Currently users are required to build the solana cluster software themselves from the git repository and manually update it, which is error prone and inconvenient.
This document proposes an easy to use software install and updater that can be used to deploy pre-built binaries for supported platforms. Users may elect to use binaries supplied by Solana or any other party they trust. Deployment of updates is managed using an on-chain update manifest program.
Given a solana release tarball (as created by ci/publish-tarball.sh) that has already been uploaded to a publicly accessible URL, the following commands will deploy the update:
$ solana-keygen new -o update-manifest.json # <-- only generated once, the public key is shared with users
An update manifest is used to advertise the deployment of new release tarballs on a solana cluster. The update manifest is stored using the config program, and each update manifest account describes a logical update channel for a given target triple (eg, x86_64-apple-darwin). The account public key is well-known between the entity deploying new updates and users consuming those updates.
The update tarball itself is hosted elsewhere, off-chain and can be fetched from the specified download_url.
use solana_sdk::signature::Signature;
/// Information required to download and apply a given update
pub struct UpdateManifest {
pub timestamp_secs: u64, // When the release was deployed in seconds since UNIX EPOCH
pub download_url: String, // Download URL to the release tar.bz2
pub download_sha256: String, // SHA256 digest of the release tar.bz2 file
Note that the manifest field itself contains a corresponding signature (manifest_signature) to guard against man-in-the-middle attacks between the solana-install tool and the solana cluster RPC API.
To guard against rollback attacks, solana-install will refuse to install an update with an older timestamp_secs than what is currently installed.