mirror of https://github.com/lukechilds/umbrel.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93 lines
2.1 KiB
93 lines
2.1 KiB
3 years ago
|
#!/usr/bin/env bash
|
||
|
|
||
|
set -euo pipefail
|
||
|
|
||
|
UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)"
|
||
|
RESTORE_ID="$RANDOM"
|
||
|
|
||
|
show_help() {
|
||
|
cat << EOF
|
||
|
restore 0.0.1
|
||
|
|
||
|
CLI for restoring Umbrel backups (SCB). The file is decrypted if necessary.
|
||
|
|
||
|
Usage: restore <path-to-backup-file>
|
||
|
EOF
|
||
|
}
|
||
|
|
||
|
check_dependencies () {
|
||
|
for cmd in "$@"; do
|
||
|
if ! command -v "$cmd" >/dev/null 2>&1; then
|
||
|
echo "This script requires \"${cmd}\" to be installed"
|
||
|
exit 1
|
||
|
fi
|
||
|
done
|
||
|
}
|
||
|
|
||
|
check_dependencies openssl tar gpg
|
||
|
|
||
|
# Deterministically derives 128 bits of cryptographically secure entropy
|
||
|
derive_entropy () {
|
||
|
identifier="${1}"
|
||
|
umbrel_seed=$(cat "${UMBREL_ROOT}/db/umbrel-seed/seed") || true
|
||
|
|
||
|
if [[ -z "$umbrel_seed" ]] || [[ -z "$identifier" ]]; then
|
||
|
>&2 echo "Missing derivation parameter, this is unsafe, exiting."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# We need `sed 's/^.* //'` to trim the "(stdin)= " prefix from some versions of openssl
|
||
|
printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${umbrel_seed}" | sed 's/^.* //'
|
||
|
}
|
||
|
|
||
|
echo "Deriving keys..."
|
||
|
|
||
|
backup_id=$(derive_entropy "umbrel_backup_id")
|
||
|
encryption_key=$(derive_entropy "umbrel_backup_encryption_key")
|
||
|
|
||
|
if [ -z ${1+x} ]; then
|
||
|
show_help
|
||
|
exit 1
|
||
|
else
|
||
|
BACKUP_FILE="$1"
|
||
|
fi
|
||
|
|
||
|
if [[ "$BACKUP_FILE" == *.pgp ]]; then
|
||
|
echo "Backup is encrypted, decrypting backup..."
|
||
|
|
||
|
BACKUP_FOLDER_PATH="/tmp/backup-$RESTORE_ID"
|
||
|
mkdir -p "${BACKUP_FOLDER_PATH}"
|
||
|
|
||
|
cat "${BACKUP_FILE}" | gpg \
|
||
|
--batch \
|
||
|
--decrypt \
|
||
|
--passphrase "${encryption_key}" \
|
||
|
| tar \
|
||
|
--extract \
|
||
|
--verbose \
|
||
|
--gzip \
|
||
|
--directory "$BACKUP_FOLDER_PATH" \
|
||
|
|| {
|
||
|
echo "Failed to decrypt backup, exiting..."
|
||
|
exit 1
|
||
|
}
|
||
|
|
||
|
BACKUP_FILE="$BACKUP_FOLDER_PATH/backup/channel.backup"
|
||
|
|
||
|
echo "Backup decrypted."
|
||
|
fi
|
||
|
|
||
|
BACKUP_FILE_LND="$UMBREL_ROOT/lnd/channel-$RESTORE_ID.backup"
|
||
|
mv -f "$BACKUP_FILE" "$BACKUP_FILE_LND"
|
||
|
|
||
|
echo "Restoring channel backup..."
|
||
|
echo "This can take a while, depending on your number of channels."
|
||
|
|
||
|
$UMBREL_ROOT/bin/lncli restorechanbackup --multi_file "/data/.lnd/channel-$RESTORE_ID.backup"
|
||
|
|
||
|
echo "Cleaning files..."
|
||
|
|
||
|
rm -Rf "$BACKUP_FOLDER_PATH" "$BACKUP_FILE_LND"
|
||
|
|
||
|
echo "Done!"
|