Merge branch 'v1.6' into specter-update

README.md

@@ -6,7 +6,7 @@
 
 ![RaspiBlitz](pictures/raspiblitz.jpg)
 
-**The RaspiBlitz is a do-it-yourself Lightning Node based on LND running together with a Bitcoin-Fullnode on a RaspberryPi 3/4 - with a HDD/SSD and a nice display for easy setup & monitoring.**
+**The RaspiBlitz is a do-it-yourself Lightning Node based on LND running together with a Bitcoin-Fullnode on a RaspberryPi 3/4 - with an HDD/SSD and a nice display for easy setup & monitoring.**
 
 RaspiBlitz is mainly targeted for learning how to run your own node decentralized from home - because: Not your Node, Not your Rules. Discover & develop the growing ecosystem of the Lightning Network by becoming a full part of it. Build it as part of a [workshop](WORKSHOP.md) or as a weekend project yourself.
 
@@ -45,18 +45,18 @@ You can connect the following Wallet-Apps to your RaspiBlitz:
 * **Fully Noded** (iOS) [details](https://apps.apple.com/us/app/fully-noded/id1436425586)
 * **SendMany** (Android) [details](https://github.com/fusion44/sendmany/blob/master/README.md)
 
-Also much more features like Touchscreen, Autopilot, DynDNS, SSH-Tunneling, UPS Support, ...
+Also many more features like Touchscreen, Autopilot, DynDNS, SSH-Tunneling, UPS Support, ...
 
 ## DeepDive Video (July 2020)
 
 <img src="pictures/raspiblitz-deepdive.png" alt="DeepDive Video" width="400">
 --watch--> https://www.youtube.com/watch?v=QXUGg45CWLo
 
-## Time Estimate to Setup a RaspiBlitz
+## Time Estimate to Set Up a RaspiBlitz
 
-The RaspiBlitz is optimized for being setup during a workshop at a hackday or conference (see [detailed workshop tutorial](WORKSHOP.md)). When it comes ready assembled together with an up-to-date synced blockchain it's possible to have it ready in about 2 to 3 hours - most is waiting time.
+The RaspiBlitz is optimized for being setup during a workshop at a hackday or conference (see [detailed workshop tutorial](WORKSHOP.md)). When it comes fully assembled with an up-to-date synced blockchain, it's possible to have it ready in about 2 to 3 hours - most of it is waiting time.
 
-If you start at home ordering the parts from Amazon (see shopping list below) then it's a weekend project with a lot of download and syncing time where you can do other stuff while checking on the progress from time to time.
+If you start at home ordering the parts from Amazon (see shopping list below) then it's a weekend project with a lot of downloading and syncing time where you can do other stuff while checking on the progress from time to time.
 
 ## Hardware Needed
 

build_sdcard.sh

@@ -443,6 +443,11 @@ echo "*** ADDING GROUPS FOR CREDENTIALS STORE ***"
 sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
 sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
 sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
+sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
+sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
+sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
+sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
+sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
 
 echo ""
 echo "*** SWAP FILE ***"

home.admin/00settingsMenuServices.sh

@@ -66,6 +66,8 @@ if [ "${loop}" != "${choice}" ]; then
   errorOnInstall=$?
   if [ "${choice}" =  "on" ]; then
     if [ ${errorOnInstall} -eq 0 ]; then
+      # check macaroons and fix missing
+      /home/admin/config.scripts/lnd.credential.sh check
       sudo systemctl start loopd
       /home/admin/config.scripts/bonus.loop.sh menu
     else

home.admin/97addMobileWallet.sh

@@ -253,7 +253,7 @@ Please go to MAINMENU > SERVICES and activate KEYSEND first.
   	  exit 1;
   	;;
   ZEUS_ANDROID)
-      appstoreLink="https://play.google.com/store/apps/details?id=com.zeusln.zeus"
+      appstoreLink="https://play.google.com/store/apps/details?id=app.zeusln.zeus"
       /home/admin/config.scripts/blitz.lcd.sh qr ${appstoreLink}
 	  whiptail --title "Install Zeus on your Android Phone" \
 		--yes-button "continue" \
@@ -284,4 +284,4 @@ Please go to MAINMENU > SERVICES and activate KEYSEND first.
   	  /home/admin/config.scripts/bonus.fullynoded.sh
   	  exit 1;
   	;;
-esac
+esac

home.admin/99updateMenu.sh

@@ -58,7 +58,7 @@ Do you want to download LND Data Backup now?
     sleep 2
     /home/admin/config.scripts/lnd.rescue.sh backup
     echo
-    echo "PRESS ENTER to continue once your done downloading."
+    echo "PRESS ENTER to continue once you're done downloading."
     read key
   else
     clear
@@ -284,4 +284,4 @@ case $CHOICE in
   SPECTER)
     /home/admin/config.scripts/bonus.cryptoadvance-specter.sh update
     ;;
-esac
+esac

home.admin/config.scripts/blitz.datadrive.sh

@@ -1117,10 +1117,10 @@ if [ "$1" = "link" ]; then
   echo "The /mnt/hdd/temp directory is for short time data and will get cleaned up on very start. Dont work with data here thats bigger then 25GB - because on BTRFS hdd layout this is a own partition with limited space. Also on BTRFS hdd layout the temp partition is an FAT format - so it can be easily mounted on Windows and OSx laptops by just connecting it to such laptops. Use this for easy export data. To import data make sure to work with the data before bootstrap is deleting the directory on startup." > ./README.txt
   sudo mv ./README.txt /mnt/hdd/temp/README.txt 2>/dev/null
 
-  echo "The /mnt/hdd/app-data directory should be used by additional/optinal apps and services installed to the RaspiBlitz for their data that should survive an import/export/backup. Data that can be reproduced (indexes, etc.) should be stored in app-storage." > ./README.txt
+  echo "The /mnt/hdd/app-data directory should be used by additional/optional apps and services installed to the RaspiBlitz for their data that should survive an import/export/backup. Data that can be reproduced (indexes, etc.) should be stored in app-storage." > ./README.txt
   sudo mv ./README.txt /mnt/hdd/app-data/README.txt 2>/dev/null
 
-  echo "The /mnt/hdd/app-storage directrory should be used by additional/optinal apps and services installed to the RaspiBlitz for their non-critical and reproducable data (indexes, public blockchain, etc.) that does not need to survive an an import/export/backup. Data is critical should be in app-data." > ./README.txt
+  echo "The /mnt/hdd/app-storage directrory should be used by additional/optional apps and services installed to the RaspiBlitz for their non-critical and reproducable data (indexes, public blockchain, etc.) that does not need to survive an an import/export/backup. Data is critical should be in app-data." > ./README.txt
   sudo mv ./README.txt /mnt/hdd/app-storage/README.txt 2>/dev/null
 
   >&2 echo "# OK - all symbolic links build"

home.admin/config.scripts/bonus.bos.sh

@@ -54,18 +54,19 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   # create symlink
   sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/bos/.lnd"
   
-  # make sure rtl is member of lndadmin
+  # add user to group with admin access to lnd
   sudo /usr/sbin/usermod --append --groups lndadmin bos
   
   # install bos
   # check latest version:
   # https://github.com/alexbosworth/balanceofsatoshis/blob/master/package.json#L70
-  sudo -u bos npm install -g balanceofsatoshis@5.41.0
+  sudo -u bos npm install -g balanceofsatoshis@5.43.1
   if ! [ $? -eq 0 ]; then
     echo "FAIL - npm install did not run correctly, aborting"
     exit 1
   fi
 
+
   # setting value in raspi blitz config
   sudo sed -i "s/^bos=.*/bos=on/g" /mnt/hdd/raspiblitz.conf
 

home.admin/config.scripts/bonus.cryptoadvance-specter.sh

@@ -97,7 +97,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     /home/admin/config.scripts/network.wallet.sh on
 
     echo "#    --> Installing prerequisites"
-    sudo apt install -y libusb-1.0.0-dev libudev-dev virtualenv
+    sudo apt install -y libusb-1.0.0-dev libudev-dev virtualenv libffi-dev
 
     # activating Authentication here ...
     echo "#    --> creating App-config"

home.admin/config.scripts/bonus.electrs.sh

@@ -193,7 +193,7 @@ Check 'sudo nginx -t' for a detailed error message.
       echo "${TORaddress}"
       echo
       echo "To connect through TOR open the Tor Browser and start with the options:" 
-      echo "electrum --oneserver --server${TORaddress}:50002:s --proxy socks5:127.0.0.1:9150"
+      echo "electrum --oneserver --server ${TORaddress}:50002:s --proxy socks5:127.0.0.1:9150"
       /home/admin/config.scripts/blitz.lcd.sh qr "${TORaddress}"
     fi
     echo

home.admin/config.scripts/bonus.loop.sh

@@ -33,25 +33,57 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   
   isInstalled=$(sudo ls /etc/systemd/system/loopd.service 2>/dev/null | grep -c 'loopd.service')
   if [ ${isInstalled} -eq 0 ]; then
+
+    # install Go
     /home/admin/config.scripts/bonus.go.sh on
     
     # get Go vars
     source /etc/profile
 
-    cd /home/bitcoin
-    sudo -u bitcoin git clone https://github.com/lightninglabs/loop.git
-    cd /home/bitcoin/loop
+    # create dedicated user
+    sudo adduser --disabled-password --gecos "" loop
+
+    # make sure symlink to central app-data directory exists ***"
+    sudo rm -rf /home/loop/.lnd  # not a symlink.. delete it silently
+    # create symlink
+    sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/loop/.lnd"
+
+    # sync all macaroons and unix groups for access
+    /home/admin/config.scripts/lnd.credentials.sh sync
+    # macaroons will be checked after install
+
+    # add user to group with admin access to lnd
+    sudo /usr/sbin/usermod --append --groups lndadmin loop
+    # add user to group with readonly access on lnd
+    sudo /usr/sbin/usermod --append --groups lndreadonly loop
+    # add user to group with invoice access on lnd
+    sudo /usr/sbin/usermod --append --groups lndinvoice loop
+    # add user to groups with all macaroons
+    sudo /usr/sbin/usermod --append --groups lndinvoices loop
+    sudo /usr/sbin/usermod --append --groups lndchainnotifier loop
+    sudo /usr/sbin/usermod --append --groups lndsigner loop
+    sudo /usr/sbin/usermod --append --groups lndwalletkit loop
+    sudo /usr/sbin/usermod --append --groups lndrouter loop
+
+    # install from source
+    cd /home/loop
+    sudo -u loop git clone https://github.com/lightninglabs/loop.git
+    cd /home/loop/loop
+
     # https://github.com/lightninglabs/loop/releases
-    source <(sudo -u admin /home/admin/config.scripts/lnd.update.sh info)
-    if [ ${lndInstalledVersionMain} -lt 10 ]; then
-      sudo -u bitcoin git reset --hard v0.5.1-beta
-    else
-      sudo -u bitcoin git reset --hard v0.6.5-beta
-    fi
-    cd /home/bitcoin/loop/cmd
+    sudo -u loop git reset --hard v0.8.0-beta
+    cd /home/loop/loop/cmd
     go install ./...
-    
+
     # make systemd service
+    if [ "${runBehindTor}" = "on" ]; then
+      echo "Will connect to Loop server through Tor"
+      proxy="--server.proxy=127.0.0.1:9050"
+    else
+      echo "Will connect to Loop server through clearnet"
+      proxy=""
+    fi
+
     # sudo nano /etc/systemd/system/loopd.service 
     echo "
 [Unit]
@@ -59,10 +91,10 @@ Description=Loopd Service
 After=lnd.service
 
 [Service]
-WorkingDirectory=/home/bitcoin/loop
-ExecStart=/usr/local/gocode/bin/loopd --network=${chain}net
-User=bitcoin
-Group=bitcoin
+WorkingDirectory=/home/loop/loop
+ExecStart=/usr/local/gocode/bin/loopd --network=${chain}net ${proxy}
+User=loop
+Group=loop
 Type=simple
 KillMode=process
 TimeoutSec=60
@@ -102,10 +134,13 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
   isInstalled=$(sudo ls /etc/systemd/system/loopd.service 2>/dev/null | grep -c 'loopd.service')
   if [ ${isInstalled} -eq 1 ]; then
     echo "*** REMOVING LIGHTNING LOOP SERVICE ***"
+    # remove the systemd service
     sudo systemctl stop loopd
     sudo systemctl disable loopd
     sudo rm /etc/systemd/system/loopd.service
-    sudo rm -rf /home/bitcoin/loop
+    # delete user 
+    sudo userdel -rf loop
+    # delete Go packages
     sudo rm  /usr/local/gocode/bin/loop
     sudo rm  /usr/local/gocode/bin/loopd
     echo "OK, the Loop Service is removed."

home.admin/config.scripts/bonus.rtl.sh

@@ -88,7 +88,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     sudo -u rtl rm -rf /home/rtl/RTL 2>/dev/null
     sudo -u rtl git clone https://github.com/ShahanaFarooqui/RTL.git /home/rtl/RTL
     cd /home/rtl/RTL
-    sudo -u rtl git reset --hard v0.8.1
+    sudo -u rtl git reset --hard v0.8.4
     # from https://github.com/Ride-The-Lightning/RTL/commits/master
     # git checkout 917feebfa4fb583360c140e817c266649307ef72
     if [ -d "/home/rtl/RTL" ]; then

home.admin/config.scripts/bonus.thunderhub.sh

@@ -81,7 +81,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     sudo -u thunderhub git clone https://github.com/apotdevin/thunderhub.git /home/thunderhub/thunderhub
     cd /home/thunderhub/thunderhub
     # https://github.com/apotdevin/thunderhub/releases
-    sudo -u thunderhub git reset --hard v0.8.12
+    sudo -u thunderhub git reset --hard v0.9.4
     echo "Running npm install and run build..."
     sudo -u thunderhub npm install
     if ! [ $? -eq 0 ]; then

home.admin/config.scripts/lnd.credentials.sh

@@ -3,7 +3,7 @@
 # command info
 if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
   echo "tool to reset or sync credentials (e.g. macaroons)"
-  echo "lnd.credentials.sh [reset|sync] [?tls|macaroons]"
+  echo "lnd.credentials.sh [reset|sync|check] [?tls|macaroons|keepold]"
   exit 1
 fi
 
@@ -59,6 +59,23 @@ function copy_mac_set_perms() {
   sudo /bin/chmod --silent 640 /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${file_name}"
 }
 
+function check_macaroons() {
+macaroons="admin.macaroon invoice.macaroon readonly.macaroon invoices.macaroon chainnotifier.macaroon signer.macaroon  walletkit.macaroon router.macaroon"
+missing=0
+for macaroon in $macaroons
+do
+  local file_name=${macaroon}
+  local n=${1:-bitcoin} # the network (e.g. bitcoin or litecoin) defaults to bitcoin
+  local c=${2:-main}    # the chain (e.g. main, test, sim, reg) defaults to main (for mainnet)
+  if [ ! -f /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${macaroon}" ]; then
+    missing=$(($missing + 1))
+    echo "# ${macaroon} is missing ($missing)"
+  else
+    echo "# ${macaroon} is present"
+  fi
+done
+}
+
 ###########################
 # RESET Macaroons and TLS
 ###########################
@@ -78,18 +95,28 @@ if [ "$1" = "reset" ]; then
     resetMacaroons=0
   fi
   if [ "$2" == "macaroons" ]; then
-    echo "# just resetting Macaroons"
+    echo "# just resetting macaroons"
     resetTLS=0
     resetMacaroons=1
+    keepOldMacaroons=0
   fi
-  
+  if [ "$2" == "keepold" ]; then
+    echo "# add the missing default macaroons without deauthenticating the old ones"
+    resetTLS=0
+    resetMacaroons=1
+    keepOldMacaroons=1
+  fi
+
+
   if [ ${resetMacaroons} -eq 1 ]; then
     echo "## Resetting Macaroons"
     echo "# all your macaroons get deleted and recreated"
     cd || exit
     sudo find /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
     sudo find /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
-    sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
+    if [ ${keepOldMacaroons} -eq 0 ]; then
+      sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
+    fi
   fi
 
   if [ ${resetTLS} -eq 1 ]; then
@@ -126,10 +153,25 @@ elif [ "$1" = "sync" ]; then
   echo "# make sure LND app-data directories exist"
   sudo /bin/mkdir --mode 0755 --parents /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/
 
+  echo `# make sure all user groups exit for default macaroons`
+  sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
+  sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
+  sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
+  sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
+  sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
+  sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
+  sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
+  sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
+
   echo "# copy macaroons to central app-data directory and ensure unix ownerships and permissions"
   copy_mac_set_perms admin.macaroon lndadmin "${network}" "${chain}"
   copy_mac_set_perms invoice.macaroon lndinvoice "${network}" "${chain}"
   copy_mac_set_perms readonly.macaroon lndreadonly "${network}" "${chain}"
+  copy_mac_set_perms invoices.macaroon lndinvoices "${network}" "${chain}"
+  copy_mac_set_perms chainnotifier.macaroon lndchainnotifier "${network}" "${chain}"
+  copy_mac_set_perms signer.macaroon lndsigner "${network}" "${chain}"
+  copy_mac_set_perms walletkit.macaroon lndwalletkit "${network}" "${chain}"
+  copy_mac_set_perms router.macaroon lndrouter "${network}" "${chain}"
 
   echo "# make sure admin has a symlink at ~/.lnd to /mnt/hdd/app-data/lnd/"
   if ! [[ -L "/home/admin/.lnd" ]]; then
@@ -167,6 +209,15 @@ elif [ "$1" = "sync" ]; then
     sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
   fi
   
+###########################
+# Check Macaroons and fix missing
+###########################
+elif [ "$1" = "check" ]; then
+  check_macaroons ${network} ${chain}
+  if [ $missing -gt 0 ]; then
+    /home/admin/config.scrips/lnd.creds.sh reset keepold
+  fi
+
 ###########################
 # UNKNOWN
 ###########################