From 11a67de7cb2970b09d00700e9f8649d0af40a59f Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Fri, 17 Sep 2021 01:14:47 +0100
Subject: [PATCH 1/3] bitcoin update with new verification process

---
 CHANGES.md                                  |  2 +-
 home.admin/config.scripts/bitcoin.update.sh | 77 ++++++++++++---------
 2 files changed, 44 insertions(+), 35 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index b87aa7341..324c49af1 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -7,7 +7,7 @@
 - New: CLN plugin: Sparko [details](https://github.com/fiatjaf/sparko)
 - New: Suez - channel visualization for LND and CLN [details](https://github.com/prusnak/suez)
 - New: LND Static Channel Backup to Nextcloud
-- Update: Bitcoin Core v0.21.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md)
+- Update: Bitcoin Core v22.0 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-22.0.md)
 - Update: LND v0.13.1 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.13.1-beta)
 - Update: RTL 0.11.2 [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.11.2)
 - Update: Specter Desktop 1.6.0 [details](https://github.com/cryptoadvance/specter-desktop/blob/master/README.md)
diff --git a/home.admin/config.scripts/bitcoin.update.sh b/home.admin/config.scripts/bitcoin.update.sh
index 3526a4b10..feae86234 100755
--- a/home.admin/config.scripts/bitcoin.update.sh
+++ b/home.admin/config.scripts/bitcoin.update.sh
@@ -20,14 +20,15 @@ mode="$1"
 
 # RECOMMENDED UPDATE BY RASPIBLITZ TEAM
 # comment will be shown as "BEWARE Info" when option is choosen (can be multiple lines) 
-bitcoinVersion="" # example: 0.21.0 .. keep empty if no newer version as sd card build is available
+bitcoinVersion="" # example: 22.0 .. keep empty if no newer version as sd card build is available
 
 # needed to check code signing
-laanwjPGP="01EA5486DE18A882D4C2684590C8019E36C2E964"
+# https://github.com/laanwj
+laanwjPGP="71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6"
 
 # GATHER DATA
-# setting download directory
-downloadDir="/home/admin/download"
+# setting download directory to the current user
+downloadDir="/home/$(whoami)/download/bitcoin.update"
 
 # detect CPU architecture & fitting download link
 if [ $(uname -m | grep -c 'arm') -eq 1 ] ; then
@@ -105,14 +106,15 @@ elif [ "${mode}" = "custom" ]; then
   echo "# Update Bitcoin Core to a chosen version."
   echo
   echo "# Input the version you would like to install and press ENTER."
-  echo "# Examples:"
-  echo "0.21.1rc1"
-  echo "0.21.0"
+  echo "# Examples (versions below 22 are not supported):"
+  echo "22.0rc3"
+  echo "22.0"
   echo
   read bitcoinVersion
   if [ $(echo ${bitcoinVersion} | grep -c "rc") -gt 0 ];then
     cutVersion=$(echo ${bitcoinVersion} | awk -F"r" '{print $1}')
     rcVersion=$(echo ${bitcoinVersion} | awk -F"r" '{print $2}')
+    # https://bitcoincore.org/bin/bitcoin-core-22.0/test.rc3/
     pathVersion=${cutVersion}/test.r${rcVersion}
   else
     pathVersion=${bitcoinVersion}
@@ -145,34 +147,42 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
 
   echo 
   echo "# clean & change into download directory"
-  sudo rm -r ${downloadDir}/*
+  sudo rm -rf "${downloadDir}"
+  mkdir -p "${downloadDir}"
   cd "${downloadDir}" || exit 1
 
-  echo
-  # download, check and import signer key
-  sudo -u admin wget https://bitcoin.org/laanwj-releases.asc
-  if [ ! -f "./laanwj-releases.asc" ]
+  # download signed binary sha256 hash sum file
+  wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS
+  # download signed binary sha256 hash sum file and check
+  wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS.asc
+
+  echo "# Paste the PGP pubkey fingerprint of a signer."
+  echo "# Example for W. J. van der Laan (https://github.com/laanwj):"
+  echo "71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6"
+  echo ""
+  read customKey
+
+  if [ ${#customKey} -eq 0 ];then
+    customKey=$laanwjPGP
+  fi
+
+  # receive signer key
+  if ! gpg --recv-key "$customKey"
   then
-    echo "# !!! FAIL !!! Download laanwj-releases.asc not success."
+    echo
+    echo "!!! FAIL !!! Could not download the PGP pubkey"
+    echo
+    echo "See the signers of this release:"
+    echo
+    gpg --verify SHA256SUMS.asc 
+    echo
     exit 1
   fi
-  gpg --import-options show-only --import ./laanwj-releases.asc
-  fingerprint=$(gpg ./laanwj-releases.asc 2>/dev/null | grep -c "${laanwjPGP}")
-  if [ ${fingerprint} -eq 0 ]; then
-    echo
-    echo "# !!! BUILD WARNING --> Bitcoin PGP author not as expected"
-    echo "# Should contain laanwjPGP: ${laanwjPGP}"
-    echo "# PRESS ENTER to TAKE THE RISK if you think all is OK"
-    read key
-  fi
-  gpg --import ./laanwj-releases.asc
-
-  # download signed binary sha256 hash sum file and check
-  sudo -u admin wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS.asc
+  
   verifyResult=$(gpg --verify SHA256SUMS.asc 2>&1)
   goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
   echo "goodSignature(${goodSignature})"
-  correctKey=$(echo ${verifyResult} |  grep "using RSA key ${laanwjPGP: -16}" -c)
+  correctKey=$(echo ${verifyResult} | grep "${customKey}" -c)
   echo "correctKey(${correctKey})"
   if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
     echo
@@ -186,7 +196,7 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
 
   echo "# Downloading Bitcoin Core v${bitcoinVersion} for ${bitcoinOSversion} ..."
   binaryName="bitcoin-${bitcoinVersion}-${bitcoinOSversion}.tar.gz"
-  sudo -u admin wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/${binaryName}
+  wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/${binaryName}
   if [ ! -f "./${binaryName}" ]
   then
     echo "# !!! FAIL !!! Downloading BITCOIN BINARY did not succeed."
@@ -194,11 +204,11 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
   fi
 
   echo "# Checking binary checksum ..."
-  checksumTest=$(sha256sum -c --ignore-missing SHA256SUMS.asc ${binaryName} 2>/dev/null \
+  checksumTest=$(sha256sum -c --ignore-missing SHA256SUMS ${binaryName} 2>/dev/null \
                 | grep -c "${binaryName}: OK")
   if [ "${checksumTest}" -eq 0 ]; then
     # get the sha256 value for the corresponding platform from signed hash sum file
-    bitcoinSHA256=$(grep -i "$bitcoinOSversion" SHA256SUMS.asc | cut -d " " -f1)
+    bitcoinSHA256=$(grep -i "${binaryName}}" SHA256SUMS | cut -d " " -f1)
     echo "!!! FAIL !!! Downloaded BITCOIN BINARY CHECKSUM:"
     echo "$(sha256sum ${binaryName})"
     echo "NOT matching SHA256 checksum:"
@@ -206,10 +216,9 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
     exit 1
   else
     echo
-    echo "# OK --> VERIFIED BITCOIN CHECKSUM IS CORRECT"
+    echo "# OK --> VERIFIED BITCOIN CORE BINARY CHECKSUM IS CORRECT"
     echo
   fi
-
 fi 
 
 if [ "${mode}" = "tested" ]||[ "${mode}" = "custom" ]; then
@@ -227,10 +236,10 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
   sudo systemctl stop bitcoind
   echo
   echo "# Installing Bitcoin Core v${bitcoinVersion}"
-  sudo -u admin tar -xvf ${binaryName}
+  tar -xvf ${binaryName}
   sudo install -m 0755 -o root -g root -t /usr/local/bin/ bitcoin-${bitcoinVersion}/bin/*
   sleep 3
-  installed=$(sudo -u admin bitcoind --version | grep "${bitcoinVersion}" -c)
+  installed=$(bitcoind --version | grep "${bitcoinVersion}" -c)
   if [ ${installed} -lt 1 ]; then
     echo
     echo "# !!! BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})"

From 548e28ddfbeea138d691f51e6b49114b2eb9ab2d Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Fri, 17 Sep 2021 07:49:10 +0100
Subject: [PATCH 2/3] blitz.debug: quote variable to compare

---
 home.admin/config.scripts/blitz.debug.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home.admin/config.scripts/blitz.debug.sh b/home.admin/config.scripts/blitz.debug.sh
index 6ae3a81b4..3aafdbef4 100755
--- a/home.admin/config.scripts/blitz.debug.sh
+++ b/home.admin/config.scripts/blitz.debug.sh
@@ -276,7 +276,7 @@ else
   echo "- BTCPayServer is OFF by config"
 fi
 
-if [ ${BTCRPCexplorer} == "on" ]; then
+if [ "${BTCRPCexplorer}" == "on" ]; then
   echo
   echo "*** LAST 20 BTC-RPC-Explorer LOGS ***"
   echo "sudo journalctl -u btc-rpc-explorer -b --no-pager -n20"

From 7ac2d3ad5dba45091dbb2a3ac827345f8a41a873 Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Fri, 17 Sep 2021 08:02:29 +0100
Subject: [PATCH 3/3] always set lightning instance in raspiblitz.conf

---
 home.admin/config.scripts/cln.install.sh |  5 ++++-
 home.admin/config.scripts/lnd.install.sh | 17 +++++++++++------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/home.admin/config.scripts/cln.install.sh b/home.admin/config.scripts/cln.install.sh
index a4db7509b..c5f9d03c5 100644
--- a/home.admin/config.scripts/cln.install.sh
+++ b/home.admin/config.scripts/cln.install.sh
@@ -37,11 +37,14 @@ source <(/home/admin/config.scripts/network.aliases.sh getvars cln $2)
 echo "# Running: 'cln.install.sh $*'"
 echo "# Using the settings for: ${network} ${CHAIN}"
 
+# add default value to raspi config if needed
+if ! grep -Eq "^lightning=" /mnt/hdd/raspiblitz.conf; then
+  echo "lightning=cln" | sudo tee -a /mnt/hdd/raspiblitz.conf
+fi
 # add default value to raspi config if needed
 if ! grep -Eq "^${netprefix}cln=" /mnt/hdd/raspiblitz.conf; then
   echo "${netprefix}cln=off" | sudo tee -a /mnt/hdd/raspiblitz.conf
 fi
-
 source /mnt/hdd/raspiblitz.conf
 
 if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = experimental ]||[ "$1" = testPR ];then
diff --git a/home.admin/config.scripts/lnd.install.sh b/home.admin/config.scripts/lnd.install.sh
index db07a663f..0cd37a36f 100644
--- a/home.admin/config.scripts/lnd.install.sh
+++ b/home.admin/config.scripts/lnd.install.sh
@@ -38,6 +38,17 @@ elif [ ${CHAIN} = mainnet ];then
   zmqprefix=28
 fi
 
+source /home/admin/raspiblitz.info
+# add default value to raspi config if needed
+if ! grep -Eq "^lightning=" /mnt/hdd/raspiblitz.conf; then
+  echo "lightning=lnd" | sudo tee -a /mnt/hdd/raspiblitz.conf
+fi
+# add default value to raspi config if needed
+if ! grep -Eq "^${netprefix}lnd=" /mnt/hdd/raspiblitz.conf; then
+  echo "${netprefix}lnd=off" >> /mnt/hdd/raspiblitz.conf
+fi
+source /mnt/hdd/raspiblitz.conf
+
 function removeParallelService() {
   if [ -f "/etc/systemd/system/${netprefix}lnd.service" ];then
     sudo -u bitcoin /usr/local/bin/lncli\
@@ -50,12 +61,6 @@ function removeParallelService() {
   fi
 }
 
-source /home/admin/raspiblitz.info
-# add default value to raspi config if needed
-if ! grep -Eq "^${netprefix}lnd=" /mnt/hdd/raspiblitz.conf; then
-  echo "${netprefix}lnd=off" >> /mnt/hdd/raspiblitz.conf
-fi
-source /mnt/hdd/raspiblitz.conf
 
 # switch on
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then