Introducing new application speficitions for improving enterprise apps using ArcaneOS for full security and privacy!
List of changes:
New v8 app specifications, going live on block 1932380 (around June 23th);
Only ArcaneOS nodes will be able to install v8 app specificiations that are enterprise; (more info below)
New flux app message fluxappinstall, this will prevent for several nodes being installed a missing instance and just installing the instances required;
Faster sync of the mongo database for newer nodes on the network;
Several other changes and improvements.
v8 app specs:
const specifications = [
'version', 'name', 'description', 'owner', 'compose', 'instances', 'contacts', 'geolocation', 'expire', 'nodes', 'staticip', 'enterprise'];
Added 'enterprise'.
const componentSpecifications = [
'name', 'description', 'repotag', 'ports', 'containerPorts', 'environmentParameters', 'commands', 'containerData', 'domains', 'repoauth',
'cpu', 'ram', 'hdd',
];
Removed 'secrets', 'tiered', 'cpubasic', 'rambasic', 'hddbasic', 'cpusuper', 'ramsuper', 'hddsuper', 'cpubamf', 'rambamf', 'hddbamf'.
V7 Spec:
{
"name": "minecraftflux",
"compose": [
{
"name": "Minecraft",
"description": "The Minecraft Server container",
"repotag": "itzg/minecraft-server:latest",
"ports": [25565],
"domains": [
""
],
"environmentParameters": [
"SERVER_NAME=minecraftflux.app.runonflux.io",
"ENABLE_ROLLING_LOGS=true",
"EULA=TRUE",
"MAX_MEMORY=5G",
"INIT_MEMORY=2G"
],
"commands": [],
"containerPorts": [25565],
"containerData": "g:/data",
"cpu": 2,
"ram": 5000,
"hdd": 30,
"tiered": false,
"secrets": "",
"repoauth": ""
}
],
"contacts": ['blablabla@gmail.com'],
"description": "Host your PUBLIC Java Minecraft server on the Flux Cloud",
"expire": 22000,
"geolocation": [],
"hash": "8eb519f9ee287a10e80d3cd51d29b8ffb5e5d37dd8a072703587a10be565ee5f",
"height": 1898868,
"instances": 3,
"nodes": [],
"owner": "1CNk3XqC4RRi6Yt7Cq3H64siyAGeMLAA41",
"staticip": false,
"version": 7
}
V8 spec not enterprise:
{
"name": "minecraftflux",
"compose": [
{
"name": "Minecraft",
"description": "The Minecraft Server container",
"repotag": "itzg/minecraft-server:latest",
"ports": [25565],
"domains": [
""
],
"environmentParameters": [
"SERVER_NAME=minecraftflux.app.runonflux.io",
"ENABLE_ROLLING_LOGS=true",
"EULA=TRUE",
"MAX_MEMORY=5G",
"INIT_MEMORY=2G"
],
"commands": [],
"containerPorts": [25565],
"containerData": "g:/data",
"cpu": 2,
"ram": 5000,
"hdd": 30,
"repoauth": ""
}
],
"contacts": ['blablabla@gmail.com'],
"description": "Host your PUBLIC Java Minecraft server on the Flux Cloud",
"expire": 22000,
"geolocation": [],
"hash": "8eb519f9ee287a10e80d3cd51d29b8ffb5e5d37dd8a072703587a10be565ee5f",
"height": 1898868,
"instances": 3,
"nodes": [],
"owner": "1CNk3XqC4RRi6Yt7Cq3H64siyAGeMLAA41",
"staticip": false,
"version": 8
"enterprise": false
}
V8 Spec enterprise:
{
"name": "minecraftflux",
"compose": [],
"contacts": [],
"description": "Host your PUBLIC Java Minecraft server on the Flux Cloud",
"expire": 22000,
"geolocation": [],
"hash": "8eb519f9ee287a10e80d3cd51d29b8ffb5e5d37dd8a072703587a10be565ee5f",
"height": 1898868,
"instances": 3,
"nodes": [],
"owner": "1CNk3XqC4RRi6Yt7Cq3H64siyAGeMLAA41",
"staticip": false,
"version": 8
"enterprise": "encryptedDataString"
}
encryptedDataString unencrypted:
{
"contacts": ['blablabla@gmail.com'],
"compose": [
{
"name": "Minecraft",
"description": "The Minecraft Server container",
"repotag": "itzg/minecraft-server:latest",
"ports": [25565],
"domains": [
""
],
"environmentParameters": [
"SERVER_NAME=minecraftflux.app.runonflux.io",
"ENABLE_ROLLING_LOGS=true",
"EULA=TRUE",
"MAX_MEMORY=5G",
"INIT_MEMORY=2G"
],
"commands": [],
"containerPorts": [25565],
"containerData": "g:/data",
"cpu": 2,
"ram": 5000,
"hdd": 30,
"repoauth": ""
}
],
}
The enterprise property should be the encrypted content of a new object with contacts and compose like showed upper.
How should the object be encrypted?
Call new api endpoint to get public key to be used to encrypt the content /apps/getpublickey
This api received an object where the owner and name of the app are both mandatory;
Having the public key the object shoud be JSON.stringify and base64 encrypted using RSA-OAEP with SHA256 hash;
You should put ther string as the enterprise property and put compose and contacts as empty arrays;
Only the app owner can get the aplication specification decrypted by using the update api /apps/appspecifications/:appname?/:decrypt?/:update?
There are two new flags, decrypt, should be sent with yes to get the app specification decrypted, the update flag, is in case your app is not on latest specifications if you want your app returned converted in latest spec, in this case is mandatory for the app owner to check if the specs aren't missing something.
When renewing or updating the app is mandatory to encrypt the app specifications again:
Should get the app specs decrypted and should use the /apps/apporiginalowner/:appname? to get the original owner of the app, as to encrypt an app it always need the information of the original owner, the owner plus the app name should be used again to get the public key to encrypt the content again.
This version will be enforced on June 20th, all nodes must be updated before that;