From 681e8c98bdb7d549e1cb24b91ee8d493ab549c22 Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Sat, 18 Dec 2021 02:29:57 +0000
Subject: [PATCH] cl: move the autounlock file to /home/bitcoin/ to fix
 permission errors in #2812

---
 home.admin/99clRepairMenu.sh                  |  2 +-
 home.admin/config.scripts/cl.hsmtool.sh       | 22 +++++++++----------
 .../config.scripts/cl.install-service.sh      |  2 +-
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/home.admin/99clRepairMenu.sh b/home.admin/99clRepairMenu.sh
index 32d7e8fe5..4a6daa589 100644
--- a/home.admin/99clRepairMenu.sh
+++ b/home.admin/99clRepairMenu.sh
@@ -21,7 +21,7 @@ if [ "$(eval echo \$${netprefix}clEncryptedHSM)" = "off" ];then
 elif [ "$(eval echo \$${netprefix}clEncryptedHSM)"  = "on" ];then
     OPTIONS+=(PASSWORD_C "Change the hsm_secret encryption password")
     OPTIONS+=(DECRYPT "Decrypt the hsm_secret")
-  if [ ! -f "/root/.${netprefix}cl.pw" ]; then
+  if [ ! -f "/home/bitcoin/.${netprefix}cl.pw" ]; then
     OPTIONS+=(AUTOUNLOCK-ON "Auto-decrypt the hsm_secret after boot")
   else
     OPTIONS+=(AUTOUNLOCK-OFF "Do not auto-decrypt the hsm_secret after boot")
diff --git a/home.admin/config.scripts/cl.hsmtool.sh b/home.admin/config.scripts/cl.hsmtool.sh
index d122e38b8..e7129083c 100644
--- a/home.admin/config.scripts/cl.hsmtool.sh
+++ b/home.admin/config.scripts/cl.hsmtool.sh
@@ -3,7 +3,7 @@
 # keeps the password in memory between restarts: /dev/shm/.${netprefix}cl.pw
 # see the reasoning: https://github.com/ElementsProject/lightning#hd-wallet-encryption
 # does not store the password on disk unless auto-unlock is enabled
-# autounlock password is in /root/.${netprefix}cl.pw
+# autounlock password is in /home/bitcoin/.${netprefix}cl.pw
 
 # command info
 if [ $# -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]||\
@@ -41,7 +41,7 @@ hsmSecretPath="/home/bitcoin/.lightning/${CLNETWORK}/hsm_secret"
 passwordFile=/dev/shm/.${netprefix}cl.pw
 if grep -Eq "${netprefix}clEncryptedHSM=on" /mnt/hdd/raspiblitz.conf;then
   if grep -Eq "${netprefix}clAutoUnlock=on" /mnt/hdd/raspiblitz.conf;then
-    passwordFile=/root/${netprefix}cl.pw
+    passwordFile=/home/bitcoin/${netprefix}cl.pw
   fi
 fi
 
@@ -72,7 +72,7 @@ function passwordToFile() {
       sudo touch $passwordFile
       sudo chmod 600 $passwordFile
       sudo chown bitcoin:bitcoin $passwordFile
-      sudo tee $passwordFile 1>/dev/null < "$data"
+      sudo -u bitcoin tee $passwordFile 1>/dev/null < "$data"
       shred "$data";;
     1)
       shred "$data"
@@ -94,8 +94,8 @@ function shredPasswordFile() {
   if [ -f /dev/shm/.${netprefix}cl.pw ];then
     sudo shred -uvz /dev/shm/.${netprefix}cl.pw
   fi
-  if [ -f /root/${netprefix}cl.pw ];then
-    sudo shred -uvz /root/${netprefix}cl.pw
+  if [ -f /home/bitcoin/${netprefix}cl.pw ];then
+    sudo shred -uvz /home/bitcoin/${netprefix}cl.pw
   fi
 }
 
@@ -321,10 +321,10 @@ elif [ "$1" = "decrypt" ]; then
 
 elif [ "$1" = "autounlock-on" ]; then
   if grep -Eq "${netprefix}clEncryptedHSM=on" /mnt/hdd/raspiblitz.conf;then
-    echo "# Moving the password from $passwordFile to /root/.${netprefix}cl.pw"
-    sudo -u bitcoin mv /dev/shm/.${netprefix}cl.pw /root/.${netprefix}cl.pw
+    echo "# Moving the password from $passwordFile to /home/bitcoin/.${netprefix}cl.pw"
+    sudo -u bitcoin mv /dev/shm/.${netprefix}cl.pw /home/bitcoin/.${netprefix}cl.pw
   else
-    passwordFile=/root/.${netprefix}cl.pw
+    passwordFile=/home/bitcoin/.${netprefix}cl.pw
     passwordToFile
   fi
   # setting value in raspiblitz config
@@ -333,9 +333,9 @@ elif [ "$1" = "autounlock-on" ]; then
   echo "# Autounlock is on for C-lightning $CHAIN"
 
 elif [ "$1" = "autounlock-off" ]; then
-  if [ -f /root/${netprefix}cl.pw ];then
-    sudo cp /root/.${netprefix}cl.pw /dev/shm/.${netprefix}cl.pw
-    sudo shred -uzv /root/.${netprefix}cl.pw
+  if [ -f /home/bitcoin/${netprefix}cl.pw ];then
+    sudo cp /home/bitcoin/.${netprefix}cl.pw /dev/shm/.${netprefix}cl.pw
+    sudo shred -uzv /home/bitcoin/.${netprefix}cl.pw
     sudo chmod 600 /dev/shm/.${netprefix}cl.pw
     sudo chown bitcoin:bitcoin /dev/shm/.${netprefix}cl.pw
   fi
diff --git a/home.admin/config.scripts/cl.install-service.sh b/home.admin/config.scripts/cl.install-service.sh
index 1ff66175d..f299a1d50 100644
--- a/home.admin/config.scripts/cl.install-service.sh
+++ b/home.admin/config.scripts/cl.install-service.sh
@@ -36,7 +36,7 @@ fi
 
 if grep -Eq "${netprefix}clEncryptedHSM=on" /mnt/hdd/raspiblitz.conf;then
   if grep -Eq "${netprefix}clAutoUnlock=on" /mnt/hdd/raspiblitz.conf;then
-    passwordFile=/root/.${netprefix}cl.pw
+    passwordFile=/home/bitcoin/.${netprefix}cl.pw
   else
     passwordFile=/dev/shm/.${netprefix}cl.pw
   fi