Conversation
rm migrate and rollback functionalities
update submodules sync in update.sh
add clang 21 installation
There was a problem hiding this comment.
Pull request overview
This PR modernizes install/upgrade flows by removing legacy migration/rollback machinery and introducing an explicit Clang 21 installer to support TON builds, alongside a few CLI and subprocess output-handling tweaks.
Changes:
- Add
scripts/install_clang.shand wire it intoscripts/install.sh; adjust Debian/Ubuntu TON build deps accordingly. - Remove legacy migration + rollback code paths (Python + shell) and related CLI/translation entries.
- Improve update submodule handling and adjust subprocess decoding error strategy in core wrappers.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| setup.py | Stop packaging migration scripts under mytonctrl package data. |
| scripts/ton_installer.sh | Remove Debian/Ubuntu clang package from dependencies list. |
| scripts/install_clang.sh | New apt-based installer to provision Clang 21 and set it as default. |
| scripts/install.sh | Download/run the new clang installer before building TON; remove VERSION migration stamping. |
| mytonctrl/scripts/update.sh | Change clone/submodule update strategy (clone without recursive; later submodule update --init --recursive). |
| mytonctrl/resources/translate.json | Remove rollback command translation. |
| mytonctrl/mytonctrl.py | Remove rollback command + migrations bootstrap; improve download_archive_blocks arg handling. |
| mytonctrl/migrations/roll_back_001.sh | Remove rollback migration script. |
| mytonctrl/migrations/migration_001.sh | Remove migration script. |
| mytonctrl/migrate.py | Remove migration runner module. |
| mytonctrl/console_cmd.py | Add usage string for download_archive_blocks. |
| mytonctrl.py | Remove legacy “migration entrypoint” script. |
| mytoncore/validator_console.py | Change stdout/stderr decode error handling. |
| mytoncore/mytoncore.py | Fix wallet address access ordering in ElectionEntry; remove rollback_modes. |
| mytoncore/liteclient.py | Change stdout/stderr decode error handling. |
| mytoncore/fift.py | Change stdout/stderr decode error handling. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| echo "Ubuntu/Debian Linux detected." | ||
| apt-get update | ||
| apt-get install -y build-essential curl git cmake clang libgflags-dev zlib1g-dev libssl-dev libreadline-dev libmicrohttpd-dev pkg-config libgsl-dev python3 python3-dev python3-pip libsecp256k1-dev libsodium-dev liblz4-dev libjemalloc-dev automake libtool | ||
| apt-get install -y build-essential curl git cmake libgflags-dev zlib1g-dev libssl-dev libreadline-dev libmicrohttpd-dev pkg-config libgsl-dev python3 python3-dev python3-pip libsecp256k1-dev libsodium-dev liblz4-dev libjemalloc-dev automake libtool |
There was a problem hiding this comment.
On Debian/Ubuntu you no longer install clang here, but the script later sets CC/CXX to clang/clang++ and requires them to be present. This works only when ton_installer.sh is invoked via scripts/install.sh (which runs install_clang.sh first), but ton_installer.sh can be run standalone and would then fail. Please either install clang here again (or verify clang is present and print actionable instructions / invoke install_clang.sh from within this Debian/Ubuntu branch).
| apt-get install -y build-essential curl git cmake libgflags-dev zlib1g-dev libssl-dev libreadline-dev libmicrohttpd-dev pkg-config libgsl-dev python3 python3-dev python3-pip libsecp256k1-dev libsodium-dev liblz4-dev libjemalloc-dev automake libtool | |
| apt-get install -y build-essential curl git cmake clang libgflags-dev zlib1g-dev libssl-dev libreadline-dev libmicrohttpd-dev pkg-config libgsl-dev python3 python3-dev python3-pip libsecp256k1-dev libsodium-dev liblz4-dev libjemalloc-dev automake libtool |
| ln -sf /usr/bin/clang-21 /usr/bin/clang | ||
| ln -sf /usr/bin/clang++-21 /usr/bin/clang++ |
There was a problem hiding this comment.
The script both registers clang-21 via update-alternatives and then force-overwrites /usr/bin/clang and /usr/bin/clang++ with symlinks. The symlinks can bypass alternatives and potentially break systems that manage clang via distro packages. Prefer using update-alternatives to select clang-21 (e.g., set the alternative) and avoid directly replacing /usr/bin/clang* symlinks.
| ln -sf /usr/bin/clang-21 /usr/bin/clang | |
| ln -sf /usr/bin/clang++-21 /usr/bin/clang++ | |
| update-alternatives --set clang /usr/bin/clang-21 | |
| update-alternatives --set clang++ /usr/bin/clang++-21 |
| wget https://raw.githubusercontent.com/${author}/${repo}/${branch}/scripts/install_clang.sh -O /tmp/install_clang.sh | ||
| bash /tmp/install_clang.sh | ||
| wget https://raw.githubusercontent.com/${author}/${repo}/${branch}/scripts/ton_installer.sh -O /tmp/ton_installer.sh | ||
| bash /tmp/ton_installer.sh -c ${config} -g ${ton_node_git_url} -v ${ton_node_version} |
There was a problem hiding this comment.
The wget URLs here interpolate user-controlled --author/--repo/--branch without quoting, so values containing spaces can be split into additional wget arguments (e.g., altering output paths). Since this script runs as root and then executes the downloaded file, please quote the URL and consider validating these variables against an allowlist of safe characters (or disallow overriding entirely in non-dev installs).
| wget https://raw.githubusercontent.com/${author}/${repo}/${branch}/scripts/install_clang.sh -O /tmp/install_clang.sh | ||
| bash /tmp/install_clang.sh |
There was a problem hiding this comment.
install_clang.sh is apt-based, but it's invoked unconditionally before ton_installer.sh. On non-Debian/Ubuntu distros supported by ton_installer.sh (e.g., RHEL/Arch), this will fail and abort the whole install due to set -e. Please gate the clang installer by distro/package-manager detection (or move clang installation logic into ton_installer.sh under the Debian/Ubuntu branch).
| wget https://raw.githubusercontent.com/${author}/${repo}/${branch}/scripts/install_clang.sh -O /tmp/install_clang.sh | |
| bash /tmp/install_clang.sh | |
| # install_clang.sh is apt-based; only run it on systems with apt-get available | |
| if command -v apt-get >/dev/null 2>&1; then | |
| wget https://raw.githubusercontent.com/${author}/${repo}/${branch}/scripts/install_clang.sh -O /tmp/install_clang.sh | |
| bash /tmp/install_clang.sh | |
| fi |
| wget https://apt.llvm.org/llvm.sh | ||
| chmod +x llvm.sh | ||
| ./llvm.sh 21 clang |
There was a problem hiding this comment.
This script downloads and executes llvm.sh directly from https://apt.llvm.org as root, which runs remote code without any integrity check beyond TLS and creates a supply-chain RCE risk if that endpoint or its trust chain is compromised. An attacker who can tamper with responses from apt.llvm.org could execute arbitrary commands on any host that runs this installer. Prefer installing LLVM via signed distro/LLVM APT packages configured explicitly (e.g., adding the repository and GPG key with verified checksums or pinned versions) instead of executing a mutable remote shell script.
No description provided.