Merge pull request #211 from geco91/master

v1.0 RC1 fixes & enhancements
6 years ago · 52c2132b8e
17 changed files with 301 additions and 42 deletions
--- a/README.md
+++ b/README.md
@ -269,6 +269,14 @@ To do so you can register at an DynamicDomain service like freedns.afraid.org, f
 You will be asked for your dynamic domain name such like "mynode.crabdance.org" and you can also optionally set an URL that will be called regularly to update your routers IP with the dynnamic domain service. At freedns.afraid.org this URL is called "Direct URL" under the menu "Dynamic DNS" once you added one.
 ## Auto-unlock LND on startup
 This feature is based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_6A_auto-unlock.md
 It can be activated under "Services" -> "Auto-unlock LND". Its recommended to be turned on, when DynamicDNS is used. Because on a public IP change of your router, LND gets restarted automatically and without Auto-Unlock it will stay inactive/unreachbale until you manually unlock it.
 But keep in mind that when activated, your Password C will be stored on the RaspiBlitz SD card. That lowers your security in (physical) attack scenarios. On an update you would need to re-enter your password C.
 ## Get a Debug Report
 If your RaspiBlitz is not working right and you like to get help from the community, its good to provide more debug information, so other can better diagnose your problem - please follow the following steps to generate a debug report:
@ -312,7 +320,7 @@ If you fork the RaspiBlitz repo (much welcome) and you want to run that code on
 * The long way: If you like to install/remove/change services and system configurations you need to build a SD card from your own code. Prepare like in `Build the SD Card Image` but in the end run the command:
-`wget https://raw.githubusercontent.com/[GITHUB-USERNAME]/raspiblitz/dev/build.sdcard/raspbianStretchDesktop.sh && sudo bash raspbianStretchDesktop.sh [BRANCH] [GITHUB-USERNAME]`
+`wget https://raw.githubusercontent.com/[GITHUB-USERNAME]/raspiblitz/[BRANCH]/build.sdcard/raspbianStretchDesktop.sh && sudo bash raspbianStretchDesktop.sh [BRANCH] [GITHUB-USERNAME]`
 ## Update to a new SD Card Release
--- a/build.sdcard/raspbianStretchDesktop.sh
+++ b/build.sdcard/raspbianStretchDesktop.sh
@ -10,7 +10,7 @@
 echo ""
 echo "*****************************************"
-echo "* RASPIBLITZ SD CARD IMAGE SETUP v0.98  *"
+echo "* RASPIBLITZ SD CARD IMAGE SETUP v0.99  *"
 echo "*****************************************"
 echo ""
@ -438,6 +438,8 @@ sudo -u admin cp -r /home/admin/raspiblitz/home.admin/config.scripts /home/admin
 sudo -u admin chmod +x /home/admin/config.scripts/*.sh
 # bash aoutstart for admin
 sudo bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
 sudo bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
 sudo bash -c "echo '# automatically start main menu for admin' >> /home/admin/.bashrc"
 sudo bash -c "echo './00mainMenu.sh' >> /home/admin/.bashrc"
--- a/home.admin/00infoLCD.sh
+++ b/home.admin/00infoLCD.sh
@ -131,7 +131,7 @@ while :
      l2="---> ${message}\n"
      l3="Please keep running until reboot."
      boxwidth=$((${#localip} + 28))
-      dialog --backtitle "RaspiBlitz ${codeVersion} (${state})" --infobox "$l1$l2$l3" 5 ${boxwidth}
+      dialog --backtitle "RaspiBlitz ${codeVersion} (${state}) ${localip}" --infobox "$l1$l2$l3" 5 ${boxwidth}
      sleep 3
      continue
    fi
@ -178,6 +178,10 @@ while :
        l2="Open: http://${localip}:3000\n"
        l3="Use Password C to unlock\n"
      fi
      if [ "${autoUnlock}" = "on" ]; then
        l2="ssh admin@${localip}\n"
        l3="Waiting for AUTO-UNLOCK"
      fi
      boxwidth=$((${#localip} + 24))
      dialog --backtitle "RaspiBlitz ${codeVersion} (${localip}) - ${hostname}" --infobox "$l1$l2$l3" 5 ${boxwidth}
      sleep 5
--- a/home.admin/00mainMenu.sh
+++ b/home.admin/00mainMenu.sh
@ -396,7 +396,9 @@ case $CHOICE in
            ;;   
        X)
            lncli -h
-            echo "SUCH WOW come back with ./00mainMenu.sh"
+            echo "OK you now on the command line."
            echo "You can return to the main menu with the command:"
            echo "raspiblitz"
            ;;
        R)
            ./00mainMenu.sh
--- a/home.admin/00settingsMenuServices.sh
+++ b/home.admin/00settingsMenuServices.sh
@ -4,6 +4,7 @@
 source /mnt/hdd/raspiblitz.conf
 if [ ${#autoPilot} -eq 0 ]; then autoPilot="off"; fi
 if [ ${#autoNatDiscovery} -eq 0 ]; then autoNatDiscovery="off"; fi
 if [ ${#autoUnlock} -eq 0 ]; then autoUnlock="off"; fi
 if [ ${#runBehindTor} -eq 0 ]; then runBehindTor="off"; fi
 if [ ${#rtlWebinterface} -eq 0 ]; then rtlWebinterface="off"; fi
 if [ ${#chain} -eq 0 ]; then chain="main"; fi
@ -28,6 +29,7 @@ CHOICES=$(dialog --checklist 'Activate/Deactivate Services:' 15 45 7 \
 4 ${dynDomainMenu} ${domainValue} \
 5 'Run behind TOR' ${runBehindTor} \
 6 'RTL Webinterface' ${rtlWebinterface} \
 7 'LND Auto-Unlock' ${autoUnlock} \
 2>&1 >/dev/tty)
 dialogcancel=$?
 clear
@ -174,9 +176,21 @@ else
  echo "RTL Webinterface Setting unchanged."
 fi
 # LND Auto-Unlock
 choice="off"; check=$(echo "${CHOICES}" | grep -c "7")
 if [ ${check} -eq 1 ]; then choice="on"; fi
 if [ "${autoUnlock}" != "${choice}" ]; then
  echo "LND Autounlock Setting changed .."
  sudo /home/admin/config.scripts/lnd.autounlock.sh ${choice}
  needsReboot=1
 else
  echo "LND Autounlock Setting unchanged."
 fi
 if [ ${needsReboot} -eq 1 ]; then
   sleep 2
-   dialog --title 'OK' --msgbox 'System will reboot to activate changes.' 6 26
+   dialog --pause "OK. System will reboot to activate changes." 8 58 8
-   echo "rebooting .."
+   echo "rebooting .. (please wait)"
   sleep 3
   sudo shutdown -r now
 fi
--- a/home.admin/20recoverDialog.sh
+++ b/home.admin/20recoverDialog.sh
@ -58,10 +58,25 @@ Write them down & store them in a safe place.
      # remove flag that freshly recovered
      sudo rm /home/admin/raspiblitz.recover.info
-      # sucess info dialog
+      # when auto-unlock is activated then Password C is needed to be restored on SD card
-      dialog --backtitle "RaspiBlitz" --msgbox "New SSH password A is '$result'\nFINAL REBOOT IS NEEDED." 6 52
+      if [ "${autoUnlock}" = "on" ]; then
-      sudo shutdown -r now
+
        # reset auto-unlock feature
        dialog --backtitle "RaspiBlitz - Setup" --msgbox "You had the Auto-Unlock feature enabled.
 In the next dialog you need to re-enter your
 ACTUAL/OLD Password C to re-activate the
 Auto-Unlock feature. Enter a empty password
 to deactivate the Auto-Unlock feature.
 " 10 52
        sudo /home/admin/config.scripts/lnd.autounlock.sh on
        dialog --backtitle "RaspiBlitz" --msgbox "FINAL REBOOT IS NEEDED." 6 52
      else
        dialog --backtitle "RaspiBlitz" --msgbox "New SSH password A is '$result'\nFINAL REBOOT IS NEEDED." 6 52
      fi
      sudo shutdown -r now
    fi
  done
--- a/home.admin/80scanLND.sh
+++ b/home.admin/80scanLND.sh
@ -58,11 +58,19 @@ if [ ${isInitialChainSync} -gt 0 ]; then
  fi
 else
  heigh=7
-  infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some time\n ssh admin@${localip}\n Password A")
+  # check if wallet has any UTXO
-  if [ "$USER" = "admin" ]; then
+  # reason see: https://github.com/lightningnetwork/lnd/issues/2326
-    heigh=6
+  txlines=$(sudo -u bitcoin lncli listchaintxns 2>/dev/null | wc -l)
-    width=53
+  # has just 4 lines if empty
-    infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some long time.\n Its OK to close terminal and ssh back in later.")
+  if [ ${txlines} -eq 4 ]; then
    infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n re-rescan every start until funding\n ssh admin@${localip}\n Password A")
  else
    infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some time\n ssh admin@${localip}\n Password A")
    if [ "$USER" = "admin" ]; then
      heigh=6
      width=53
      infoStr=$(echo " Lightning ${action} Blockchain\n Progress: ${scanstate}\n Please wait - this can take some long time.\n Its OK to close terminal and ssh back in later.")
    fi
  fi
 fi
--- a/home.admin/XXupdateScripts.sh
+++ b/home.admin/XXupdateScripts.sh
@ -20,10 +20,13 @@ else
  echo "USAGE-INFO: ./XXupdateScripts.sh '[BRANCHNAME]'"
 fi
 origin=$(git remote -v | grep 'origin' | tail -n1)
 echo ""
 echo "*** UPDATING SHELL SCRIPTS FROM GITHUB ***"
 echo "justincase, not the final upadte mechanism"
-echo "BRANCH --> ${activeBranch} <---"
+echo "REPO ----> ${origin}"
 echo "BRANCH --> ${activeBranch}"
 echo "******************************************"
 git pull
 cd ..
--- a/home.admin/_background.sh
+++ b/home.admin/_background.sh
@ -3,7 +3,6 @@
 # This script runs on after start in background
 # as a service and gets restarted on failure
 # it runs ALMOST every seconds
 # DEBUG: sudo journalctl -f -u background
 # INFOFILE - state data from bootstrap
 infoFile="/home/admin/raspiblitz.info"
@ -11,12 +10,16 @@ infoFile="/home/admin/raspiblitz.info"
 # CONFIGFILE - configuration of RaspiBlitz
 configFile="/mnt/hdd/raspiblitz.conf"
 # LOGS see: sudo journalctl -f -u background
 # Check if HDD contains configuration
 configExists=$(ls ${configFile} | grep -c '.conf')
 if [ ${configExists} -eq 1 ]; then
    source ${configFile}
 fi
 echo "_background.sh STARTED"
 counter=0
 while [ 1 ]
 do
@ -28,6 +31,9 @@ do
  # count up
  counter=$(($counter+1))
  # gather the uptime seconds
  upSeconds=$(cat /proc/uptime | grep -o '^[0-9]\+')
  ####################################################
  # RECHECK DHCP-SERVER 
  # https://github.com/rootzoll/raspiblitz/issues/160
@ -80,11 +86,15 @@ do
        sed -i "s/^publicIP=.*/publicIP=${freshPublicIP}/g" ${configFile}
        publicIP=${freshPublicIP}
-        # 2) restart the LND
+        # 2) only restart LND if dynDNS is activated
-        echo "restart LND with new environment config"
+        # because this signals that user wants "public node"
-        sudo systemctl restart lnd.service
+        if [ ${#dynDomain} -gt 0 ]; then
          echo "restart LND with new environment config"
          # restart and let to auto-unlock (if activated) do the rest
          sudo systemctl restart lnd.service
        fi
-        # 3) trigger update if dnyamic domain (if set)
+        # 2) trigger update if dnyamic domain (if set)
        updateDynDomain=1
      else
@ -97,6 +107,45 @@ do
  fi
  ###############################
  # LND AUTO-UNLOCK
  ###############################
  # check every 10secs
  recheckAutoUnlock=$((($counter % 10)+1))
  if [ ${recheckAutoUnlock} -eq 1 ]; then
    # check if auto-unlock feature if activated
    if [ "${autoUnlock}" = "on" ]; then
      # check if lnd is locked
      locked=$(sudo -u bitcoin /usr/local/bin/lncli --chain=${network} --network=${chain}net getinfo 2>&1 | grep -c unlock)
      if [ ${locked} -gt 0 ]; then
        echo "STARTING AUTO-UNLOCK ..."
        # building REST command
        passwordC=$(cat /root/lnd.autounlock.pwd)
        sudo python /home/admin/config.scripts/lnd.unlock.py $passwordC
        #walletPasswordBase64=$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0)
        #MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)"
        #POSTDATA="'{ \"wallet_password\":\"${walletPasswordBase64}\" }'"
        #echo "MACAROON:${MACAROON_HEADER}"
        #echo "POSTDATA:${POSTDATA}"
        #command="sudo sh -c "curl -X POST -d ${POSTDATA} --cacert /home/bitcoin/.lnd/tls.cert --header \"$MACAROON_HEADER\" https://localhost:8080/v1/unlockwallet"
        #echo "COMMAND:${command}"
        #result=$(echo \"restlisten=\" >> /mnt/hdd/lnd/lnd.conf")
        #echo "RESULT:${result}"
      else
        echo "lncli says not locked"
      fi
    else
      echo "auto-unlock is OFF"
    fi
  fi
  ###############################
  # UPDATE DYNAMIC DOMAIN
  # like afraid.org
--- a/home.admin/_commands.sh
+++ b/home.admin/_commands.sh
@ -0,0 +1,9 @@
 #!/bin/bash
 # SHORTCUT COMMANDS you can call as user 'admin' from terminal
 # command: raspiblitz
 # calls the the raspiblitz mainmenu
 function raspiblitz() {
  /home/admin/00mainMenu.sh
 }
--- a/home.admin/_version.info
+++ b/home.admin/_version.info
@ -1,2 +1,2 @@
 # RaspiBlitz Version - always [main].[sub]
-codeVersion="0.98"
+codeVersion="0.99"
--- a/home.admin/assets/lnd.bitcoin.conf
+++ b/home.admin/assets/lnd.bitcoin.conf
@ -9,8 +9,11 @@ nat=false
 # RPC open to all connections on Port 10009
 rpclisten=0.0.0.0:10009
 # REST open to all connections on Port 8080
 restlisten=0.0.0.0:8080
 # Domain, could use https://freedns.afraid.org
 #tlsextradomain=lightning.yourhost.com  
 tlsextraip=0.0.0.0
 [Bitcoin]
 bitcoin.active=1
--- a/home.admin/assets/lnd.litecoin.conf
+++ b/home.admin/assets/lnd.litecoin.conf
@ -9,8 +9,12 @@ nat=false
 # RPC open to all connections on Port 10009
 rpclisten=0.0.0.0:10009
 # REST open to all connections on Port 8080
 restlisten=0.0.0.0:8080
 # Domain, could use https://freedns.afraid.org
 #tlsextradomain=lightning.yourhost.com
 tlsextraip=0.0.0.0
 [Litecoin]
 litecoin.active=1
--- a/home.admin/config.scripts/internet.dyndomain.sh
+++ b/home.admin/config.scripts/internet.dyndomain.sh
@ -110,27 +110,8 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "DynamicDNS is now OFF"
 fi
-echo "deleting TLSCert"
+# refresh TLS cert
-sudo rm /mnt/hdd/lnd/tls.* 2>/dev/null
+sudo /home/admin/config.scripts/lnd.newtlscert.sh
 echo "let lnd generate new TLSCert"
 sudo -u bitcoin /usr/local/bin/lnd &>/dev/null &
 echo "wait until generated"
 newCertExists=0
 count=0
 while [ ${newCertExists} -eq 0 ]
 do
  count=$(($count + 1))
  echo "(${count}/60) check for cert"
  if [ ${count} -gt 60 ]; then
    echo "FAIL - was not able to generate new LND certs"
    exit 1
  fi
  newCertExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c '.cert')
  sleep 2
 done
 sudo killall /usr/local/bin/lnd
 echo "copy new cert to admin user"
 sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd
 echo "may needs reboot to run normal again"
 exit 0
--- a/home.admin/config.scripts/lnd.autounlock.sh
+++ b/home.admin/config.scripts/lnd.autounlock.sh
@ -0,0 +1,119 @@
 #!/bin/bash
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
 echo "small config script to autounlock lnd after restart"
 echo "lnd.autounlock.sh [on|off] [?passwordC]"
 exit 1
 fi
 # 1. parameter [on|off]
 turn="off"
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then turn="on"; fi
 # 2. parameter [?passwordC]
 passwordC=$2
 # run interactive if 'turn on' && no further parameters
 if [ "${turn}" = "on" ] && [ ${#passwordC} -eq 0 ]; then
  dialog --backtitle "LND Auto-Unlock" --inputbox "ENTER your PASSWORD C:
 For more details see chapter in GitHub README 
 'Auto-unlock LND on startup'
 https://github.com/rootzoll/raspiblitz
 Password C will be stored on the device.
 " 13 52 2>./.tmp
  passwordC=$( cat ./.tmp )
  # test if empty
  if [ ${#passwordC} -eq 0 ]; then
    echo "CANCEL input cannot be empty"
    sleep 3
    exit 1
  fi
  # test if correct
  echo "testing password .. please wait"
  sudo systemctl restart lnd
  sleep 4
  result=$(sudo python /home/admin/config.scripts/lnd.unlock.py ${passwordC})
  invalid=$(echo "${result}" | grep -c 'invalid')
  if [ ${invalid} -gt 0 ];then
    echo "PASSWORD C is wrong - try again or cancel"
    sleep 3
    sudo /home/admin/config.scripts/lnd.autounlock.sh on
    exit 1
  fi
  shred ./.tmp
 fi
 # config file
 configFile="/mnt/hdd/raspiblitz.conf"
 # lnd conf file
 lndConfig="/mnt/hdd/lnd/lnd.conf"
 # check if config file exists
 configExists=$(ls ${configFile} | grep -c '.conf')
 if [ ${configExists} -eq 0 ]; then
 echo "FAIL - missing ${configFile}"
 exit 1
 fi
 # make sure entry line for 'autoUnlock' exists 
 entryExists=$(cat ${configFile} | grep -c 'autoUnlock=')
 if [ ${entryExists} -eq 0 ]; then
  echo "autoUnlock=" >> ${configFile}
 fi
 # switch on
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # make sure config values are uncommented
  sudo sed -i "s/^#restlisten=.*/restlisten=/g" /mnt/hdd/lnd/lnd.conf
  sudo sed -i "s/^#tlsextraip=.*/tlsextraip=/g" /mnt/hdd/lnd/lnd.conf
  # make sure config values exits
  exists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'restlisten=')
  if [ ${exists} -eq 0 ]; then
    sudo sed -n -i 'p;4a restlisten=' /mnt/hdd/lnd/lnd.conf
  fi
  exists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c 'tlsextraip')
  if [ ${exists} -eq 0 ]; then
    sudo sed -n -i 'p;5a tlsextraip=' /mnt/hdd/lnd/lnd.conf
  fi
  # set needed config values
  sudo sed -i "s/^restlisten=.*/restlisten=0.0.0.0:8080/g" /mnt/hdd/lnd/lnd.conf
  sudo sed -i "s/^tlsextraip=.*/tlsextraip=0.0.0.0/g" /mnt/hdd/lnd/lnd.conf
  # refresh TLS cert
  sudo /home/admin/config.scripts/lnd.newtlscert.sh
  echo "switching the Auto-Unlock ON"
  # setting value in raspi blitz config
  sudo sed -i "s/^autoUnlock=.*/autoUnlock=on/g" /mnt/hdd/raspiblitz.conf
  # password C needs to be stored on RaspiBlitz
  echo "storing password for root in /root/lnd.autounlock.pwd"
  sudo sh -c "echo \"${passwordC}\" > /root/lnd.autounlock.pwd"
  echo "Auto-Unlock is now ON"
 fi
 # switch off
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "switching the Auto-Unlock OFF"
  # setting value in raspi blitz config
  sudo sed -i "s/^autoUnlock=.*/autoUnlock=off/g" /mnt/hdd/raspiblitz.conf
  # delete password C securly
  echo "shredding password on RaspiBlitz"
  sudo shred -u /root/lnd.autounlock.pwd
  echo "Auto-Unlock is now OFF"
 fi
--- a/home.admin/config.scripts/lnd.newtlscert.sh
+++ b/home.admin/config.scripts/lnd.newtlscert.sh
@ -0,0 +1,29 @@
 #!/bin/bash
 # stop services
 echo "making sure services are not running"
 sudo systemctl stop lnd 2>/dev/null
 echo "deleting TLSCert"
 sudo rm /mnt/hdd/lnd/tls.* 2>/dev/null
 echo "let lnd generate new TLSCert"
 sudo -u bitcoin /usr/local/bin/lnd &>/dev/null &
 echo "wait until generated"
 newCertExists=0
 count=0
 while [ ${newCertExists} -eq 0 ]
 do
  count=$(($count + 1))
  echo "(${count}/60) check for cert"
  if [ ${count} -gt 60 ]; then
    echo "FAIL - was not able to generate new LND certs"
    exit 1
  fi
  newCertExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c '.cert')
  sleep 2
 done
 sudo killall /usr/local/bin/lnd
 echo "copy new cert to admin user"
 sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd
 echo "OK TLS certs are fresh"
--- a/home.admin/config.scripts/lnd.unlock.py
+++ b/home.admin/config.scripts/lnd.unlock.py
@ -0,0 +1,9 @@
 # parameter #1: password c to unlock wallet
 import base64, codecs, json, requests, sys
 url = 'https://localhost:8080/v1/unlockwallet'
 cert_path = '/mnt/hdd/lnd/tls.cert'
 data = {
    'wallet_password': base64.b64encode(sys.argv[1]).decode()
 }
 r = requests.post(url, verify=cert_path, data=json.dumps(data))
 print(r.json())
`@ -1,2 +1,2 @@`
	`# RaspiBlitz Version - always [main].[sub]`	`# RaspiBlitz Version - always [main].[sub]`
	`codeVersion="0.98"`	`codeVersion="0.99"`