From b58fefa0f1365f8e4b5445bf4f4c3c43ada55576 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Mon, 19 Apr 2021 15:46:44 +0100 Subject: [PATCH] BITCOIN UPDATE option (#2202) --- CHANGES.md | 5 +- home.admin/99updateMenu.sh | 87 ++++- home.admin/_bootstrap.provision.sh | 18 + home.admin/config.scripts/bitcoin.update.sh | 347 +++++++++++++------- 4 files changed, 329 insertions(+), 128 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 4fa7c02e5..9d63807bd 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,10 +10,11 @@ - New: Circuitbreaker LND firewall (settings menu) [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) - New: Telegraf metrics (experimental) [details](https://github.com/rootzoll/raspiblitz/issues/1369) - New: Download whitepaper from blockchain [details](https://github.com/rootzoll/raspiblitz/pull/2017) -- Update: bitcoin-core version 0.21.0-beta [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.0.md) +- New: Extended CONNECT and SYSTEM options in the ssh menu [details](https://github.com/rootzoll/raspiblitz/pull/2119) +- Update: bitcoin-core version 0.21.0-beta with UPDATE option [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.0.md) - Update: LND version 0.12.1-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.12.1-beta) - Update: RTL 0.10.1 [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.10.1) -- Update: Sphinx-Relay 2.0.3 (always latest release tag & improved connection dialog) +- Update: Sphinx-Relay 2.0.11 (always latest release tag & improved connection dialog) - Update: Thunderhub 0.12.13 [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.12.12) - Update: Electrs 0.8.9 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#088-22-feb-2021) - Update: BTCPayServer 1.0.7.2 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.0.7.2) diff --git a/home.admin/99updateMenu.sh b/home.admin/99updateMenu.sh index 5e17cdbb1..2e40eb0f6 100755 --- a/home.admin/99updateMenu.sh +++ b/home.admin/99updateMenu.sh @@ -269,6 +269,79 @@ Do you really want to update LND now? esac } +bitcoinUpdate() { + # get bitcoin info + source <(sudo -u admin /home/admin/config.scripts/bitcoin.update.sh info) + + # bitcoin update options + OPTIONS=() + if [ ${bitcoinUpdateInstalled} -eq 0 ]; then + OPTIONS+=(TESTED "Optional Bitcoin Core update to ${bitcoinVersion}") + fi + if [ $installedVersion != $bitcoinLatestVersion ];then + OPTIONS+=(RECKLESS "Untested Bitcoin Core update to ${bitcoinLatestVersion}") + fi + OPTIONS+=(CUSTOM "Update Bitcoin Core to a chosen version") + CHOICE=$(whiptail --clear --title "Update Bitcoin Core Options" --menu "" 9 60 3 "${OPTIONS[@]}" 2>&1 >/dev/tty) + + clear + case $CHOICE in + TESTED) + if [ ${bitcoinUpdateInstalled} -eq 1 ]; then + whiptail --title "ALREADY INSTALLED" \ + --msgbox "The Bitcoin Core version ${bitcoinUpdateVersion} is already installed." 8 30 + exit 1 + fi + whiptail --title "OPTIONAL Bitcoin Core update" --yes-button "Cancel" --no-button "Update" \ + --yesno "Info on updating to Bitcoin Core v${bitcoinVersion}: + +This Bitcoin Core version was tested on this system. +Will verify the binary checksum and signature. + +Do you really want to update Bitcoin Core now? + " 12 58 + if [ $? -eq 0 ]; then + echo "# cancel update" + exit 1 + fi + + error="" + warn="" + source <(sudo -u admin /home/admin/config.scripts/bitcoin.update.sh tested) + if [ ${#error} -gt 0 ]; then + whiptail --title "ERROR" --msgbox "${error}" 8 30 + else + sleep 8 + fi + ;; + RECKLESS) + whiptail --title "UNTESTED Bitcoin Core update to ${bitcoinLatestVersion}" --yes-button "Cancel" \ + --no-button "Update" --yesno "Using the 'RECKLESS' Bitcoin Core update will grab +the latest stable Bitcoin Core release published on the Bitcoin Core GitHub page. + +This Bitcoin Core version was NOT tested on this system. +Will verify the binary checksum and signature. + +Do you really want to update Bitcoin Core now? + " 16 58 + if [ $? -eq 0 ]; then + echo "# cancel update" + exit 1 + fi + error="" + source <(sudo -u admin /home/admin/config.scripts/bitcoin.update.sh reckless) + if [ ${#error} -gt 0 ]; then + whiptail --title "ERROR" --msgbox "${error}" 8 30 + else + sleep 8 + fi + ;; + CUSTOM) + sudo -u admin /home/admin/config.scripts/bitcoin.update.sh custom + ;; + esac +} + # quick call by parameter if [ "$1" == "github" ]; then patch @@ -276,13 +349,14 @@ if [ "$1" == "github" ]; then fi # Basic Options Menu -HEIGHT=9 # add 6 to CHOICE_HEIGHT + MENU lines +HEIGHT=10 # add 6 to CHOICE_HEIGHT + MENU lines WIDTH=55 -CHOICE_HEIGHT=3 # 1 line / OPTIONS +CHOICE_HEIGHT=4 # 1 line / OPTIONS OPTIONS=( RELEASE "RaspiBlitz Release Update/Recovery" PATCH "Patch RaspiBlitz v${codeVersion}" LND "Interim LND Update Options" +BITCOIN "Bitcoin Core Update Options" ) if [ "${bos}" == "on" ]; then @@ -315,14 +389,14 @@ if [ "${pyblock}" == "on" ]; then HEIGHT=$((HEIGHT+1)) CHOICE_HEIGHT=$((CHOICE_HEIGHT+1)) fi +if [ "${mempoolExplorer}" == "on" ]; then + OPTIONS+=(MEMPOOL "Update Mempool Explorer") +fi if [ "${runBehindTor}" == "on" ]; then OPTIONS+=(TOR "Update Tor from the source code") HEIGHT=$((HEIGHT+1)) CHOICE_HEIGHT=$((CHOICE_HEIGHT+1)) fi -if [ "${mempoolExplorer}" == "on" ]; then - OPTIONS+=(MEMPOOL "Update Mempool Explorer") -fi CHOICE=$(dialog --clear \ --backtitle "" \ @@ -344,6 +418,9 @@ case $CHOICE in LND) lnd ;; + BITCOIN) + bitcoinUpdate + ;; BOS) /home/admin/config.scripts/bonus.bos.sh update ;; diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index b5e6efbb9..7a380e8c5 100755 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -256,6 +256,24 @@ echo "### RUNNING PROVISIONING SERVICES ###" >> ${logFile} echo "Provisioning BLITZ WEB SERVICE - run config script" >> ${logFile} /home/admin/config.scripts/blitz.web.sh on >> ${logFile} 2>&1 +# BITCOIN INTERIMS UPDATE +if [ ${#bitcoinInterimsUpdate} -gt 0 ]; then + sudo sed -i "s/^message=.*/message='Provisioning Bitcoin Core update'/g" ${infoFile} + if [ "${bitcoinInterimsUpdate}" == "reckless" ]; then + # recklessly update Bitcoin Core to latest release on GitHub + echo "Provisioning BItcoin Core reckless interims update" >> ${logFile} + sudo /home/admin/config.scripts/bitcoin.update.sh reckless >> ${logFile} + else + # when installing the same sd image - this will re-trigger the secure interims update + # if this a update with a newer RaspiBlitz version .. interims update will be ignored + # because standard Bitcoin Core version is most more up to date + echo "Provisioning BItcoin Core tested interims update" >> ${logFile} + sudo /home/admin/config.scripts/bitcoin.update.sh tested ${bitcoinInterimsUpdate} >> ${logFile} + fi +else + echo "Provisioning Bitcoin Core interims update - keep default" >> ${logFile} +fi + # LND INTERIMS UPDATE if [ ${#lndInterimsUpdate} -gt 0 ]; then sudo sed -i "s/^message=.*/message='Provisioning LND update'/g" ${infoFile} diff --git a/home.admin/config.scripts/bitcoin.update.sh b/home.admin/config.scripts/bitcoin.update.sh index c24c16ef9..5ee6a49d5 100755 --- a/home.admin/config.scripts/bitcoin.update.sh +++ b/home.admin/config.scripts/bitcoin.update.sh @@ -1,146 +1,251 @@ #!/bin/bash -# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_30_bitcoin.md#installation +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "Interim optional Bitcoin Core updates between RaspiBlitz releases." + echo "bitcoin.update.sh [info|tested|reckless|custom]" + echo "info -> get actual state and possible actions" + echo "tested -> only do a tested update by the RaspiBlitz team" + echo "reckless -> the update was not tested by the RaspiBlitz team" + echo "custom -> update to a chosen version" + echo " the binary will be checked by signature and checksum in all cases" + echo + exit 1 +fi -# set version (change if update is available) -# https://bitcoincore.org/en/download/ -bitcoinVersion="0.19.0.1" +source /home/admin/raspiblitz.info + +# 1. parameter [info|tested|reckless] +mode="$1" + +# RECOMMENDED UPDATE BY RASPIBLITZ TEAM +# comment will be shown as "BEWARE Info" when option is choosen (can be multiple lines) +bitcoinVersion="0.21.0" # needed to check code signing laanwjPGP="01EA5486DE18A882D4C2684590C8019E36C2E964" -echo "Detecting CPU architecture ..." -isARM=$(uname -m | grep -c 'arm') -isAARCH64=$(uname -m | grep -c 'aarch64') -isX86_64=$(uname -m | grep -c 'x86_64') -if [ ${isARM} -eq 0 ] && [ ${isAARCH64} -eq 0 ] && [ ${isX86_64} -eq 0 ] ; then - echo "!!! FAIL !!!" - echo "Can only build on ARM, aarch64, x86_64 or i386 not on:" - uname -m - exit 1 -else - echo "OK running on $(uname -m) architecture." -fi +# GATHER DATA -echo "Checking if LND is up to date" -lndInstalled=$(lnd --version | grep v0.8.1 -c) -if [ ${lndInstalled} -eq 1 ]; then - echo "ok, LND v0.8.1-beta is installed" -else - echo"" - echo "LND version lower than v0.8.1 is incompatible with bitcoin v0.19" - echo "Update LND first" - echo "Find the update script here: https://github.com/openoms/raspiblitz-extras#lnd-update-to-v081-beta" - exit 1 -fi +# setting download directory +downloadDir="/home/admin/download" -echo "" -echo "*** PREPARING BITCOIN ***" - -# prepare directories -sudo rm -rf /home/admin/download 2>/dev/null -sudo -u admin mkdir /home/admin/download 2>/dev/null -cd /home/admin/download - -# download, check and import signer key -sudo -u admin wget https://bitcoin.org/laanwj-releases.asc -if [ ! -f "./laanwj-releases.asc" ] -then - echo "!!! FAIL !!! Download laanwj-releases.asc not success." - exit 1 -fi -gpg ./laanwj-releases.asc -fingerprint=$(gpg ./laanwj-releases.asc 2>/dev/null | grep "${laanwjPGP}" -c) -if [ ${fingerprint} -lt 1 ]; then - echo "" - echo "!!! BUILD WARNING --> Bitcoin PGP author not as expected" - echo "Should contain laanwjPGP: ${laanwjPGP}" - echo "PRESS ENTER to TAKE THE RISK if you think all is OK" - read key -fi -gpg --import ./laanwj-releases.asc - -# download signed binary sha256 hash sum file and check -sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/SHA256SUMS.asc -verifyResult=$(gpg --verify SHA256SUMS.asc 2>&1) -goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c) -echo "goodSignature(${goodSignature})" -correctKey=$(echo ${verifyResult} | grep "using RSA key ${laanwjPGP: -16}" -c) -echo "correctKey(${correctKey})" -if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then - echo "" - echo "!!! BUILD FAILED --> LND PGP Verify not OK / signatute(${goodSignature}) verify(${correctKey})" - exit 1 -else - echo "" - echo "****************************************" - echo "OK --> BITCOIN MANIFEST IS CORRECT" - echo "****************************************" - echo "" -fi - -# get the sha256 value for the corresponding platform from signed hash sum file -if [ ${isARM} -eq 1 ] ; then +# detect CPU architecture & fitting download link +if [ $(uname -m | grep -c 'arm') -eq 1 ] ; then bitcoinOSversion="arm-linux-gnueabihf" fi -if [ ${isAARCH64} -eq 1 ] ; then +if [ $(uname -m | grep -c 'aarch64') -eq 1 ] ; then bitcoinOSversion="aarch64-linux-gnu" fi -if [ ${isX86_64} -eq 1 ] ; then +if [ $(uname -m | grep -c 'x86_64') -eq 1 ] ; then bitcoinOSversion="x86_64-linux-gnu" fi -bitcoinSHA256=$(grep -i "$bitcoinOSversion" SHA256SUMS.asc | cut -d " " -f1) -echo "" -echo "*** BITCOIN v${bitcoinVersion} for ${bitcoinOSversion} ***" +# installed version +installedVersion=$(sudo -u bitcoin bitcoind --version | head -n1| cut -d" " -f4|cut -c 2-) -# download resources -binaryName="bitcoin-${bitcoinVersion}-${bitcoinOSversion}.tar.gz" -sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/${binaryName} -if [ ! -f "./${binaryName}" ] -then - echo "!!! FAIL !!! Download BITCOIN BINARY not success." +# test if the installed version already the tested/recommended update version +bitcoinUpdateInstalled=$(echo "${installedVersion}" | grep -c "${bitcoinVersion}") + +# get latest release from GitHub releases +gitHubLatestReleaseJSON="$(curl -s https://api.github.com/repos/bitcoin/bitcoin/releases | jq '.[0]')" +bitcoinLatestVersion=$(echo "${gitHubLatestReleaseJSON}"|jq -r '.tag_name'|cut -c 2-) + +# INFO +function displayInfo() { + echo "# basic data" + echo "installedVersion='${installedVersion}'" + echo "bitcoinOSversion='${bitcoinOSversion}'" + + echo "# the tested/recommended update option" + echo "bitcoinUpdateInstalled='${bitcoinUpdateInstalled}'" + echo "bitcoinVersion='${bitcoinVersion}'" + + echo "# reckless update option (latest Bitcoin Core release from GitHub)" + echo "bitcoinLatestVersion='${bitcoinLatestVersion}'" +} + +if [ "${mode}" = "info" ]; then + displayInfo + exit 1 +fi + +# tested +if [ "${mode}" = "tested" ]; then + + echo "# bitcoin.update.sh tested" + + # check for optional second parameter: forced update version + # --> only does the tested update if its the given version + # this is needed for recovery/update. + fixedBitcoinVersion="$2" + if [ ${#fixedBitcoinVersion} -gt 0 ]; then + echo "# checking for fixed version update: askedFor(${bitcoinVersion}) available(${bitcoinVersion})" + if [ "${fixedBitcoinVersion}" != "${bitcoinVersion}" ]; then + echo "# warn='required update version does not match'" + echo "# this is normal when the recovery script of a new RaspiBlitz version checks for an old update - just ignore" + exit 1 + else + echo "# OK - update version is matching" + fi + fi + +elif [ "${mode}" = "reckless" ]; then + # RECKLESS + # this mode is just for people running test and development nodes - its not recommended + # for production nodes. In a update/recovery scenario it will not install a fixed version + # it will always pick the latest release from the github + echo "# bitcoin.update.sh reckless" + bitcoinVersion=${bitcoinLatestVersion} + +elif [ "${mode}" = "custom" ]; then + echo + echo "# Update Bitcoin Core to a chosen version." + echo + echo "# Input the version you would like to install and press ENTER." + echo "# For example:" + echo "0.21.0" + echo + read bitcoinVersion + if curl --output /dev/null --silent --head --fail \ + https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/SHA256SUMS.asc; then + echo "# OK version exists" + echo "# Press ENTER to proceed to install Bitcoin Core $bitcoinVersion, CTRL+C to abort." + read key + else + echo "# FAIL $bitcoinVersion does not exist" + echo + echo "# Press ENTER to return to the main menu" + read key + exit 0 + fi +fi + +# JOINED INSTALL +if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom" ]; then + + displayInfo + + if [ $installedVersion = $bitcoinVersion ];then + echo "# installedVersion = bitcoinVersion" + echo "# exiting script" + exit 0 + fi + + echo + echo "# clean & change into download directory" + sudo rm -r ${downloadDir}/* + cd "${downloadDir}" || exit 1 + + echo + # download, check and import signer key + sudo -u admin wget https://bitcoin.org/laanwj-releases.asc + if [ ! -f "./laanwj-releases.asc" ] + then + echo "# !!! FAIL !!! Download laanwj-releases.asc not success." exit 1 + fi + gpg ./laanwj-releases.asc + fingerprint=$(gpg ./laanwj-releases.asc 2>/dev/null | grep "${laanwjPGP}" -c) + if [ ${fingerprint} -lt 1 ]; then + echo + echo "# !!! BUILD WARNING --> Bitcoin PGP author not as expected" + echo "# Should contain laanwjPGP: ${laanwjPGP}" + echo "# PRESS ENTER to TAKE THE RISK if you think all is OK" + read key + fi + gpg --import ./laanwj-releases.asc + + # download signed binary sha256 hash sum file and check + sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/SHA256SUMS.asc + verifyResult=$(gpg --verify SHA256SUMS.asc 2>&1) + goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c) + echo "goodSignature(${goodSignature})" + correctKey=$(echo ${verifyResult} | grep "using RSA key ${laanwjPGP: -16}" -c) + echo "correctKey(${correctKey})" + if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then + echo + echo "# !!! BUILD FAILED --> PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})" + exit 1 + else + echo + echo "# OK --> BITCOIN MANIFEST IS CORRECT" + echo + fi + + # get the sha256 value for the corresponding platform from signed hash sum file + bitcoinSHA256=$(grep -i "$bitcoinOSversion" SHA256SUMS.asc | cut -d " " -f1) + + echo + echo "# BITCOIN v${bitcoinVersion} for ${bitcoinOSversion}" + + # download resources + binaryName="bitcoin-${bitcoinVersion}-${bitcoinOSversion}.tar.gz" + sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/${binaryName} + if [ ! -f "./${binaryName}" ] + then + echo "# !!! FAIL !!! Downloading BITCOIN BINARY did not succeed." + exit 1 + fi + + # check binary checksum test + binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1) + if [ "${binaryChecksum}" != "${bitcoinSHA256}" ]; then + echo "!!! FAIL !!! Downloaded BITCOIN BINARY not matching SHA256 checksum: ${bitcoinSHA256}" + exit 1 + else + echo + echo "# OK --> VERIFIED BITCOIN CHECKSUM CORRECT" + echo + fi + +fi + +if [ "${mode}" = "tested" ]||[ "${mode}" = "custom" ]; then + # note: install will be done the same as reckless further down + bitcoinInterimsUpdateNew="${bitcoinVersion}" +elif [ "${mode}" = "reckless" ]; then + bitcoinInterimsUpdateNew="reckless" fi -# check binary checksum test -binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1) -if [ "${binaryChecksum}" != "${bitcoinSHA256}" ]; then - echo "!!! FAIL !!! Downloaded BITCOIN BINARY not matching SHA256 checksum: ${bitcoinSHA256}" +# JOINED INSTALL (tested & RECKLESS) +if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom" ];then + + # install + echo "# Stopping bitcoind and lnd" + sudo systemctl stop lnd + sudo systemctl stop bitcoind + echo + echo "# Installing Bitcoin Core v${bitcoinVersion}" + sudo -u admin tar -xvf ${binaryName} + sudo install -m 0755 -o root -g root -t /usr/local/bin/ bitcoin-${bitcoinVersion}/bin/* + sleep 3 + installed=$(sudo -u admin bitcoind --version | grep "${bitcoinVersion}" -c) + if [ ${installed} -lt 1 ]; then + echo + echo "# !!! BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})" + exit 1 + fi + echo "# flag update in raspiblitz config" + source /mnt/hdd/raspiblitz.conf + if [ ${#bitcoinInterimsUpdate} -eq 0 ]; then + echo "bitcoinInterimsUpdate='${bitcoinInterimsUpdateNew}'" >> /mnt/hdd/raspiblitz.conf + else + sudo sed -i "s/^bitcoinInterimsUpdate=.*/bitcoinInterimsUpdate='${bitcoinInterimsUpdateNew}'/g" /mnt/hdd/raspiblitz.conf + fi + + if [ "${state}" == "ready" ]; then + sudo systemctl start bitcoind + sudo systemctl start lnd + fi + + echo "# OK Bitcoin Core Installed" + echo "# NOTE: RaspiBlitz may need to reboot now" exit 1 + else - echo "" - echo "****************************************" - echo "OK --> VERIFIED BITCOIN CHECKSUM CORRECT" - echo "****************************************" - echo "" -fi -echo "Stopping bitcoind and lnd" -sudo systemctl stop lnd -sudo systemctl stop bitcoind - - -# install -sudo -u admin tar -xvf ${binaryName} -sudo install -m 0755 -o root -g root -t /usr/local/bin/ bitcoin-${bitcoinVersion}/bin/* -sleep 3 -installed=$(sudo -u admin bitcoind --version | grep "${bitcoinVersion}" -c) -if [ ${installed} -lt 1 ]; then - echo "" - echo "!!! BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})" + echo "# error='parameter not known'" exit 1 + fi - -sudo systemctl start bitcoind -sleep 2 - -echo "" -echo "Installed $(sudo -u admin bitcoind --version | grep version)" -echo "" - -sudo systemctl start lnd -sleep 10 - -echo "Unlock lnd with the Password C" -lncli unlock \ No newline at end of file