From 28bde64e9a951f7067121274c23c9d1bc3d080f8 Mon Sep 17 00:00:00 2001
From: openoms <43343391+openoms@users.noreply.github.com>
Date: Wed, 29 May 2024 16:55:38 +0200
Subject: [PATCH] add elements install script for Liquid support (#4573)

---
 CHANGES.md                                   |   1 +
 home.admin/config.scripts/blitz.passwords.sh |   7 +
 home.admin/config.scripts/bonus.elements.sh  | 306 +++++++++++++++++++
 3 files changed, 314 insertions(+)
 create mode 100755 home.admin/config.scripts/bonus.elements.sh

diff --git a/CHANGES.md b/CHANGES.md
index ac3df7a22..e481cf950 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,7 @@
 ## What's new in Version 1.11.1 of RaspiBlitz?
 
 - New: config.scripts/lnd.signaddress.sh to easy sign messages on addresses on LND [details](https://github.com/raspiblitz/raspiblitz/issues/4540)
+- New: config.scripts/bonus.elements.sh install elements blockchain platform [details](https://github.com/ElementsProject/elements)
 - Update: LNbits 0.12.8 [details](https://github.com/lnbits/lnbits/releases/tag/0.12.8)
 - Update: Specter Desktop 2.0.4 with reactivated UPDATE option [details](https://github.com/cryptoadvance/specter-desktop/releases/tag/v2.0.4)
 - Update: BTCPayServer 1.13.0 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.13.0)
diff --git a/home.admin/config.scripts/blitz.passwords.sh b/home.admin/config.scripts/blitz.passwords.sh
index 90a07c2a1..7b6225a2f 100755
--- a/home.admin/config.scripts/blitz.passwords.sh
+++ b/home.admin/config.scripts/blitz.passwords.sh
@@ -402,6 +402,13 @@ elif [ "${abcd}" = "b" ]; then
     sudo chown mempool:mempool /home/mempool/mempool/backend/mempool-config.json
   fi
 
+  # elements
+  if [ "${elements}" == "on" ]; then
+    echo "# changing the password for elements"
+    sudo sed -i "s/^rpcpassword=.*/rpcpassword=${newPassword}/g" /home/elements/.elements/elements.conf
+    sudo sed -i "s/^mainchainrpcpassword=.*/mainchainrpcpassword=${newPassword}/g" /home/elements/.elements/elements.conf
+  fi
+
   echo "# OK -> RPC Password B changed"
   echo "# Reboot is needed (will be triggered if interactive menu was called)"
   echo "error=''"
diff --git a/home.admin/config.scripts/bonus.elements.sh b/home.admin/config.scripts/bonus.elements.sh
new file mode 100755
index 000000000..8a3c8b597
--- /dev/null
+++ b/home.admin/config.scripts/bonus.elements.sh
@@ -0,0 +1,306 @@
+#!/bin/bash
+
+# set version (change if update is available)
+# https://github.com/ElementsProject/elements/releases
+VERSION="elements-23.2.1"
+SIG_PUBKEY="BD0F3062F87842410B06A0432F656B0610604482" # Pablo Greco <pgreco@blockstream.com>
+
+# command info
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
+  echo
+  echo "bonus.elements.sh install"
+  echo "bonus.elements.sh [on|off]"
+  echo "bonus.elements.sh addI2pSeedNodes"
+  echo "Installs $VERSION by default"
+  echo
+  exit 1
+fi
+
+echo "# Running: bonus.elements.sh $*"
+
+source /mnt/hdd/raspiblitz.conf
+# elementslogpath
+elementslogpath="/home/elements/.elements/liquidv1/debug.log"
+
+function addAlias {
+  echo "# Add aliases elements-cli, elementslog"
+  sudo -u admin touch /home/admin/_aliases
+  if ! grep "alias elements-cli" /home/admin/_aliases; then
+    echo "alias elements-cli=\"sudo -u elements /usr/local/bin/elements-cli -conf=/home/elements/.elements/elements.conf\"" |
+      sudo tee -a /home/admin/_aliases
+  fi
+  if ! grep "alias elementslog" /home/admin/_aliases; then
+    echo "alias elementslog=\"sudo -u elements tail -n 30 -f ${elementslogpath}\"" |
+      sudo tee -a /home/admin/_aliases
+  fi
+  if ! grep "alias elementsconf" /home/admin/_aliases; then
+    echo "alias elementsconf=\"sudo nano /home/elements/.elements/elements.conf\"" |
+      sudo tee -a /home/admin/_aliases
+  fi
+  sudo chown admin:admin /home/admin/_aliases
+}
+
+function installBinary {
+  echo "*** PREPARING ELEMENTS ***"
+  sudo adduser --system --group --shell /bin/bash --home /home/elements elements
+  # copy the skeleton files for login
+  sudo -u elements cp -r /etc/skel/. /home/elements/
+
+  # add to tor group
+  sudo adduser elements debian-tor
+
+  # prepare directories
+  sudo rm -rf /home/admin/download
+  sudo -u admin mkdir -p /home/admin/download/elements
+  cd /home/admin/download/elements || exit 1
+
+  echo "# Receive signer key"
+  gpg --recv-key ${SIG_PUBKEY} || exit 1
+
+  # download signed binary sha256 hash sum file
+  sudo -u admin wget --prefer-family=ipv4 --progress=bar:force -O SHA256SUMS https://github.com/ElementsProject/elements/releases/download/${VERSION}/SHA256SUMS
+  # download the signed binary sha256 hash sum file and check
+  sudo -u admin wget --prefer-family=ipv4 --progress=bar:force -O SHA256SUMS.asc https://github.com/ElementsProject/elements/releases/download/${VERSION}/SHA256SUMS.asc
+
+  if gpg --verify SHA256SUMS.asc; then
+    echo
+    echo "****************************************"
+    echo "OK --> ELEMENTS MANIFEST IS CORRECT"
+    echo "****************************************"
+    echo
+  else
+    echo
+    echo "# BUILD FAILED --> the PGP verification failed"
+    exit 1
+  fi
+
+  # elementsOSversion
+  if [ "$(uname -m | grep -c 'arm')" -gt 0 ]; then
+    elementsOSversion="arm-linux-gnueabihf"
+  elif [ "$(uname -m | grep -c 'aarch64')" -gt 0 ]; then
+    elementsOSversion="aarch64-linux-gnu"
+  elif [ "$(uname -m | grep -c 'x86_64')" -gt 0 ]; then
+    elementsOSversion="x86_64-linux-gnu"
+  fi
+
+  echo
+  echo "*** ELEMENTS v${VERSION} for ${elementsOSversion} ***"
+
+  # download resources
+  binaryName="${VERSION}-${elementsOSversion}.tar.gz"
+  if [ ! -f "./${binaryName}" ]; then
+    echo "# Downloading https://github.com/ElementsProject/elements/releases/download/${VERSION}/${binaryName} ..."
+    sudo -u admin wget --quiet https://github.com/ElementsProject/elements/releases/download/${VERSION}/${binaryName}
+  fi
+  if [ ! -f "./${binaryName}" ]; then
+    echo "# FAIL # Could not download the ELEMENTS BINARY"
+    exit 1
+  else
+
+    # check binary checksum test
+    echo "- checksum test"
+    # get the sha256 value for the corresponding platform from signed hash sum file
+    elementsSHA256=$(grep -i "${binaryName}" SHA256SUMS | cut -d " " -f1)
+    binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1)
+    echo "Valid SHA256 checksum should be: ${elementsSHA256}"
+    echo "Downloaded binary SHA256 checksum: ${binaryChecksum}"
+    if [ "${binaryChecksum}" != "${elementsSHA256}" ]; then
+      echo "# FAIL # Downloaded ELEMENTS BINARY not matching SHA256 checksum: ${elementsSHA256}"
+      rm -v ./${binaryName}
+      exit 1
+    else
+      echo
+      echo "********************************************"
+      echo "OK --> VERIFIED ELEMENTS BINARY CHECKSUM"
+      echo "********************************************"
+      echo
+      sleep 10
+      echo
+    fi
+  fi
+
+  # install
+  sudo -u admin tar -xvf ${binaryName}
+  sudo install -m 0755 -o root -g root -t /usr/local/bin/ ${VERSION}/bin/*
+  sleep 3
+  if ! sudo /usr/local/bin/elementsd --version | grep "Elements Core version"; then
+    echo
+    echo "# BUILD FAILED --> Was not able to install ${VERSION}"
+    exit 1
+  fi
+
+  addAlias
+
+  echo "- Elements install OK"
+}
+
+function removeService() {
+  if [ -f "/etc/systemd/system/elementsd.service" ]; then
+    /usr/local/bin/elements-cli stop
+    sudo systemctl stop elementsd
+    sudo systemctl disable elementsd
+    sudo rm /etc/systemd/system/elementsd.service 2>/dev/null
+    echo "# Elements service is stopped and disabled"
+  fi
+}
+
+function installService() {
+  echo "# Prepare directories"
+  # symlink to elements home
+  sudo mkdir -p /mnt/hdd/app-data/.elements
+  # symlink
+  sudo rm -rf /home/elements/.elements # clean first
+  sudo ln -s /mnt/hdd/app-data/.elements /home/elements/
+  sudo chown -R elements:elements /mnt/hdd/app-data/.elements
+  sudo chown -R elements:elements /home/elements/
+
+  echo "# Installing Elements"
+  # elements.conf
+  if [ ! -f /home/elements/.elements/elements.conf ]; then
+    PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
+    echo "
+# Elementsd configuration
+datadir=/mnt/hdd/app-data/.elements
+rpcuser=raspiblitz
+rpcpassword=$PASSWORD_B
+rpcbind=127.0.0.1
+
+# Bitcoin Core credentials
+mainchainrpcuser=raspibolt
+mainchainrpcpassword=$PASSWORD_B
+
+# Peer connection settings
+onlynet=onion
+proxy=127.0.0.1:9050
+debug=tor
+
+onlynet=i2p
+i2psam=127.0.0.1:7656
+i2pacceptincoming=1
+debug=i2p
+
+# initial sync does not work without clearnet
+# disable when synced
+onlynet=ipv4
+onlynet=ipv6
+" | sudo -u elements tee /home/elements/.elements/elements.conf
+  else
+    echo "# /home/elements/.elements/elements.conf is present"
+  fi
+
+  removeService
+
+  # /etc/systemd/system/elementsd.service
+  # based on https://github.com/elements/elements/blob/master/contrib/init/elementsd.service
+  echo "
+[Unit]
+Description=Elements daemon
+
+[Service]
+Environment='MALLOC_ARENA_MAX=1'
+ExecStart=/usr/local/bin/elementsd -daemonwait -conf=/mnt/hdd/app-data/.elements/elements.conf
+PermissionsStartOnly=true
+
+# Process management
+####################
+Type=forking
+Restart=on-failure
+TimeoutStartSec=infinity
+TimeoutStopSec=600
+
+# Directory creation and permissions
+####################################
+# Run as elements:elements
+User=elements
+Group=elements
+
+StandardOutput=null
+StandardError=journal
+
+# Hardening measures
+####################
+# Provide a private /tmp and /var/tmp.
+PrivateTmp=true
+# Mount /usr, /boot/ and /etc read-only for the process.
+ProtectSystem=full
+# Deny access to /home, /root and /run/user
+ProtectHome=true
+# Disallow the process and all of its children to gain
+# new privileges through execve().
+NoNewPrivileges=true
+# Use a new /dev namespace only populated with API pseudo devices
+# such as /dev/null, /dev/zero and /dev/random.
+PrivateDevices=true
+# Deny the creation of writable and executable memory mappings.
+MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target
+" | sudo tee /etc/systemd/system/elementsd.service
+  sudo systemctl daemon-reload
+  sudo systemctl enable elementsd
+  echo "# OK - the elementsd.service is now enabled"
+
+  addAlias
+
+  source <(/home/admin/_cache.sh get state)
+
+  if [ "${state}" == "ready" ]; then
+    echo "# OK - the elementsd.service is enabled, system is ready so starting service"
+    sudo systemctl start elementsd
+  else
+    echo "# OK - the elementsdservice is enabled, to start manually use:"
+    echo "sudo systemctl start elementsd"
+  fi
+
+  isInstalled=$(systemctl status elementsd | grep -c active)
+  if [ $isInstalled -gt 0 ]; then
+    echo "# Installed $(sudo -u elements elementsd --version | grep version)"
+    echo
+    echo "# Monitor the elementsd with:"
+    echo "# sudo tail -f /home/elements/.elements/debug.log"
+    echo
+  else
+    echo "# Installation failed"
+    echo "# See:"
+    echo "# sudo journalctl -fu elementsd"
+    exit 1
+  fi
+}
+
+# install
+if [ "$1" = "install" ]; then
+
+  installBinary
+
+  exit 0
+
+# switch on
+elif [ "$1" = "1" ] || [ "$1" = "on" ]; then
+  if [ ! -f /usr/local/bin/elementsd ] || [ ! -d /home/elements ]; then
+
+    installBinary
+
+  fi
+
+  installService
+
+  # setting value in raspiblitz.conf
+  /home/admin/config.scripts/blitz.conf.sh set elements "on"
+  exit 0
+
+# switch off
+elif [ "$1" = "0" ] || [ "$1" = "off" ]; then
+  echo "# Uninstall Elements"
+
+  removeService
+
+  sudo userdel -rf elements
+  # setting value in raspiblitz.conf
+  /home/admin/config.scripts/blitz.conf.sh set elements "off"
+  exit 0
+fi
+
+echo "# FAIL - Unknown Parameter $1"
+echo "# may need reboot to run"
+exit 1