I was thinking it would just copy the binaries into some standard $PATH location (or can be an argument passed into the script). This should work on all POSIX systems. For secure mode we will only support Linux x86-64 – if we detect that, only then would we run all the security-specific stuff we will have in the future.
The script could set some bit on the system (e.g. a file at ~/config/polkadot) to signal that it’s run. Once we implement secure-mode, validators would start getting an error on startup if they haven’t run the script.
Workflows like zombienet testing could also benefit from this. When I make a change I need to test, right now I need to recompile everything (remembering to use the production profile) and copy the binaries to my $PATH and it’s actually an error-prone process – having a single script to run would help in this scenario as well.
We could perhaps provide such a script in addition to a guide to automate things for people. But this is all just the vague idea I had, no strong opinions here either way. Just keep in mind that we will be doing security stuff in the future, including maybe configuration of cgroups, which is notoriously difficult to understand and hard to use. Maybe it would be more secure and less prone to error if we automated things for validators, at least the secure-mode stuff?
Got it. But as a number of people (like me) develop and test on Macs, we need basic support for it, and ideally functionality shouldn’t diverge significantly from Linux. We have tried to keep the single binary UX by embedding the other binaries into polkadot and spawning processes from memory, but it ended up working significantly differently on Mac, which makes it harder to develop and catch issues for Linux.