#2691 detect locked c-lightning wallet from logs

2024-11-19 09:50:19 +01:00 · 2022-02-09 14:31:23 +00:00 · 2022-02-09 14:31:23 +00:00 · 3fd49e7331
commit 3fd49e7331
parent 9fadcda73e
3 changed files with 46 additions and 5 deletions
--- a/home.admin/_background.scan.sh
+++ b/home.admin/_background.scan.sh
@ -793,7 +793,7 @@ do
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_running "${ln_cl_running}"
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_ready "${ln_cl_ready}"
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_online "${ln_cl_online}"
-      /home/admin/_cache.sh set ln_cl_${CHAIN}net_locked "0"
+      /home/admin/_cache.sh set ln_cl_${CHAIN}net_locked "${ln_cl_locked}"
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_error_short "${ln_cl_error_short}"
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_error_full "${ln_cl_error_full}"
      if [ "${isDefaultLightning}" == "1" ] && [ "${isDefaultChain}" == "1" ]; then
@ -802,7 +802,7 @@ do
        /home/admin/_cache.sh set ln_default_running "${lc_running}"
        /home/admin/_cache.sh set ln_default_ready "${cl_ready}"
        /home/admin/_cache.sh set ln_default_online "${cl_online}"
-        /home/admin/_cache.sh set ln_default_locked "0"
+        /home/admin/_cache.sh set ln_default_locked "${ln_cl_locked}"
        /home/admin/_cache.sh set ln_default_error_short "${cl_error_short}"
        /home/admin/_cache.sh set ln_default_error_full "${cl_error_full}"
      fi
--- a/home.admin/config.scripts/cl.hsmtool.sh
+++ b/home.admin/config.scripts/cl.hsmtool.sh
@ -255,6 +255,7 @@ seedwords6x4='${seedwords6x4}'

  exit 0

+
 elif [ "$1" = "unlock" ]; then
  # check if unlocked
  attempt=0
@ -280,7 +281,7 @@ elif [ "$1" = "unlock" ]; then
        sudo systemctl restart ${netprefix}lightningd
        justUnlocked=1
      else
-        echo "# Waiting to unlock wallet (2) ... "
+        echo "# waiting to unlock wallet (2) ... "
        sleep 5
      fi

@ -314,18 +315,20 @@ elif [ "$1" = "unlock" ]; then
      echo
      exit 1
    fi
-    echo "# Waiting to unlock wallet ... "
+    echo "# waiting to unlock wallet ... $((attempt*5))"
    sleep 5
    attempt=$((attempt+1))
  done
  echo "# Ok the ${netprefix}lightningd wallet is unlocked"
  exit 0

+
 elif [ "$1" = "lock" ]; then
  shredPasswordFile
  sudo systemctl restart ${netprefix}lightningd
  exit 0

+
 elif [ "$1" = "encrypt" ]; then

   # check if sudo
@ -367,9 +370,11 @@ elif [ "$1" = "encrypt" ]; then
  walletPassword=$3
  encryptHSMsecret $walletPassword

+
 elif [ "$1" = "decrypt" ]; then
  decryptHSMsecret

+
 elif [ "$1" = "autounlock-on" ]; then
  if grep -Eq "${netprefix}clEncryptedHSM=on" /mnt/hdd/raspiblitz.conf;then
    echo "# Moving the password from $passwordFile to /home/bitcoin/.${netprefix}cl.pw"
@ -383,6 +388,7 @@ elif [ "$1" = "autounlock-on" ]; then

  echo "# Autounlock is on for C-lightning $CHAIN"

+
 elif [ "$1" = "autounlock-off" ]; then
  if [ -f /home/bitcoin/.${netprefix}cl.pw ];then
    sudo cp /home/bitcoin/.${netprefix}cl.pw /dev/shm/.${netprefix}cl.pw
@ -394,6 +400,7 @@ elif [ "$1" = "autounlock-off" ]; then
  /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clAutoUnlock "off"
  echo "# Autounlock is off for C-lightning $CHAIN"

+
 elif [ "$1" = "change-password" ]; then
  decryptHSMsecret || exit 1
  walletPassword=$3
@ -405,6 +412,7 @@ elif [ "$1" = "change-password" ]; then
  fi
  exit 0

+
 elif [ "$1" = "check" ]; then
  # TODO https://github.com/rootzoll/raspiblitz/issues/2897
  # dumponchaindescriptors <path/to/hsm_secret> [network]
--- a/home.admin/config.scripts/cl.monitor.sh
+++ b/home.admin/config.scripts/cl.monitor.sh
@ -48,10 +48,42 @@ if [ "$2" = "status" ]; then
  cl_running=$(systemctl status ${netprefix}lightningd 2>/dev/null | grep -c "active (running)")
  cl_ready="0"
  cl_online="0"
+  cl_locked="0"
  cl_error_short=""
  cl_error_full=""
+  
+  if [ "${cl_running}" = "0" ]; then
+    # check if error because wallet is locked
+    # the next release will have soecific error code for decryption  error
+    # https://github.com/ElementsProject/lightning/pull/4908
+    source /mnt/hdd/raspiblitz.conf
+    # password file is on the disk if encrypted and auto-unlock is enabled
+    passwordFile="/dev/shm/.${netprefix}cl.pw"
+    if grep -Eq "${netprefix}clEncryptedHSM=on" /mnt/hdd/raspiblitz.conf;then
+      if grep -Eq "${netprefix}clAutoUnlock=on" /mnt/hdd/raspiblitz.conf;then
+        passwordFile=/home/bitcoin/.${netprefix}cl.pw
+      fi
+    fi
+    clError=$(sudo journalctl -n5 -u ${netprefix}lightningd)
+ 
+    # cases from 'cl.hsmtool.sh unlock'
+    if \
+    [ "$(eval echo \$${netprefix}clEncryptedHSM)" = "on" ] && [ ! -f $passwordFile ] || \
+    [ $(echo "${clError}" | \
+     grep -c 'encrypted-hsm: Could not read pass from stdin.') -gt 0 ] || \
+    [ $(echo "${clError}" | \
+     grep -c 'hsm_secret is encrypted, you need to pass the --encrypted-hsm startup option.') -gt 0 ] || \
+    [ $(echo "${clError}" | \
+      grep -c 'Wrong password for encrypted hsm_secret.') -gt 0 ]; then
+    
+      # signal wallet locked
+      cl_locked="1"
+      # dont report it as error
+      cl_error_short=""
+      cl_error_full=""
+    fi

-  if [ "${cl_running}" != "0" ]; then
+  elif [ "${cl_running}" != "0" ]; then
    cl_running="1"

    # test connection - record win & fail info
@ -89,6 +121,7 @@ if [ "$2" = "status" ]; then
  echo "ln_cl_running='${cl_running}'"
  echo "ln_cl_ready='${cl_ready}'"
  echo "ln_cl_online='${cl_online}'"
+  echo "ln_cl_locked='${cl_locked}'"
  echo "ln_cl_error_short='${cl_error_short}'"
  echo "ln_cl_error_full='${cl_error_full}'"