#!/usr/bin/env bash
set -euo pipefail
UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)"
RESTORE_ID="$RANDOM"
show_help() {
cat << EOF
restore 0.0.1
CLI for restoring Umbrel backups (SCB). The file is decrypted if necessary.
Usage: restore <path-to-backup-file>
EOF
}
check_dependencies () {
for cmd in "$@"; do
if ! command -v "$cmd" >/dev/null 2>&1; then
echo "This script requires \"${cmd}\" to be installed"
exit 1
fi
done
}
check_dependencies openssl tar gpg
# Deterministically derives 128 bits of cryptographically secure entropy
derive_entropy () {
identifier="${1}"
umbrel_seed=$(cat "${UMBREL_ROOT}/db/umbrel-seed/seed") || true
if [[ -z "$umbrel_seed" ]] || [[ -z "$identifier" ]]; then
>&2 echo "Missing derivation parameter, this is unsafe, exiting."
exit 1
fi
# We need `sed 's/^.* //'` to trim the "(stdin)= " prefix from some versions of openssl
printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${umbrel_seed}" | sed 's/^.* //'
}
echo "Deriving keys..."
backup_id=$(derive_entropy "umbrel_backup_id")
encryption_key=$(derive_entropy "umbrel_backup_encryption_key")
if [ -z ${1+x} ]; then
show_help
exit 1
else
BACKUP_FILE="$1"
fi
if [[ "$BACKUP_FILE" == *.pgp ]]; then
echo "Backup is encrypted, decrypting backup..."
BACKUP_FOLDER_PATH="/tmp/backup-$RESTORE_ID"
mkdir -p "${BACKUP_FOLDER_PATH}"
cat "${BACKUP_FILE}" | gpg \
--batch \
--decrypt \
--passphrase "${encryption_key}" \
| tar \
--extract \
--verbose \
--gzip \
--directory "$BACKUP_FOLDER_PATH" \
|| {
echo "Failed to decrypt backup, exiting..."
exit 1
}
BACKUP_FILE="$BACKUP_FOLDER_PATH/backup/channel.backup"
echo "Backup decrypted."
fi
BACKUP_FILE_LND="$UMBREL_ROOT/lnd/channel-$RESTORE_ID.backup"
mv -f "$BACKUP_FILE" "$BACKUP_FILE_LND"
echo "Restoring channel backup..."
echo "This can take a while, depending on your number of channels."
$UMBREL_ROOT/bin/lncli restorechanbackup --multi_file "/data/.lnd/channel-$RESTORE_ID.backup"
echo "Cleaning files..."
rm -Rf "$BACKUP_FOLDER_PATH" "$BACKUP_FILE_LND"
echo "Done!"