mirror of
https://github.com/raspiblitz/raspiblitz.git
synced 2025-09-21 14:11:06 +02:00
cln: use the binary lightning-hsmtool
This commit is contained in:
openoms
@@ -282,9 +282,8 @@ if [ ${mode} = "cln-import-gui" ]; then
|
|||||||
# check if encrypted
|
# check if encrypted
|
||||||
trap 'rm -f "$output"' EXIT
|
trap 'rm -f "$output"' EXIT
|
||||||
output=$(mktemp -p /dev/shm/)
|
output=$(mktemp -p /dev/shm/)
|
||||||
echo "test" | sudo -u bitcoin \
|
echo "test" | sudo -u bitcoin lightning-hsmtool decrypt "$hsmSecretPath" \
|
||||||
/home/bitcoin/lightning/tools/hsmtool decrypt \
|
2> "$output"
|
||||||
"$hsmSecretPath" 2> "$output"
|
|
||||||
if [ "$(grep -c "hsm_secret is not encrypted" < "$output")" -gt 0 ];then
|
if [ "$(grep -c "hsm_secret is not encrypted" < "$output")" -gt 0 ];then
|
||||||
echo "# The hsm_secret is not encrypted"
|
echo "# The hsm_secret is not encrypted"
|
||||||
echo "# Record in raspiblitz.conf"
|
echo "# Record in raspiblitz.conf"
|
||||||
|
|||||||
@@ -113,15 +113,14 @@ function encryptHSMsecret() {
|
|||||||
if [ ${#walletPassword} -eq 0 ];then
|
if [ ${#walletPassword} -eq 0 ];then
|
||||||
# ask for password in dialog if $walletPassword is not given in $3
|
# ask for password in dialog if $walletPassword is not given in $3
|
||||||
sudo /home/admin/config.scripts/blitz.setpassword.sh x \
|
sudo /home/admin/config.scripts/blitz.setpassword.sh x \
|
||||||
"Enter the password to encrypt the C-lightning wallet file (hsm_secret)" \
|
"Enter the password to encrypt the C-lightning wallet file (hsm_secret)" \
|
||||||
"$passwordFile"
|
"$passwordFile"
|
||||||
sudo chown bitcoin:bitcoin $passwordFile
|
sudo chown bitcoin:bitcoin $passwordFile
|
||||||
sudo chmod 600 $passwordFile
|
sudo chmod 600 $passwordFile
|
||||||
walletPassword=$(sudo cat $passwordFile)
|
walletPassword=$(sudo cat $passwordFile)
|
||||||
fi
|
fi
|
||||||
(echo $walletPassword; echo $walletPassword) | sudo -u bitcoin \
|
(echo $walletPassword; echo $walletPassword) | \
|
||||||
/home/bitcoin/lightning/tools/hsmtool encrypt \
|
sudo -u bitcoin lightning-hsmtool encrypt $hsmSecretPath || exit 1
|
||||||
$hsmSecretPath || exit 1
|
|
||||||
# setting value in raspiblitz.conf
|
# setting value in raspiblitz.conf
|
||||||
sudo sed -i \
|
sudo sed -i \
|
||||||
"s/^${netprefix}clnEncryptedHSM=.*/${netprefix}clnEncryptedHSM=on/g" \
|
"s/^${netprefix}clnEncryptedHSM=.*/${netprefix}clnEncryptedHSM=on/g" \
|
||||||
@@ -134,9 +133,8 @@ function decryptHSMsecret() {
|
|||||||
# check if encrypted
|
# check if encrypted
|
||||||
trap 'rm -f "$output"' EXIT
|
trap 'rm -f "$output"' EXIT
|
||||||
output=$(mktemp -p /dev/shm/)
|
output=$(mktemp -p /dev/shm/)
|
||||||
echo "test" | sudo -u bitcoin \
|
echo "test" | sudo -u bitcoin lightning-hsmtool decrypt "$hsmSecretPath" \
|
||||||
/home/bitcoin/lightning/tools/hsmtool decrypt \
|
2> "$output"
|
||||||
"$hsmSecretPath" 2> "$output"
|
|
||||||
if [ "$(grep -c "hsm_secret is not encrypted" < "$output")" -gt 0 ];then
|
if [ "$(grep -c "hsm_secret is not encrypted" < "$output")" -gt 0 ];then
|
||||||
echo "# The hsm_secret is not encrypted"
|
echo "# The hsm_secret is not encrypted"
|
||||||
shredPasswordFile
|
shredPasswordFile
|
||||||
@@ -151,16 +149,14 @@ function decryptHSMsecret() {
|
|||||||
else
|
else
|
||||||
passwordToFile
|
passwordToFile
|
||||||
fi
|
fi
|
||||||
if sudo cat $passwordFile | sudo -u bitcoin \
|
if sudo cat $passwordFile | sudo -u bitcoin lightning-hsmtool decrypt \
|
||||||
/home/bitcoin/lightning/tools/hsmtool decrypt \
|
"$hsmSecretPath"; then
|
||||||
"$hsmSecretPath" ; then
|
|
||||||
echo "# Decrypted successfully"
|
echo "# Decrypted successfully"
|
||||||
else
|
else
|
||||||
# unlock manually
|
# unlock manually
|
||||||
/home/admin/config.scripts/cln.hsmtool.sh unlock
|
/home/admin/config.scripts/cln.hsmtool.sh unlock
|
||||||
# attempt to decrypt again
|
# attempt to decrypt again
|
||||||
sudo cat $passwordFile | sudo -u bitcoin \
|
sudo cat $passwordFile | sudo -u bitcoin lightning-hsmtool decrypt \
|
||||||
/home/bitcoin/lightning/tools/hsmtool decrypt \
|
|
||||||
"$hsmSecretPath" || echo "# Couldn't decrypt"; exit 1
|
"$hsmSecretPath" || echo "# Couldn't decrypt"; exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@@ -229,10 +225,12 @@ seedwords6x4='${seedwords6x4}'
|
|||||||
|
|
||||||
# pass to 'hsmtool generatehsm hsm_secret'
|
# pass to 'hsmtool generatehsm hsm_secret'
|
||||||
if [ ${#seedpassword} -eq 0 ]; then
|
if [ ${#seedpassword} -eq 0 ]; then
|
||||||
(echo "0"; echo "${seedwords}"; echo) | sudo -u bitcoin /home/bitcoin/lightning/tools/hsmtool "generatehsm" $hsmSecretPath 1>&2
|
(echo "0"; echo "${seedwords}"; echo) | sudo -u bitcoin lightning-hsmtool \
|
||||||
|
"generatehsm" $hsmSecretPath 1>&2
|
||||||
else
|
else
|
||||||
# pass to 'hsmtool generatehsm hsm_secret' - confirm seedPassword
|
# pass to 'hsmtool generatehsm hsm_secret' - confirm seedPassword
|
||||||
(echo "0"; echo "${seedwords}"; echo "$seedpassword"; echo "$seedpassword") | sudo -u bitcoin /home/bitcoin/lightning/tools/hsmtool "generatehsm" $hsmSecretPath 1>&2
|
(echo "0"; echo "${seedwords}"; echo "$seedpassword"; echo "$seedpassword")\
|
||||||
|
| sudo -u bitcoin lightning-hsmtool "generatehsm" $hsmSecretPath 1>&2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "# Re-init the backup plugin with the new wallet"
|
echo "# Re-init the backup plugin with the new wallet"
|
||||||
|
|||||||
Reference in New Issue
Block a user