|
@ -3,9 +3,10 @@ |
|
|
set -euo pipefail |
|
|
set -euo pipefail |
|
|
|
|
|
|
|
|
UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)" |
|
|
UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)" |
|
|
BACKUP_FOLDER="backup" |
|
|
BACKUP_ROOT="${UMBREL_ROOT}/.backup/$RANDOM" |
|
|
BACKUP_ROOT="${UMBREL_ROOT}/${BACKUP_FOLDER}" |
|
|
BACKUP_FOLDER_NAME="backup" |
|
|
BACKUP_FILE="${UMBREL_ROOT}/backup.tar.gz.pgp" |
|
|
BACKUP_FOLDER_PATH="${BACKUP_ROOT}/${BACKUP_FOLDER_NAME}" |
|
|
|
|
|
BACKUP_FILE="${BACKUP_ROOT}/backup.tar.gz.pgp" |
|
|
|
|
|
|
|
|
check_dependencies () { |
|
|
check_dependencies () { |
|
|
for cmd in "$@"; do |
|
|
for cmd in "$@"; do |
|
@ -25,7 +26,6 @@ derive_entropy () { |
|
|
|
|
|
|
|
|
if [[ -z "$umbrel_seed" ]] || [[ -z "$identifier" ]]; then |
|
|
if [[ -z "$umbrel_seed" ]] || [[ -z "$identifier" ]]; then |
|
|
>&2 echo "Missing derivation parameter, this is unsafe, exiting." |
|
|
>&2 echo "Missing derivation parameter, this is unsafe, exiting." |
|
|
rm -f "${UMBREL_ROOT}/statuses/backup-in-progress" |
|
|
|
|
|
exit 1 |
|
|
exit 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -33,21 +33,9 @@ derive_entropy () { |
|
|
printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${umbrel_seed}" | sed 's/^.* //' |
|
|
printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${umbrel_seed}" | sed 's/^.* //' |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
# Make sure an update is not in progres |
|
|
|
|
|
if [[ -f "${UMBREL_ROOT}/statuses/backup-in-progress" ]]; then |
|
|
|
|
|
echo "A backup is already in progress. Exiting now." |
|
|
|
|
|
exit 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
echo "Creating lock..." |
|
|
|
|
|
touch "${UMBREL_ROOT}/statuses/backup-in-progress" |
|
|
|
|
|
|
|
|
|
|
|
[[ -f "${UMBREL_ROOT}/.env" ]] && source "${UMBREL_ROOT}/.env" |
|
|
[[ -f "${UMBREL_ROOT}/.env" ]] && source "${UMBREL_ROOT}/.env" |
|
|
BITCOIN_NETWORK=${BITCOIN_NETWORK:-mainnet} |
|
|
BITCOIN_NETWORK=${BITCOIN_NETWORK:-mainnet} |
|
|
|
|
|
|
|
|
[[ -d "${BACKUP_ROOT}" ]] && rm -rf "${BACKUP_ROOT}" |
|
|
|
|
|
[[ -f "${BACKUP_FILE}" ]] && rm -f "${BACKUP_FILE}" |
|
|
|
|
|
|
|
|
|
|
|
echo "Deriving keys..." |
|
|
echo "Deriving keys..." |
|
|
|
|
|
|
|
|
backup_id=$(derive_entropy "umbrel_backup_id") |
|
|
backup_id=$(derive_entropy "umbrel_backup_id") |
|
@ -57,19 +45,18 @@ echo "Creating backup..." |
|
|
|
|
|
|
|
|
if [[ ! -f "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" ]]; then |
|
|
if [[ ! -f "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" ]]; then |
|
|
echo "No channel.backup file found, skipping backup..." |
|
|
echo "No channel.backup file found, skipping backup..." |
|
|
rm -f "${UMBREL_ROOT}/statuses/backup-in-progress" |
|
|
|
|
|
exit 1 |
|
|
exit 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
mkdir -p "${BACKUP_ROOT}" |
|
|
mkdir -p "${BACKUP_FOLDER_PATH}" |
|
|
|
|
|
|
|
|
cp --archive "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" "${BACKUP_ROOT}/channel.backup" |
|
|
cp --archive "${UMBREL_ROOT}/lnd/data/chain/bitcoin/${BITCOIN_NETWORK}/channel.backup" "${BACKUP_FOLDER_PATH}/channel.backup" |
|
|
|
|
|
|
|
|
# We want to back up user settings too, however we currently store the encrypted |
|
|
# We want to back up user settings too, however we currently store the encrypted |
|
|
# mnemonic in this file which is not safe to backup remotely. |
|
|
# mnemonic in this file which is not safe to backup remotely. |
|
|
# Uncomment this in the future once we've ensured there's no critical data in |
|
|
# Uncomment this in the future once we've ensured there's no critical data in |
|
|
# this file. |
|
|
# this file. |
|
|
# cp --archive "${UMBREL_ROOT}/db/user.json" "${BACKUP_ROOT}/user.json" |
|
|
# cp --archive "${UMBREL_ROOT}/db/user.json" "${BACKUP_FOLDER_PATH}/user.json" |
|
|
|
|
|
|
|
|
echo "Adding random padding..." |
|
|
echo "Adding random padding..." |
|
|
|
|
|
|
|
@ -79,7 +66,7 @@ echo "Adding random padding..." |
|
|
# this makes a (already very difficult) timing analysis attack to correlate backup |
|
|
# this makes a (already very difficult) timing analysis attack to correlate backup |
|
|
# activity with channel state changes practically impossible. |
|
|
# activity with channel state changes practically impossible. |
|
|
padding="$(shuf -i 0-10240 -n 1)" |
|
|
padding="$(shuf -i 0-10240 -n 1)" |
|
|
dd if=/dev/urandom bs="${padding}" count=1 > "${BACKUP_ROOT}/.padding" |
|
|
dd if=/dev/urandom bs="${padding}" count=1 > "${BACKUP_FOLDER_PATH}/.padding" |
|
|
|
|
|
|
|
|
echo "Creating encrypted tarball..." |
|
|
echo "Creating encrypted tarball..." |
|
|
|
|
|
|
|
@ -87,8 +74,8 @@ tar \ |
|
|
--create \ |
|
|
--create \ |
|
|
--gzip \ |
|
|
--gzip \ |
|
|
--verbose \ |
|
|
--verbose \ |
|
|
--directory "${UMBREL_ROOT}" \ |
|
|
--directory "${BACKUP_FOLDER_PATH}/.." \ |
|
|
"${BACKUP_FOLDER}" \ |
|
|
"${BACKUP_FOLDER_NAME}" \ |
|
|
| gpg \ |
|
|
| gpg \ |
|
|
--batch \ |
|
|
--batch \ |
|
|
--symmetric \ |
|
|
--symmetric \ |
|
@ -124,10 +111,6 @@ fi |
|
|
echo |
|
|
echo |
|
|
|
|
|
|
|
|
rm -rf "${BACKUP_ROOT}" |
|
|
rm -rf "${BACKUP_ROOT}" |
|
|
rm -f "${BACKUP_FILE}" |
|
|
|
|
|
|
|
|
|
|
|
echo "Removing lock..." |
|
|
|
|
|
rm -f "${UMBREL_ROOT}/statuses/backup-in-progress" |
|
|
|
|
|
|
|
|
|
|
|
echo "=============================" |
|
|
echo "=============================" |
|
|
echo "${status}" |
|
|
echo "${status}" |
|
|