raspiblitz/home.admin/config.scripts/lnd.update.sh

#!/bin/bash

# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
 echo "Interim optional LND updates between RaspiBlitz releases."
 echo "lnd.update.sh [info|verified|reckless]"
 echo "info -> get actual state and possible actions"
 echo "verified -> only do recommended updates by RaspiBlitz team"
 echo "  binary will be checked by signature and checksum"
 echo "reckless -> if you just want to update to the latest release"
 echo "  published on LND GitHub releases (RC or final) without any"
 echo "  testing or security checks."
 exit 1
fi

# 1. parameter [info|verified|reckless]
mode="$1"

# RECOMMENDED UPDATE BY RASPIBLITZ TEAM
# comment will be shown as "BEWARE Info" when option is choosen (can be multiple lines) 
lndUpdateVersion="" # example: 0.13.2-beta .. just keep entry if no newer version as sd card build is available
lndUpdateComment="Please keep in mind that downgrading afterwards is not tested. Also not all additional apps are fully tested with the this update - but it looked good on first tests."

# check who signed the release in https://github.com/lightningnetwork/lnd/releases
# olaoluwa
PGPauthor="roasbeef"
lndUpdatePGPpkeys="https://keybase.io/roasbeef/pgp_keys.asc"
lndUpdatePGPcheck="4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465"

#joostjager
# PGPauthor="joostjager"
# lndUpdatePGPpkeys="https://keybase.io/joostjager/pgp_keys.asc"
# lndUpdatePGPcheck="D146D0F68939436268FA9A130E26BB61B76C4D3A"

# bitconner 
# PGPauthor="bitconner"
# lndUpdatePGPpkeys="https://keybase.io/bitconner/pgp_keys.asc"
# lndUpdatePGPcheck="9C8D61868A7C492003B2744EE7D737B67FA592C7"

# wpaulino
# PGPauthor="wpaulino"
# lndUpdatePGPpkeys="https://keybase.io/wpaulino/pgp_keys.asc"
# lndUpdatePGPcheck="729E9D9D92C75A5FBFEEE057B5DD717BEF7CA5B1"

# GATHER DATA

# setting download directory
downloadDir="/home/admin/download"

# detect CPU architecture & fitting download link
cpuArchitecture=""
if [ $(uname -m | grep -c 'arm') -eq 1 ] ; then
  cpuArchitecture="armv7"
fi
if [ $(uname -m | grep -c 'aarch64') -eq 1 ] ; then
  cpuArchitecture="arm64"
fi
if [ $(uname -m | grep -c 'x86_64') -eq 1 ] ; then
  cpuArchitecture="amd64"
fi
if [ $(uname -m | grep -c 'i386\|i486\|i586\|i686\|i786') -eq 1 ] ; then
  cpuArchitecture="386"
fi

# installed LND version
lndInstalledVersion=$(sudo -u bitcoin lncli --version | cut -d " " -f3)
lndInstalledVersionMajor=$(echo "${lndInstalledVersion}" | cut -d "-" -f1 | cut -d "." -f1)
lndInstalledVersionMain=$(echo "${lndInstalledVersion}" | cut -d "-" -f1 | cut -d "." -f2)
lndInstalledVersionMinor=$(echo "${lndInstalledVersion}" | cut -d "-" -f1 | cut -d "." -f3)

# test if the installed version already the verified/recommended update version
lndUpdateInstalled=$(echo "${lndInstalledVersion}" | grep -c "${lndUpdateVersion}")

# get latest release from LND GitHub releases
gitHubLatestReleaseJSON="$(curl -s https://api.github.com/repos/lightningnetwork/lnd/releases | jq '.[0]')"
lndLatestVersion=$(echo "${gitHubLatestReleaseJSON}" | jq -r '.tag_name')
lndLatestDownload=$(echo "${gitHubLatestReleaseJSON}" | grep "browser_download_url" | grep "linux-${cpuArchitecture}" | cut -d '"' -f4)

# INFO
if [ "${mode}" = "info" ]; then

  echo "# basic data"
  echo "cpuArchitecture='${cpuArchitecture}'"
  echo "lndInstalledVersion='${lndInstalledVersion}'"
  echo "lndInstalledVersionMajor='${lndInstalledVersionMajor}'"
  echo "lndInstalledVersionMain='${lndInstalledVersionMain}'"
  echo "lndInstalledVersionMinor='${lndInstalledVersionMinor}'"

  echo "# the verified/recommended update option"
  echo "lndUpdateInstalled='${lndUpdateInstalled}'"
  echo "lndUpdateVersion='${lndUpdateVersion}'"
  echo "lndUpdateComment='${lndUpdateComment}'"

  echo "# reckless update option (latest LND release from GitHub)"
  echo "lndLatestVersion='${lndLatestVersion}'"
  echo "lndLatestDownload='${lndLatestDownload}'"

  exit 1
fi

# verified
if [ "${mode}" = "verified" ]; then

  echo "# lnd.update.sh verified"

  # check for optional second parameter: forced update version
  # --> only does the verified update if its the given version
  # this is needed for recovery/update. 
  fixedUpdateVersion="$2"
  if [ ${#fixedUpdateVersion} -gt 0 ]; then
    echo "# checking for fixed version update: askedFor(${fixedUpdateVersion}) available(${lndUpdateVersion})"
    if [ "${fixedUpdateVersion}" != "${lndUpdateVersion}" ]; then
      echo "warn='required update version does not match'"
      echo "# this is normal when the recovery script of a new RaspiBlitz version checks for an old update - just ignore"
      exit 1
    else
      echo "# OK - update version is matching"
    fi
  fi

  echo 
  echo "# clean & change into download directory"
  sudo rm -r ${downloadDir}/*
  cd "${downloadDir}"

  echo
  echo "# extract the SHA256 hash from the manifest file for the corresponding platform"
  sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndUpdateVersion}/manifest-v${lndUpdateVersion}.txt
  checkDownload=$(ls manifest-v${lndUpdateVersion}.txt 2>/dev/null | grep -c manifest-v${lndUpdateVersion}.txt)
  if [ ${checkDownload} -eq 0 ]; then
    echo "error='download manifest failed'"
    exit 1
  fi
  lndSHA256=$(grep -i "linux-${cpuArchitecture}" manifest-v$lndUpdateVersion.txt | cut -d " " -f1)
  echo "# SHA256 hash: $lndSHA256"

  echo
  echo "# get LND binary"
  binaryName="lnd-linux-${cpuArchitecture}-v${lndUpdateVersion}.tar.gz"
  sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndUpdateVersion}/${binaryName}
  checkDownload=$(ls ${binaryName} 2>/dev/null | grep -c ${binaryName})
  if [ ${checkDownload} -eq 0 ]; then
    echo "error='download binary failed'"
    exit 1
  fi

  echo
  echo "# check binary was not manipulated (checksum test)"
  sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndUpdateVersion}/manifest-${PGPauthor}-v${lndUpdateVersion}.sig
  sudo -u admin wget --no-check-certificate -N -O "${downloadDir}/pgp_keys.asc" ${lndUpdatePGPpkeys}
  binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1)
  echo "# binary chdecksum: ${binaryChecksum}"
  echo "# lndSHA256: ${lndSHA256}"
  validSignature=$(echo "${lndSHA256}" | grep -c "${binaryChecksum}")
  if [ ${validSignature} -eq 0 ]; then
    echo "error='checksum not matching'"
    exit 1
  fi

  echo 
  echo "# getting gpg finger print"
  gpg ./pgp_keys.asc
  fingerprint=$(sudo gpg "${downloadDir}/pgp_keys.asc" 2>/dev/null | grep "${lndUpdatePGPcheck}" -c)
  if [ ${fingerprint} -lt 1 ]; then
    echo "error='PGP author check failed'"
    exit 1
  fi
  echo "fingerprint='${fingerprint}'"

  echo 
  echo "# checking gpg finger print"
  gpg --import ./pgp_keys.asc
  sleep 3
  verifyResult=$(gpg --verify manifest-${PGPauthor}-v${lndUpdateVersion}.sig manifest-v${lndUpdateVersion}.txt 2>&1)
  goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
  echo "goodSignature='${goodSignature}'"
  correctKey=$(echo ${verifyResult} | tr -d " \t\n\r" | grep "${lndUpdatePGPcheck}" -c)
  echo "correctKey='${correctKey}'"
  if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
    echo "error='PGP verify fail'"
    exit 1
  fi

  # note: install will be done the same as reckless further down
  lndInterimsUpdateNew="${lndUpdateVersion}"

fi

# RECKLESS
# this mode is just for people running test and development nodes - its not recommended
# for production nodes. In a update/recovery scenario it will not install a fixed version
# it will always pick the latest release from the github
if [ "${mode}" = "reckless" ]; then

  echo "# lnd.update.sh reckless"

  # check that download link has a value
  if [ ${#lndLatestDownload} -eq 0 ]; then
    echo "error='no download link'"
    exit 1
  fi

  # clean & change into download directory
  sudo rm -r ${downloadDir}/*
  cd "${downloadDir}"

  # download binary
  echo "# downloading binary"
  binaryName=$(basename "${lndLatestDownload}")
  sudo -u admin wget -N ${lndLatestDownload}
  checkDownload=$(ls ${binaryName} 2>/dev/null | grep -c ${binaryName})
  if [ ${checkDownload} -eq 0 ]; then
    echo "error='download binary failed'"
    exit 1
  fi

  # prepare install
  lndInterimsUpdateNew="reckless"
fi

# JOINED INSTALL (verified & RECKLESS)
if [ "${mode}" = "verified" ] || [ "${mode}" = "reckless" ]; then

  # install
  echo "# stopping LND"
  sudo systemctl stop lnd
  echo "# unzip LND binary"
  sudo -u admin tar -xzf ${binaryName}
  # removing the tar.gz ending from the binary
  directoryName="${binaryName%.*.*}"
  echo "# install binary directory '${directoryName}'"
  sudo install -m 0755 -o root -g root -t /usr/local/bin ${directoryName}/*
  sleep 3
  installed=$(sudo -u admin lnd --version)
  if [ ${#installed} -eq 0 ]; then
    echo "error='install failed'"
    exit 1
  fi
  echo "# flag update in raspiblitz config"
  source /mnt/hdd/raspiblitz.conf
  if [ ${#lndInterimsUpdate} -eq 0 ]; then
    echo "lndInterimsUpdate='${lndInterimsUpdateNew}'" >> /mnt/hdd/raspiblitz.conf
  else
    sudo sed -i "s/^lndInterimsUpdate=.*/lndInterimsUpdate='${lndInterimsUpdateNew}'/g" /mnt/hdd/raspiblitz.conf
  fi

  echo "# OK LND Installed"
  echo "# NOTE: RaspiBlitz may need to reboot now"
  exit 1

else

  echo "error='parameter not known'"
  exit 1

fi
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`#!/bin/bash`

			`# command info`
			`if [ $# -eq 0 ] \|\| [ "$1" = "-h" ] \|\| [ "$1" = "-help" ]; then`
#1116 fixed version update check 2020-04-25 21:56:57 +02:00			`echo "Interim optional LND updates between RaspiBlitz releases."`
#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`echo "lnd.update.sh [info\|verified\|reckless]"`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`echo "info -> get actual state and possible actions"`
#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`echo "verified -> only do recommended updates by RaspiBlitz team"`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`echo " binary will be checked by signature and checksum"`
			`echo "reckless -> if you just want to update to the latest release"`
			`echo " published on LND GitHub releases (RC or final) without any"`
			`echo " testing or security checks."`
			`exit 1`
			`fi`

#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`# 1. parameter [info\|verified\|reckless]`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`mode="$1"`

			`# RECOMMENDED UPDATE BY RASPIBLITZ TEAM`
Offering LND 0.11.0 as interims update (#1547) 2020-09-15 16:32:58 +02:00			`# comment will be shown as "BEWARE Info" when option is choosen (can be multiple lines)`
change lnd verified update 2021-08-26 20:24:31 +02:00			`lndUpdateVersion="" # example: 0.13.2-beta .. just keep entry if no newer version as sd card build is available`
New 64-bit sd card image with btc/nd update, fatpack & tor by default (#2060) 2021-03-15 23:16:27 +01:00			`lndUpdateComment="Please keep in mind that downgrading afterwards is not tested. Also not all additional apps are fully tested with the this update - but it looked good on first tests."`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`# check who signed the release in https://github.com/lightningnetwork/lnd/releases`
			`# olaoluwa`
info on lnd.upsate.sh 2021-08-26 14:51:38 +02:00			`PGPauthor="roasbeef"`
			`lndUpdatePGPpkeys="https://keybase.io/roasbeef/pgp_keys.asc"`
			`lndUpdatePGPcheck="4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00
			`#joostjager`
New 64-bit sd card image with btc/nd update, fatpack & tor by default (#2060) 2021-03-15 23:16:27 +01:00			`# PGPauthor="joostjager"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`# lndUpdatePGPpkeys="https://keybase.io/joostjager/pgp_keys.asc"`
			`# lndUpdatePGPcheck="D146D0F68939436268FA9A130E26BB61B76C4D3A"`

			`# bitconner`
info on lnd.upsate.sh 2021-08-26 14:51:38 +02:00			`# PGPauthor="bitconner"`
			`# lndUpdatePGPpkeys="https://keybase.io/bitconner/pgp_keys.asc"`
			`# lndUpdatePGPcheck="9C8D61868A7C492003B2744EE7D737B67FA592C7"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00
			`# wpaulino`
New 64-bit sd card image with btc/nd update, fatpack & tor by default (#2060) 2021-03-15 23:16:27 +01:00			`# PGPauthor="wpaulino"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`# lndUpdatePGPpkeys="https://keybase.io/wpaulino/pgp_keys.asc"`
			`# lndUpdatePGPcheck="729E9D9D92C75A5FBFEEE057B5DD717BEF7CA5B1"`

#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`# GATHER DATA`

#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`# setting download directory`
			`downloadDir="/home/admin/download"`

#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`# detect CPU architecture & fitting download link`
			`cpuArchitecture=""`
			`if [ $(uname -m \| grep -c 'arm') -eq 1 ] ; then`
			`cpuArchitecture="armv7"`
			`fi`
			`if [ $(uname -m \| grep -c 'aarch64') -eq 1 ] ; then`
			`cpuArchitecture="arm64"`
			`fi`
			`if [ $(uname -m \| grep -c 'x86_64') -eq 1 ] ; then`
			`cpuArchitecture="amd64"`
			`fi`
			`if [ $(uname -m \| grep -c 'i386\\|i486\\|i586\\|i686\\|i786') -eq 1 ] ; then`
			`cpuArchitecture="386"`
			`fi`

			`# installed LND version`
#1116 get installed version from lncli 2020-04-26 01:34:51 +02:00			`lndInstalledVersion=$(sudo -u bitcoin lncli --version \| cut -d " " -f3)`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`lndInstalledVersionMajor=$(echo "${lndInstalledVersion}" \| cut -d "-" -f1 \| cut -d "." -f1)`
			`lndInstalledVersionMain=$(echo "${lndInstalledVersion}" \| cut -d "-" -f1 \| cut -d "." -f2)`
			`lndInstalledVersionMinor=$(echo "${lndInstalledVersion}" \| cut -d "-" -f1 \| cut -d "." -f3)`

#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`# test if the installed version already the verified/recommended update version`
fux detecting lnd update version 2020-05-03 01:12:21 +02:00			`lndUpdateInstalled=$(echo "${lndInstalledVersion}" \| grep -c "${lndUpdateVersion}")`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00
			`# get latest release from LND GitHub releases`
#1116 fix latest release download url recovery 2020-04-25 23:00:50 +02:00			`gitHubLatestReleaseJSON="$(curl -s https://api.github.com/repos/lightningnetwork/lnd/releases \| jq '.[0]')"`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`lndLatestVersion=$(echo "${gitHubLatestReleaseJSON}" \| jq -r '.tag_name')`
			`lndLatestDownload=$(echo "${gitHubLatestReleaseJSON}" \| grep "browser_download_url" \| grep "linux-${cpuArchitecture}" \| cut -d '"' -f4)`

			`# INFO`
			`if [ "${mode}" = "info" ]; then`

			`echo "# basic data"`
			`echo "cpuArchitecture='${cpuArchitecture}'"`
			`echo "lndInstalledVersion='${lndInstalledVersion}'"`
			`echo "lndInstalledVersionMajor='${lndInstalledVersionMajor}'"`
			`echo "lndInstalledVersionMain='${lndInstalledVersionMain}'"`
			`echo "lndInstalledVersionMinor='${lndInstalledVersionMinor}'"`

#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`echo "# the verified/recommended update option"`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`echo "lndUpdateInstalled='${lndUpdateInstalled}'"`
			`echo "lndUpdateVersion='${lndUpdateVersion}'"`
			`echo "lndUpdateComment='${lndUpdateComment}'"`

			`echo "# reckless update option (latest LND release from GitHub)"`
			`echo "lndLatestVersion='${lndLatestVersion}'"`
			`echo "lndLatestDownload='${lndLatestDownload}'"`

#1116 reckless install implementaion 2020-04-26 01:03:14 +02:00			`exit 1`
			`fi`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00
#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`# verified`
			`if [ "${mode}" = "verified" ]; then`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00
#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`echo "# lnd.update.sh verified"`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00
			`# check for optional second parameter: forced update version`
#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`# --> only does the verified update if its the given version`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`# this is needed for recovery/update.`
			`fixedUpdateVersion="$2"`
			`if [ ${#fixedUpdateVersion} -gt 0 ]; then`
#1116 fixed version update check 2020-04-25 21:56:57 +02:00			`echo "# checking for fixed version update: askedFor(${fixedUpdateVersion}) available(${lndUpdateVersion})"`
			`if [ "${fixedUpdateVersion}" != "${lndUpdateVersion}" ]; then`
			`echo "warn='required update version does not match'"`
			`echo "# this is normal when the recovery script of a new RaspiBlitz version checks for an old update - just ignore"`
			`exit 1`
			`else`
			`echo "# OK - update version is matching"`
			`fi`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`fi`

#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo`
			`echo "# clean & change into download directory"`
#1116 clean download directory 2020-04-26 01:22:57 +02:00			`sudo rm -r ${downloadDir}/*`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`cd "${downloadDir}"`

#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo`
			`echo "# extract the SHA256 hash from the manifest file for the corresponding platform"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndUpdateVersion}/manifest-v${lndUpdateVersion}.txt`
#1116 check for download fails 2020-04-26 00:37:52 +02:00			`checkDownload=$(ls manifest-v${lndUpdateVersion}.txt 2>/dev/null \| grep -c manifest-v${lndUpdateVersion}.txt)`
			`if [ ${checkDownload} -eq 0 ]; then`
			`echo "error='download manifest failed'"`
			`exit 1`
			`fi`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`lndSHA256=$(grep -i "linux-${cpuArchitecture}" manifest-v$lndUpdateVersion.txt \| cut -d " " -f1)`
			`echo "# SHA256 hash: $lndSHA256"`

#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo`
			`echo "# get LND binary"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`binaryName="lnd-linux-${cpuArchitecture}-v${lndUpdateVersion}.tar.gz"`
			`sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndUpdateVersion}/${binaryName}`
#1116 check for download fails 2020-04-26 00:37:52 +02:00			`checkDownload=$(ls ${binaryName} 2>/dev/null \| grep -c ${binaryName})`
			`if [ ${checkDownload} -eq 0 ]; then`
			`echo "error='download binary failed'"`
			`exit 1`
			`fi`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00
#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo`
			`echo "# check binary was not manipulated (checksum test)"`
New 64-bit sd card image with btc/nd update, fatpack & tor by default (#2060) 2021-03-15 23:16:27 +01:00			`sudo -u admin wget -N https://github.com/lightningnetwork/lnd/releases/download/v${lndUpdateVersion}/manifest-${PGPauthor}-v${lndUpdateVersion}.sig`
#1231 quick fix also on lnd.update.sh 2020-06-01 22:03:07 +02:00			`sudo -u admin wget --no-check-certificate -N -O "${downloadDir}/pgp_keys.asc" ${lndUpdatePGPpkeys}`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`binaryChecksum=$(sha256sum ${binaryName} \| cut -d " " -f1)`
New 64-bit sd card image with btc/nd update, fatpack & tor by default (#2060) 2021-03-15 23:16:27 +01:00			`echo "# binary chdecksum: ${binaryChecksum}"`
			`echo "# lndSHA256: ${lndSHA256}"`
			`validSignature=$(echo "${lndSHA256}" \| grep -c "${binaryChecksum}")`
			`if [ ${validSignature} -eq 0 ]; then`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`echo "error='checksum not matching'"`
			`exit 1`
			`fi`

#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo`
			`echo "# getting gpg finger print"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`gpg ./pgp_keys.asc`
			`fingerprint=$(sudo gpg "${downloadDir}/pgp_keys.asc" 2>/dev/null \| grep "${lndUpdatePGPcheck}" -c)`
			`if [ ${fingerprint} -lt 1 ]; then`
			`echo "error='PGP author check failed'"`
#1116 adding debug output 2020-05-01 19:38:52 +02:00			`exit 1`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`fi`
#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo "fingerprint='${fingerprint}'"`

			`echo`
Offering LND 0.11.0 as interims update (#1547) 2020-09-15 16:32:58 +02:00			`echo "# checking gpg finger print"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`gpg --import ./pgp_keys.asc`
			`sleep 3`
New 64-bit sd card image with btc/nd update, fatpack & tor by default (#2060) 2021-03-15 23:16:27 +01:00			`verifyResult=$(gpg --verify manifest-${PGPauthor}-v${lndUpdateVersion}.sig manifest-v${lndUpdateVersion}.txt 2>&1)`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`goodSignature=$(echo ${verifyResult} \| grep 'Good signature' -c)`
#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo "goodSignature='${goodSignature}'"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`correctKey=$(echo ${verifyResult} \| tr -d " \t\n\r" \| grep "${lndUpdatePGPcheck}" -c)`
#1116 adding debug output 2020-05-01 19:38:52 +02:00			`echo "correctKey='${correctKey}'"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`if [ ${correctKey} -lt 1 ] \|\| [ ${goodSignature} -lt 1 ]; then`
			`echo "error='PGP verify fail'"`
			`exit 1`
			`fi`
from binaryname to directory name 2020-04-26 01:19:25 +02:00
#1116 reckless install implementaion 2020-04-26 01:03:14 +02:00			`# note: install will be done the same as reckless further down`
#1116 fix info 2020-05-01 19:16:49 +02:00			`lndInterimsUpdateNew="${lndUpdateVersion}"`
from binaryname to directory name 2020-04-26 01:19:25 +02:00
#1116 reckless install implementaion 2020-04-26 01:03:14 +02:00			`fi`

			`# RECKLESS`
			`# this mode is just for people running test and development nodes - its not recommended`
			`# for production nodes. In a update/recovery scenario it will not install a fixed version`
			`# it will always pick the latest release from the github`
			`if [ "${mode}" = "reckless" ]; then`

			`echo "# lnd.update.sh reckless"`

			`# check that download link has a value`
			`if [ ${#lndLatestDownload} -eq 0 ]; then`
			`echo "error='no download link'"`
			`exit 1`
			`fi`

#1116 clean download directory 2020-04-26 01:22:57 +02:00			`# clean & change into download directory`
			`sudo rm -r ${downloadDir}/*`
#1116 reckless install implementaion 2020-04-26 01:03:14 +02:00			`cd "${downloadDir}"`

			`# download binary`
			`echo "# downloading binary"`
			`binaryName=$(basename "${lndLatestDownload}")`
			`sudo -u admin wget -N ${lndLatestDownload}`
			`checkDownload=$(ls ${binaryName} 2>/dev/null \| grep -c ${binaryName})`
			`if [ ${checkDownload} -eq 0 ]; then`
			`echo "error='download binary failed'"`
			`exit 1`
			`fi`

			`# prepare install`
from binaryname to directory name 2020-04-26 01:19:25 +02:00			`lndInterimsUpdateNew="reckless"`
#1116 reckless install implementaion 2020-04-26 01:03:14 +02:00			`fi`

#1116 rename option secure to verified 2020-04-28 20:55:09 +02:00			`# JOINED INSTALL (verified & RECKLESS)`
			`if [ "${mode}" = "verified" ] \|\| [ "${mode}" = "reckless" ]; then`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00
			`# install`
			`echo "# stopping LND"`
			`sudo systemctl stop lnd`
from binaryname to directory name 2020-04-26 01:19:25 +02:00			`echo "# unzip LND binary"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`sudo -u admin tar -xzf ${binaryName}`
from binaryname to directory name 2020-04-26 01:19:25 +02:00			`# removing the tar.gz ending from the binary`
			`directoryName="${binaryName%..}"`
			`echo "# install binary directory '${directoryName}'"`
#1116 use directory name for install 2020-04-26 01:23:48 +02:00			`sudo install -m 0755 -o root -g root -t /usr/local/bin ${directoryName}/*`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`sleep 3`
			`installed=$(sudo -u admin lnd --version)`
			`if [ ${#installed} -eq 0 ]; then`
			`echo "error='install failed'"`
			`exit 1`
			`fi`
			`echo "# flag update in raspiblitz config"`
			`source /mnt/hdd/raspiblitz.conf`
			`if [ ${#lndInterimsUpdate} -eq 0 ]; then`
from binaryname to directory name 2020-04-26 01:19:25 +02:00			`echo "lndInterimsUpdate='${lndInterimsUpdateNew}'" >> /mnt/hdd/raspiblitz.conf`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`else`
from binaryname to directory name 2020-04-26 01:19:25 +02:00			`sudo sed -i "s/^lndInterimsUpdate=.*/lndInterimsUpdate='${lndInterimsUpdateNew}'/g" /mnt/hdd/raspiblitz.conf`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`fi`

			`echo "# OK LND Installed"`
#1116 get installed version from lncli 2020-04-26 01:34:51 +02:00			`echo "# NOTE: RaspiBlitz may need to reboot now"`
#1116 lnd secure update implementation 2020-04-26 00:00:55 +02:00			`exit 1`
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00
			`else`
#1116 reckless install implementaion 2020-04-26 01:03:14 +02:00
#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`echo "error='parameter not known'"`
#1116 reckless install implementaion 2020-04-26 01:03:14 +02:00			`exit 1`

#1116 prepare for LND update script 2020-04-25 21:47:54 +02:00			`fi`