaction's timestamp is greater than node's current build timestamp`
			`+ checking git commit timestamp (in data payload) is greater than node's current build timestamp`
			`+ downloading update (obfuscated JAR) from various locations using git commit SHA1 hash`
			`+ checking downloaded update's SHA256 hash matches hash in transaction's data payload`
			`+ calling ApplyUpdate Java class to shutdown, update and restart node`

			`## Obfuscation method`
			`The same method is used to obfuscate and de-obfuscate:`
			`* XOR each byte of the file with 0x5A`

			`## Typical download locations`
			The git SHA1 commit hash is used to replace `%s` in various download locations, e.g.:
Documentation updates 2021-02-06 10:59:31 +00:00			`* https://github.com/Qortal/qortal/raw/%s/qortal.update`
			`* https://raw.githubusercontent.com@151.101.16.133/Qortal/qortal/%s/qortal.update`
Added AutoUpdates.md notes about the auto-update feature 2020-02-10 13:39:23 +00:00
			`These locations are part of the org.qortal.settings.Settings class and can be overriden in settings.json like:`
			```
			`"autoUpdateRepos": [`
			`"http://mirror.qortal.org/auto-updates/%s",`
			`"https://server.host.name@1.2.3.4/Qortal/%s"`
			`]`
			```
			`The latter entry is an example where the IP address is provided, bypassing name resolution, for situations where DNS is unreliable or unavailable.`

			`## XOR tool`
			`To help with manual verification of auto-updates, there is a XOR tool included in the Qortal JAR.`
			`It can be used thus:`
			```
			`$ java -cp qortal.jar org.qortal.XorUpdate`
			`usage: XorUpdate <input-file> <output-file>`
			`$ java -cp qortal.jar org.qortal.XorUpdate qortal.jar qortal.update`
			`$`
More detail in AutoUpdates.md 2021-02-21 17:12:02 +00:00			```

			`## Preparing new release version`

			`* Shutdown local node`
			* Modify `pom.xml` and increase version inside `<version>` tag
			* Commit new `pom.xml` and push to github, e.g. `git commit -m 'Bumped to v1.4.2' -- pom.xml; git push`
			* Tag this new commit with same version: `git tag v1.4.2`
			* Push tag up to github: `git push origin v1.4.2`