From 7b6cafc23ee148d93ac6b913a57835232478ef0e Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 15:35:27 +0100 Subject: [PATCH 01/46] autounlock basic config --- README.md | 8 ++ home.admin/config.scripts/lnd.autounlock.sh | 83 +++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100755 home.admin/config.scripts/lnd.autounlock.sh diff --git a/README.md b/README.md index f980818..62574ea 100644 --- a/README.md +++ b/README.md @@ -269,6 +269,14 @@ To do so you can register at an DynamicDomain service like freedns.afraid.org, f You will be asked for your dynamic domain name such like "mynode.crabdance.org" and you can also optionally set an URL that will be called regularly to update your routers IP with the dynnamic domain service. At freedns.afraid.org this URL is called "Direct URL" under the menu "Dynamic DNS" once you added one. +## Auto-unlock LND on startup + +This feature is based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_6A_auto-unlock.md + +It can be activated under "Services" -> "Auto-unlock LND". Its recommended to be turned on, when DynamicDNS is used. Because on a public IP change of your router, LND gets restarted automatically and without Auto-Unlock it will stay inactive/unreachbale until you manually unlock it. + +But keep in mind that when activated, your Password C will be stored on the RaspiBlitz SD card. That lowers your security in (physical) attack scenarios. On an update you would need to re-enter your password C. + ## Get a Debug Report If your RaspiBlitz is not working right and you like to get help from the community, its good to provide more debug information, so other can better diagnose your problem - please follow the following steps to generate a debug report: diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh new file mode 100755 index 0000000..ff5d4af --- /dev/null +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "small config script to autounlock lnd after restart" + echo "lnd.autounlock.sh [on|off] [?passwordC]" + exit 1 +fi + +# 1. parameter [on|off] +turn="off" +if [ "$1" = "1" ] || [ "$1" = "on" ]; then turn="on"; fi + +# 2. parameter [?passwordC] +passwordC=$2 + +# run interactive if 'turn on' && no further parameters +if [ "${turn}" = "on" ] && [ ${#passwordC} -eq 0 ]; then + + dialog --backtitle "LND Auto-Unlock" --inputbox "ENTER your PASSWORD C: + +For more details see chapter in GitHub README +'Auto-unlock LND on startup' +https://github.com/rootzoll/raspiblitz + +Password C will be stored on the device. +" 13 52 2>./.tmp + passwordC=$( cat ./.tmp ) + if [ ${#passwordC} -eq 0 ]; then + echo "FAIL input cannot be empty" + exit 1 + fi + shred ./.tmp + + +# config file +configFile="/mnt/hdd/raspiblitz.conf" + +# lnd conf file +lndConfig="/mnt/hdd/lnd/lnd.conf" + +# check if config file exists +configExists=$(ls ${configFile} | grep -c '.conf') +if [ ${configExists} -eq 0 ]; then + echo "FAIL - missing ${configFile}" + exit 1 +fi + +# make sure entry line for 'lndAutoUnlock' exists +entryExists=$(cat ${configFile} | grep -c 'lndAutoUnlock=') +if [ ${entryExists} -eq 0 ]; then + echo "lndAutoUnlock=" >> ${configFile} +fi + +# switch on +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + echo "switching the Auto-Unlock ON" + + # setting value in raspi blitz config + sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=on/g" /mnt/hdd/raspiblitz.conf + + # password C needs to be stored on RaspiBlitz + echo "storing password for root in /root/lnd.autounlock.pwd" + sudo sh -c 'echo "${passwordC}" > /root/lnd.autounlock.pwd' + + echo "Auto-Unlock is now ON" +fi + +# switch off +if [ "$1" = "0" ] || [ "$1" = "off" ]; then + echo "switching the Auto-Unlock OFF" + + # setting value in raspi blitz config + sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=off/g" /mnt/hdd/raspiblitz.conf + + # delete password C securly + echo "shredding password on RaspiBlitz" + sudo shred -u /root/lnd.autounlock.pwd + + echo "Auto-Unlock is now OFF" +fi + +exit 0 \ No newline at end of file From 44e381217525126d26c601df3496991df9c0621e Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 15:37:51 +0100 Subject: [PATCH 02/46] fix eof --- home.admin/config.scripts/lnd.autounlock.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index ff5d4af..e3c7184 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -78,6 +78,4 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then sudo shred -u /root/lnd.autounlock.pwd echo "Auto-Unlock is now OFF" -fi - -exit 0 \ No newline at end of file +fi \ No newline at end of file From 99a3a6ad4aadc39e41e12bc1dce8a6530fab4527 Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 15:43:08 +0100 Subject: [PATCH 03/46] test other file --- home.admin/config.scripts/lndautounlock.sh | 81 ++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 home.admin/config.scripts/lndautounlock.sh diff --git a/home.admin/config.scripts/lndautounlock.sh b/home.admin/config.scripts/lndautounlock.sh new file mode 100644 index 0000000..e3c7184 --- /dev/null +++ b/home.admin/config.scripts/lndautounlock.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "small config script to autounlock lnd after restart" + echo "lnd.autounlock.sh [on|off] [?passwordC]" + exit 1 +fi + +# 1. parameter [on|off] +turn="off" +if [ "$1" = "1" ] || [ "$1" = "on" ]; then turn="on"; fi + +# 2. parameter [?passwordC] +passwordC=$2 + +# run interactive if 'turn on' && no further parameters +if [ "${turn}" = "on" ] && [ ${#passwordC} -eq 0 ]; then + + dialog --backtitle "LND Auto-Unlock" --inputbox "ENTER your PASSWORD C: + +For more details see chapter in GitHub README +'Auto-unlock LND on startup' +https://github.com/rootzoll/raspiblitz + +Password C will be stored on the device. +" 13 52 2>./.tmp + passwordC=$( cat ./.tmp ) + if [ ${#passwordC} -eq 0 ]; then + echo "FAIL input cannot be empty" + exit 1 + fi + shred ./.tmp + + +# config file +configFile="/mnt/hdd/raspiblitz.conf" + +# lnd conf file +lndConfig="/mnt/hdd/lnd/lnd.conf" + +# check if config file exists +configExists=$(ls ${configFile} | grep -c '.conf') +if [ ${configExists} -eq 0 ]; then + echo "FAIL - missing ${configFile}" + exit 1 +fi + +# make sure entry line for 'lndAutoUnlock' exists +entryExists=$(cat ${configFile} | grep -c 'lndAutoUnlock=') +if [ ${entryExists} -eq 0 ]; then + echo "lndAutoUnlock=" >> ${configFile} +fi + +# switch on +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + echo "switching the Auto-Unlock ON" + + # setting value in raspi blitz config + sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=on/g" /mnt/hdd/raspiblitz.conf + + # password C needs to be stored on RaspiBlitz + echo "storing password for root in /root/lnd.autounlock.pwd" + sudo sh -c 'echo "${passwordC}" > /root/lnd.autounlock.pwd' + + echo "Auto-Unlock is now ON" +fi + +# switch off +if [ "$1" = "0" ] || [ "$1" = "off" ]; then + echo "switching the Auto-Unlock OFF" + + # setting value in raspi blitz config + sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=off/g" /mnt/hdd/raspiblitz.conf + + # delete password C securly + echo "shredding password on RaspiBlitz" + sudo shred -u /root/lnd.autounlock.pwd + + echo "Auto-Unlock is now OFF" +fi \ No newline at end of file From 908bd036d1260c7a08ad69d5c93b29c196099eec Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 15:45:45 +0100 Subject: [PATCH 04/46] fix missing if end --- home.admin/config.scripts/lnd.autounlock.sh | 2 +- home.admin/config.scripts/lndautounlock.sh | 81 --------------------- 2 files changed, 1 insertion(+), 82 deletions(-) delete mode 100644 home.admin/config.scripts/lndautounlock.sh diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index e3c7184..b79a32f 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -31,7 +31,7 @@ Password C will be stored on the device. exit 1 fi shred ./.tmp - +fi # config file configFile="/mnt/hdd/raspiblitz.conf" diff --git a/home.admin/config.scripts/lndautounlock.sh b/home.admin/config.scripts/lndautounlock.sh deleted file mode 100644 index e3c7184..0000000 --- a/home.admin/config.scripts/lndautounlock.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -# command info -if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then - echo "small config script to autounlock lnd after restart" - echo "lnd.autounlock.sh [on|off] [?passwordC]" - exit 1 -fi - -# 1. parameter [on|off] -turn="off" -if [ "$1" = "1" ] || [ "$1" = "on" ]; then turn="on"; fi - -# 2. parameter [?passwordC] -passwordC=$2 - -# run interactive if 'turn on' && no further parameters -if [ "${turn}" = "on" ] && [ ${#passwordC} -eq 0 ]; then - - dialog --backtitle "LND Auto-Unlock" --inputbox "ENTER your PASSWORD C: - -For more details see chapter in GitHub README -'Auto-unlock LND on startup' -https://github.com/rootzoll/raspiblitz - -Password C will be stored on the device. -" 13 52 2>./.tmp - passwordC=$( cat ./.tmp ) - if [ ${#passwordC} -eq 0 ]; then - echo "FAIL input cannot be empty" - exit 1 - fi - shred ./.tmp - - -# config file -configFile="/mnt/hdd/raspiblitz.conf" - -# lnd conf file -lndConfig="/mnt/hdd/lnd/lnd.conf" - -# check if config file exists -configExists=$(ls ${configFile} | grep -c '.conf') -if [ ${configExists} -eq 0 ]; then - echo "FAIL - missing ${configFile}" - exit 1 -fi - -# make sure entry line for 'lndAutoUnlock' exists -entryExists=$(cat ${configFile} | grep -c 'lndAutoUnlock=') -if [ ${entryExists} -eq 0 ]; then - echo "lndAutoUnlock=" >> ${configFile} -fi - -# switch on -if [ "$1" = "1" ] || [ "$1" = "on" ]; then - echo "switching the Auto-Unlock ON" - - # setting value in raspi blitz config - sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=on/g" /mnt/hdd/raspiblitz.conf - - # password C needs to be stored on RaspiBlitz - echo "storing password for root in /root/lnd.autounlock.pwd" - sudo sh -c 'echo "${passwordC}" > /root/lnd.autounlock.pwd' - - echo "Auto-Unlock is now ON" -fi - -# switch off -if [ "$1" = "0" ] || [ "$1" = "off" ]; then - echo "switching the Auto-Unlock OFF" - - # setting value in raspi blitz config - sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=off/g" /mnt/hdd/raspiblitz.conf - - # delete password C securly - echo "shredding password on RaspiBlitz" - sudo shred -u /root/lnd.autounlock.pwd - - echo "Auto-Unlock is now OFF" -fi \ No newline at end of file From e2b3126d01996b2b3bc0e6f4bcece0c440bbe0a6 Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 16:44:15 +0100 Subject: [PATCH 05/46] integration of auto-unlock --- home.admin/00settingsMenuServices.sh | 13 +++++++ home.admin/20recoverDialog.sh | 16 +++++++- home.admin/_background.sh | 41 +++++++++++++++++++-- home.admin/assets/lnd.bitcoin.conf | 2 + home.admin/assets/lnd.litecoin.conf | 3 ++ home.admin/config.scripts/lnd.autounlock.sh | 20 +++++++--- 6 files changed, 84 insertions(+), 11 deletions(-) diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index 0de0aa5..3c038cb 100644 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -4,6 +4,7 @@ source /mnt/hdd/raspiblitz.conf if [ ${#autoPilot} -eq 0 ]; then autoPilot="off"; fi if [ ${#autoNatDiscovery} -eq 0 ]; then autoNatDiscovery="off"; fi +if [ ${#autoUnlock} -eq 0 ]; then autoUnlock="off"; fi if [ ${#runBehindTor} -eq 0 ]; then runBehindTor="off"; fi if [ ${#rtlWebinterface} -eq 0 ]; then rtlWebinterface="off"; fi if [ ${#chain} -eq 0 ]; then chain="main"; fi @@ -28,6 +29,7 @@ CHOICES=$(dialog --checklist 'Activate/Deactivate Services:' 15 45 7 \ 4 ${dynDomainMenu} ${domainValue} \ 5 'Run behind TOR' ${runBehindTor} \ 6 'RTL Webinterface' ${rtlWebinterface} \ +7 'LND Auto-Unlock' ${autoUnlock} \ 2>&1 >/dev/tty) dialogcancel=$? clear @@ -174,6 +176,17 @@ else echo "RTL Webinterface Setting unchanged." fi +# LND Auto-Unlock +choice="off"; check=$(echo "${CHOICES}" | grep -c "7") +if [ ${check} -eq 1 ]; then choice="on"; fi +if [ "${autoUnlock}" != "${choice}" ]; then + echo "LND Autounlock Setting changed .." + sudo /home/admin/config.scripts/lnd.autounlock.sh ${choice} + needsReboot=1 +else + echo "LND Autounlock Setting unchanged." +fi + if [ ${needsReboot} -eq 1 ]; then sleep 2 dialog --title 'OK' --msgbox 'System will reboot to activate changes.' 6 26 diff --git a/home.admin/20recoverDialog.sh b/home.admin/20recoverDialog.sh index ad13ce5..2246875 100755 --- a/home.admin/20recoverDialog.sh +++ b/home.admin/20recoverDialog.sh @@ -60,8 +60,22 @@ Write them down & store them in a safe place. # sucess info dialog dialog --backtitle "RaspiBlitz" --msgbox "New SSH password A is '$result'\nFINAL REBOOT IS NEEDED." 6 52 - sudo shutdown -r now + # when auto-unlock is activated then Password C is needed to be restored on SD card + if [ "${autoUnlock}" = "on" ]; then + # ask user for new password C + dialog --backtitle "RaspiBlitz - Setup"\ + --inputbox "Please enter your ACTUAL Password C:\n!!! This is needed for the Auto-Unlock feature" 10 52 2>$_temp + result=$( cat $_temp ) + shred $_temp + if [ ${#result} -gt 0 ]; then + sudo /home/admin/config.scripts/lnd.autounlock.sh on ${result} + else + sudo /home/admin/config.scripts/lnd.autounlock.sh off + fi + fi + + sudo shutdown -r now fi done diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 084a8a3..2bba7a2 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -28,6 +28,9 @@ do # count up counter=$(($counter+1)) + # gather the uptime seconds + upSeconds=$(cat /proc/uptime | grep -o '^[0-9]\+') + #################################################### # RECHECK DHCP-SERVER # https://github.com/rootzoll/raspiblitz/issues/160 @@ -80,11 +83,15 @@ do sed -i "s/^publicIP=.*/publicIP=${freshPublicIP}/g" ${configFile} publicIP=${freshPublicIP} - # 2) restart the LND - echo "restart LND with new environment config" - sudo systemctl restart lnd.service + # 2) only restart LND if dynDNS is activated + # because this signals that user wants "public node" + if [ ${#dynDomain} -gt 0 ]; then + echo "restart LND with new environment config" + # restart and let to auto-unlock (if activated) do the rest + sudo systemctl restart lnd.service + fi - # 3) trigger update if dnyamic domain (if set) + # 2) trigger update if dnyamic domain (if set) updateDynDomain=1 else @@ -97,6 +104,32 @@ do fi + ############################### + # LND AUTO-UNLOCK + ############################### + + # check every 10secs + recheckAutoUnlock=$((($counter % 10)+1)) + if [ ${recheckAutoUnlock} -eq 1 ]; then + + # check if auto-unlock feature if activated + if [ "${autoUnlock}" = "on" ]; then + + # check if lnd is locked + locked=$(sudo -u bitcoin /usr/local/bin/lncli --chain=${network} --network=${chain}net getinfo 2>&1 | grep -c unlock) + if [ ${locked} -gt 0 ]; then + + # unlock thru REST call + curl -s \ + -H "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon))" \ + --cacert /home/bitcoin/.lnd/tls.cert \ + -X POST -d "{\"wallet_password\": \"$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0)\"}" \ + https://localhost:8080/v1/unlockwallet > /dev/null 2>&1 + + fi + fi + fi + ############################### # UPDATE DYNAMIC DOMAIN # like afraid.org diff --git a/home.admin/assets/lnd.bitcoin.conf b/home.admin/assets/lnd.bitcoin.conf index ff68e71..645ed48 100755 --- a/home.admin/assets/lnd.bitcoin.conf +++ b/home.admin/assets/lnd.bitcoin.conf @@ -9,6 +9,8 @@ nat=false # RPC open to all connections on Port 10009 rpclisten=0.0.0.0:10009 +# REST open to all connections on Port 8080 +restlisten=0.0.0.0:8080 # Domain, could use https://freedns.afraid.org #tlsextradomain=lightning.yourhost.com diff --git a/home.admin/assets/lnd.litecoin.conf b/home.admin/assets/lnd.litecoin.conf index 3105758..a44469d 100755 --- a/home.admin/assets/lnd.litecoin.conf +++ b/home.admin/assets/lnd.litecoin.conf @@ -9,6 +9,9 @@ nat=false # RPC open to all connections on Port 10009 rpclisten=0.0.0.0:10009 +# REST open to all connections on Port 8080 +restlisten=0.0.0.0:8080 + # Domain, could use https://freedns.afraid.org #tlsextradomain=lightning.yourhost.com diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index b79a32f..7f6224c 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -46,22 +46,30 @@ if [ ${configExists} -eq 0 ]; then exit 1 fi -# make sure entry line for 'lndAutoUnlock' exists -entryExists=$(cat ${configFile} | grep -c 'lndAutoUnlock=') +# make sure entry line for 'autoUnlock' exists +entryExists=$(cat ${configFile} | grep -c 'autoUnlock=') if [ ${entryExists} -eq 0 ]; then - echo "lndAutoUnlock=" >> ${configFile} + echo "autoUnlock=" >> ${configFile} fi # switch on if [ "$1" = "1" ] || [ "$1" = "on" ]; then + + # check if lnd has REST in config + restActive=$(sudo cat /mnt/hdd/lnd.lnd.conf | grep -c 'restlisten=0.0.0.0:8080') + if [ ${restActive} -eq 0 ]; then + echo "FAIL: /mnt/hdd/lnd.lnd.conf needs to include the line 'restlisten=0.0.0.0:8080'" + exit 1 + fi + echo "switching the Auto-Unlock ON" # setting value in raspi blitz config - sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=on/g" /mnt/hdd/raspiblitz.conf + sudo sed -i "s/^autoUnlock=.*/autoUnlock=on/g" /mnt/hdd/raspiblitz.conf # password C needs to be stored on RaspiBlitz echo "storing password for root in /root/lnd.autounlock.pwd" - sudo sh -c 'echo "${passwordC}" > /root/lnd.autounlock.pwd' + sudo sh -c "echo \"${passwordC}\" > /root/lnd.autounlock.pwd" echo "Auto-Unlock is now ON" fi @@ -71,7 +79,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then echo "switching the Auto-Unlock OFF" # setting value in raspi blitz config - sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=off/g" /mnt/hdd/raspiblitz.conf + sudo sed -i "s/^autoUnlock=.*/autoUnlock=off/g" /mnt/hdd/raspiblitz.conf # delete password C securly echo "shredding password on RaspiBlitz" From b7df1dffefdc9ac2d5d8a3136bbfba93716654b1 Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 16:45:32 +0100 Subject: [PATCH 06/46] fix land conf path --- home.admin/config.scripts/lnd.autounlock.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index 7f6224c..18093a0 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -56,9 +56,9 @@ fi if [ "$1" = "1" ] || [ "$1" = "on" ]; then # check if lnd has REST in config - restActive=$(sudo cat /mnt/hdd/lnd.lnd.conf | grep -c 'restlisten=0.0.0.0:8080') + restActive=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=0.0.0.0:8080') if [ ${restActive} -eq 0 ]; then - echo "FAIL: /mnt/hdd/lnd.lnd.conf needs to include the line 'restlisten=0.0.0.0:8080'" + echo "FAIL: /mnt/hdd/lnd/lnd.conf needs to include the line 'restlisten=0.0.0.0:8080'" exit 1 fi From 3f2bdf53df29dc9a86dd30997fb44ef343bdcbdf Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 16:51:43 +0100 Subject: [PATCH 07/46] unlock info on LCD --- home.admin/00infoLCD.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home.admin/00infoLCD.sh b/home.admin/00infoLCD.sh index 9e0fb2c..989148d 100755 --- a/home.admin/00infoLCD.sh +++ b/home.admin/00infoLCD.sh @@ -178,6 +178,10 @@ while : l2="Open: http://${localip}:3000\n" l3="Use Password C to unlock\n" fi + if [ "${autoUnlock}" = "on" ]; then + l3="Waiting for AUTO-UNLOCK .." + l2="ssh admin@${localip}" + fi boxwidth=$((${#localip} + 24)) dialog --backtitle "RaspiBlitz ${codeVersion} (${localip}) - ${hostname}" --infobox "$l1$l2$l3" 5 ${boxwidth} sleep 5 From 13f54c7abcf269e7a64813525df92f4160e2025d Mon Sep 17 00:00:00 2001 From: /geco Date: Sat, 22 Dec 2018 22:05:03 +0100 Subject: [PATCH 08/46] fix build command for forked repo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 62574ea..aa7c1a8 100644 --- a/README.md +++ b/README.md @@ -320,7 +320,7 @@ If you fork the RaspiBlitz repo (much welcome) and you want to run that code on * The long way: If you like to install/remove/change services and system configurations you need to build a SD card from your own code. Prepare like in `Build the SD Card Image` but in the end run the command: -`wget https://raw.githubusercontent.com/[GITHUB-USERNAME]/raspiblitz/dev/build.sdcard/raspbianStretchDesktop.sh && sudo bash raspbianStretchDesktop.sh [BRANCH] [GITHUB-USERNAME]` +`wget https://raw.githubusercontent.com/[GITHUB-USERNAME]/raspiblitz/[BRANCH]/build.sdcard/raspbianStretchDesktop.sh && sudo bash raspbianStretchDesktop.sh [BRANCH] [GITHUB-USERNAME]` ## Update to a new SD Card Release From 09d4db00bb931e079b455bdb7aa9eb0a7b686840 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 03:33:35 +0100 Subject: [PATCH 09/46] adding ip info to upgrade screen --- home.admin/00infoLCD.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/00infoLCD.sh b/home.admin/00infoLCD.sh index 989148d..c842e27 100755 --- a/home.admin/00infoLCD.sh +++ b/home.admin/00infoLCD.sh @@ -131,7 +131,7 @@ while : l2="---> ${message}\n" l3="Please keep running until reboot." boxwidth=$((${#localip} + 28)) - dialog --backtitle "RaspiBlitz ${codeVersion} (${state})" --infobox "$l1$l2$l3" 5 ${boxwidth} + dialog --backtitle "RaspiBlitz ${codeVersion} (${state}) ${localip}" --infobox "$l1$l2$l3" 5 ${boxwidth} sleep 3 continue fi From d6fe84929334e00bc743b3766c7a3bff5c8c3f2f Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 04:01:20 +0100 Subject: [PATCH 10/46] add repo info --- home.admin/XXupdateScripts.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/home.admin/XXupdateScripts.sh b/home.admin/XXupdateScripts.sh index 9e12ed3..59a171e 100755 --- a/home.admin/XXupdateScripts.sh +++ b/home.admin/XXupdateScripts.sh @@ -20,10 +20,13 @@ else echo "USAGE-INFO: ./XXupdateScripts.sh '[BRANCHNAME]'" fi +origin=$(git remote -v | grep 'origin' | tail -n1) + echo "" echo "*** UPDATING SHELL SCRIPTS FROM GITHUB ***" echo "justincase, not the final upadte mechanism" -echo "BRANCH --> ${activeBranch} <---" +echo "REPO ----> ${origin}" +echo "BRANCH --> ${activeBranch}" echo "******************************************" git pull cd .. From bd17d8cd822e23fa07dd204fbd0fd5284621b9e7 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 13:02:28 +0100 Subject: [PATCH 11/46] autolock lnd REST config add --- home.admin/config.scripts/lnd.autounlock.sh | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index 18093a0..a00a5c8 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -55,11 +55,24 @@ fi # switch on if [ "$1" = "1" ] || [ "$1" = "on" ]; then - # check if lnd has REST in config + # make sure REST config of LND is correct restActive=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=0.0.0.0:8080') if [ ${restActive} -eq 0 ]; then - echo "FAIL: /mnt/hdd/lnd/lnd.conf needs to include the line 'restlisten=0.0.0.0:8080'" - exit 1 + restActive=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=') + if [ ${restActive} -eq 1 ]; then + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" + echo "FAIL: /mnt/hdd/lnd/lnd.conf includes REST config NOT 'restlisten=0.0.0.0:8080'" + echo "CANNOT ACTIVATE REST like needed for auto-unlock" + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" + sleep 5 + exit 1 + else + # add REST config to lnd.conf (for old configs) + sudo sh -c "echo \"restlisten=0.0.0.0:8080\" >> /mnt/hdd/lnd/lnd.conf" + echo "LND REST config added -> restlisten=0.0.0.0:8080'" + fi + else + echo "LND REST config OK -> restlisten=0.0.0.0:8080'" fi echo "switching the Auto-Unlock ON" From 102b223983a8bc30abf4097cbd80f1b1057086bf Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 13:04:19 +0100 Subject: [PATCH 12/46] a little sleep before reboot --- home.admin/00settingsMenuServices.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index 3c038cb..72bc117 100644 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -191,5 +191,6 @@ if [ ${needsReboot} -eq 1 ]; then sleep 2 dialog --title 'OK' --msgbox 'System will reboot to activate changes.' 6 26 echo "rebooting .." + sleep 3 sudo shutdown -r now fi \ No newline at end of file From 3f989f9683a817f90c48ca0215b38680b7c6b6fc Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 13:37:15 +0100 Subject: [PATCH 13/46] info when no funding #209 --- home.admin/80scanLND.sh | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/home.admin/80scanLND.sh b/home.admin/80scanLND.sh index 6a1731e..3835b0b 100755 --- a/home.admin/80scanLND.sh +++ b/home.admin/80scanLND.sh @@ -58,11 +58,19 @@ if [ ${isInitialChainSync} -gt 0 ]; then fi else heigh=7 - infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some time\n ssh admin@${localip}\n Password A") - if [ "$USER" = "admin" ]; then - heigh=6 - width=53 - infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some long time.\n Its OK to close terminal and ssh back in later.") + # check if wallet has any UTXO + # reason see: https://github.com/lightningnetwork/lnd/issues/2326 + txlines=$(sudo -u bitcoin lncli listchaintxns | wc -l) + # has just 4 lines if empty + if [ ${txlines} -eq 4 ]; then + infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Will rescan every start until funding available. \n ssh admin@${localip}\n Password A") + else + infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some time\n ssh admin@${localip}\n Password A") + if [ "$USER" = "admin" ]; then + heigh=6 + width=53 + infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some long time.\n Its OK to close terminal and ssh back in later.") + fi fi fi From bbe8a2601e84a99f6fa50cb3dd89fe080d4c232a Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 14:20:13 +0100 Subject: [PATCH 14/46] fixes for autounlock --- home.admin/00infoLCD.sh | 4 ++-- home.admin/80scanLND.sh | 2 +- home.admin/_background.sh | 6 +++++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/home.admin/00infoLCD.sh b/home.admin/00infoLCD.sh index c842e27..10bbd90 100755 --- a/home.admin/00infoLCD.sh +++ b/home.admin/00infoLCD.sh @@ -179,8 +179,8 @@ while : l3="Use Password C to unlock\n" fi if [ "${autoUnlock}" = "on" ]; then - l3="Waiting for AUTO-UNLOCK .." - l2="ssh admin@${localip}" + l2="ssh admin@${localip}\n" + l3="Waiting for AUTO-UNLOCK" fi boxwidth=$((${#localip} + 24)) dialog --backtitle "RaspiBlitz ${codeVersion} (${localip}) - ${hostname}" --infobox "$l1$l2$l3" 5 ${boxwidth} diff --git a/home.admin/80scanLND.sh b/home.admin/80scanLND.sh index 3835b0b..7e79674 100755 --- a/home.admin/80scanLND.sh +++ b/home.admin/80scanLND.sh @@ -60,7 +60,7 @@ else heigh=7 # check if wallet has any UTXO # reason see: https://github.com/lightningnetwork/lnd/issues/2326 - txlines=$(sudo -u bitcoin lncli listchaintxns | wc -l) + txlines=$(sudo -u bitcoin lncli listchaintxns 2>/dev/null | wc -l) # has just 4 lines if empty if [ ${txlines} -eq 4 ]; then infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Will rescan every start until funding available. \n ssh admin@${localip}\n Password A") diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 2bba7a2..dad10d0 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -3,7 +3,6 @@ # This script runs on after start in background # as a service and gets restarted on failure # it runs ALMOST every seconds -# DEBUG: sudo journalctl -f -u background # INFOFILE - state data from bootstrap infoFile="/home/admin/raspiblitz.info" @@ -11,6 +10,9 @@ infoFile="/home/admin/raspiblitz.info" # CONFIGFILE - configuration of RaspiBlitz configFile="/mnt/hdd/raspiblitz.conf" +# LOGS see: sudo journalctl -f -u background +echo "_background.sh STARTED" + # Check if HDD contains configuration configExists=$(ls ${configFile} | grep -c '.conf') if [ ${configExists} -eq 1 ]; then @@ -126,6 +128,8 @@ do -X POST -d "{\"wallet_password\": \"$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0)\"}" \ https://localhost:8080/v1/unlockwallet > /dev/null 2>&1 + else + echo "lncli says not locked" fi fi fi From 12f93a89369d21817bc5c78b7484367986609448 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 14:31:58 +0100 Subject: [PATCH 15/46] rest call modified --- home.admin/_background.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index dad10d0..402e113 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -11,7 +11,6 @@ infoFile="/home/admin/raspiblitz.info" configFile="/mnt/hdd/raspiblitz.conf" # LOGS see: sudo journalctl -f -u background -echo "_background.sh STARTED" # Check if HDD contains configuration configExists=$(ls ${configFile} | grep -c '.conf') @@ -19,6 +18,8 @@ if [ ${configExists} -eq 1 ]; then source ${configFile} fi +echo "_background.sh STARTED" + counter=0 while [ 1 ] do @@ -121,12 +122,18 @@ do locked=$(sudo -u bitcoin /usr/local/bin/lncli --chain=${network} --network=${chain}net getinfo 2>&1 | grep -c unlock) if [ ${locked} -gt 0 ]; then + # get password c + walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) + echo "walletPasswordBase64 --> ${walletPasswordBase64}" + macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) + echo "macaroonData --> ${macaroonData}" + # unlock thru REST call curl -s \ - -H "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon))" \ + -H "Grpc-Metadata-macaroon: ${macaroonData})" \ --cacert /home/bitcoin/.lnd/tls.cert \ - -X POST -d "{\"wallet_password\": \"$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0)\"}" \ - https://localhost:8080/v1/unlockwallet > /dev/null 2>&1 + -X POST -d "{\"wallet_password\": \"${walletPasswordBase64}\"}" \ + https://localhost:8080/v1/unlockwallet 2>&1 else echo "lncli says not locked" From 289451a3b836f6e9426e74d09f091cc7dd9a705f Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 14:39:32 +0100 Subject: [PATCH 16/46] localhost to 127.0.0.1 --- home.admin/_background.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 402e113..20c2f3c 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -124,16 +124,18 @@ do # get password c walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) - echo "walletPasswordBase64 --> ${walletPasswordBase64}" + #echo "walletPasswordBase64 --> ${walletPasswordBase64}" + + # get macaroon data macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) - echo "macaroonData --> ${macaroonData}" + #echo "macaroonData --> ${macaroonData}" # unlock thru REST call curl -s \ -H "Grpc-Metadata-macaroon: ${macaroonData})" \ --cacert /home/bitcoin/.lnd/tls.cert \ -X POST -d "{\"wallet_password\": \"${walletPasswordBase64}\"}" \ - https://localhost:8080/v1/unlockwallet 2>&1 + https://127.0.0.1:8080/v1/unlockwallet 2>&1 else echo "lncli says not locked" From 176bf5d1604e8b028c76edc8e35396297a01a4b4 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 15:20:42 +0100 Subject: [PATCH 17/46] refresh TLS seperate --- .../config.scripts/internet.dyndomain.sh | 23 ++------------- home.admin/config.scripts/lnd.autounlock.sh | 2 ++ home.admin/config.scripts/lnd.newtlscert.sh | 29 +++++++++++++++++++ 3 files changed, 33 insertions(+), 21 deletions(-) create mode 100644 home.admin/config.scripts/lnd.newtlscert.sh diff --git a/home.admin/config.scripts/internet.dyndomain.sh b/home.admin/config.scripts/internet.dyndomain.sh index 23815e9..67f29e3 100755 --- a/home.admin/config.scripts/internet.dyndomain.sh +++ b/home.admin/config.scripts/internet.dyndomain.sh @@ -110,27 +110,8 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then echo "DynamicDNS is now OFF" fi -echo "deleting TLSCert" -sudo rm /mnt/hdd/lnd/tls.* 2>/dev/null -echo "let lnd generate new TLSCert" -sudo -u bitcoin /usr/local/bin/lnd &>/dev/null & -echo "wait until generated" -newCertExists=0 -count=0 -while [ ${newCertExists} -eq 0 ] -do - count=$(($count + 1)) - echo "(${count}/60) check for cert" - if [ ${count} -gt 60 ]; then - echo "FAIL - was not able to generate new LND certs" - exit 1 - fi - newCertExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c '.cert') - sleep 2 -done -sudo killall /usr/local/bin/lnd -echo "copy new cert to admin user" -sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd +# refresh TLS cert +sudo /home/admin/config.scripts/lnd.newtlscert.sh echo "may needs reboot to run normal again" exit 0 \ No newline at end of file diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index a00a5c8..0cc8096 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -70,6 +70,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # add REST config to lnd.conf (for old configs) sudo sh -c "echo \"restlisten=0.0.0.0:8080\" >> /mnt/hdd/lnd/lnd.conf" echo "LND REST config added -> restlisten=0.0.0.0:8080'" + # refresh TLS cert + sudo /home/admin/config.scripts/lnd.newtlscert.sh fi else echo "LND REST config OK -> restlisten=0.0.0.0:8080'" diff --git a/home.admin/config.scripts/lnd.newtlscert.sh b/home.admin/config.scripts/lnd.newtlscert.sh new file mode 100644 index 0000000..6b99010 --- /dev/null +++ b/home.admin/config.scripts/lnd.newtlscert.sh @@ -0,0 +1,29 @@ + +#!/bin/bash + +# stop services +echo "making sure services are not running" +sudo systemctl stop lnd 2>/dev/null + +echo "deleting TLSCert" +sudo rm /mnt/hdd/lnd/tls.* 2>/dev/null +echo "let lnd generate new TLSCert" +sudo -u bitcoin /usr/local/bin/lnd &>/dev/null & +echo "wait until generated" +newCertExists=0 +count=0 +while [ ${newCertExists} -eq 0 ] +do + count=$(($count + 1)) + echo "(${count}/60) check for cert" + if [ ${count} -gt 60 ]; then + echo "FAIL - was not able to generate new LND certs" + exit 1 + fi + newCertExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c '.cert') + sleep 2 +done +sudo killall /usr/local/bin/lnd +echo "copy new cert to admin user" +sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd +echo "OK TLS certs are fresh" \ No newline at end of file From 149c1ff1ce2fde2895a52e30f28ee0697c036a0b Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 15:32:49 +0100 Subject: [PATCH 18/46] modify gRPC --- home.admin/_background.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 20c2f3c..dd79bb1 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -132,10 +132,10 @@ do # unlock thru REST call curl -s \ - -H "Grpc-Metadata-macaroon: ${macaroonData})" \ + -H "Grpc-Metadata-macaroon: ${macaroonData}" \ --cacert /home/bitcoin/.lnd/tls.cert \ -X POST -d "{\"wallet_password\": \"${walletPasswordBase64}\"}" \ - https://127.0.0.1:8080/v1/unlockwallet 2>&1 + https://localhost:8080/v1/unlockwallet 2>&1 else echo "lncli says not locked" From abc49a8e34d1bd09689dddb7ce7cd53099b30374 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 15:46:02 +0100 Subject: [PATCH 19/46] debug info --- home.admin/_background.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index dd79bb1..2b8e52a 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -140,7 +140,11 @@ do else echo "lncli says not locked" fi + else + echo "auto-unlock is OFF" fi + else + echo "no trigger auto-unlock" fi ############################### From f77f77ff4516cf3e500b0283f3bc508df6dc8123 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 15:47:01 +0100 Subject: [PATCH 20/46] debug --- home.admin/_background.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 2b8e52a..4b7c119 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -122,13 +122,15 @@ do locked=$(sudo -u bitcoin /usr/local/bin/lncli --chain=${network} --network=${chain}net getinfo 2>&1 | grep -c unlock) if [ ${locked} -gt 0 ]; then + echo "STARTING AUTO-UNLOCK ..." + # get password c walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) - #echo "walletPasswordBase64 --> ${walletPasswordBase64}" + echo "walletPasswordBase64 --> ${walletPasswordBase64}" # get macaroon data macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) - #echo "macaroonData --> ${macaroonData}" + echo "macaroonData --> ${macaroonData}" # unlock thru REST call curl -s \ From 5d341c18df30cf81cf7149c15fc381ec2d71ca4a Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 15:53:03 +0100 Subject: [PATCH 21/46] modify gRPC --- home.admin/_background.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 4b7c119..ecc55e3 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -134,7 +134,7 @@ do # unlock thru REST call curl -s \ - -H "Grpc-Metadata-macaroon: ${macaroonData}" \ + -H "Grpc-Metadata-macaroon: ${macaroonData})" \ --cacert /home/bitcoin/.lnd/tls.cert \ -X POST -d "{\"wallet_password\": \"${walletPasswordBase64}\"}" \ https://localhost:8080/v1/unlockwallet 2>&1 From c9edd81b738e10d305fea0a62d0c9de449f251c9 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 16:01:30 +0100 Subject: [PATCH 22/46] output command --- home.admin/_background.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index ecc55e3..a6657aa 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -132,12 +132,16 @@ do macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) echo "macaroonData --> ${macaroonData}" - # unlock thru REST call - curl -s \ - -H "Grpc-Metadata-macaroon: ${macaroonData})" \ + # build curl command + curlCommand="curl -s \ + -H \"Grpc-Metadata-macaroon: ${macaroonData})\" \ --cacert /home/bitcoin/.lnd/tls.cert \ - -X POST -d "{\"wallet_password\": \"${walletPasswordBase64}\"}" \ - https://localhost:8080/v1/unlockwallet 2>&1 + -X POST -d \"{\"wallet_password\": \"${walletPasswordBase64}\"}\" \ + https://localhost:8080/v1/unlockwallet 2>&1" + + # execute REST call + echo "running --> ${command}" + result=$($command) else echo "lncli says not locked" From 722c98c6096bd174b2463aea0ad407293578bcd3 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 16:05:42 +0100 Subject: [PATCH 23/46] command output --- home.admin/_background.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index a6657aa..f0abc53 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -133,7 +133,7 @@ do echo "macaroonData --> ${macaroonData}" # build curl command - curlCommand="curl -s \ + command="curl -s \ -H \"Grpc-Metadata-macaroon: ${macaroonData})\" \ --cacert /home/bitcoin/.lnd/tls.cert \ -X POST -d \"{\"wallet_password\": \"${walletPasswordBase64}\"}\" \ From 94a72b14c6b8f790ddc5f2b26395c28de2aba710 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 17:52:20 +0100 Subject: [PATCH 24/46] modify command --- home.admin/_background.sh | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index f0abc53..4136f60 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -129,15 +129,18 @@ do echo "walletPasswordBase64 --> ${walletPasswordBase64}" # get macaroon data - macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) - echo "macaroonData --> ${macaroonData}" + MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" + #macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) + echo "macaroonData --> ${MACAROON_HEADER}" + + command="curl -X POST -d \"{\"wallet_password\": \"${walletPasswordBase64}\"}\" --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet 2>&1" # build curl command - command="curl -s \ - -H \"Grpc-Metadata-macaroon: ${macaroonData})\" \ - --cacert /home/bitcoin/.lnd/tls.cert \ - -X POST -d \"{\"wallet_password\": \"${walletPasswordBase64}\"}\" \ - https://localhost:8080/v1/unlockwallet 2>&1" + #command="curl \ +#-H \"Grpc-Metadata-macaroon: ${macaroonData})\" \ +#--cacert /home/bitcoin/.lnd/tls.cert \ +#-X POST -d \"{\"wallet_password\": \"${walletPasswordBase64}\"}\" \ +#https://localhost:8080/v1/unlockwallet 2>&1" # execute REST call echo "running --> ${command}" From 6fdc26ca9558832eab634a3384cdedd416890018 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 20:14:46 +0100 Subject: [PATCH 25/46] re-rescan info --- home.admin/80scanLND.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/80scanLND.sh b/home.admin/80scanLND.sh index 7e79674..6e4292f 100755 --- a/home.admin/80scanLND.sh +++ b/home.admin/80scanLND.sh @@ -63,7 +63,7 @@ else txlines=$(sudo -u bitcoin lncli listchaintxns 2>/dev/null | wc -l) # has just 4 lines if empty if [ ${txlines} -eq 4 ]; then - infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Will rescan every start until funding available. \n ssh admin@${localip}\n Password A") + infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n re-rescan every start until funding\n ssh admin@${localip}\n Password A") else infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some time\n ssh admin@${localip}\n Password A") if [ "$USER" = "admin" ]; then From 3b90f34ee1be04634f3a0ba0219c455863fec6a3 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 21:31:47 +0100 Subject: [PATCH 26/46] fix tls rest config --- home.admin/assets/lnd.bitcoin.conf | 1 + home.admin/assets/lnd.litecoin.conf | 1 + home.admin/config.scripts/lnd.autounlock.sh | 39 ++++++++++----------- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/home.admin/assets/lnd.bitcoin.conf b/home.admin/assets/lnd.bitcoin.conf index 645ed48..05537ec 100755 --- a/home.admin/assets/lnd.bitcoin.conf +++ b/home.admin/assets/lnd.bitcoin.conf @@ -13,6 +13,7 @@ rpclisten=0.0.0.0:10009 restlisten=0.0.0.0:8080 # Domain, could use https://freedns.afraid.org #tlsextradomain=lightning.yourhost.com +tlsextraip=0.0.0.0 [Bitcoin] bitcoin.active=1 diff --git a/home.admin/assets/lnd.litecoin.conf b/home.admin/assets/lnd.litecoin.conf index a44469d..bf9bdc1 100755 --- a/home.admin/assets/lnd.litecoin.conf +++ b/home.admin/assets/lnd.litecoin.conf @@ -14,6 +14,7 @@ restlisten=0.0.0.0:8080 # Domain, could use https://freedns.afraid.org #tlsextradomain=lightning.yourhost.com +tlsextraip=0.0.0.0 [Litecoin] litecoin.active=1 diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index 0cc8096..5f34651 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -55,27 +55,26 @@ fi # switch on if [ "$1" = "1" ] || [ "$1" = "on" ]; then - # make sure REST config of LND is correct - restActive=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=0.0.0.0:8080') - if [ ${restActive} -eq 0 ]; then - restActive=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=') - if [ ${restActive} -eq 1 ]; then - echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" - echo "FAIL: /mnt/hdd/lnd/lnd.conf includes REST config NOT 'restlisten=0.0.0.0:8080'" - echo "CANNOT ACTIVATE REST like needed for auto-unlock" - echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" - sleep 5 - exit 1 - else - # add REST config to lnd.conf (for old configs) - sudo sh -c "echo \"restlisten=0.0.0.0:8080\" >> /mnt/hdd/lnd/lnd.conf" - echo "LND REST config added -> restlisten=0.0.0.0:8080'" - # refresh TLS cert - sudo /home/admin/config.scripts/lnd.newtlscert.sh - fi - else - echo "LND REST config OK -> restlisten=0.0.0.0:8080'" + # make sure config values are uncommented + sudo sed -i "s/^#restlisten=.*/restlisten=/g" /mnt/hdd/lnd/lnd.conf + sudo sed -i "s/^#tlsextraip=.*/tlsextraip=/g" /mnt/hdd/lnd/lnd.conf + + # make sure config values exits + exists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=') + if [ ${exists} -eq 0 ]; then + sudo sh -c "echo \"restlisten=\" >> /mnt/hdd/lnd/lnd.conf" fi + exists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'tlsextraip') + if [ ${exists} -eq 0 ]; then + sudo sh -c "echo \"tlsextraip=\" >> /mnt/hdd/lnd/lnd.conf" + fi + + # set needed config values + sudo sed -i "s/^restlisten=.*/restlisten=0.0.0.0:8080/g" /mnt/hdd/lnd/lnd.conf + sudo sed -i "s/^tlsextraip=.*/tlsextraip=0.0.0.0/g" /mnt/hdd/lnd/lnd.conf + + # refresh TLS cert + sudo /home/admin/config.scripts/lnd.newtlscert.sh echo "switching the Auto-Unlock ON" From 34ea20d44b44351808a72aab2fcc3cd64791566a Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 21:46:42 +0100 Subject: [PATCH 27/46] fixed curl data --- home.admin/_background.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 4136f60..0d1fd17 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -133,7 +133,7 @@ do #macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) echo "macaroonData --> ${MACAROON_HEADER}" - command="curl -X POST -d \"{\"wallet_password\": \"${walletPasswordBase64}\"}\" --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet 2>&1" + command="curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet 2>&1" # build curl command #command="curl \ From c77801460d1ac864a88a9e74318f58affd0a096a Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 21:48:45 +0100 Subject: [PATCH 28/46] curl fix --- home.admin/_background.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 0d1fd17..0269afe 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -133,7 +133,7 @@ do #macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) echo "macaroonData --> ${MACAROON_HEADER}" - command="curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet 2>&1" + command="curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" # build curl command #command="curl \ @@ -152,8 +152,6 @@ do else echo "auto-unlock is OFF" fi - else - echo "no trigger auto-unlock" fi ############################### From 5a770e37b1d772e7943b931eee88f30d125f5221 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 22:11:21 +0100 Subject: [PATCH 29/46] try next variant --- home.admin/_background.sh | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 0269afe..d11a16a 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -124,26 +124,13 @@ do echo "STARTING AUTO-UNLOCK ..." - # get password c + # building REST command walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) - echo "walletPasswordBase64 --> ${walletPasswordBase64}" - - # get macaroon data MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" - #macaroonData=$(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon) - echo "macaroonData --> ${MACAROON_HEADER}" - - command="curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" - - # build curl command - #command="curl \ -#-H \"Grpc-Metadata-macaroon: ${macaroonData})\" \ -#--cacert /home/bitcoin/.lnd/tls.cert \ -#-X POST -d \"{\"wallet_password\": \"${walletPasswordBase64}\"}\" \ -#https://localhost:8080/v1/unlockwallet 2>&1" + command="sudo -u admin curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" # execute REST call - echo "running --> ${command}" + echo "${command}" result=$($command) else From 4af555bc725d4b95524c430cca1533263c419490 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 22:30:16 +0100 Subject: [PATCH 30/46] next try curl command --- home.admin/_background.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index d11a16a..3f26c5c 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -127,7 +127,7 @@ do # building REST command walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" - command="sudo -u admin curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /mnt/hdd/lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" + command="sudo -u bitcoin curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /home/bitcoin/.lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" # execute REST call echo "${command}" From fe4d1373c27d0b9f279a9e9f0e2d5fe6730ec5d7 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 22:30:53 +0100 Subject: [PATCH 31/46] debug result --- home.admin/_background.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 3f26c5c..0a94e8a 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -132,6 +132,7 @@ do # execute REST call echo "${command}" result=$($command) + echo "${result}" else echo "lncli says not locked" From 3e359a436cf54a36edc52ab40ff38a32f33ab3a8 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 22:51:02 +0100 Subject: [PATCH 32/46] next try --- home.admin/_background.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 0a94e8a..e7e2bb6 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -127,11 +127,13 @@ do # building REST command walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" - command="sudo -u bitcoin curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /home/bitcoin/.lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" + #command="sudo -u bitcoin curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /home/bitcoin/.lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" # execute REST call - echo "${command}" - result=$($command) + #echo "${command}" + #result=$($command) + POSTDATA="{'wallet_password': '${walletPasswordBase64}'}" + result=$(curl -X POST -d "${POSTDATA}" --cacert /home/bitcoin/.lnd/tls.cert --header "$MACAROON_HEADER" https://localhost:8080/v1/unlockwallet) echo "${result}" else From 6314ea6dda1e371e295c6b13b31e8bc43ea0715d Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 23:01:18 +0100 Subject: [PATCH 33/46] next try --- home.admin/_background.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index e7e2bb6..18df413 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -132,8 +132,8 @@ do # execute REST call #echo "${command}" #result=$($command) - POSTDATA="{'wallet_password': '${walletPasswordBase64}'}" - result=$(curl -X POST -d "${POSTDATA}" --cacert /home/bitcoin/.lnd/tls.cert --header "$MACAROON_HEADER" https://localhost:8080/v1/unlockwallet) + POSTDATA="'{\"wallet_password\": \"${walletPasswordBase64}\"}'" + result=$(curl -X POST -d ${POSTDATA} --cacert /home/bitcoin/.lnd/tls.cert --header "$MACAROON_HEADER" https://localhost:8080/v1/unlockwallet) echo "${result}" else From f441b9204d477d535576f8e7eec7949fc4ba2cbf Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 23:10:48 +0100 Subject: [PATCH 34/46] more debug --- home.admin/_background.sh | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 18df413..4faea1f 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -127,14 +127,11 @@ do # building REST command walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" - #command="sudo -u bitcoin curl -X POST -d '{\"wallet_password\": \"${walletPasswordBase64}\"}' --cacert /home/bitcoin/.lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" - - # execute REST call - #echo "${command}" - #result=$($command) - POSTDATA="'{\"wallet_password\": \"${walletPasswordBase64}\"}'" + POSTDATA="'{ \"wallet_password\":\"${walletPasswordBase64}\", }'" + echo "MACAROON:${MACAROON_HEADER}" + echo "POSTDATA:${POSTDATA}" result=$(curl -X POST -d ${POSTDATA} --cacert /home/bitcoin/.lnd/tls.cert --header "$MACAROON_HEADER" https://localhost:8080/v1/unlockwallet) - echo "${result}" + echo "RESULT:${result}" else echo "lncli says not locked" From 818d91ba4a6c143163f52be40fcbfdfc49dc6571 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 23:20:03 +0100 Subject: [PATCH 35/46] next try --- home.admin/_background.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 4faea1f..051333c 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -127,7 +127,8 @@ do # building REST command walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" - POSTDATA="'{ \"wallet_password\":\"${walletPasswordBase64}\", }'" + # POSTDATA="'{ \"wallet_password\":\"${walletPasswordBase64}\" }'" + POSTDATA="{ \\\"wallet_password\\\":\\\"${walletPasswordBase64}\\\" }" echo "MACAROON:${MACAROON_HEADER}" echo "POSTDATA:${POSTDATA}" result=$(curl -X POST -d ${POSTDATA} --cacert /home/bitcoin/.lnd/tls.cert --header "$MACAROON_HEADER" https://localhost:8080/v1/unlockwallet) From 8e2f3c278068bb6a8f9f6a2b3d4fa098687a00a4 Mon Sep 17 00:00:00 2001 From: /geco Date: Sun, 23 Dec 2018 23:29:12 +0100 Subject: [PATCH 36/46] next try --- home.admin/_background.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 051333c..0927ab5 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -128,7 +128,7 @@ do walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" # POSTDATA="'{ \"wallet_password\":\"${walletPasswordBase64}\" }'" - POSTDATA="{ \\\"wallet_password\\\":\\\"${walletPasswordBase64}\\\" }" + POSTDATA="\"{ \\\"wallet_password\\\":\\\"${walletPasswordBase64}\\\" }\"" echo "MACAROON:${MACAROON_HEADER}" echo "POSTDATA:${POSTDATA}" result=$(curl -X POST -d ${POSTDATA} --cacert /home/bitcoin/.lnd/tls.cert --header "$MACAROON_HEADER" https://localhost:8080/v1/unlockwallet) From 180851b81a548e10741f84aafae55d8e21e12b68 Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 00:04:46 +0100 Subject: [PATCH 37/46] use python script to unlock --- home.admin/_background.sh | 22 +++++++++++++--------- home.admin/config.scripts/lnd.unlock.py | 9 +++++++++ 2 files changed, 22 insertions(+), 9 deletions(-) create mode 100644 home.admin/config.scripts/lnd.unlock.py diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 0927ab5..07fb970 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -125,15 +125,19 @@ do echo "STARTING AUTO-UNLOCK ..." # building REST command - walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) - MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" - # POSTDATA="'{ \"wallet_password\":\"${walletPasswordBase64}\" }'" - POSTDATA="\"{ \\\"wallet_password\\\":\\\"${walletPasswordBase64}\\\" }\"" - echo "MACAROON:${MACAROON_HEADER}" - echo "POSTDATA:${POSTDATA}" - result=$(curl -X POST -d ${POSTDATA} --cacert /home/bitcoin/.lnd/tls.cert --header "$MACAROON_HEADER" https://localhost:8080/v1/unlockwallet) - echo "RESULT:${result}" - + passwordC=$(cat /root/lnd.autounlock.pwd) + sudo python /home/admin/config.scripts/lnd.unlock.py $passwordC + + #walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0) + #MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)" + #POSTDATA="'{ \"wallet_password\":\"${walletPasswordBase64}\" }'" + #echo "MACAROON:${MACAROON_HEADER}" + #echo "POSTDATA:${POSTDATA}" + #command="sudo sh -c "curl -X POST -d ${POSTDATA} --cacert /home/bitcoin/.lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet" + #echo "COMMAND:${command}" + #result=$(echo \"restlisten=\" >> /mnt/hdd/lnd/lnd.conf") + #echo "RESULT:${result}" + else echo "lncli says not locked" fi diff --git a/home.admin/config.scripts/lnd.unlock.py b/home.admin/config.scripts/lnd.unlock.py new file mode 100644 index 0000000..a85ed2c --- /dev/null +++ b/home.admin/config.scripts/lnd.unlock.py @@ -0,0 +1,9 @@ +# parameter #1: password c to unlock wallet +import base64, codecs, json, requests, sys +url = 'https://localhost:8080/v1/unlockwallet' +cert_path = '/mnt/hdd/lnd/tls.cert' +data = { + 'wallet_password': base64.b64encode(sys.argv[1:]).decode() +} +r = requests.post(url, verify=cert_path, data=json.dumps(data)) +print(r.json()) \ No newline at end of file From d69426d61f25c448b69a2d6169d242a2807e4eef Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 00:12:19 +0100 Subject: [PATCH 38/46] fixparameter in python --- home.admin/config.scripts/lnd.unlock.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/lnd.unlock.py b/home.admin/config.scripts/lnd.unlock.py index a85ed2c..c23028c 100644 --- a/home.admin/config.scripts/lnd.unlock.py +++ b/home.admin/config.scripts/lnd.unlock.py @@ -3,7 +3,7 @@ import base64, codecs, json, requests, sys url = 'https://localhost:8080/v1/unlockwallet' cert_path = '/mnt/hdd/lnd/tls.cert' data = { - 'wallet_password': base64.b64encode(sys.argv[1:]).decode() + 'wallet_password': base64.b64encode(sys.argv[1]).decode() } r = requests.post(url, verify=cert_path, data=json.dumps(data)) print(r.json()) \ No newline at end of file From 2744826d588f03a239bbad572afd3830ae623d78 Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 00:46:48 +0100 Subject: [PATCH 39/46] put new values to the right place --- home.admin/config.scripts/lnd.autounlock.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index 5f34651..f6efe77 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -62,11 +62,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # make sure config values exits exists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=') if [ ${exists} -eq 0 ]; then - sudo sh -c "echo \"restlisten=\" >> /mnt/hdd/lnd/lnd.conf" + sudo sed -n -i 'p;4a restlisten=' /mnt/hdd/lnd/lnd.conf fi exists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'tlsextraip') if [ ${exists} -eq 0 ]; then - sudo sh -c "echo \"tlsextraip=\" >> /mnt/hdd/lnd/lnd.conf" + sudo sed -n -i 'p;5a tlsextraip=' /mnt/hdd/lnd/lnd.conf fi # set needed config values From 913f4eabbd9959efacb9ef1784698eb8565022cc Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 00:56:22 +0100 Subject: [PATCH 40/46] adding shortcut commands --- home.admin/_commands.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 home.admin/_commands.sh diff --git a/home.admin/_commands.sh b/home.admin/_commands.sh new file mode 100644 index 0000000..69b6dec --- /dev/null +++ b/home.admin/_commands.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# SHORTCUT COMMANDS you can call as user 'admin' from terminal + +# command: raspiblitz +# calls the the raspiblitz mainmenu +function raspiblitz() { + /home/admin/00mainMenu.sh +} \ No newline at end of file From 427347b7d71850fc4f807ff3ba810cbb9eec299f Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 01:03:02 +0100 Subject: [PATCH 41/46] adding shortcut commands --- build.sdcard/raspbianStretchDesktop.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.sdcard/raspbianStretchDesktop.sh b/build.sdcard/raspbianStretchDesktop.sh index ac1a393..f14f771 100644 --- a/build.sdcard/raspbianStretchDesktop.sh +++ b/build.sdcard/raspbianStretchDesktop.sh @@ -438,6 +438,8 @@ sudo -u admin cp -r /home/admin/raspiblitz/home.admin/config.scripts /home/admin sudo -u admin chmod +x /home/admin/config.scripts/*.sh # bash aoutstart for admin +sudo bash -c "echo '# shortcut commands' >> /home/admin/.bashrc" +sudo bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc" sudo bash -c "echo '# automatically start main menu for admin' >> /home/admin/.bashrc" sudo bash -c "echo './00mainMenu.sh' >> /home/admin/.bashrc" From 7be9964a90ae7be2c4405d0f9f4c6bcad450a842 Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 01:21:05 +0100 Subject: [PATCH 42/46] added retun info --- home.admin/00mainMenu.sh | 4 +++- home.admin/config.scripts/lnd.autounlock.sh | 18 +++++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/home.admin/00mainMenu.sh b/home.admin/00mainMenu.sh index 27dd4a1..0a8d66c 100755 --- a/home.admin/00mainMenu.sh +++ b/home.admin/00mainMenu.sh @@ -396,7 +396,9 @@ case $CHOICE in ;; X) lncli -h - echo "SUCH WOW come back with ./00mainMenu.sh" + echo "OK you now on the command line." + echo "You can return to the main menu with the command:" + echo "raspiblitz" ;; R) ./00mainMenu.sh diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index f6efe77..0eddea9 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -26,8 +26,24 @@ https://github.com/rootzoll/raspiblitz Password C will be stored on the device. " 13 52 2>./.tmp passwordC=$( cat ./.tmp ) + + # test if empty if [ ${#passwordC} -eq 0 ]; then - echo "FAIL input cannot be empty" + echo "CANCEL input cannot be empty" + sleep 3 + exit 1 + fi + + # test if correct + echo "testing password" + sudo systemctl restart lnd + sleep 4 + result=$(sudo python /home/admin/config.scripts/lnd.unlock.py ${passwordC}) + invalid=$(echo "${result}" | grep -c 'invalid') + if [ ${invalid} -gt 0 ];then + echo "PASSWORD C is wrong - try again or cancel" + sleep 3 + sudo /home/admin/config.scripts/lnd.autounlock.sh on exit 1 fi shred ./.tmp From 01170d6de400109d7dcd9f8f0c1a76d70c323b3b Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 01:56:10 +0100 Subject: [PATCH 43/46] add please wait --- home.admin/config.scripts/lnd.autounlock.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/lnd.autounlock.sh b/home.admin/config.scripts/lnd.autounlock.sh index 0eddea9..812f1da 100755 --- a/home.admin/config.scripts/lnd.autounlock.sh +++ b/home.admin/config.scripts/lnd.autounlock.sh @@ -35,7 +35,7 @@ Password C will be stored on the device. fi # test if correct - echo "testing password" + echo "testing password .. please wait" sudo systemctl restart lnd sleep 4 result=$(sudo python /home/admin/config.scripts/lnd.unlock.py ${passwordC}) From 558bb3200237e4373c0388bcbfae00f5b96fcb31 Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 02:51:11 +0100 Subject: [PATCH 44/46] auto-unlock on recover dialog --- home.admin/20recoverDialog.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/home.admin/20recoverDialog.sh b/home.admin/20recoverDialog.sh index 2246875..50647c6 100755 --- a/home.admin/20recoverDialog.sh +++ b/home.admin/20recoverDialog.sh @@ -58,21 +58,22 @@ Write them down & store them in a safe place. # remove flag that freshly recovered sudo rm /home/admin/raspiblitz.recover.info - # sucess info dialog - dialog --backtitle "RaspiBlitz" --msgbox "New SSH password A is '$result'\nFINAL REBOOT IS NEEDED." 6 52 - # when auto-unlock is activated then Password C is needed to be restored on SD card if [ "${autoUnlock}" = "on" ]; then - # ask user for new password C - dialog --backtitle "RaspiBlitz - Setup"\ - --inputbox "Please enter your ACTUAL Password C:\n!!! This is needed for the Auto-Unlock feature" 10 52 2>$_temp - result=$( cat $_temp ) - shred $_temp - if [ ${#result} -gt 0 ]; then - sudo /home/admin/config.scripts/lnd.autounlock.sh on ${result} - else - sudo /home/admin/config.scripts/lnd.autounlock.sh off - fi + + # reset auto-unlock feature + dialog --backtitle "RaspiBlitz - Setup" --msgbox "You had the Auto-Unlock feature enabled. + +In the next dialog you need to re-enter your +ACTUAL/OLD Password C to re-activate the +Auto-Unlock feature. Enter a empty password +to deactivate the Auto-Unlock feature. +" 10 52 + sudo /home/admin/config.scripts/lnd.autounlock.sh on + dialog --backtitle "RaspiBlitz" --msgbox "FINAL REBOOT IS NEEDED." 6 52 + + else + dialog --backtitle "RaspiBlitz" --msgbox "New SSH password A is '$result'\nFINAL REBOOT IS NEEDED." 6 52 fi sudo shutdown -r now From d8ae9ac898eb1a1d2316e901355b018885ff6d5e Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 14:57:47 +0100 Subject: [PATCH 45/46] pause --- home.admin/00settingsMenuServices.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index 72bc117..8ce3a82 100644 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -189,8 +189,8 @@ fi if [ ${needsReboot} -eq 1 ]; then sleep 2 - dialog --title 'OK' --msgbox 'System will reboot to activate changes.' 6 26 - echo "rebooting .." + dialog --pause "OK. System will reboot to activate changes." 8 58 8 + echo "rebooting .. (please wait)" sleep 3 sudo shutdown -r now fi \ No newline at end of file From d698141d2406f6ff458e213e29f677226e2d6b7a Mon Sep 17 00:00:00 2001 From: /geco Date: Mon, 24 Dec 2018 15:03:23 +0100 Subject: [PATCH 46/46] version 0.99 = 10.0 RC2 --- build.sdcard/raspbianStretchDesktop.sh | 2 +- home.admin/_version.info | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.sdcard/raspbianStretchDesktop.sh b/build.sdcard/raspbianStretchDesktop.sh index f14f771..e62b3e7 100644 --- a/build.sdcard/raspbianStretchDesktop.sh +++ b/build.sdcard/raspbianStretchDesktop.sh @@ -10,7 +10,7 @@ echo "" echo "*****************************************" -echo "* RASPIBLITZ SD CARD IMAGE SETUP v0.98 *" +echo "* RASPIBLITZ SD CARD IMAGE SETUP v0.99 *" echo "*****************************************" echo "" diff --git a/home.admin/_version.info b/home.admin/_version.info index 5536ab6..efed7e4 100644 --- a/home.admin/_version.info +++ b/home.admin/_version.info @@ -1,2 +1,2 @@ # RaspiBlitz Version - always [main].[sub] -codeVersion="0.98" \ No newline at end of file +codeVersion="0.99" \ No newline at end of file