cl.hsmtool: run encrypt with sudo

2025-04-03 09:28:22 +02:00 · 2022-02-09 09:53:13 +00:00 · 2022-02-09 09:53:13 +00:00 · ae719bcf73
commit ae719bcf73
parent c3bf3c1859
3 changed files with 18 additions and 11 deletions
--- a/home.admin/00settingsMenuBasics.sh
+++ b/home.admin/00settingsMenuBasics.sh
@ -458,7 +458,7 @@ if [ "${clEncryptedHSM}" != "${choice}" ] && [ "${clNode}" == "on" ]; then
  echo "clEncryptedHSM Setting changed .."
  anychange=1
  if [ "${choice}" == "on" ]; then
-    /home/admin/config.scripts/cl.hsmtool.sh encrypt mainnet
+    sudo /home/admin/config.scripts/cl.hsmtool.sh encrypt mainnet
  else
    /home/admin/config.scripts/cl.hsmtool.sh decrypt mainnet
  fi
--- a/home.admin/99clRepairMenu.sh
+++ b/home.admin/99clRepairMenu.sh
@ -68,7 +68,7 @@ CHOICE=$(dialog --clear \

 case $CHOICE in
  ENCRYPT)
-    /home/admin/config.scripts/cl.hsmtool.sh encrypt $CHAIN
+    sudo /home/admin/config.scripts/cl.hsmtool.sh encrypt $CHAIN
    source /mnt/hdd/raspiblitz.conf
    ;;

--- a/home.admin/config.scripts/cl.hsmtool.sh
+++ b/home.admin/config.scripts/cl.hsmtool.sh
@ -233,8 +233,8 @@ if [ "$1" = "new" ] || [ "$1" = "new-force" ] || [ "$1" = "seed" ] || [ "$1" = "
  sudo chown bitcoin:bitcoin /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info
  sudo chmod 600 /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info
  echo "
-# This file was placed by cl.hsmtool.sh .
-# Contains the seed words from which the hsm_secret in the same directory was generated
+# This file was placed by cl.hsmtool.sh
+# Contains the seed words from which the hsm_secret in the same directory was generated from
 seedwords='${seedwords}'
 seedwords6x4='${seedwords6x4}'
 # Will be removed safely when the hsm_secret is encrypted.
@ -327,8 +327,15 @@ elif [ "$1" = "lock" ]; then
  exit 0

 elif [ "$1" = "encrypt" ]; then
-  if [ -f  /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info ];then
-    source <(sudo -u bitcoin cat /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info)
+
+   # check if sudo
+  if [ "$EUID" -ne 0 ]; then
+    echo "Please run as root (with sudo)"
+    exit 1
+  fi
+
+  if [ -f /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info ]; then
+    source /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info
    if [ ${#seedwords6x4} -gt 0 ];then
      # show the words one last time
      ack=0
@ -344,12 +351,12 @@ elif [ "$1" = "encrypt" ]; then
    else
      deletedWhen="not available any more"
    fi
-    # delete seedwords.info
-    sudo -u bitcoin shred /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info
+    # shred seedwords.info
+    shred /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info
  fi
  echo "
 # This file is placed by cl.hsmtool.sh .
-# The seed words from which the hsm_secret in the same directory was generated
+# The seed words from which the hsm_secret in the same directory was generated from
 # were $deletedWhen.
 # The words cannot be generated from the hsm_secret (one way function).
 # If you don't have the words the hsm_secret can be still backed up in hex:
@ -392,13 +399,13 @@ elif [ "$1" = "change-password" ]; then
  if ! encryptHSMsecret "$walletPassword"; then
    echo "# Warning: the hsm_secret is left unencrypted."
    echo "# To fix run:"
-    echo "/home/admin/config.scripts/cl.hsmtool encrypt $2"
+    echo "sudo /home/admin/config.scripts/cl.hsmtool encrypt $2"
    exit 1
  fi
  exit 0

 elif [ "$1" = "check" ]; then
-  # TODO
+  # TODO https://github.com/rootzoll/raspiblitz/issues/2897
  # dumponchaindescriptors <path/to/hsm_secret> [network]
  # get current descriptors
  sudo -u bitcoin /home/bitcoin/lightning/tools/hsmtool dumponchaindescriptors \