From ff4d35b0387e2e342d040a9cc31a100ecd7f5dbd Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Wed, 21 Dec 2022 12:07:37 +0100 Subject: [PATCH 01/47] reduce arm64-rpi image size to 28G (#3557) --- ci/arm64-rpi/arm64-rpi.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/arm64-rpi/arm64-rpi.pkr.hcl b/ci/arm64-rpi/arm64-rpi.pkr.hcl index d183cbda8..8434474fd 100644 --- a/ci/arm64-rpi/arm64-rpi.pkr.hcl +++ b/ci/arm64-rpi/arm64-rpi.pkr.hcl @@ -27,7 +27,7 @@ source "arm" "raspiblitz-arm64-rpi" { type = "83" } image_path = "raspiblitz-arm64-rpi-${var.pack}.img" - image_size = "30G" + image_size = "28G" image_type = "dos" qemu_binary_destination_path = "/usr/bin/qemu-arm-static" qemu_binary_source_path = "/usr/bin/qemu-arm-static" From 4a2a33c081196dc8824297afc1b57ac7984056df Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 21 Dec 2022 14:50:52 +0100 Subject: [PATCH 02/47] Fix display settings recover for future lean build releases (#3558) * modify dev notes * display recover during lean-build --- FAQ.dev.md | 15 +++++++++-- build_sdcard.sh | 2 ++ home.admin/_bootstrap.sh | 8 ++++++ home.admin/config.scripts/blitz.display.sh | 30 +++++++++++++++++++--- 4 files changed, 49 insertions(+), 6 deletions(-) diff --git a/FAQ.dev.md b/FAQ.dev.md index 25ba53ca9..dbe805351 100644 --- a/FAQ.dev.md +++ b/FAQ.dev.md @@ -12,8 +12,7 @@ Work notes for the process of producing a new SD card image release: * From the browser `Show All Downloads` and from the context menu select `Open Containing Folder` * On that file manager open context (right click) on the white-space and select `Open in Terminal` * Compare the checksum with the one you just made note of, using `shasum -a 256 *.zip` -* Install curl if needed `sudo apt-get install -f curl net-tools` -* Check signature: `curl https://www.raspberrypi.org/raspberrypi_downloads.gpg.key | gpg --import && gpg --verify *.sig` +* Check signature: `wget https://www.raspberrypi.org/raspberrypi_downloads.gpg.key && gpg --import ./raspberrypi_downloads.gpg.key && gpg --verify *.sig` * The result should say "correct signature" and the fingerprint should end with `8738 CD6B 956F 460C` * Insert an NTFS formatted USB stick and use the file manager to move all files to the USB * If image is an ZIP file use in file manager context on NTFS USB stick `extract here` to unzip @@ -197,3 +196,15 @@ See article: https://tech.sycamore.garden/add-commit-push-contributor-branch-git Chery-picking patch PRs from dev to a release-branch like 'v1.8' (for example) is now a bit more complicated. Either an admin switches temorarly the branch protection "require a pull request before merging" setting off for the `git cherry-pick` OR we create a `p1.8` branch from `v1.8`, cherry-pick the squashed patch PR into that unprotected `p1.8` and then open a PR back to `v1.8`. But what we gain is that better branch protection and we can add more contributers to the project that are allowed to manage issues - like adding lables or closing. + +### How to run the automatic amd64 build on a VM on OSX? + +just notes so far: + +https://brew.sh +brew install qemu +https://github.com/rootzoll/raspiblitz/actions --> download amd64-lean image +double unzip until `qcow2` file +convert `qcow2` to `vdi: +qemu-img convert -f qcow2 raspiblitz-amd64-debian-lean.qcow2 -O vdi raspiblitz-amd64-debian-lean.vdi +https://www.virtualbox.org/wiki/Downloads diff --git a/build_sdcard.sh b/build_sdcard.sh index c704af40d..e9a47d599 100644 --- a/build_sdcard.sh +++ b/build_sdcard.sh @@ -856,6 +856,8 @@ echo -e "\nIMPORTANT IF WANT TO MAKE A RELEASE IMAGE FROM THIS BUILD:" echo "1. login fresh --> user:admin password:raspiblitz" echo -e "2. run --> release\n" +# make sure that at least the code is available (also if no internet) +sudo /home/admin/config.scripts/blitz.display.sh prepare-install # (do last - because might trigger reboot) if [ "${display}" != "headless" ] || [ "${baseimage}" = "raspios_arm64" ]; then echo "*** ADDITIONAL DISPLAY OPTIONS ***" diff --git a/home.admin/_bootstrap.sh b/home.admin/_bootstrap.sh index b33606603..053e16d12 100755 --- a/home.admin/_bootstrap.sh +++ b/home.admin/_bootstrap.sh @@ -898,6 +898,14 @@ if [ ${configWifiExists} -eq 1 ]; then cp /etc/wpa_supplicant/wpa_supplicant.conf /mnt/hdd/app-data/wpa_supplicant.conf fi +# always copy the latest display setting (maybe just in raspiblitz.info) to raspiblitz.conf +if [ "${displayClass}" != "" ]; then + /home/admin/config.scripts/blitz.conf.sh set displayClass ${displayClass} +fi +if [ "${displayType}" != "" ]; then + /home/admin/config.scripts/blitz.conf.sh set displayType ${displayType} +fi + # make sure users have latest credentials (if lnd is on) if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then echo "running LND users credentials update" >> $logFile diff --git a/home.admin/config.scripts/blitz.display.sh b/home.admin/config.scripts/blitz.display.sh index 16bcf7899..d97b21f8a 100755 --- a/home.admin/config.scripts/blitz.display.sh +++ b/home.admin/config.scripts/blitz.display.sh @@ -13,6 +13,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "# sudo blitz.display.sh rotate [on|off]" echo "# sudo blitz.display.sh test-lcd-connect" echo "# sudo blitz.display.sh set-display [hdmi|lcd|headless]" + echo "# sudo blitz.display.sh prepare-install" exit 1 fi @@ -196,6 +197,19 @@ if [ "${command}" == "test-lcd-connect" ]; then exit 0 fi +function prepareinstall() { + repoCloned=$(sudo -u admin ls /home/admin/wavesharelcd-64bit-rpi/README.md 2>/dev/null| grep -c README.md) + if [ ${repoCloned} -lt 1 ]; then + echo "# clone/download https://github.com/tux1c/wavesharelcd-64bit-rpi.git" + cd /home/admin/ + sudo -u admin git clone https://github.com/tux1c/wavesharelcd-64bit-rpi.git + sudo -u admin chmod -R 755 wavesharelcd-64bit-rpi + sudo -u admin chown -R admin:admin wavesharelcd-64bit-rpi + else + echo "# LCD repo already cloned/downloaded (${repoCloned})" + fi +} + ####################################### # DISPLAY TYPED INSTALLS & UN-INSTALLS # HDMI is the default - every added @@ -231,10 +245,7 @@ function install_lcd() { sudo apt-mark hold raspberrypi-bootloader # Downloading LCD Driver from Github - cd /home/admin/ - sudo -u admin git clone https://github.com/tux1c/wavesharelcd-64bit-rpi.git - sudo -u admin chmod -R 755 wavesharelcd-64bit-rpi - sudo -u admin chown -R admin:admin wavesharelcd-64bit-rpi + prepareinstall cd /home/admin/wavesharelcd-64bit-rpi sudo -u admin git reset --hard 5a206a7 || exit 1 sudo -u admin /home/admin/config.scripts/blitz.git-verify.sh \ @@ -404,6 +415,17 @@ function uninstall_headless() { fi } +################### +# PREPARE INSTALL +# make sure github +# repo is installed +################### + +if [ "${command}" == "prepare-install" ]; then + prepareinstall + exit 0 +fi + ################### # SET DISPLAY TYPE ################### From 8ce103f889af0049cf7a45f29d1df2bd765fccd0 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 21 Dec 2022 17:34:38 +0100 Subject: [PATCH 03/47] prevent checkout hook (#3560) * modify dev notes * display recover during lean-build * prevent hooks * prevent hook --- alternative.platforms/display.alternatives.sh | 4 ++-- home.admin/config.scripts/blitz.display.sh | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) mode change 100755 => 100644 home.admin/config.scripts/blitz.display.sh diff --git a/alternative.platforms/display.alternatives.sh b/alternative.platforms/display.alternatives.sh index 337773523..d27a16411 100644 --- a/alternative.platforms/display.alternatives.sh +++ b/alternative.platforms/display.alternatives.sh @@ -55,7 +55,7 @@ if [ "${CHOICE}" = "GPIO" ]; then sudo apt-mark hold raspberrypi-bootloader sudo ./LCD35-show else - sudo rm -rf /etc/X11/xorg.conf.d/40-libinput.conf + sudo rm -rf /etc/X11/xorg.conf.d/40-libinput.conf 2>/dev/null sudo mkdir /etc/X11/xorg.conf.d sudo cp ./usr/tft35a-overlay.dtb /boot/overlays/ sudo cp ./usr/tft35a-overlay.dtb /boot/overlays/tft35a.dtbo @@ -79,7 +79,7 @@ elif [ "${CHOICE}" = "HDMI" ]; then sudo chmod -R 755 LCD-show cd LCD-show/ #sudo ./MPI3508-show - sudo rm -rf /etc/X11/xorg.conf.d/40-libinput.conf + sudo rm -rf /etc/X11/xorg.conf.d/40-libinput.conf 2>/dev/null if [ "${baseimage}" != "dietpi" ]; then sudo cp -rf ./boot/config-35-480X320.txt /boot/config.txt diff --git a/home.admin/config.scripts/blitz.display.sh b/home.admin/config.scripts/blitz.display.sh old mode 100755 new mode 100644 index d97b21f8a..268ba455d --- a/home.admin/config.scripts/blitz.display.sh +++ b/home.admin/config.scripts/blitz.display.sh @@ -138,9 +138,9 @@ if [ "${command}" == "rotate" ]; then # change rotation config echo "# Turn ON: LCD ROTATE" sed -i "s/^dtoverlay=.*/dtoverlay=waveshare35a:rotate=90/g" /boot/config.txt - rm /etc/X11/xorg.conf.d/40-libinput.conf >/dev/null + rm /etc/X11/xorg.conf.d/40-libinput.conf 2>/dev/null - /home/admin/config.scripts/blitz.conf.sh set lcdrotate 1 + /home/admin/config.scripts/blitz.conf.sh set lcdrotate 1 2>/dev/null echo "# OK - a restart is needed: sudo shutdown -r now" # TURN ROTATE OFF @@ -165,7 +165,7 @@ EOF fi # update raspiblitz conf - /home/admin/config.scripts/blitz.conf.sh set lcdrotate 0 + /home/admin/config.scripts/blitz.conf.sh set lcdrotate 0 2>/dev/null echo "OK - a restart is needed: sudo shutdown -r now" else @@ -202,7 +202,7 @@ function prepareinstall() { if [ ${repoCloned} -lt 1 ]; then echo "# clone/download https://github.com/tux1c/wavesharelcd-64bit-rpi.git" cd /home/admin/ - sudo -u admin git clone https://github.com/tux1c/wavesharelcd-64bit-rpi.git + sudo -u admin git clone --no-checkout https://github.com/tux1c/wavesharelcd-64bit-rpi.git sudo -u admin chmod -R 755 wavesharelcd-64bit-rpi sudo -u admin chown -R admin:admin wavesharelcd-64bit-rpi else @@ -247,6 +247,7 @@ function install_lcd() { # Downloading LCD Driver from Github prepareinstall cd /home/admin/wavesharelcd-64bit-rpi + sudo -u admin git checkout master sudo -u admin git reset --hard 5a206a7 || exit 1 sudo -u admin /home/admin/config.scripts/blitz.git-verify.sh \ 'GitHub' 'https://github.com/web-flow.gpg' '4AEE18F83AFDEB23' || exit 1 @@ -480,7 +481,7 @@ if [ "${command}" == "set-display" ]; then fi # mark new display class in config (if exist) - /home/admin/config.scripts/blitz.conf.sh set displayClass ${paramDisplayClass} + /home/admin/config.scripts/blitz.conf.sh set displayClass ${paramDisplayClass} 2>/dev/null sed -i "s/^displayClass=.*/displayClass=${paramDisplayClass}/g" /home/admin/raspiblitz.info exit 0 From d8dbf4d835530d8db29b4b33ba28eaa920834ce2 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 21 Dec 2022 18:18:09 +0100 Subject: [PATCH 04/47] fix version file (#3561) --- home.admin/_version.info | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home.admin/_version.info b/home.admin/_version.info index 04a6a2616..c818fb0f7 100644 --- a/home.admin/_version.info +++ b/home.admin/_version.info @@ -1,2 +1,3 @@ # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1') -codeVersion="1.9.0rc1" \ No newline at end of file +codeVersion="1.9.0rc1" +# keep last line with comment \ No newline at end of file From 6b8882b77325ee3d2c85c4c1cc8eabad4dc7effb Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 21 Dec 2022 18:46:49 +0100 Subject: [PATCH 05/47] prepare rc2 (#3564) --- home.admin/_version.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/_version.info b/home.admin/_version.info index c818fb0f7..477181820 100644 --- a/home.admin/_version.info +++ b/home.admin/_version.info @@ -1,3 +1,3 @@ # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1') -codeVersion="1.9.0rc1" +codeVersion="1.9.0rc2" # keep last line with comment \ No newline at end of file From a382f2b80364d256d08857aacf0db0c2532382c3 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Thu, 22 Dec 2022 00:38:44 +0100 Subject: [PATCH 06/47] fix web api/ui installs (#3567) * add export build parameter * Install WebAPI with build_sdcard.sh defaults * change use of build_sdcard * make webui work with DEFAULTS * use web data * update docs --- FAQ.dev.md | 15 ++++-- README.md | 57 +++++++++++----------- build_sdcard.sh | 18 ++++++- home.admin/_bootstrap.sh | 6 +++ home.admin/_provision_.sh | 4 +- home.admin/_version.info | 2 +- home.admin/config.scripts/blitz.web.api.sh | 30 +++++++++--- home.admin/config.scripts/blitz.web.ui.sh | 30 +++++++++--- 8 files changed, 113 insertions(+), 49 deletions(-) diff --git a/FAQ.dev.md b/FAQ.dev.md index dbe805351..c0b1d8362 100644 --- a/FAQ.dev.md +++ b/FAQ.dev.md @@ -28,7 +28,8 @@ Work notes for the process of producing a new SD card image release: * In terminal `ssh pi@[IP-OF-RASPIBLITZ]` * Password is `raspberry` * Run the following command BUT REPLACE `[BRANCH]` with the branch-string of your latest version -* `wget --no-cache https://raw.githubusercontent.com/rootzoll/raspiblitz/[BRANCH]/build_sdcard.sh && sudo bash build_sdcard.sh -u rootzoll -b [BRANCH]` +* For FATPACK: `wget --no-cache https://raw.githubusercontent.com/rootzoll/raspiblitz/[BRANCH]/build_sdcard.sh && sudo bash build_sdcard.sh -u rootzoll -b [BRANCH]` +* For MINIMAL: `wget --no-cache https://raw.githubusercontent.com/rootzoll/raspiblitz/[BRANCH]/build_sdcard.sh && sudo bash build_sdcard.sh -u rootzoll -b [BRANCH] -f 0 -d headless` * Monitor/Check outputs for warnings/errors - install LCD * Login new with `ssh admin@[IP-OF-RASPIBLITZ]` (pw: raspiblitz) and run `release` * Disconnect WiFi/LAN on build laptop (hardware switch off) and shutdown @@ -43,11 +44,17 @@ Work notes for the process of producing a new SD card image release: * Take the SD card from the RaspberryPi and connect with an external SD card reader to the laptop * Click on `boot` volume once in the file manger * Connect the NTFS USB stick, open in file manager and delete old files + +* if not: review changes in latest pishrink script +* To make a raw image from sd card - first way (terminal): + * Open Terminal and cd into directory of NTFS USB stick under `/media/amnesia` + * Run `df` to check on the SD card device name (`boot` - ignore last partition number) + * `dd if=/dev/[sdcarddevice] of=./raspiblitz.img` +* To make a raw image from sd card - second way (UI with progress): + * Search "Laufwerke" or "Drives" on Tails Apps + * Create image named `raspiblitz.img` to USB storage * Open Terminal and cd into directory of NTFS USB stick under `/media/amnesia` * `shasum -a 256 ./pishrink.sh` should be `e46e1e1e3c6e3555f9fff5435e2305e99b98aaa8dc28db1814cf861fbb472a69` -* if not: review changes in latest pishrink script -* Run `df` to check on the SD card device name (`boot` - ignore last partition number) -* `dd if=/dev/[sdcarddevice] of=./raspiblitz.img` * `chmod +x ./pishrink.sh | sudo ./pishrink.sh ./raspiblitz.img` * `gzip -c ./raspiblitz.img > ./raspiblitz-vX.X-YEAR-MONTH-DAY.img.gz` * Then run `shasum -a 256 *.gz > sha256.txt` diff --git a/README.md b/README.md index a63f144ae..5c09d90fc 100644 --- a/README.md +++ b/README.md @@ -253,36 +253,39 @@ In the end your RaspiBlitz should look like this: ## Downloading the Software -| Method | Install the image | Build the sd card | -| ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | -| Philosophy | Trust | Sovereignty | -| Difficulty level | Easy | Medium | -| Pros | Make Blitz accessible to everyone | You don't need to trust us, build from your own forked repository | -| Instructions | [Download 1.9.0rc1 image]() and [Flash the sd card](README.md#write-the-sd-card-image-to-your-sd-card) | [Build your own sd card image](#build-the-sd-card-image) | -| Verify what? | [Signature file]() and [verify the Sig](FAQ.md#how-to-verify-the-sd-card-image-after-download) OR SHA-256 (below) | All of the code, don't trust, verify | +You now have the hardware ready for your RaspiBlitz - whats missing is the software to run. This is normally done by downloading an image file and then writing it (flashing it) to the sd card. This is a bigger file (multiple GigaBytes) so make sure to have the available storage space on your laptop. -If downloading the maintainer SD card image: - -- GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA -- SHA-256: - -Which verification method should I used: Hash or Signature? - -- Signed file prove to you that the SD card image was actually built by the lead developer of the RaspiBlitz project. (Safest) -- Hash function checks file integrity. (Secure) - - +If you are a very advanded user who is able to read/verify code or you like to run a self-modified/forked version of RaspiBlitz you can also build the sd card image yourself - see the [Build your own sd card image](#build-the-sd-card-image) section for this. Everybody else can choose from two ready-made sd card images below. Useful info: - [What's new in Version 1.9.0 of RaspiBlitz?](CHANGES.md#whats-new-in-version-190-of-raspiblitz) - [How to update my RaspiBlitz?](README.md#updating-raspiblitz-to-new-version) - [How to migrate to RaspiBlitz from Umbrel/myNode/Citadel](#make-a-raspiblitz-out-of-your-umbrel-citadel-or-mynode) -- [How to verify the SD card image after download?](FAQ.md#how-to-verify-the-sd-card-image-after-download) + +### Download FATPACK Image (Beginners - WebUI) + +This is the sd card image you should choose if your at the beginning of your RaspiBlitz journey or you are a casual node runner wanna download the next update - with WebUI & fast installing bonus apps. Its totally fine :) + +- FATPACK SD CARD IMAGE: n/a +- SHA-256: n/a +- Signature-File: n/a +- Torrent: n/a +- GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA + +[How to verify the SD card image after download?](FAQ.md#how-to-verify-the-sd-card-image-after-download) + +### Download MINIMAL Image (Experienced Users - SSH) + +This is the sd card image for RaspiBlitz users that are already more experienced and want to use just a limited set of features of the RaspiBlitz. This image has just the bare minimum of features pre-installed - LCD & HDMI output is off by default. Setup, Update or Recovery needs to be done thru SSH login - API & WebUI are later available but are not preinstalled/activated by default. The RaspiBlitz will download & compile just the tools that are in your ´raspiblitz.conf´ - this will take longer but as a tradeoff this RaspiBlitz then just runs with a reduced set of dependencies and so a minimalized attack vector and better performance. Its for the serious & experineced node runners. + +- MINIMAL SD CARD IMAGE: n/a +- SHA-256: n/a +- Signature-File: n/a +- Torrent: n/a +- GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA + +[How to verify the SD card image after download?](FAQ.md#how-to-verify-the-sd-card-image-after-download) ## Write the SD-Card image to your SD Card @@ -676,7 +679,7 @@ It will enable 4 touch buttons on the left hand side of the screen. - Invoice - creates an Invoice-QR code that can be used for payments - Off - Shutdown or Restart the RaspiBlitz -Please mind that the touchscreen is still experimental and with recent changes is missing certain UI fixes. This might take still until v1.8.1 release where the touchscreen is planned for a refactor/rewrite. +Please mind that the touchscreen is still experimental and with recent changes is missing certain UI fixes. This might take still until a later version where the touchscreen is planned for a refactor/rewrite. ##### LCD Rotate @@ -1280,10 +1283,6 @@ Another kind of migration is when you already run a full node with the Umbrel, C You basically have all the hardware needed and just need to change software. You don't need the [LCD from the shopping list](#amazon-shopping-list-buy-parts--build-it-yourself) - RaspiBlitz can also run without an LCD. -_NOTE: This migration is still experimental. -You will still use the terminal to setup & manage your RaspiBlitz. -If that is too technical for you please wait for the RaspiBlitz v1.8, which will introduce a WebUI for your browser that will make the migration to RaspiBlitz more familiar to your old node user experience._ - Before you start migration: - if you have on-chain funds on your old node - make sure to have the backup seed words @@ -1449,7 +1448,7 @@ But if you want to build that image yourself - here is a quick guide: Now you are ready to start the SD card build script (check the code to see if the installation and config are OK for you). Copy the following command into your terminal and execute: -`wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.8/build_sdcard.sh && sudo bash build_sdcard.sh` +`wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.9/build_sdcard.sh && sudo bash build_sdcard.sh` As you can see from the URL, you can find the build script in this Git repo under `build_sdcard.sh`. diff --git a/build_sdcard.sh b/build_sdcard.sh index e9a47d599..837a74e57 100644 --- a/build_sdcard.sh +++ b/build_sdcard.sh @@ -10,7 +10,7 @@ ########################################################################## defaultRepo="rootzoll" -defaultBranch="v1.8" +defaultBranch="v1.9" defaultAPIuser="fusion44" defaultAPIrepo="blitz_api" @@ -28,6 +28,7 @@ usage(){ printf %s"${me} [--option ] Options: + -EXPORT just print build parameters & exit' -h, --help this help info -i, --interaction [0|1] interaction before proceeding with exection (default: 1) -f, --fatpack [0|1] fatpack mode (default: 1) @@ -47,6 +48,21 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then usage fi +if [ "$1" = "-EXPORT" ] || [ "$1" = "EXPORT" ]; then + cd /home/admin/raspiblitz 2>/dev/null + activeBranch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null) + if [ "${activeBranch}" == "" ]; then + activeBranch="${defaultBranch}" + fi + echo "githubUser='${defaultRepo}'" + echo "githubBranch='${activeBranch}'" + echo "defaultAPIuser='${defaultAPIuser}'" + echo "defaultAPIrepo='${defaultAPIrepo}'" + echo "defaultWEBUIuser='${defaultWEBUIuser}'" + echo "defaultWEBUIrepo='${defaultWEBUIrepo}'" + exit 0 +fi + ## default user message error_msg(){ printf %s"${red}${me}: ${1}${nocolor}\n"; exit 1; } diff --git a/home.admin/_bootstrap.sh b/home.admin/_bootstrap.sh index 053e16d12..a822a46dc 100755 --- a/home.admin/_bootstrap.sh +++ b/home.admin/_bootstrap.sh @@ -906,6 +906,12 @@ if [ "${displayType}" != "" ]; then /home/admin/config.scripts/blitz.conf.sh set displayType ${displayType} fi +# correct blitzapi config value +blitzApiRunning=$(ls /etc/systemd/system/blitzapi.service 2>/dev/null | grep -c "blitzapi.service") +if [ "${blitzapi}" == "" ] && [ ${blitzApiRunning} -eq 1 ]; then + /home/admin/config.scripts/blitz.conf.sh set blitzapi "on" +fi + # make sure users have latest credentials (if lnd is on) if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then echo "running LND users credentials update" >> $logFile diff --git a/home.admin/_provision_.sh b/home.admin/_provision_.sh index 35b54868c..c4aff3531 100755 --- a/home.admin/_provision_.sh +++ b/home.admin/_provision_.sh @@ -360,8 +360,8 @@ blitzApiInstalled=$(systemctl status blitzapi | grep -c "loaded") if [ "${blitzapi}" == "on" ] && [ $blitzApiInstalled -eq 0 ]; then echo "Provisioning BlitzAPI - run config script" >> ${logFile} /home/admin/_cache.sh set message "Setup BlitzAPI (takes time)" - /home/admin/config.scripts/blitz.web.api.sh on >> ${logFile} 2>&1 - /home/admin/config.scripts/blitz.web.ui.sh on >> ${logFile} 2>&1 + /home/admin/config.scripts/blitz.web.api.sh on DEFAULT >> ${logFile} 2>&1 + /home/admin/config.scripts/blitz.web.ui.sh on DEFAULT >> ${logFile} 2>&1 else echo "Provisioning BlitzAPI - keep default" >> ${logFile} fi diff --git a/home.admin/_version.info b/home.admin/_version.info index 477181820..c818fb0f7 100644 --- a/home.admin/_version.info +++ b/home.admin/_version.info @@ -1,3 +1,3 @@ # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1') -codeVersion="1.9.0rc2" +codeVersion="1.9.0rc1" # keep last line with comment \ No newline at end of file diff --git a/home.admin/config.scripts/blitz.web.api.sh b/home.admin/config.scripts/blitz.web.api.sh index 04d53e60b..ed7f5bc27 100644 --- a/home.admin/config.scripts/blitz.web.api.sh +++ b/home.admin/config.scripts/blitz.web.api.sh @@ -12,7 +12,8 @@ FALLACK_BRANCH="dev" # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then echo "Manage RaspiBlitz Web API" - echo "blitz.web.api.sh on [?GITHUBUSER] [?REPO] [?BRANCH] [?COMMITORTAG]" + echo "blitz.web.api.sh on [GITHUBUSER] [REPO] [BRANCH] [?COMMITORTAG]" + echo "blitz.web.api.sh on DEFAULT" echo "blitz.web.api.sh update-config" echo "blitz.web.api.sh update-code [?BRANCH]" echo "blitz.web.api.sh off" @@ -141,23 +142,40 @@ fi ################### if [ "$1" = "1" ] || [ "$1" = "on" ]; then - # get parameters - GITHUB_USER=$2 + if [ "$2" == "DEFAULT" ]; then + echo "# getting default user/repo from build_sdcard.sh" + sudo cp /home/admin/raspiblitz/build_sdcard.sh /home/admin/build_sdcard.sh + sudo chmod +x /home/admin/build_sdcard.sh 2>/dev/null + source <(sudo /home/admin/build_sdcard.sh -EXPORT) + GITHUB_USER="${defaultAPIuser}" + GITHUB_REPO="${defaultAPIrepo}" + GITHUB_BRANCH="${githubBranch}" + GITHUB_COMMITORTAG="" + else + # get parameters + GITHUB_USER=$2 + GITHUB_REPO=$3 + GITHUB_BRANCH=$4 + GITHUB_COMMITORTAG=$5 + fi + + # check & output info + echo "# GITHUB_USER(${GITHUB_USER})" if [ "${GITHUB_USER}" == "" ]; then echo "# FAIL: No GITHUB_USER provided" exit 1 fi - GITHUB_REPO=$3 + echo "GITHUB_REPO(${GITHUB_REPO})" if [ "${GITHUB_REPO}" == "" ]; then echo "# FAIL: No GITHUB_REPO provided" exit 1 fi - GITHUB_BRANCH=$4 + echo "GITHUB_BRANCH(${GITHUB_BRANCH})" if [ "${GITHUB_BRANCH}" == "" ]; then echo "# FAIL: No GITHUB_BRANCH provided" exit 1 fi - GITHUB_COMMITORTAG=$5 + echo "GITHUB_COMMITORTAG(${GITHUB_COMMITORTAG})" if [ "${GITHUB_COMMITORTAG}" == "" ]; then echo "# INFO: No GITHUB_COMMITORTAG provided .. will use latest code on branch" fi diff --git a/home.admin/config.scripts/blitz.web.ui.sh b/home.admin/config.scripts/blitz.web.ui.sh index e3bb571ba..65b392812 100755 --- a/home.admin/config.scripts/blitz.web.ui.sh +++ b/home.admin/config.scripts/blitz.web.ui.sh @@ -9,7 +9,8 @@ FALLACK_BRANCH="master" # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then echo "Manage RaspiBlitz WebUI" - echo "blitz.web.ui.sh on [?GITHUBUSER] [?REPO] [?BRANCH] [?COMMITORTAG]" + echo "blitz.web.ui.sh on [GITHUBUSER] [REPO] [BRANCH] [?COMMITORTAG]" + echo "blitz.web.ui.sh on DEFAULT" echo "blitz.web.ui.sh update" echo "blitz.web.ui.sh off" exit 0 @@ -26,23 +27,40 @@ fi ################### if [ "$1" = "1" ] || [ "$1" = "on" ]; then - # get parameters - GITHUB_USER=$2 + if [ "$2" == "DEFAULT" ]; then + echo "# getting default user/repo from build_sdcard.sh" + sudo cp /home/admin/raspiblitz/build_sdcard.sh /home/admin/build_sdcard.sh + sudo chmod +x /home/admin/build_sdcard.sh 2>/dev/null + source <(sudo /home/admin/build_sdcard.sh -EXPORT) + GITHUB_USER="${defaultWEBUIuser}" + GITHUB_REPO="${defaultWEBUIrepo}" + GITHUB_BRANCH="${githubBranch}" + GITHUB_COMMITORTAG="" + else + # get parameters + GITHUB_USER=$2 + GITHUB_REPO=$3 + GITHUB_BRANCH=$4 + GITHUB_COMMITORTAG=$5 + fi + + # check & output info + echo "# GITHUB_USER(${GITHUB_USER})" if [ "${GITHUB_USER}" == "" ]; then echo "# FAIL: No GITHUB_USER provided" exit 1 fi - GITHUB_REPO=$3 + echo "GITHUB_REPO(${GITHUB_REPO})" if [ "${GITHUB_REPO}" == "" ]; then echo "# FAIL: No GITHUB_REPO provided" exit 1 fi - GITHUB_BRANCH=$4 + echo "GITHUB_BRANCH(${GITHUB_BRANCH})" if [ "${GITHUB_BRANCH}" == "" ]; then echo "# FAIL: No GITHUB_BRANCH provided" exit 1 fi - GITHUB_COMMITORTAG=$5 + echo "GITHUB_COMMITORTAG(${GITHUB_COMMITORTAG})" if [ "${GITHUB_COMMITORTAG}" == "" ]; then echo "# INFO: No GITHUB_COMMITORTAG provided .. will use latest code on branch" fi From 1a7bf29bd5c1b89c51a5ec9553db0466ceeb1205 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Thu, 22 Dec 2022 15:11:41 +0100 Subject: [PATCH 07/47] Prepare v1.9.0rc1 (#3568) * add export build parameter * Install WebAPI with build_sdcard.sh defaults * change use of build_sdcard * make webui work with DEFAULTS * use web data * update docs * v1.9.0rc1 download links --- README.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5c09d90fc..90b36ae25 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # ![RaspiBlitz](pictures/raspilogo_tile_400px.png) -_Build your own Lightning & Bitcoin Fullnode on a RaspberryPi with a nice Display._ +_Build your own Lightning & Bitcoin Fullnode on a RaspberryPi with an optional Display._ `Version 1.9.0RC1 with bitcoin 24.0.1, lnd 0.15.5 & Core Lightning 22.11.1` ([api](https://github.com/fusion44/blitz_api)|[web](https://github.com/cstenglein/raspiblitz-web)) @@ -267,8 +267,10 @@ Useful info: This is the sd card image you should choose if your at the beginning of your RaspiBlitz journey or you are a casual node runner wanna download the next update - with WebUI & fast installing bonus apps. Its totally fine :) -- FATPACK SD CARD IMAGE: n/a -- SHA-256: n/a +__WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION - JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!__ + +- FATPACK SD CARD IMAGE: n/a [raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz) +- SHA-256: 76bd41a8c69fe44ea642a171ba36c63bc217cfad28eaa501c0ff2823b59bb628 - Signature-File: n/a - Torrent: n/a - GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA @@ -279,8 +281,10 @@ This is the sd card image you should choose if your at the beginning of your Ras This is the sd card image for RaspiBlitz users that are already more experienced and want to use just a limited set of features of the RaspiBlitz. This image has just the bare minimum of features pre-installed - LCD & HDMI output is off by default. Setup, Update or Recovery needs to be done thru SSH login - API & WebUI are later available but are not preinstalled/activated by default. The RaspiBlitz will download & compile just the tools that are in your ´raspiblitz.conf´ - this will take longer but as a tradeoff this RaspiBlitz then just runs with a reduced set of dependencies and so a minimalized attack vector and better performance. Its for the serious & experineced node runners. -- MINIMAL SD CARD IMAGE: n/a -- SHA-256: n/a +__WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION - JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!__ + +- MINIMAL SD CARD IMAGE: n/a [raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz) +- SHA-256: a5e14858a8a5976009bdc198f868f898185cbd9cebde72d077d5ffbf64bb817f - Signature-File: n/a - Torrent: n/a - GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA From 615b6b200bbcc801d132bd7252273ed6f872229a Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Thu, 22 Dec 2022 15:14:52 +0100 Subject: [PATCH 08/47] Prepare v1.9.0rc1 (#3569) * add export build parameter * Install WebAPI with build_sdcard.sh defaults * change use of build_sdcard * make webui work with DEFAULTS * use web data * update docs * v1.9.0rc1 download links * remove n/a --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 90b36ae25..bce99f184 100644 --- a/README.md +++ b/README.md @@ -269,7 +269,7 @@ This is the sd card image you should choose if your at the beginning of your Ras __WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION - JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!__ -- FATPACK SD CARD IMAGE: n/a [raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz) +- FATPACK SD CARD IMAGE: [raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz) - SHA-256: 76bd41a8c69fe44ea642a171ba36c63bc217cfad28eaa501c0ff2823b59bb628 - Signature-File: n/a - Torrent: n/a @@ -283,7 +283,7 @@ This is the sd card image for RaspiBlitz users that are already more experienced __WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION - JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!__ -- MINIMAL SD CARD IMAGE: n/a [raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz) +- MINIMAL SD CARD IMAGE: [raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz) - SHA-256: a5e14858a8a5976009bdc198f868f898185cbd9cebde72d077d5ffbf64bb817f - Signature-File: n/a - Torrent: n/a From 588b5d3b6c9782847098ce46557b81c039de3dea Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Fri, 23 Dec 2022 16:33:37 +0100 Subject: [PATCH 09/47] Prepare v1.9.0rc1 (#3571) * add export build parameter * Install WebAPI with build_sdcard.sh defaults * change use of build_sdcard * make webui work with DEFAULTS * use web data * update docs * v1.9.0rc1 download links * remove n/a * better structure download section * DISCLAIMER SECTION ADDED * Update SECURITY section * security link --- CHANGES.md | 1 + README.md | 68 +++++++++++++++++++++++++++-------------------------- SECURITY.md | 7 ++++-- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 73ed899d4..438d3dc6d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -3,6 +3,7 @@ ## What's new in Version 1.9.0 of RaspiBlitz? - New: Automated disk image build for amd64 (VM, laptop, desktop, server) and arm64-rpi (Raspberry Pi) [details](https://github.com/rootzoll/raspiblitz/tree/dev/ci/README.md) +- New: Fatpack & Minimal sd card builds [details](SECURITY.md#minimal-sd-card-build) - New: CLN Watchtower (The Eye of Satoshi) [details](https://github.com/talaia-labs/rust-teos/tree/master/watchtower-plugin) - New: LNDg v1.4.0 [details](https://github.com/cryptosharks131/lndg) - New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087) diff --git a/README.md b/README.md index efc5b7fe2..59346d880 100644 --- a/README.md +++ b/README.md @@ -86,9 +86,11 @@ You can connect the following Wallet-Apps to your RaspiBlitz (thru SSH menu): Also many more features like Touchscreen, Channels Autopilot, Backup, DynDNS, SSH-Tunneling, UPS Support, ... -## DeepDive Video (July 2020) +## SECURITY DISCLAIMER -[![Video Tutorial](pictures/raspiblitz-deepdive.png)](https://www.youtube.com/watch?v=QXUGg45CWLo) +This is Open-Source Software licensed under the [MIT License](LICENSE). This license explicitly excludes the authors & publishers from any legal liabilities including funds you manage with this software. Its use at your own risk - see [LICENSE](LICENSE) legal text for details. + +Also the RaspiBlitz offers lots of additional apps for install. With every additional app installed (or preinstalled in a fatpack sd card image) you are trusting also the authors & dependencies of those additional projects with the security of your system & funds (different legal licensed may apply also). To reduce preinstalled apps & features from the start we provide a minimal sd card image for more advanced users (see download section below). For more details on this topic see our [SECURITY](SECURITY.md) documentation. ## Time Estimate to Set Up a RaspiBlitz @@ -150,46 +152,46 @@ In the end your RaspiBlitz should look like this: ![HardwareSetup](pictures/hardwaresetup.webp) +You now have the hardware ready for your RaspiBlitz - whats missing is the software to run. This is normally done by downloading an image file and then writing it (flashing it) to the sd card. This is a bigger file (multiple GigaBytes) so make sure to have the available storage space on your laptop. If you are a very advanded user who is able to read/verify code or you like to run a self-modified/forked version of RaspiBlitz you can also build the sd card image yourself - see the [Build your own sd card image](#build-the-sd-card-image) section for this. + ## Downloading the Software -You now have the hardware ready for your RaspiBlitz - whats missing is the software to run. This is normally done by downloading an image file and then writing it (flashing it) to the sd card. This is a bigger file (multiple GigaBytes) so make sure to have the available storage space on your laptop. +In this section you find the lastest ready-to-use RaspiBlitz sd card images. Basically you just download, write/flash the image file to an sd card and start your RaspberryPi with it - its the same for first install or updating to a newer version. You can choose from two ready-made sd card images below: -If you are a very advanded user who is able to read/verify code or you like to run a self-modified/forked version of RaspiBlitz you can also build the sd card image yourself - see the [Build your own sd card image](#build-the-sd-card-image) section for this. Everybody else can choose from two ready-made sd card images below. +### FATPACK SD Card Image (Beginners - WebUI) -Useful info: +This is the sd card image you should choose if your at the beginning of your RaspiBlitz journey or you are a casual node runner wanna download the next update - with WebUI & fast installing bonus apps. + +*WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION
+JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!* + +- __FATPACK SD CARD IMAGE ⮕ [raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz)__ +- SHA-256: 76bd41a8c69fe44ea642a171ba36c63bc217cfad28eaa501c0ff2823b59bb628 +- GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA +- Signature-File: n/a +- Torrent: n/a +- [How to verify the SD card image after download?](FAQ.md#how-to-verify-the-sd-card-image-after-download) + +### MINIMAL SD Card Image (Experienced Users - SSH) + +This is the sd card image for RaspiBlitz users that are already more experienced and want to use just a limited set of features of the RaspiBlitz. This image has just the bare minimum of features pre-installed - LCD & HDMI output is off by default. Setup, Update or Recovery needs to be done thru SSH login - API & WebUI are later available but are not preinstalled/activated by default. The RaspiBlitz will download & compile just the tools that are in your ´raspiblitz.conf´ - this will take longer but as a tradeoff this RaspiBlitz then just runs with a reduced set of dependencies and so a minimalized attack vector and better performance. Its for the serious & experineced node runners. + +*WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION
+JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!* + +- __MINIMAL SD CARD IMAGE ⮕ [raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz)__ +- SHA-256: a5e14858a8a5976009bdc198f868f898185cbd9cebde72d077d5ffbf64bb817 +- GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA +- Signature-File: n/a +- Torrent: n/a +- [How to verify the SD card image after download?](FAQ.md#how-to-verify-the-sd-card-image-after-download) + +Further Info: - [What's new in Version 1.9.0 of RaspiBlitz?](CHANGES.md#whats-new-in-version-190-of-raspiblitz) - [How to update my RaspiBlitz?](README.md#updating-raspiblitz-to-new-version) - [How to migrate to RaspiBlitz from Umbrel/myNode/Citadel](#make-a-raspiblitz-out-of-your-umbrel-citadel-or-mynode) -### Download FATPACK Image (Beginners - WebUI) - -This is the sd card image you should choose if your at the beginning of your RaspiBlitz journey or you are a casual node runner wanna download the next update - with WebUI & fast installing bonus apps. Its totally fine :) - -__WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION - JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!__ - -- FATPACK SD CARD IMAGE: [raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-fat-v1.9.0rc1-2022-12-21.img.gz) -- SHA-256: 76bd41a8c69fe44ea642a171ba36c63bc217cfad28eaa501c0ff2823b59bb628 -- Signature-File: n/a -- Torrent: n/a -- GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA - -[How to verify the SD card image after download?](FAQ.md#how-to-verify-the-sd-card-image-after-download) - -### Download MINIMAL Image (Experienced Users - SSH) - -This is the sd card image for RaspiBlitz users that are already more experienced and want to use just a limited set of features of the RaspiBlitz. This image has just the bare minimum of features pre-installed - LCD & HDMI output is off by default. Setup, Update or Recovery needs to be done thru SSH login - API & WebUI are later available but are not preinstalled/activated by default. The RaspiBlitz will download & compile just the tools that are in your ´raspiblitz.conf´ - this will take longer but as a tradeoff this RaspiBlitz then just runs with a reduced set of dependencies and so a minimalized attack vector and better performance. Its for the serious & experineced node runners. - -__WARNING: THIS IS STILL A RELEASE CANDIDATE VERSION - JUST USE FOR TESTING, HIGHER RISK OF LOSING FUNDS!__ - -- MINIMAL SD CARD IMAGE: [raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz](https://raspiblitz.fulmo.org/images/raspiblitz-min-v1.9.0rc1-2022-12-21.img.gz) -- SHA-256: a5e14858a8a5976009bdc198f868f898185cbd9cebde72d077d5ffbf64bb817f -- Signature-File: n/a -- Torrent: n/a -- GPG 64-bit (main): 1C73 060C 7C17 6461 & (sub): AA9D D1B5 CC56 47DA - -[How to verify the SD card image after download?](FAQ.md#how-to-verify-the-sd-card-image-after-download) - ## Write the SD-Card image to your SD Card You need to write the downloaded SD card image (the img.gz-file) to your SD card (32GB minimum) - you can use the very easy tool Balena Etcher for this: . diff --git a/SECURITY.md b/SECURITY.md index 82cf378fb..9654138ee 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,10 +6,13 @@ Only use this software with funds you could afford to lose. Especially a lightni Just because the software is OpenSource does not mean its free of errors. Especially if you run additional apps, the RaspiBlitz team cannot review all the code of those external projects. -The software is provided "AS IS", without warranty of any kind. In no event shall the -authors or copyright holders be liable for any claim, damages or other +The software is provided "AS IS", without warranty of any kind. In no event shall the authors or copyright holders be liable for any claim, damages or other liability. [details on legal license](LICENSE.md) +## Minimal SD Card Build + +To improve the UX for beginners & casual users we decided to preinstall & activate lots of features like LCD, API & WebUI of RaspiBlitz from the beginning and even preinstall/compile a selection of additional apps in the default `fatpack` sd card image. This creates a bigger attack surface and more trusted dependencies on the security side. For more advanced users we also provide a `minimal` sd card image in the download section - which aims to install just the basics and every else will be just installed/compiled on-demand - this is recommended for users (especially on updates) that already know what features they want/need from their RaspiBlitz to run it with the reduced attack surface. To create a minimal sd card yourself run the `build_sdcard.sh` script with the options `-f 0` (fatpack off) & `-d headless` (to not preinstall external LCD drivers). + ## Supported Versions Updates are made only for the latest version. From 8156c90032ed6023cca51a7c5b1073784ded37aa Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Sat, 24 Dec 2022 19:51:43 +0100 Subject: [PATCH 10/47] joininbox update to v0.7.5 (#3576) fixes the port collusion between LND REST and the JM onion_serving_port --- home.admin/config.scripts/bonus.joinmarket.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/bonus.joinmarket.sh b/home.admin/config.scripts/bonus.joinmarket.sh index e93d26522..e15ee9d27 100755 --- a/home.admin/config.scripts/bonus.joinmarket.sh +++ b/home.admin/config.scripts/bonus.joinmarket.sh @@ -6,7 +6,7 @@ # https://github.com/openoms/joininbox # https://github.com/openoms/joininbox/tags -JBTAG="v0.7.4" # installs JoinMarket v0.9.8 +JBTAG="v0.7.5" # installs JoinMarket v0.9.8 # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then From 06472cb11e3c0bbf0a4089c5c13e676cce420a51 Mon Sep 17 00:00:00 2001 From: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com> Date: Thu, 12 Jan 2023 16:03:23 -0600 Subject: [PATCH 11/47] Update LNDg to latest version 1.5.0 (#3597) * Update bonus.lndg.sh * Update bonus.lndg.sh Fixes permissions on old /mnt/app-data/lndg folder/db if they are messed up prior to install * Update bonus.lndg.sh --- home.admin/config.scripts/bonus.lndg.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/bonus.lndg.sh b/home.admin/config.scripts/bonus.lndg.sh index 9d74d4ed6..f5ac042a7 100644 --- a/home.admin/config.scripts/bonus.lndg.sh +++ b/home.admin/config.scripts/bonus.lndg.sh @@ -1,7 +1,7 @@ #!/bin/bash # https://github.com/cryptosharks131/lndg -VERSION="1.4.0 " +VERSION="1.5.0 " # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then @@ -155,7 +155,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then if [ "$2" == "deletedatabase" ]; then # deleting old database and moving new database - echo "Deleting existing database and creating new one" + echo "Deleting existing database and creating new one" sudo rm -rf /mnt/hdd/app-data/lndg/data sudo cp -p -r /home/lndg/lndg/data /mnt/hdd/app-data/lndg/data sudo rm /home/lndg/lndg/data/db.sqlite3 @@ -166,8 +166,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # using existing database, so remove newly created database and link to existing one echo "Database already exists, using existing database" sudo rm /home/lndg/lndg/data/db.sqlite3 + sudo chown -R lndg:lndg /mnt/hdd/app-data/lndg + sudo chmod -R 755 /mnt/hdd/app-data/lndg + sudo chmod 644 /mnt/hdd/app-data/lndg/data/db.sqlite3 sudo -u lndg ln -sf /mnt/hdd/app-data/lndg/data/db.sqlite3 /home/lndg/lndg/data/db.sqlite3 - sudo -u lndg /home/lndg/lndg/.venv/bin/python manage.py migrate + sudo -u lndg /home/lndg/lndg/.venv/bin/python manage.py migrate fi else From 2ec84c30dba861655adc7c94ddbfede16e2e4f11 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Sun, 15 Jan 2023 21:51:08 +0100 Subject: [PATCH 12/47] #3605 refactor reindex script and add to repair menu (#3609) --- CHANGES.md | 3 +- home.admin/00raspiblitz.sh | 7 -- home.admin/98repairBlockchain.sh | 4 - home.admin/98repairMenu.sh | 17 ++- home.admin/config.scripts/network.reindex.sh | 116 ++++++------------- 5 files changed, 55 insertions(+), 92 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 438d3dc6d..2d075c4cf 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -11,7 +11,7 @@ - New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot) - New on WebUI: Jam (JoinMarket Web UI) v0.1.4 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.4) - Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md) -- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta +- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta) - Update: Core Lightning v22.11.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v22.11.1) - Update: Electrum Server in Rust (electrs) v0.9.10 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0910-nov-3-2022) - Update: Lightning Terminal v0.8.4-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.4-alpha) @@ -29,6 +29,7 @@ - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox) - Info: IP2Tor unavailable & deactivated in SSH menus [details](https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480) - Info: 32GB sdcard is now enforced (after being recommended since v1.5) +- Info: 'Reindex Blockchain' is not part of 'repair' menu ## What's new in Version 1.8.0c of RaspiBlitz? diff --git a/home.admin/00raspiblitz.sh b/home.admin/00raspiblitz.sh index 93017c664..ef28bd465 100755 --- a/home.admin/00raspiblitz.sh +++ b/home.admin/00raspiblitz.sh @@ -48,13 +48,6 @@ if [ "${copyInProgress}" = "1" ]; then exit fi -# special state: reindex was triggered -if [ "${state}" = "reindex" ]; then - echo "Re-Index in progress ... start monitoring:" - /home/admin/config.scripts/network.reindex.sh - exit -fi - # special state: copystation if [ "${state}" = "copystation" ]; then echo "Copy Station is Running ..." diff --git a/home.admin/98repairBlockchain.sh b/home.admin/98repairBlockchain.sh index f02e9cb89..414695b15 100755 --- a/home.admin/98repairBlockchain.sh +++ b/home.admin/98repairBlockchain.sh @@ -29,10 +29,6 @@ elif [ "${CHOICE}" = "RESYNC" ]; then echo "rebooting .. (please wait)" sudo /home/admin/config.scripts/blitz.shutdown.sh reboot -elif [ "${CHOICE}" = "REINDEX" ]; then - echo "Starting REINDEX ..." - sudo /home/admin/config.scripts/network.reindex.sh - elif [ "${CHOICE}" = "BACKUP" ]; then /home/admin/config.scripts/lnd.compact.sh interactive sudo /home/admin/config.scripts/lnd.backup.sh lnd-export-gui diff --git a/home.admin/98repairMenu.sh b/home.admin/98repairMenu.sh index 1a8c78bcb..af202a29c 100755 --- a/home.admin/98repairMenu.sh +++ b/home.admin/98repairMenu.sh @@ -76,11 +76,12 @@ if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then fi OPTIONS+=(MIGRATION "Migrate Blitz Data to new Hardware") OPTIONS+=(COPY-SOURCE "Copy Blockchain Source Modus") +OPTIONS+=(REINDEX "Redindex Bitcoin Blockchain") +OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index") OPTIONS+=(RESET-CHAIN "Delete Blockchain & Re-Download") OPTIONS+=(RESET-HDD "Delete HDD Data but keep Blockchain") OPTIONS+=(RESET-ALL "Delete HDD completely to start fresh") OPTIONS+=(DELETE-ELEC "Delete Electrum Index") -OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index") CHOICE=$(whiptail --clear --title "Repair Options" --menu "" 19 62 12 "${OPTIONS[@]}" 2>&1 >/dev/tty) @@ -89,7 +90,15 @@ case $CHOICE in # HARDWARE) # ;; SOFTWARE) - sudo /home/admin/config.scripts/blitz.debug.sh + echo "Generating debug logs. Be patient, this should take maximum 2 minutes .." + sudo rm /var/cache/raspiblitz/debug.log 2>/dev/null + /home/admin/config.scripts/blitz.debug.sh > /var/cache/raspiblitz/debug.log + echo "Redacting .." + /home/admin/config.scripts/blitz.debug.sh redact /var/cache/raspiblitz/debug.log + sudo chmod 640 /var/cache/raspiblitz/debug.log + sudo chown root:sudo /var/cache/raspiblitz/debug.log + cat /var/cache/raspiblitz/debug.log + echo echo "Press ENTER to return to main menu." read key ;; @@ -148,6 +157,10 @@ case $CHOICE in /home/admin/config.scripts/network.txindex.sh delete exit 0; ;; + REINDEX) + /home/admin/config.scripts/network.reindex.sh reindex main + exit 0; + ;; COPY-SOURCE) /home/admin/config.scripts/blitz.copychain.sh source /home/admin/config.scripts/lnd.unlock.sh diff --git a/home.admin/config.scripts/network.reindex.sh b/home.admin/config.scripts/network.reindex.sh index 0919ba63d..b67b51264 100755 --- a/home.admin/config.scripts/network.reindex.sh +++ b/home.admin/config.scripts/network.reindex.sh @@ -1,93 +1,53 @@ #!/bin/bash # command info -if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then - echo "script to run re-index if the blockchain (in case of repair)" - echo "run to start or monitor re-index progress" +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "script to run re-index if the blockchain - blocks will not be deleted but re-indexed" + echo "will trigger reboot after started and progress can be monitored thru normal sync status" + echo "network.reindex.sh reindex [mainnet|testnet|signet] --> use to start re-index chain" exit 1 fi -# check and load raspiblitz config -# to know which network is running -source /home/admin/raspiblitz.info source /mnt/hdd/raspiblitz.conf -# if re-index is not running, start ... -source <(/home/admin/_cache.sh get state) -if [ "${state}" != "reindex" ]; then +################### +# START +################### +if [ "$1" = "reindex" ]; then - # stop services - echo "making sure services are not running .." - sudo systemctl stop lnd 2>/dev/null - sudo systemctl stop ${network}d 2>/dev/null + # network prefixes + if [ "$2" = "mainnet" ]; then + echo "# network.reindex.sh reindex --> mainnet" + prefix="" + netparam="" + elif [ "$2" = "testnet" ]; then + echo "# network.reindex.sh reindex --> testnet" + prefix="t" + netparam="-testnet " + elif [ "$2" = "signet" ]; then + echo "# network.reindex.sh reindex --> signet" + prefix="s" + netparam="-signet " + else + echo "error='unknown/missing secondary parameter'" + exit 1 + fi + + # stop bitcoin service + echo "# stopping ${network} service (please wait - can take time) .." + sudo systemctl stop ${prefix}${network}d # starting reindex - echo "starting re-index ..." - sudo -u bitcoin /usr/local/bin/${network}d -daemon -reindex -conf=/home/bitcoin/.${network}/${network}.conf -datadir=/home/bitcoin/.${network} - - # set reindex flag in raspiblitz.info (gets deleted after (final) reboot) - sudo sed -i "s/^state=.*/state=reindex/g" /home/admin/raspiblitz.info + echo "# starting ${network} service with -reindex flag" + sudo -u bitcoin /usr/local/bin/${network}d ${netparam}-daemon -reindex -conf=/mnt/hdd/${network}/${network}.conf -datadir=/mnt/hdd/${network} 1>&2 + echo "# waiting 10 secs" + sleep 10 + echo "# going into reboot - reindex process can be monitored like normal blockchain sync status" + sudo /home/admin/config.scripts/blitz.shutdown.sh reboot + exit 0 fi -# while loop to wait to finish -finished=0 -progress=0 -while [ ${finished} -eq 0 ] - do - clear - echo "*************************" - echo "REINDEXING BLOCKCHAIN" - echo "*************************" - date - echo "THIS CAN TAKE SOME VERY LONG TIME" - echo "See Raspiblitz FAQ: https://github.com/rootzoll/raspiblitz" - echo "On question: My blockchain data is corrupted - what can I do?" - echo "If you dont see any progress after 24h keep X pressed to stop." +echo "error='unknown main parameter'" +exit 1 - # get blockchain sync progress - blockchaininfo=$(sudo -u bitcoin ${network}-cli -datadir=/home/bitcoin/.${network} getblockchaininfo) - progress=$(echo "${blockchaininfo}" | jq -r '.verificationprogress') - #progress=$(echo "${progress}*100" | bc) - progress=$(echo $progress | awk '{printf( "%.2f%%", 100 * $1)}') - inprogress="$(echo "${blockchaininfo}" | jq -r '.initialblockdownload')" - if [ "${inprogress}" = "false" ]; then - finished=1 - fi - - echo "" - echo "RUNNING: ${inprogress}" - echo "PROGRESS: ${progress}" - echo "" - - echo "You can close terminal while reindex is running.." - echo "But you have to login again to check if ready." - - # wait 2 seconds for key input - read -n 1 -t 2 keyPressed - - # check if user wants to abort monitor - if [ "${keyPressed}" = "x" ]; then - echo "stopped by user ..." - break - fi - -done - - -# trigger reboot when finished -echo "*************************" -if [ ${finished} -eq 0 ]; then - echo "Re-Index CANCELED" -else - echo "Re-Index finished" -fi -echo "Starting reboot ..." -echo "*************************" -# stop bitcoind -sudo -u bitcoin ${network}-cli stop -sleep 4 -# clean logs (to prevent a false reindex detection) -sudo rm /mnt/hdd/${network}/debug.log 2>/dev/null -# reboot -sudo /home/admin/config.scripts/blitz.shutdown.sh reboot \ No newline at end of file From 2f8dfe444665f85ffb91c8f3abf49eca00790efe Mon Sep 17 00:00:00 2001 From: JayDeLux Date: Sun, 15 Jan 2023 22:08:30 +0100 Subject: [PATCH 13/47] Typo (#3596) --- FAQ.cl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ.cl.md b/FAQ.cl.md index 148b0d20c..77fa7bd08 100644 --- a/FAQ.cl.md +++ b/FAQ.cl.md @@ -59,7 +59,7 @@ * Yes, all [BOLT specification](https://github.com/lightningnetwork/lightning-rfc) compliant implementations can open channels to each other and route payments. ### Can I run LND and CLN connected to the same node? -* Yes, both can run parallel on a RaspiBlitz and even have channels witch each other. +* Yes, both can run parallel on a RaspiBlitz and even have channels with each other. ### Can I convert an LND node to CLN (or the opposite)? * No, currently there are no tools available to convert between the databases storing the channel states. From b761c7d093102c0b1432e9e2c648700ee4303f32 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Sun, 15 Jan 2023 23:54:42 +0000 Subject: [PATCH 14/47] add Circuitbreaker webUI (#3599) --- CHANGES.md | 2 +- home.admin/00mainMenu.sh | 9 +- .../sites-available/circuitbreaker_ssl.conf | 21 ++++ .../config.scripts/bonus.circuitbreaker.sh | 99 ++++++++++++------- 4 files changed, 91 insertions(+), 40 deletions(-) create mode 100644 home.admin/assets/nginx/sites-available/circuitbreaker_ssl.conf diff --git a/CHANGES.md b/CHANGES.md index 2d075c4cf..1df64b9be 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,7 +24,7 @@ - Update: JoinMarket v0.9.8 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.8) - Update: JoininBox v0.7.4 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.3) - Update: Balance of Satoshis 13.6.0 (BOS) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#1360) -- Update: Circuitbreaker v0.3.2 [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) +- Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file) - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox) - Info: IP2Tor unavailable & deactivated in SSH menus [details](https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480) diff --git a/home.admin/00mainMenu.sh b/home.admin/00mainMenu.sh index bb5caae15..11d469f73 100755 --- a/home.admin/00mainMenu.sh +++ b/home.admin/00mainMenu.sh @@ -1,5 +1,5 @@ #!/bin/bash - + echo "Starting the main menu ..." # MAIN MENU AFTER SETUP @@ -158,7 +158,7 @@ if [ "${homer}" == "on" ]; then CHOICE_HEIGHT=$((CHOICE_HEIGHT+1)) fi if [ "${circuitbreaker}" == "on" ]; then - OPTIONS+=(CIRCUIT "Circuitbreaker (LND firewall)") + OPTIONS+=(CIRCUITBREAKER "Circuitbreaker (LND firewall)") fi if [ "${tallycoinConnect}" == "on" ]; then OPTIONS+=(TALLY "Tallycoin Connect") @@ -286,7 +286,7 @@ case $CHOICE in ;; LIGHTNINGTIPBOT) /home/admin/config.scripts/bonus.lightningtipbot.sh menu - ;; + ;; LOOP) /home/admin/config.scripts/bonus.loop.sh menu ;; @@ -329,7 +329,6 @@ case $CHOICE in HELIPAD) sudo /home/admin/config.scripts/bonus.helipad.sh menu ;; - SQUEAKNODE) /home/admin/config.scripts/bonus.squeaknode.sh menu ;; @@ -339,7 +338,7 @@ case $CHOICE in CHANTOOLS) sudo /home/admin/config.scripts/bonus.chantools.sh menu ;; - CIRCUIT) + CIRCUITBREAKER) sudo /home/admin/config.scripts/bonus.circuitbreaker.sh menu ;; TESTNETS) diff --git a/home.admin/assets/nginx/sites-available/circuitbreaker_ssl.conf b/home.admin/assets/nginx/sites-available/circuitbreaker_ssl.conf new file mode 100644 index 000000000..d2d958191 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/circuitbreaker_ssl.conf @@ -0,0 +1,21 @@ +## circuitbreaker_ssl.conf + +server { + listen 9236 ssl http2; + listen [::]:9236 ssl http2; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + include /etc/nginx/snippets/gzip-params.conf; + + access_log /var/log/nginx/access_circuitbreaker.log; + error_log /var/log/nginx/error_circuitbreaker.log; + + location / { + proxy_pass http://127.0.0.1:9235; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } +} diff --git a/home.admin/config.scripts/bonus.circuitbreaker.sh b/home.admin/config.scripts/bonus.circuitbreaker.sh index 2433ddfb1..3edc8313f 100755 --- a/home.admin/config.scripts/bonus.circuitbreaker.sh +++ b/home.admin/config.scripts/bonus.circuitbreaker.sh @@ -1,8 +1,8 @@ #!/bin/bash # https://github.com/lightningequipment/circuitbreaker/releases -pinnedVersion="v0.3.2" -# the commits are not signed +# https://github.com/lightningequipment/circuitbreaker/commits/master +pinnedVersion="e223938d983b756b3893880f3b3bf77e624a9f00" # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then @@ -16,10 +16,37 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then exit 1 fi +PGPsigner="web-flow" +PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" +PGPpubkeyFingerprint="4AEE18F83AFDEB23" + +# PGPsigner="joostjager" +# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" +# PGPpubkeyFingerprint="B9A26449A5528325" + source /mnt/hdd/raspiblitz.conf isInstalled=$(sudo ls /etc/systemd/system/circuitbreaker.service 2>/dev/null | grep -c 'circuitbreaker.service') +# show info menu +if [ "$1" = "menu" ]; then + # get network info + localip=$(hostname -I | awk '{print $1}') + fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2) + + # info without Tor + whiptail --title " Circuit Breaker" --msgbox "Open in your local web browser & accept self-signed cert: +https://${localip}:9236\n +SHA1 Thumb/Fingerprint: +${fingerprint}\n +To follow the logs use the command: +sudo journalctl -fu circuitbreaker +" 14 63 + + echo "please wait ..." + exit 0 +fi + # switch on if [ "$1" = "menu" ]; then if [ ${isInstalled} -eq 1 ]; then @@ -67,23 +94,15 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo /usr/sbin/usermod --append --groups lndadmin circuitbreaker # install from source - cd /home/circuitbreaker + cd /home/circuitbreaker || exit 1 sudo -u circuitbreaker git clone https://github.com/lightningequipment/circuitbreaker.git - cd circuitbreaker + cd circuitbreaker || exit 1 sudo -u circuitbreaker git reset --hard $pinnedVersion - sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1 - ################## - # config - ################## - echo - echo "# Setting the example configuration from:" - echo "# https://github.com/lightningequipment/circuitbreaker/blob/$pinnedVersion/circuitbreaker-example.yaml" - echo "# Find it at: /home/circuitbreaker/.circutbreaker/circuitbreaker.yaml" - echo - sudo -u circuitbreaker mkdir /home/circuitbreaker/.circuitbreaker 2>/dev/null - sudo -u circuitbreaker cp circuitbreaker-example.yaml \ - /home/circuitbreaker/.circuitbreaker/circuitbreaker.yaml + sudo -u circuitbreaker /home/admin/config.scripts/blitz.git-verify.sh \ + "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 + + sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1 # make systemd service # sudo nano /etc/systemd/system/circuitbreaker.service @@ -114,14 +133,22 @@ WantedBy=multi-user.target sudo systemctl enable circuitbreaker echo "# OK - the circuitbreaker.service is now enabled" - else + else echo "# The circuitbreaker.service is already installed." fi - # setting value in raspi blitz config - /home/admin/config.scripts/blitz.conf.sh set circuitbreaker "on" + ################## + # NGINX + ################## + # setup nginx symlinks + if ! [ -f /etc/nginx/sites-available/circuitbreaker_ssl.conf ]; then + sudo cp /home/admin/assets/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-available/circuitbreaker_ssl.conf + fi + sudo ln -sf /etc/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-enabled/ + sudo nginx -t + sudo systemctl reload nginx - isInstalled=$(sudo -u circuitbreaker /home/circuitbreaker/go/bin/circuitbreaker --version | grep -c "circuitbreaker version") + isInstalled=$(sudo -u circuitbreaker /home/circuitbreaker/go/bin/circuitbreaker --version | grep -c "circuitbreakerd version") if [ ${isInstalled} -eq 1 ]; then echo @@ -138,35 +165,43 @@ WantedBy=multi-user.target echo "# Failed to install circuitbreaker " exit 1 fi - + + # setting value in raspi blitz config + /home/admin/config.scripts/blitz.conf.sh set circuitbreaker "on" + + sudo ufw allow 9236 comment circuitbreaker_https + exit 0 fi # switch off if [ "$1" = "0" ] || [ "$1" = "off" ]; then + echo "# Removing the user and it's home directory" + sudo userdel -rf circuitbreaker 2>/dev/null + if [ ${isInstalled} -eq 1 ]; then echo "# Removing the circuitbreaker.service" sudo systemctl stop circuitbreaker sudo systemctl disable circuitbreaker sudo rm /etc/systemd/system/circuitbreaker.service - echo "# Removing the user and it's home directory" - sudo userdel -rf circuitbreaker 2>/dev/null - echo "# OK, Circuit Breaker is removed." + echo "# OK, circuitbreaker.service is removed." else - echo "# Circuit Breaker is not installed." + echo "# circuitbreaker.service is not installed." fi # setting value in raspiblitz.conf /home/admin/config.scripts/blitz.conf.sh set circuitbreaker "off" + sudo ufw delete allow 9236 + exit 0 fi # update if [ "$1" = "update" ]; then echo "# Updating Circuit Breaker" - cd /home/circuitbreaker/circuitbreaker + cd /home/circuitbreaker/circuitbreaker || exit 1 # from https://github.com/apotdevin/thunderhub/blob/master/scripts/updateToLatest.sh # fetch latest master sudo -u circuitbreaker git fetch @@ -190,16 +225,12 @@ if [ "$1" = "update" ]; then echo "# Pulling latest changes..." sudo -u circuitbreaker git pull -p sudo -u circuitbreaker git reset --hard $TAG + + #TODO PGP verification on update + echo "# Installing the version: $TAG" sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1 echo - echo "# Setting the example configuration from:" - echo "# https://github.com/lightningequipment/circuitbreaker/blob/$TAG/circuitbreaker-example.yaml" - echo "# Find it at: /home/circuitbreaker/.circutbreaker/circuitbreaker.yaml" - sudo -u circuitbreaker mkdir /home/circuitbreaker/.circuitbreaker 2>/dev/null - sudo -u circuitbreaker cp circuitbreaker-example.yaml \ - /home/circuitbreaker/.circuitbreaker/circuitbreaker.yaml - echo echo "# Updated to version" $TAG echo echo "# Starting the circuitbreaker service ... " @@ -210,4 +241,4 @@ fi echo "# FAIL - Unknown Parameter $1" echo "# may need reboot to run normal again" -exit 1 \ No newline at end of file +exit 1 From cda19df5cabfc4711b7c165792f9d58be1380ac2 Mon Sep 17 00:00:00 2001 From: cercatrova <63446299+cercatrova21@users.noreply.github.com> Date: Tue, 17 Jan 2023 23:38:19 +0100 Subject: [PATCH 15/47] Proxmox installation guide update to 1.9 (#3574) --- alternative.platforms/Proxmox/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/alternative.platforms/Proxmox/README.md b/alternative.platforms/Proxmox/README.md index fac1c0053..17c1a85af 100644 --- a/alternative.platforms/Proxmox/README.md +++ b/alternative.platforms/Proxmox/README.md @@ -125,10 +125,10 @@ apt upgrade -y apt install sudo ``` -Now we need to download the Build SDCard Script from Rootzoll. The version can be customized as you like. The latest version (as of block time 755125) is the 1.8. +Now we need to download the Build SDCard Script from Rootzoll. The version can be customized as you like. The latest version (as of block time 768745) is the 1.9. ``` -wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.8/build_sdcard.sh +wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.9/build_sdcard.sh ``` And run: From 593cf5718f911c3f33429a76830bcb62d18116ae Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Jan 2023 00:26:39 +0100 Subject: [PATCH 16/47] #2314 lndmanage update (#3575) * #2314 update lndmanage to 0.14.2 * fix version install * menu & commands * patch command name --- CHANGES.md | 1 + home.admin/_commands.sh | 16 ++++++++++++++++ home.admin/config.scripts/bonus.lndmanage.sh | 4 ++-- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 1df64b9be..9d238cea7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,7 @@ - Update: JoinMarket v0.9.8 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.8) - Update: JoininBox v0.7.4 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.3) - Update: Balance of Satoshis 13.6.0 (BOS) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#1360) +- Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage) - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file) - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox) diff --git a/home.admin/_commands.sh b/home.admin/_commands.sh index 3808e5799..fc49f3aa2 100755 --- a/home.admin/_commands.sh +++ b/home.admin/_commands.sh @@ -78,6 +78,7 @@ function blitzhelp() { echo " ckbunker CKbunker" echo echo "Extras:" + echo " manage use the lndmanage bonus app" echo " whitepaper download the whitepaper from the blockchain to /home/admin/bitcoin.pdf" echo " notifyme wrapper for blitz.notify.sh that will send a notification using the configured method and settings" echo @@ -369,6 +370,21 @@ function jm() { fi } +# command: manage +# switch to lndmanage env +function manage() { + if [ $(cat /mnt/hdd/raspiblitz.conf 2>/dev/null | grep -c "lndmanage=on") -eq 1 ]; then + cd /home/admin/lndmanage + source venv/bin/activate + echo "NOTICE: Needs at least one active channel to run without error." + echo "to exit (venv) enter ---> deactivate" + lndmanage + else + echo "lndmanage not installed - to install run:" + echo "sudo /home/admin/config.scripts/bonus.lndmanage.sh on" + fi +} + # command: ckbunker # switch to the ckbunker user function ckbunker() { diff --git a/home.admin/config.scripts/bonus.lndmanage.sh b/home.admin/config.scripts/bonus.lndmanage.sh index 4612f59a5..5337e6430 100755 --- a/home.admin/config.scripts/bonus.lndmanage.sh +++ b/home.admin/config.scripts/bonus.lndmanage.sh @@ -9,7 +9,7 @@ fi # set version of LND manage to install # https://github.com/bitromortac/lndmanage/releases -lndmanageVersion="0.11.0" +lndmanageVersion="0.14.2" pgpKeyDownload="https://github.com/bitromortac.gpg" gpgFingerprint="0453B9F5071261A40FDB34181965063FC13BEBE2" @@ -69,7 +69,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then echo "# installing ..." python3 -m venv venv source /home/admin/lndmanage/venv/bin/activate - python3 -m pip install lndmanage-0.11.0-py3-none-any.whl + python3 -m pip install lndmanage-${lndmanageVersion}-py3-none-any.whl # get build dependencies # python3 -m pip install --upgrade pip wheel setuptools From b012802f950e088b8a89280d720d03983eac7297 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Jan 2023 00:39:18 +0100 Subject: [PATCH 17/47] #3577 adding more detail against dev branch (#3617) --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59346d880..b21e5bac6 100644 --- a/README.md +++ b/README.md @@ -1347,7 +1347,8 @@ But if you want to build that image yourself - here is a quick guide: - Get a latest RaspiOS 64-bit (Desktop): [DOWNLOAD](https://downloads.raspberrypi.org/raspios_arm64/images). - Write the image to an SD card: [TUTORIAL](https://www.raspberrypi.org/documentation/installation/installing-images/README.md). - Add a file called `ssh` to the root of the SD card when mounted on your laptop to enable SSH login. -- Add a file called `userconf` next to the empty `ssh` file that contains just the string `pi:$6$p2DNwHsYzR06mVFX$jwZnOo5Jl/6pEMFFowpUBqM7E0Rz8vEtXtupwxuXZA7eqyKxDk8barhYZ24ei/JEP4e8Jr0mOvRThASuUxIAZ0`. +- Newest RasperryOS release did remove the default username therefore you need to create an own user. Add a file called `userconf` next to the empty `ssh` file and add your specified userstring as followed: + Create a hashed password using command on linux `echo 'raspberry' | openssl passwd -6 -stdin` and copy the output allongside the username for example `pi:$6$6c.o/U6OkN3ST65b$7F3TIamnnQCwQT4h00Vp1mcVMdSg3 ams7yeVGfZbclcScEnRnw9tkgI9btalTCHFI84o3Pr3cDbdpbCXYTmF1` into the userconf file. See also https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/ - Start the card on a Raspi and login via SSH with `ssh pi@[IP-OF-YOUR-RASPI]`. Password is `raspberry`. Now you are ready to start the SD card build script (check the code to see if the installation and config are OK for you). From 51a82bf4437d4652001e8b8fc197683aa45224f2 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Tue, 17 Jan 2023 23:41:05 +0000 Subject: [PATCH 18/47] add i2p and lnproxy to CHANGES (#3582) --- CHANGES.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 9d238cea7..c3b599e09 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,11 +4,13 @@ - New: Automated disk image build for amd64 (VM, laptop, desktop, server) and arm64-rpi (Raspberry Pi) [details](https://github.com/rootzoll/raspiblitz/tree/dev/ci/README.md) - New: Fatpack & Minimal sd card builds [details](SECURITY.md#minimal-sd-card-build) +- New: I2P support for Bitcoin Core (i2pacceptincoming=1) [details](https://github.com/rootzoll/raspiblitz/issues/2413) - New: CLN Watchtower (The Eye of Satoshi) [details](https://github.com/talaia-labs/rust-teos/tree/master/watchtower-plugin) - New: LNDg v1.4.0 [details](https://github.com/cryptosharks131/lndg) - New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087) - New: BOS Telegram Bot Support (see OPTIONS on LND Balance of Satoshis menu entry) - New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot) +- New: CLI shortcut for ↬lnproxy [details](https://github.com/rootzoll/raspiblitz/pull/3333) - New on WebUI: Jam (JoinMarket Web UI) v0.1.4 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.4) - Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md) - Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta) From 50c5a4df242cd963252eab40e66a9f80d7548039 Mon Sep 17 00:00:00 2001 From: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com> Date: Tue, 17 Jan 2023 17:53:28 -0600 Subject: [PATCH 19/47] Add LNDg to blitz.debug.sh (#3583) * Update blitz.debug.sh Adds LNDg logs to blitz.debug.sh * Improves gunicorn.service error log Improves error recording for gunicorn.service, fixes blitz.debug.sh errors for LNDg logs. --- home.admin/config.scripts/blitz.debug.sh | 33 ++++++++++++++++++++++++ home.admin/config.scripts/bonus.lndg.sh | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/blitz.debug.sh b/home.admin/config.scripts/blitz.debug.sh index eea4fc3be..01cf794d5 100755 --- a/home.admin/config.scripts/blitz.debug.sh +++ b/home.admin/config.scripts/blitz.debug.sh @@ -313,6 +313,39 @@ else echo "- LIT is OFF by config" fi +if [ "${lndg}" == "on" ]; then + echo + echo "*** LNDg Status ***" + sudo /home/admin/config.scripts/bonus.lndg.sh status + echo + echo "*** LNDg JOBS SYSTEMD STATUS ***" + sudo systemctl status jobs-lndg.service -n2 --no-pager + echo "sudo tail -n 5 /var/log/lnd_jobs_error.log" + sudo tail -n 5 /var/log/lnd_jobs_error.log + echo + echo "*** LNDg REBALANCER SYSTEMD STATUS ***" + sudo systemctl status rebalancer-lndg.service -n2 --no-pager + echo "sudo tail -n 5 /var/log/lnd_rebalancer_error.log" + sudo tail -n 5 /var/log/lnd_rebalancer_error.log + echo + echo "*** LNDg HTLC-STREAM SYSTEMD STATUS ***" + sudo systemctl status htlc-stream-lndg.service -n2 --no-pager + echo "sudo tail -n 5 /var/log/lnd_htlc_stream_error.log" + sudo tail -n 5 /var/log/lnd_htlc_stream_error.log + echo + echo "*** LNDg GUNICORN SERVER SYSTEMD STATUS ***" + sudo systemctl status gunicorn.service -n2 --no-pager + echo "sudo tail -n 5 /var/log/gunicorn_error.log" + sudo tail -n 5 /var/log/gunicorn_error.log + echo + echo "*** LAST 10 LNDg LOGS ***" + echo "sudo journalctl -u lndg -b --no-pager -n10" + sudo journalctl -u lndg -b --no-pager -n20 + echo +else + echo "- LNDg is OFF by config" +fi + if [ "${BTCPayServer}" == "on" ]; then echo echo "*** LAST 20 BTCPayServer LOGS ***" diff --git a/home.admin/config.scripts/bonus.lndg.sh b/home.admin/config.scripts/bonus.lndg.sh index f5ac042a7..3924aaa3e 100644 --- a/home.admin/config.scripts/bonus.lndg.sh +++ b/home.admin/config.scripts/bonus.lndg.sh @@ -246,7 +246,7 @@ ExecStart=/home/lndg/lndg/.venv/bin/gunicorn lndg.wsgi -w 4 -b 0.0.0.0:8889 Restart=always KillSignal=SIGQUIT Type=notify -StandardError=syslog +StandardError=append:/var/log/gunicorn_error.log NotifyAccess=all RestartSec=60s From d0beb6875f1040ae508b7448b51d596008fb238d Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Jan 2023 01:19:50 +0100 Subject: [PATCH 20/47] fix testnet & signat log paths (#3618) * fix testnet & signat log paths * silence missing /var/log/gunicorn_error.log * remove 2>/dev/null --- home.admin/config.scripts/blitz.debug.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/home.admin/config.scripts/blitz.debug.sh b/home.admin/config.scripts/blitz.debug.sh index 01cf794d5..d02c39cd0 100755 --- a/home.admin/config.scripts/blitz.debug.sh +++ b/home.admin/config.scripts/blitz.debug.sh @@ -148,8 +148,8 @@ if [ "${testnet}" == "on" ] || [ "${testnet}" == "1" ]; then sudo journalctl -u t${network}d -b --no-pager -n8 echo echo "*** LAST BLOCKCHAIN (TESTNET) 20 INFO LOGS ***" - echo "sudo tail -n 20 /mnt/hdd/${network}/tdebug.log" - sudo tail -n 20 /mnt/hdd/${network}/tdebug.log + echo "sudo tail -n 20 /mnt/hdd/${network}/testnet3/debug.log" + sudo tail -n 20 /mnt/hdd/${network}/testnet3/debug.log echo else echo "- OFF by config -" @@ -192,8 +192,8 @@ if [ "${signet}" == "on" ] || [ "${signet}" == "1" ]; then sudo journalctl -u s${network}d -b --no-pager -n8 echo echo "*** LAST BLOCKCHAIN (SIGNET) 20 INFO LOGS ***" - echo "sudo tail -n 20 /mnt/hdd/${network}/sdebug.log" - sudo tail -n 20 /mnt/hdd/${network}/sdebug.log + echo "sudo tail -n 20 /mnt/hdd/${network}/signet/debug.log" + sudo tail -n 20 /mnt/hdd/${network}/signet/debug.log echo else echo "- OFF by config -" @@ -336,7 +336,7 @@ if [ "${lndg}" == "on" ]; then echo "*** LNDg GUNICORN SERVER SYSTEMD STATUS ***" sudo systemctl status gunicorn.service -n2 --no-pager echo "sudo tail -n 5 /var/log/gunicorn_error.log" - sudo tail -n 5 /var/log/gunicorn_error.log + sudo tail -n 5 /var/log/gunicorn_error.log 2>/dev/null echo echo "*** LAST 10 LNDg LOGS ***" echo "sudo journalctl -u lndg -b --no-pager -n10" From 4ccb83803a25fc211af00932957354a1844b4f12 Mon Sep 17 00:00:00 2001 From: Ian Harper Date: Wed, 18 Jan 2023 08:01:52 +0000 Subject: [PATCH 21/47] Add steps to connect Raspiblitz to windows laptop internet connection (#3611) --- FAQ.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/FAQ.md b/FAQ.md index 0621c658f..4a6c1438a 100644 --- a/FAQ.md +++ b/FAQ.md @@ -540,7 +540,7 @@ https://github.com/raspibolt/raspibolt/blob/a21788c0518618d17093e3f447f68a53e4ef ### Can I directly connect the RaspiBlitz to my laptop? -If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this [guide for OSX](https://medium.com/@tzhenghao/how-to-ssh-into-your-raspberry-pi-with-a-mac-and-ethernet-cable-636a197d055). +If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this [guide for OSX](https://medium.com/@tzhenghao/how-to-ssh-into-your-raspberry-pi-with-a-mac-and-ethernet-cable-636a197d055) and this [guide for Windows](https://www.tomshardware.com/how-to/share-internet-connection-windows-ethernet-wi-fi). In short for OSX: @@ -552,7 +552,19 @@ In short for OSX: * in terminal > `arp -a` and check for an IP of a client to the bridge * in terminal > ssh admin@[clientIP] -If anyone has experience on doing this in Linux/Win, please share. +In short for Windows: + +* make sure all VPNs are off (can interfere with local LAN) +* connect Raspiblitz with laptop LAN/ethernet directly +* Control Panel > Network and Internet > Network and Sharing Centre +* Click on your active internet connection highlighted in blue +* Properties > Sharing +* Check the box titled "Allow other network users to connect through this computer's Internet connection +* Select LAN/Ethernet from the "Home networking connection:" dropdown menu +* Click OK +* Restart the Raspiblitz + +If anyone has experience on doing this in Linux please share. ### How to attach the RaspberryPi to the HDD? From 55bdc7a5121312eeb03077ebc481531cc7442e2e Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:19:52 +0000 Subject: [PATCH 22/47] update bos to 13.15.0 (#3600) Co-authored-by: /rootzoll --- CHANGES.md | 2 +- home.admin/config.scripts/bonus.bos.sh | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index c3b599e09..1f774353d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,7 +25,7 @@ - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5) - Update: JoinMarket v0.9.8 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.8) - Update: JoininBox v0.7.4 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.3) -- Update: Balance of Satoshis 13.6.0 (BOS) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#1360) +- Update: Balance of Satoshis 13.15.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#13150) - Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage) - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file) diff --git a/home.admin/config.scripts/bonus.bos.sh b/home.admin/config.scripts/bonus.bos.sh index 839dca63f..9c7263e68 100755 --- a/home.admin/config.scripts/bonus.bos.sh +++ b/home.admin/config.scripts/bonus.bos.sh @@ -1,7 +1,7 @@ #!/bin/bash # https://github.com/alexbosworth/balanceofsatoshis/blob/master/package.json#L81 -BOSVERSION="13.6.0" +BOSVERSION="13.15.0" # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then @@ -75,14 +75,14 @@ https://github.com/alexbosworth/balanceofsatoshis/blob/master/README.md Start BoS telegram setup now?" 14 72 if [ "$?" != "1" ]; then exit 0 - fi + fi sudo bash /home/admin/config.scripts/bonus.bos.sh telegram setup echo echo "OK Balance of Satoshis telegram setup done." echo "PRESS ENTER to continue" read key exit 0 - ;; + ;; TELEGRAM-SERVICE) clear connectMsg=" @@ -95,7 +95,7 @@ Please enter the CONNECT CODE from your telegram bot connectCode=$(echo "${connectCode}" | cut -d " " -f1) else exit 0 - fi + fi /home/admin/config.scripts/bonus.bos.sh telegram on ${connectCode} echo echo "OK BoS telegram service active." @@ -185,14 +185,14 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sleep 3 exit 1 fi - + echo "*** INSTALL BALANCE OF SATOSHIS ***" # check and install NodeJS /home/admin/config.scripts/bonus.nodejs.sh on - + # create bos user sudo adduser --disabled-password --gecos "" bos - + echo "# Create data folder on the disk" # move old data if present sudo mv /home/bos/.bos /mnt/hdd/app-data/ 2>/dev/null @@ -207,19 +207,19 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo -u bos mkdir /home/bos/.npm-global sudo -u bos npm config set prefix '/home/bos/.npm-global' sudo bash -c "echo 'PATH=$PATH:/home/bos/.npm-global/bin' >> /home/bos/.bashrc" - + # download source code sudo -u bos git clone https://github.com/alexbosworth/balanceofsatoshis.git /home/bos/balanceofsatoshis cd /home/bos/balanceofsatoshis - + # make sure symlink to central app-data directory exists ***" sudo rm -rf /home/bos/.lnd # not a symlink.. delete it silently # create symlink sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/bos/.lnd" - + # add user to group with admin access to lnd sudo /usr/sbin/usermod --append --groups lndadmin bos - + # install bos # check latest version: # https://github.com/alexbosworth/balanceofsatoshis/blob/master/package.json#L70 From 744dd45758b1fa24fd9df34eb98f873fdc5f0afb Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:26:38 +0000 Subject: [PATCH 23/47] ci docs update (#3578) --- ci/README.md | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/ci/README.md b/ci/README.md index d8d69eee4..638ff4a55 100644 --- a/ci/README.md +++ b/ci/README.md @@ -17,8 +17,8 @@ - [fatpack image](#fatpack-image) - [lean image](#lean-image) - [Add Gnome desktop (optional)](#add-gnome-desktop-optional) -- [Add wifi](#add-wifi) -- [Add wifi driver (optional)](#add-wifi-driver-optional) + - [Add wifi (optional)](#add-wifi-optional) + - [Add wifi driver (optional)](#add-wifi-driver-optional) - [Workflow notes](#workflow-notes) - [Packer .json settings:](#packer-json-settings) - [VNC](#vnc) @@ -56,32 +56,33 @@ with the [Makefile](https://github.com/rootzoll/raspiblitz/blob/dev/Makefile) ### Generate an amd64 image The workflow locally and in github actions generates a .qcow2 format amd64 image. * Tested with - * libvirt / virsh / virt-manager (https://virt-manager.org/) - * written to disk and booted with legacy boot (non-UEFI) + * libvirt / virsh / virt-manager (https://virt-manager.org/) + * written to disk and booted with legacy boot (non-UEFI) ``` make amd64-lean-image ``` * find the compressed .qcow2 image and sh256 hashes in the `ci/amd64/builds` directory ## Images generated in github actions -* Find the images in the green runs in github actions at: -https://github.com/rootzoll/raspiblitz/actions - +* To see the downloadable artifacts will need to log in to GitHub +* Find the latest successful builds for amd64 using the dev branch at: +https://github.com/rootzoll/raspiblitz/actions/workflows/amd64-lean-image.yml?query=workflow%3Aamd64-lean-image-build+branch%3Adev+is%3Asuccess++ ``` # unzip to the same directory unzip raspiblitz-amd64-image-YEAR-MM-DD-COMMITHASH.zip ``` ## Write the image to a disk connected with USB -identify the connected disk with `lsblk` eg `/dev/sdd` +* identify the connected disk with `lsblk` eg `/dev/sdd` -### Convert the qcow2 volume to a raw disk image +### Convert the qcow2 volume to a raw disk image * the raw image is 33.5 GB - ``` - # unzip - gzip -dkv raspiblitz-amd64-debian-11.5-lean.qcow2.gz - # convert - qemu-img convert raspiblitz-amd64-debian-11.5-lean.qcow2 raspiblitz-amd64-debian-11.5-lean.img - ``` + ``` + # unzip + gzip -dkv raspiblitz-amd64-debian-11.5-lean.qcow2.gz + # convert + qemu-img convert raspiblitz-amd64-debian-11.5-lean.qcow2 raspiblitz-amd64-debian-11.5-lean.img + ``` + ### Write to a disk connected with USB with Balena Etcher or `dd` * [Balena Etcher](https://www.balena.io/etcher/) to write the .img to disk * dd to write the .img to disk @@ -134,18 +135,18 @@ identify the connected disk with `lsblk` eg `/dev/sdd` #### Add Gnome desktop (optional) * Connect to the internet (easiest to plug in a LAN cable - use a USB - LAN adapter if have no port) - ``` - apt install gnome - systemctl start gdm - ``` + ``` + apt install gnome + systemctl start gdm + ``` -## Add wifi +### Add wifi (optional) * if the wifi driver is included in the FOSS Debian distro * in the command line run the network manager interface to connect: ``` sudo nmtui ``` -## Add wifi driver (optional) +### Add wifi driver (optional) * as in https://wiki.debian.org/iwlwifi * add the component `non-free` after `deb http://deb.debian.org/debian bullseye main` in `/etc/apt/sources.list` * install the wifi driver for the mentioned cards: From 2ce930e9e240c2e482904ea7cea0572d1feba82e Mon Sep 17 00:00:00 2001 From: ChuckNorrison <2964146+ChuckNorrison@users.noreply.github.com> Date: Wed, 18 Jan 2023 13:28:22 +0100 Subject: [PATCH 24/47] print windows hint for Download LND rescue file (#3589) found in #3581 --- home.admin/config.scripts/cl.backup.sh | 2 +- home.admin/config.scripts/lnd.backup.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/cl.backup.sh b/home.admin/config.scripts/cl.backup.sh index 649b0512c..d1debaad9 100644 --- a/home.admin/config.scripts/cl.backup.sh +++ b/home.admin/config.scripts/cl.backup.sh @@ -189,7 +189,7 @@ if [ ${mode} = "cl-export-gui" ]; then echo echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:" echo "sftp '${fileowner}@${localip}:${filename}' ./" - echo "ON WINDOWS USE:" + echo "ON WINDOWS - RUN IN CMD:" echo "sftp ${fileowner}@${localip}:${filename} ." echo echo "Use password A to authenticate file transfer." diff --git a/home.admin/config.scripts/lnd.backup.sh b/home.admin/config.scripts/lnd.backup.sh index a527a7d73..1eb13d93c 100755 --- a/home.admin/config.scripts/lnd.backup.sh +++ b/home.admin/config.scripts/lnd.backup.sh @@ -199,7 +199,7 @@ if [ ${mode} = "lnd-export-gui" ]; then echo echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:" echo "sftp '${fileowner}@${localip}:${filename}' ./" - echo "ON WINDOWS USE:" + echo "ON WINDOWS - RUN IN CMD:" echo "sftp ${fileowner}@${localip}:${filename} ." echo "Use password A to authenticate file transfer." echo From cde7eb1310f26dc164758376659835086fa4b1b6 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Wed, 18 Jan 2023 14:13:33 +0000 Subject: [PATCH 25/47] suez update and improvements (#3615) * suez update and improvements --- CHANGES.md | 1 + home.admin/99clMenu.sh | 15 ++++++------- home.admin/_commands.sh | 28 ++++++++++++++++++++++++- home.admin/config.scripts/bonus.suez.sh | 18 +++++----------- 4 files changed, 39 insertions(+), 23 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 1f774353d..9b1b7a88b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,6 +28,7 @@ - Update: Balance of Satoshis 13.15.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#13150) - Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage) - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) +- Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez) - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file) - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox) - Info: IP2Tor unavailable & deactivated in SSH menus [details](https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480) diff --git a/home.admin/99clMenu.sh b/home.admin/99clMenu.sh index 9a9406391..ccbe06404 100644 --- a/home.admin/99clMenu.sh +++ b/home.admin/99clMenu.sh @@ -35,11 +35,11 @@ fi OPTIONS+=(SEED "Show Wallet Seed Words") if [ "${clWatchtowerClient}" == "on" ] && [ "${CHAIN}" == "mainnet" ]; then OPTIONS+=(WATCHTOWER "Watchtower Client Options") -fi +fi OPTIONS+=(REPAIR-CL "Repair options for Core Lightning") if [ "${lightning}" != "cl" ] && [ "${CHAIN}" == "mainnet" ]; then OPTIONS+=(SWITCHLN "Use Core Lightning as default") -fi +fi CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1")) HEIGHT=$((CHOICE_HEIGHT+6)) @@ -92,12 +92,9 @@ case $CHOICE in if [ ! -f /home/bitcoin/suez/suez ];then /home/admin/config.scripts/bonus.suez.sh on fi - cd /home/bitcoin/suez || exit 0 - command="sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}" - echo "# Running the command:" - echo "${command}" + cd /home/bitcoin/suez || exit 1 echo - $command + sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF} echo echo "Press ENTER to return to main menu." read key @@ -111,7 +108,7 @@ case $CHOICE in /home/admin/99clRepairMenu.sh $CHAIN ;; SWITCHLN) - clear + clear echo # setting value in the raspiblitz.conf /home/admin/config.scripts/blitz.conf.sh set lightning "cl" @@ -123,4 +120,4 @@ case $CHOICE in ;; esac -exit 0 \ No newline at end of file +exit 0 diff --git a/home.admin/_commands.sh b/home.admin/_commands.sh index fc49f3aa2..f7d77935c 100755 --- a/home.admin/_commands.sh +++ b/home.admin/_commands.sh @@ -81,6 +81,7 @@ function blitzhelp() { echo " manage use the lndmanage bonus app" echo " whitepaper download the whitepaper from the blockchain to /home/admin/bitcoin.pdf" echo " notifyme wrapper for blitz.notify.sh that will send a notification using the configured method and settings" + echo " suez visualize channels (for the default ln implementation and chain when installed)" echo echo "LND:" echo " lncli LND commandline interface (when installed)" @@ -89,7 +90,7 @@ function blitzhelp() { echo " fwdreport show forwarding report" echo echo "CLN:" - echo " lightning-cli Core-Lightning commandline interface (when installed)" + echo " lightning-cli Core Lightning commandline interface (when installed)" } # command: raspiblitz @@ -540,3 +541,28 @@ function lnproxy() { curl https://lnproxy.org/api/${1} fi } + +# command: suez +function suez() { + source /mnt/hdd/raspiblitz.conf + if [ ${lightning} = 'cl' ] || [ ${lightning} = 'lnd' ]; then + if [ ! -f /home/bitcoin/suez/suez ];then + /home/admin/config.scripts/bonus.suez.sh on + fi + source <(/home/admin/config.scripts/network.aliases.sh getvars ${lightning} ${chain}net) + cd /home/bitcoin/suez || exit 1 + clear + echo "# Showing the channels of ${lightning} ${chain}net - consider reducing the font size (press CTRL- or CMD-)" + if [ ${lightning} = cl ]; then + sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \ + --client=c-lightning --client-args=--conf=${CLCONF} + elif [ ${lightning} = lnd ]; then + sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \ + --client-args=-n=${CHAIN} \ + --client-args=--rpcserver=localhost:1${L2rpcportmod}009 + fi + cd + else + echo "# Lightning is ${lightning}" + fi +} diff --git a/home.admin/config.scripts/bonus.suez.sh b/home.admin/config.scripts/bonus.suez.sh index edc50ed94..61bae1f09 100644 --- a/home.admin/config.scripts/bonus.suez.sh +++ b/home.admin/config.scripts/bonus.suez.sh @@ -1,7 +1,7 @@ #!/bin/bash # https://github.com/prusnak/suez/commits/master -SUEZVERSION="e402edbddb45d8a53af346b8582243f4068ece6c" +SUEZVERSION="bcfd3502ac1f7d95b90c62c1daeae50aa7052be7" # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then @@ -12,7 +12,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then fi PGPsigner="prusnak" -PGPpubkeyLink="https://github.com/${PGPsigner}.gpg" +PGPpubkeyLink="https://rusnak.io/public/pgp.txt" PGPpubkeyFingerprint="91F3B339B9A02A3D" source /mnt/hdd/raspiblitz.conf @@ -21,8 +21,7 @@ source /mnt/hdd/raspiblitz.conf if [ "$1" = "menu" ]; then dialog --title " Info Suez" --msgbox " Suez is a command line tool. -Type: 'suez' for the default channel visualization for LND -Type: 'suez --help' in the command line to see the usage options. +Type: 'suez' to visualize the channels of the default ln instance Readme: https://github.com/prusnak/suez#readme " 10 75 exit 0 @@ -46,11 +45,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 sudo -u bitcoin /home/bitcoin/.local/bin/poetry install - echo "# Adding alias" - sudo -u admin touch /home/admin/_aliases - echo "alias suez='cd /home/bitcoin/suez && sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez'"\ - | sudo tee -a /home/admin/_aliases - # setting value in raspi blitz config /home/admin/config.scripts/blitz.conf.sh set suez "on" @@ -65,16 +59,14 @@ fi # switch off if [ "$1" = "0" ] || [ "$1" = "off" ]; then - echo "# REMOVING SUEZ" sudo rm -rf /home/bitcoin/suez - echo "# OK, suez is removed." + echo "# OK, Suez is removed." # setting value in raspi blitz config /home/admin/config.scripts/blitz.conf.sh set suez "off" exit 0 - fi # update @@ -98,4 +90,4 @@ if [ "$1" = "update" ]; then fi echo "FAIL - Unknown Parameter $1" -exit 1 \ No newline at end of file +exit 1 From f1d3b48db642e4c074a1351b815bf4dd144b808a Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Jan 2023 20:18:28 +0100 Subject: [PATCH 26/47] #3602 also change password B for mempool (#3619) * change password b also for mempool * fix lndg password b --- home.admin/config.scripts/blitz.passwords.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/blitz.passwords.sh b/home.admin/config.scripts/blitz.passwords.sh index d8dabe2f7..96b5b65e6 100755 --- a/home.admin/config.scripts/blitz.passwords.sh +++ b/home.admin/config.scripts/blitz.passwords.sh @@ -391,7 +391,15 @@ elif [ "${abcd}" = "b" ]; then # LNDg if [ "${lndg}" == "on" ]; then echo "# changing the password for lndg" - sudo -u lndg /home/lndg/lndg/.venv/bin/python initialize.py -pw ${newPassword} + sudo -u lndg /home/lndg/lndg/.venv/bin/python /home/lndg/lndg/initialize.py -pw ${newPassword} + fi + + # mempool Explorer + if [ "${mempoolExplorer}" == "on" ]; then + echo "# changing the password for mempool Explorer" + sudo jq ".CORE_RPC.PASSWORD=\"${newPassword}\"" /home/mempool/mempool/backend/mempool-config.json > /var/cache/raspiblitz/mempool-config.json + sudo mv /var/cache/raspiblitz/mempool-config.json /home/mempool/mempool/backend/mempool-config.json + sudo chown mempool:mempool /home/mempool/mempool/backend/mempool-config.json fi echo "# OK -> RPC Password B changed" From 72b0a21e357242f73e48b736edd4b45004169992 Mon Sep 17 00:00:00 2001 From: rootzoll Date: Wed, 18 Jan 2023 20:40:29 +0100 Subject: [PATCH 27/47] #3584 use scp for windows blockchain upload --- home.admin/config.scripts/blitz.copychain.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/blitz.copychain.sh b/home.admin/config.scripts/blitz.copychain.sh index 8233c07e9..1b732aac7 100644 --- a/home.admin/config.scripts/blitz.copychain.sh +++ b/home.admin/config.scripts/blitz.copychain.sh @@ -141,7 +141,7 @@ if [ "$1" = "target" ]; then echo "Make sure that the Bitcoin Core Wallet is not running in the background anymore." echo "" echo "COPY, PASTE & EXECUTE the following command on your Windows computer terminal:" - echo "sftp -r ./chainstate ./blocks bitcoin@${internet_localip}:/mnt/hdd/bitcoin" + echo "scp -r ./chainstate ./blocks bitcoin@${internet_localip}:/mnt/hdd/bitcoin" echo "" echo "If asked for a password use PASSWORD A (or 'raspiblitz')." fi From 0012aea9213fcb5f8d5676aca1cb5354380c7819 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Thu, 19 Jan 2023 09:45:08 +0100 Subject: [PATCH 28/47] #3620 adapt 99.99% for last 50 blocks to sync (#3621) --- home.admin/config.scripts/bitcoin.monitor.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/bitcoin.monitor.sh b/home.admin/config.scripts/bitcoin.monitor.sh index f863e8bfe..e1dda5a15 100755 --- a/home.admin/config.scripts/bitcoin.monitor.sh +++ b/home.admin/config.scripts/bitcoin.monitor.sh @@ -159,9 +159,11 @@ if [ "$2" = "info" ]; then btc_sync_percentage=$(echo ${btc_sync_progress} | awk '{printf( "%.2f%%", 100 * $1)}') if [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_headers}" == "${btc_blocks_verified}" ]; then btc_sync_percentage="100.00" + elif [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_behind}" != "" ] && [ ${btc_blocks_behind} -lt 50 ]; then + # #3620 prevent that on catching the last 50 blocks its already 100.00% + btc_sync_percentage="99.99" fi - # determine if synced (tolerate falling 1 block behind) # and be sure that initial blockdownload is done btc_synced=0 From d731823758774aa2ec0c6729a057a2336ec74b1d Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 25 Jan 2023 19:07:13 +0100 Subject: [PATCH 29/47] #3605 Add both reindex options & FAQ entry (#3623) fixes #3605 --- FAQ.md | 24 ++++++++----- home.admin/00infoBlitz.sh | 15 +++----- home.admin/98repairMenu.sh | 20 ++++++++--- home.admin/config.scripts/bonus.electrs.sh | 31 ++++++++-------- home.admin/config.scripts/network.reindex.sh | 21 +++++------ home.admin/config.scripts/network.txindex.sh | 38 ++++++++++++-------- 6 files changed, 88 insertions(+), 61 deletions(-) diff --git a/FAQ.md b/FAQ.md index 4a6c1438a..2970681f4 100644 --- a/FAQ.md +++ b/FAQ.md @@ -302,6 +302,17 @@ You can also put an empty file just called `hdmi` (without any ending) onto the ## Debug +### How do I generate a Debug Report? + +If your RaspiBlitz is not working correctly and you like to get help from the community, it's good to provide more debug information, so others can better diagnose your problem - please follow the following steps to generate a debug report: + +- SSH into your raspiblitz as admin user with your password A +- If you see the menu - use CTRL+C to get to the terminal +- To generate debug report run: `debug`, optionally create a link with `debug -l` +- Then copy all output beginning with `*** RASPIBLITZ LOGS ***` and share this + +*PLEASE NOTICE: It's possible that these logs can contain private information (like IPs, node IDs, ...) - just share publicly what you feel OK with.* + ### I have the full blockchain on another storage. How do I copy it to the RaspiBlitz? Copying a already synced blockchain from another storage (e.g. your Laptop or external hard drive) can be a quick way to get the RaspiBlitz started or replacing a corrupted blockchain with a fresh one. Also that way you have synced and verified the blockchain yourself, and are not trusting the RaspiBlitz Torrent downloads (Don't trust, verify). @@ -318,16 +329,13 @@ If everything described above is in order, start the setup of the new RaspiBlitz Once you finished all the transfers, the Raspiblitz will make a quick-check on the data - but that will not guarantee that everything in detail was OK with the transfer. Check further FAQ answers if you get stuck or see a final sync with a value below 90%. -### How do I generate a Debug Report? +### Bitcoind tells me to reindex - how can I do this? -If your RaspiBlitz is not working correctly and you like to get help from the community, it's good to provide more debug information, so others can better diagnose your problem - please follow the following steps to generate a debug report: + To find/access information fast in large data sets like the Bitcoin blockhain indexes are needed. Those indexes can get corrupted on your HDD/SSD and to repair them they need to be rebuild - re-indexed. Bitcoind has two different options to do this - a fast way called "reindex-chainstate" (which just rebuilds the UTXO set from the blocks as you have them) and the slow but complete way called just "reindex" that would even recheck all your block data - see for details here: https://bitcoin.stackexchange.com/questions/60709/when-should-i-use-reindex-chainstate-and-when-reindex + + So if you read in your debug logs of bitcoind that you should "reindex" you can try first just to do a fast "reindex-chainstate" and if that didnt worked a slow and full "reindex". -- SSH into your raspiblitz as admin user with your password A -- If you see the menu - use CTRL+C to get to the terminal -- To generate debug report run: `debug`, optionally create a link with `debug -l` -- Then copy all output beginning with `*** RASPIBLITZ LOGS ***` and share this - -*PLEASE NOTICE: It's possible that these logs can contain private information (like IPs, node IDs, ...) - just share publicly what you feel OK with.* +See the raspiblitz script `./config.scripts/network.reindex.sh` or the REAPIR menu to start these processes. ### Why is my "final sync" taking so long? diff --git a/home.admin/00infoBlitz.sh b/home.admin/00infoBlitz.sh index c4dc75702..bd525df63 100755 --- a/home.admin/00infoBlitz.sh +++ b/home.admin/00infoBlitz.sh @@ -353,7 +353,7 @@ else appInfoLine="" # Electrum Server - electrs - if [ "${ElectRS}" = "on" ]; then + if [ "${ElectRS}" == "on" ]; then error="" source <(sudo /home/admin/config.scripts/bonus.electrs.sh status-sync 2>/dev/null) if [ ${#infoSync} -gt 0 ]; then @@ -361,15 +361,10 @@ else fi fi - # BTC RPC EXPLORER - if [ "${BTCRPCexplorer}" = "on" ]; then - error="" - source <(sudo /home/admin/config.scripts/bonus.btc-rpc-explorer.sh status 2>/dev/null) - if [ ${#error} -gt 0 ]; then - appInfoLine="ERROR BTC-RPC-Explorer: ${error} (try restart)" - elif [ "${isIndexed}" = "0" ]; then - appInfoLine="BTC-RPC-Explorer: ${indexInfo}" - fi + # Transaction Index + source <(/home/admin/config.scripts/network.txindex.sh status) + if [ "${txindex}" == "1" ] && [ "${isIndexed}" != "1" ]; then + appInfoLine="Transaction Index: ${indexInfo}" fi if [ ${#appInfoLine} -gt 0 ]; then diff --git a/home.admin/98repairMenu.sh b/home.admin/98repairMenu.sh index af202a29c..d22457493 100755 --- a/home.admin/98repairMenu.sh +++ b/home.admin/98repairMenu.sh @@ -65,6 +65,9 @@ RaspiBlitz image to your SD card. " 12 40 } +# get status of txindex +source <(/home/admin/config.scripts/network.txindex.sh status) + OPTIONS=() #OPTIONS+=(HARDWARE "Run Hardwaretest") OPTIONS+=(SOFTWARE "Run Softwaretest (DebugReport)") @@ -76,8 +79,13 @@ if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then fi OPTIONS+=(MIGRATION "Migrate Blitz Data to new Hardware") OPTIONS+=(COPY-SOURCE "Copy Blockchain Source Modus") -OPTIONS+=(REINDEX "Redindex Bitcoin Blockchain") -OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index") +if [ "${txindex}" == "1" ]; then + OPTIONS+=(DELETE-INDEX "Reindex Bitcoin Transaction-Index") +elif [ "${indexByteSize}" != "0" ]; then + OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index") +fi +OPTIONS+=(REINDEX-UTXO "Redindex Just Bitcoin Chainstate (Fast)") +OPTIONS+=(REINDEX-FULL "Redindex Full Bitcoin Blockchain (Slow)") OPTIONS+=(RESET-CHAIN "Delete Blockchain & Re-Download") OPTIONS+=(RESET-HDD "Delete HDD Data but keep Blockchain") OPTIONS+=(RESET-ALL "Delete HDD completely to start fresh") @@ -157,8 +165,12 @@ case $CHOICE in /home/admin/config.scripts/network.txindex.sh delete exit 0; ;; - REINDEX) - /home/admin/config.scripts/network.reindex.sh reindex main + REINDEX-UTXO) + /home/admin/config.scripts/network.reindex.sh reindex-chainstate mainnet + exit 0; + ;; + REINDEX-FULL) + /home/admin/config.scripts/network.reindex.sh reindex mainnet exit 0; ;; COPY-SOURCE) diff --git a/home.admin/config.scripts/bonus.electrs.sh b/home.admin/config.scripts/bonus.electrs.sh index b16f2ce90..932af2697 100755 --- a/home.admin/config.scripts/bonus.electrs.sh +++ b/home.admin/config.scripts/bonus.electrs.sh @@ -98,20 +98,21 @@ if [ "$1" = "status-sync" ] || [ "$1" = "status" ]; then echo "serviceRunning=${serviceRunning}" if [ ${serviceRunning} -eq 1 ]; then - # Experimental try to get sync Info - syncedToBlock=$(sudo journalctl -u electrs --no-pager -n2000 | grep "height=" | tail -n1| cut -d= -f3) - blockchainHeight=$(sudo -u bitcoin ${network}-cli getblockchaininfo 2>/dev/null | jq -r '.headers' | sed 's/[^0-9]*//g') - lastBlockchainHeight=$(($blockchainHeight -1)) - syncProgress=0 - if [ "${syncedToBlock}" != "" ] && [ "${blockchainHeight}" != "" ] && [ "${blockchainHeight}" != "0" ]; then - syncProgress="$(echo "$syncedToBlock" "$blockchainHeight" | awk '{printf "%.2f", $1 / $2 * 100}')" - fi - echo "syncProgress=${syncProgress}%" - if [ "${syncedToBlock}" = "${blockchainHeight}" ] || [ "${syncedToBlock}" = "${lastBlockchainHeight}" ]; then - echo "tipSynced=1" - else - echo "tipSynced=0" - fi + # Experimental try to get sync Info (electrs debug info would need more details) + #source <(/home/admin/_cache.sh get btc_mainnet_blocks_headers) + #blockchainHeight="${btc_mainnet_blocks_headers}" + #lastBlockchainHeight=$(($blockchainHeight -1)) + #syncedToBlock=$(sudo journalctl -u electrs --no-pager -n2000 | grep "height=" | tail -n1| cut -d= -f3) + #syncProgress=0 + #if [ "${syncedToBlock}" != "" ] && [ "${blockchainHeight}" != "" ] && [ "${blockchainHeight}" != "0" ]; then + # syncProgress="$(echo "$syncedToBlock" "$blockchainHeight" | awk '{printf "%.2f", $1 / $2 * 100}')" + #fi + #echo "syncProgress=${syncProgress}%" + #if [ "${syncedToBlock}" = "${blockchainHeight}" ] || [ "${syncedToBlock}" = "${lastBlockchainHeight}" ]; then + # echo "tipSynced=1" + #else + # echo "tipSynced=0" + #fi # check if initial sync was done, by setting a file as once electrs is the first time responding on port 50001 electrumResponding=$(echo '{"jsonrpc":"2.0","method":"server.ping","params":[],"id":"electrs-check"}' | netcat -w 2 127.0.0.1 50001 | grep -c "result") @@ -135,7 +136,7 @@ if [ "$1" = "status-sync" ] || [ "$1" = "status" ]; then fi else - echo "tipSynced=0" + # echo "tipSynced=0" echo "initialSynced=0" echo "electrumResponding=0" echo "infoSync='Not running - check: sudo journalctl -u electrs'" diff --git a/home.admin/config.scripts/network.reindex.sh b/home.admin/config.scripts/network.reindex.sh index b67b51264..f78ff514c 100755 --- a/home.admin/config.scripts/network.reindex.sh +++ b/home.admin/config.scripts/network.reindex.sh @@ -4,28 +4,29 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "script to run re-index if the blockchain - blocks will not be deleted but re-indexed" echo "will trigger reboot after started and progress can be monitored thru normal sync status" - echo "network.reindex.sh reindex [mainnet|testnet|signet] --> use to start re-index chain" + echo "There are two ways to re-index - for details see: https://bitcoin.stackexchange.com/a/60711" + echo "network.reindex.sh reindex [mainnet|testnet|signet] --> re-index chain & repair corrupt blocks" + echo "network.reindex.sh reindex-chainstate [mainnet|testnet|signet] --> only re-build UTXO set (fast)" exit 1 fi source /mnt/hdd/raspiblitz.conf -################### -# START -################### -if [ "$1" = "reindex" ]; then +if [ "$1" = "reindex" ] || [ "$1" = "reindex-chainstate" ]; then + + action="$1" # network prefixes if [ "$2" = "mainnet" ]; then - echo "# network.reindex.sh reindex --> mainnet" + echo "# network.reindex.sh ${action} --> mainnet" prefix="" netparam="" elif [ "$2" = "testnet" ]; then - echo "# network.reindex.sh reindex --> testnet" + echo "# network.reindex.sh ${action} --> testnet" prefix="t" netparam="-testnet " elif [ "$2" = "signet" ]; then - echo "# network.reindex.sh reindex --> signet" + echo "# network.reindex.sh ${action} --> signet" prefix="s" netparam="-signet " else @@ -38,8 +39,8 @@ if [ "$1" = "reindex" ]; then sudo systemctl stop ${prefix}${network}d # starting reindex - echo "# starting ${network} service with -reindex flag" - sudo -u bitcoin /usr/local/bin/${network}d ${netparam}-daemon -reindex -conf=/mnt/hdd/${network}/${network}.conf -datadir=/mnt/hdd/${network} 1>&2 + echo "# starting ${network} service with -${action} flag" + sudo -u bitcoin /usr/local/bin/${network}d ${netparam}-daemon -blockfilterindex=0 -${action} -conf=/mnt/hdd/${network}/${network}.conf -datadir=/mnt/hdd/${network} 1>&2 echo "# waiting 10 secs" sleep 10 echo "# going into reboot - reindex process can be monitored like normal blockchain sync status" diff --git a/home.admin/config.scripts/network.txindex.sh b/home.admin/config.scripts/network.txindex.sh index 3649bba60..df5b183b6 100755 --- a/home.admin/config.scripts/network.txindex.sh +++ b/home.admin/config.scripts/network.txindex.sh @@ -30,36 +30,47 @@ if [ "$1" = "status" ]; then echo "##### STATUS TXINDEX" + indexByteSize=$(sudo du -s /mnt/hdd/bitcoin/indexes/txindex 2>/dev/null | cut -f1) + if [ "${indexByteSize}" == "" ]; then + indexByteSize=0 + fi + echo "txindex=${txindex}" + echo "indexByteSize=${indexByteSize}" if [ ${txindex} -eq 0 ]; then exit 0 fi # try to gather if still indexing + source <(/home/admin/_cache.sh get btc_mainnet_blocks_headers) + blockchainHeight="${btc_mainnet_blocks_headers}" indexedToBlock=$(sudo tail -n 200 /mnt/hdd/${network}${pathAdd}/debug.log | grep "Syncing txindex with block chain from height" | tail -n 1 | cut -d " " -f 9 | sed 's/[^0-9]*//g') - blockchainHeight=$(sudo -u bitcoin ${network}-cli getblockchaininfo 2>/dev/null | jq -r '.blocks' | sed 's/[^0-9]*//g') indexFinished=$(sudo tail -n 200 /mnt/hdd/${network}${pathAdd}/debug.log | grep -c "txindex is enabled at height") - echo "indexedToBlock=${indexedToBlock}" - echo "blockchainHeight=${blockchainHeight}" - echo "indexFinished=${indexFinished}" + if [ ${#indexedToBlock} -eq 0 ] || [ ${indexFinished} -gt 0 ] || [ "${indexedToBlock}" = "${blockchainHeight}" ]; then echo "isIndexed=1" + indexedToBlock=$blockchainHeight + indexFinished=1 indexInfo="OK" else echo "isIndexed=0" if [ ${#indexedToBlock} -gt 0 ] && [ ${#blockchainHeight} -gt 0 ]; then progressPercent=$(printf %.2f $(echo "${indexedToBlock}/${blockchainHeight}*100" | bc -l)) - indexInfo="Indexing is at ${progressPercent}% (please wait)" + indexInfo="Building ${progressPercent}% (please wait)" else - indexInfo="Indexing is running (please wait)" + indexInfo="Building (please wait)" fi echo "indexInfo='${indexInfo}'" - fi + fi + + echo "indexFinished=${indexFinished}" + echo "indexedToBlock=${indexedToBlock}" + echo "blockchainHeight=${blockchainHeight}" + exit 0 fi - ################### # switch on ################### @@ -84,27 +95,26 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then fi fi - ################### # switch off ################### if [ "$1" = "0" ] || [ "$1" = "off" ]; then + echo "# changing config ..." sudo sed -i "s/^txindex=.*/txindex=0/g" /mnt/hdd/${network}/${network}.conf + echo "# deinstalling apps needing txindex ..." + sudo -u admin /home/admin/config.scripts/bonus.btc-rpc-explorer.sh off + echo "# restarting bitcoind ..." sudo systemctl restart ${network}d exit 0 fi - ################### # delete (and make sure all using apps are deinstalled) # on version update check all bonus scripts that this network.txindex.sh on ################### if [ "$1" = "delete" ]; then - echo "# deinstalling apps needing txindex ..." - sudo -u admin /home/admin/config.scripts/bonus.btc-rpc-explorer.sh off - echo "# changing config ..." + echo "# stopping bitcoind ..." sudo systemctl stop ${network}d - sudo sed -i "s/^txindex=.*/txindex=0/g" /mnt/hdd/${network}/${network}.conf echo "# deleting tx index ..." sudo rm -r /mnt/hdd/${network}/indexes/txindex echo "# restarting bitcoind ..." From 504cef36c1bad4ad1194f9fda86ec505cb5daa2e Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 25 Jan 2023 20:17:37 +0100 Subject: [PATCH 30/47] #3632 update lnbits to 0.9.6 (#3633) --- CHANGES.md | 2 +- home.admin/config.scripts/bonus.lnbits.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 9b1b7a88b..064ec722d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -19,7 +19,7 @@ - Update: Lightning Terminal v0.8.4-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.4-alpha) - Update: RTL v0.13.0 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.12.3) - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16) -- Update: LNbits 0.9.4 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.2) +- Update: LNbits 0.9.6 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.6) - Update: BTCPayServer 1.7.2 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.2) - Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0) - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5) diff --git a/home.admin/config.scripts/bonus.lnbits.sh b/home.admin/config.scripts/bonus.lnbits.sh index 4915a74f7..ef1ac4e55 100644 --- a/home.admin/config.scripts/bonus.lnbits.sh +++ b/home.admin/config.scripts/bonus.lnbits.sh @@ -3,7 +3,7 @@ # https://github.com/lnbits/lnbits-legend # https://github.com/lnbits/lnbits-legend/releases -tag="0.9.4" +tag="0.9.6" VERSION="${tag}" # command info @@ -608,7 +608,7 @@ if [ "$1" = "install" ]; then exit 0 fi - echo "# *** INSTALL THUNDERHUB ***" + echo "# *** INSTALL LNBIS ${VERSION} ***" # add lnbits user echo "*** Add the 'lnbits' user ***" From 6e3e82a6f0e8c9c6a4a8d18bbd71cbb53867818a Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Fri, 3 Feb 2023 16:41:15 +0000 Subject: [PATCH 31/47] fix typos in the FAQ (#3626) --- FAQ.md | 141 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 72 insertions(+), 69 deletions(-) diff --git a/FAQ.md b/FAQ.md index 2970681f4..b551110b3 100644 --- a/FAQ.md +++ b/FAQ.md @@ -4,74 +4,77 @@ --- Table of Contents --- - - [Upgrade](#upgrade) - - [How to verify the SD card image after download?](#how-to-verify-the-sd-card-image-after-download) - - [What changed on every upgrade?](#what-changed-on-every-upgrade) - - [How do I upgrade my RaspiBlitz?](#how-do-i-upgrade-my-raspiblitz) - - [Why do I need to re-burn my SD card for an update?](#why-do-i-need-to-re-burn-my-sd-card-for-an-update) - - [How can I update LND or bitcoind even before the next RaspiBlitz update?](#how-can-i-update-lnd-or-bitcoind-even-before-the-next-raspiblitz-update) - - [SSH](#ssh) - - [What to do when on SSH I see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"](#what-to-do-when-on-ssh-i-see-warning-remote-host-identification-has-changed) - - [How do I unplug/shutdown safely without SSH](#how-do-i-unplugshutdown-safely-without-ssh) - - [I cannot connect via SSH to my RaspiBlitz. What do I do?](#i-cannot-connect-via-ssh-to-my-raspiblitz-what-do-i-do) - - [How to SSH over Tor?](#how-to-ssh-over-tor) - - [How to setup port-forwarding with a SSH tunnel?](#how-to-setup-port-forwarding-with-a-ssh-tunnel) - - [How do I setup just a port-forwarding user on my public server?](#how-do-i-setup-just-a-port-forwarding-user-on-my-public-server) - - [Display](#display) - - [Can I flip the screen?](#can-i-flip-the-screen) - - [How to fix my upside down LCD after update?](#how-to-fix-my-upside-down-lcd-after-update) - - [Can I run the RaspiBlitz without a display/LCD?](#can-i-run-the-raspiblitz-without-a-displaylcd) - - [How do I find the IP address when running without a display?](#how-do-i-find-the-ip-address-when-running-without-a-display) - - [Debug](#debug) - - [I have the full blockchain on another storage. How do I copy it to the RaspiBlitz?](#i-have-the-full-blockchain-on-another-storage-how-do-i-copy-it-to-the-raspiblitz) - - [How do I generate a Debug Report?](#how-do-i-generate-a-debug-report) - - [Why is my "final sync" taking so long?](#why-is-my-final-sync-taking-so-long) - - [How do I backup my Lightning Node?](#how-do-i-backup-my-lightning-node) - - [1) Securing your On-Chain- and Channel-Funds during Operation](#and-channel-funds-during-operation) - - [2) Making a complete LND data backup](#2-making-a-complete-lnd-data-backup) - - [How can I recover my coins from a failing RaspiBlitz?](#how-can-i-recover-my-coins-from-a-failing-raspiblitz) - - [1) Recover LND data](#1-recover-lnd-data) - - [2) Recover from Wallet Seed](#2-recover-from-wallet-seed) - - [How do I move funds & channels from RaspiBlitz to LND Lightning Desktop App?](#how-do-i-move-funds--channels-from-raspiblitz-to-lnd-lightning-desktop-app) - - [How do I change the Name/Alias of my lightning node](#how-do-i-change-the-namealias-of-my-lightning-node) - - [How do I change the public port LND/Lightning node is running on?](#how-do-i-change-the-public-port-lndlightning-node-is-running-on) - - [How do I solve a "signature mismatch after caveat verification" error?](#how-do-i-solve-a-signature-mismatch-after-caveat-verification-error) - - [Why is my node not routing?](#why-is-my-node-not-routing) - - [When using Auto-Unlock, how much security do I lose?](#when-using-auto-unlock-how-much-security-do-i-lose) - - [I connected my HDD but it still says 'Connect HDD' on the display?](#i-connected-my-hdd-but-it-still-says-connect-hdd-on-the-display) - - [How do I shrink the QR code for connecting my Shango/Zap/Zeus mobile phone?](#how-do-i-shrink-the-qr-code-for-connecting-my-shangozapzeus-mobile-phone) - - [Why is my bitcoin IP on the display red?](#why-is-my-bitcoin-ip-on-the-display-red) - - [Why is my node address on the display red?](#why-is-my-node-address-on-the-display-red) - - [Why is my node address on the display yellow (not green)?](#why-is-my-node-address-on-the-display-yellow-not-green) - - [How do I fix a displayed Error in my Config?](#how-do-i-fix-a-displayed-error-in-my-config) - - [Can I run the RaspiBlitz as Backend for BTCPayServer?](#can-i-run-the-raspiblitz-as-backend-for-btcpayserver) - - [I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?](#how-do-i-connect-to-my-raspiblitz) - - [Is it possible to connect the Blitz over Wifi instead of using a LAN cable?](#is-it-possible-to-connect-the-blitz-over-wifi-instead-of-using-a-lan-cable) - - [Can I directly connect the RaspiBlitz to my laptop?](#can-i-directly-connect-the-raspiblitz-to-my-laptop) - - [How to attach the RaspberryPi to the HDD?](#how-to-attach-the-raspberrypi-to-the-hdd) - - [What other case options do I have?](#what-other-case-options-do-i-have) - - [Are those "Under-Voltage detected" warnings a problem?](#are-those-under-voltage-detected-warnings-a-problem) - - [How do I return to the menu after exiting to the command line](#how-do-i-return-to-the-menu-after-exiting-to-the-command-line) - - [How do I setup fresh/clean/reset and without going into recovery mode?](#how-do-i-setup-freshcleanreset-and-without-going-into-recovery-mode) - - [My blockchain data is corrupted - what can I do?](#what-can-i-do) - - [I have two RaspiBlitz in my network - can they both be public?](#can-they-both-be-public) - - [How can I enforce UASP mode for my SSD controller?](#how-can-i-enforce-uasp-mode-for-my-ssd-controller) - - [I am facing maintenance/emergency mode on boot. How do I fix it?](#i-am-facing-maintenanceemergency-mode-on-boot-how-do-i-fix-it) - - [Extras](#extras) - - [How do I connect a UPS to the RaspiBlitz?](#how-do-i-connect-a-ups-to-the-raspiblitz) - - [Can I run my RaspiBlitz on Solar Energy?](#can-i-run-my-raspiblitz-on-solar-energy) - - [How to use the Let's Encrypt client](#how-to-use-the-lets-encrypt-client) - - [Let's Encrypt - HTTP-01](#http-01) - - [Let's Encrypt - DNS-01](#dns-01) - - [Let's Encrypt - eMail Address](#email-address) - - [Let's Encrypt - Installation details](#installation-details) - - [What is this mnemonic seed word list?](#what-is-this-mnemonic-seed-word-list) - - [How do I set up VNC?](#how-do-i-set-up-vnc) - - [Why use BTRFS on RaspiBlitz?](#why-use-btrfs-on-raspiblitz) - - [Storing your important Data in RAID1 with a USB Thumb Drive](#storing-your-important-data-in-raid1-with-a-usb-thumb-drive) - - [Snapshotting the Blockchain](#snapshotting-the-blockchain) - - [How do I use BTRFS on RaspiBlitz?](#how-do-i-use-btrfs-on-raspiblitz) - - [How to recover a BTRFS partition?](#how-to-recover-a-btrfs-partition) +- [Table of Contents](#table-of-contents) +- [Upgrade](#upgrade) + - [How to verify the SD card image after download?](#how-to-verify-the-sd-card-image-after-download) + - [What changed on every upgrade?](#what-changed-on-every-upgrade) + - [How do I upgrade my RaspiBlitz?](#how-do-i-upgrade-my-raspiblitz) + - [Why do I need to re-burn my SD card for an update?](#why-do-i-need-to-re-burn-my-sd-card-for-an-update) + - [How can I update LND or bitcoind even before the next RaspiBlitz update?](#how-can-i-update-lnd-or-bitcoind-even-before-the-next-raspiblitz-update) +- [SSH](#ssh) + - [What to do when on SSH I see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"](#what-to-do-when-on-ssh-i-see-warning-remote-host-identification-has-changed) + - [How do I unplug/shutdown safely without SSH](#how-do-i-unplugshutdown-safely-without-ssh) + - [I cannot connect via SSH to my RaspiBlitz. What do I do?](#i-cannot-connect-via-ssh-to-my-raspiblitz-what-do-i-do) + - [How to SSH over Tor?](#how-to-ssh-over-tor) + - [How to setup port-forwarding with a SSH tunnel?](#how-to-setup-port-forwarding-with-a-ssh-tunnel) + - [How do I setup just a port-forwarding user on my public server?](#how-do-i-setup-just-a-port-forwarding-user-on-my-public-server) + - [How to reset the ssh config and keys?](#how-to-reset-the-ssh-config-and-keys) +- [Display](#display) + - [Can I flip the screen?](#can-i-flip-the-screen) + - [How to fix my upside down LCD after update?](#how-to-fix-my-upside-down-lcd-after-update) + - [Can I run the RaspiBlitz without a display/LCD?](#can-i-run-the-raspiblitz-without-a-displaylcd) + - [How do I find the IP address when running without a display?](#how-do-i-find-the-ip-address-when-running-without-a-display) +- [Debug](#debug) + - [I have the full blockchain on another storage. How do I copy it to the RaspiBlitz?](#i-have-the-full-blockchain-on-another-storage-how-do-i-copy-it-to-the-raspiblitz) + - [How do I generate a Debug Report?](#how-do-i-generate-a-debug-report) + - [Why is my "final sync" taking so long?](#why-is-my-final-sync-taking-so-long) + - [How do I backup my Lightning Node?](#how-do-i-backup-my-lightning-node) + - [1) Securing your On-Chain- and Channel-Funds during Operation](#1-securing-your-on-chain--and-channel-funds-during-operation) + - [2) Making a complete LND data backup](#2-making-a-complete-lnd-data-backup) + - [How can I recover my coins from a failing RaspiBlitz?](#how-can-i-recover-my-coins-from-a-failing-raspiblitz) + - [1) Recover LND data](#1-recover-lnd-data) + - [2) Recover from Wallet Seed](#2-recover-from-wallet-seed) + - [How do I move funds \& channels from RaspiBlitz to LND Lightning Desktop App?](#how-do-i-move-funds--channels-from-raspiblitz-to-lnd-lightning-desktop-app) + - [How do I change the Name/Alias of my lightning node](#how-do-i-change-the-namealias-of-my-lightning-node) + - [How do I change the public port LND/Lightning node is running on?](#how-do-i-change-the-public-port-lndlightning-node-is-running-on) + - [How do I solve a "signature mismatch after caveat verification" error?](#how-do-i-solve-a-signature-mismatch-after-caveat-verification-error) + - [Why is my node not routing?](#why-is-my-node-not-routing) + - [When using Auto-Unlock, how much security do I lose?](#when-using-auto-unlock-how-much-security-do-i-lose) + - [I connected my HDD but it still says 'Connect HDD' on the display?](#i-connected-my-hdd-but-it-still-says-connect-hdd-on-the-display) + - [How do I shrink the QR code for connecting my Shango/Zap/Zeus mobile phone?](#how-do-i-shrink-the-qr-code-for-connecting-my-shangozapzeus-mobile-phone) + - [Why is my bitcoin IP on the display red?](#why-is-my-bitcoin-ip-on-the-display-red) + - [Why is my node address on the display red?](#why-is-my-node-address-on-the-display-red) + - [Why is my node address on the display yellow (not green)?](#why-is-my-node-address-on-the-display-yellow-not-green) + - [How can I set a fixed IP?](#how-can-i-set-a-fixed-ip) + - [How do I fix a displayed Error in my Config?](#how-do-i-fix-a-displayed-error-in-my-config) + - [Can I run the RaspiBlitz as Backend for BTCPayServer?](#can-i-run-the-raspiblitz-as-backend-for-btcpayserver) + - [I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?](#i-dont-have-a-lan-port-on-my-laptop---how-do-i-connect-to-my-raspiblitz) + - [Is it possible to connect the Blitz over Wifi instead of using a LAN cable?](#is-it-possible-to-connect-the-blitz-over-wifi-instead-of-using-a-lan-cable) + - [Can I directly connect the RaspiBlitz to my laptop?](#can-i-directly-connect-the-raspiblitz-to-my-laptop) + - [How to attach the RaspberryPi to the HDD?](#how-to-attach-the-raspberrypi-to-the-hdd) + - [What other case options do I have?](#what-other-case-options-do-i-have) + - [Are those "Under-Voltage detected" warnings a problem?](#are-those-under-voltage-detected-warnings-a-problem) + - [How do I return to the menu after exiting to the command line](#how-do-i-return-to-the-menu-after-exiting-to-the-command-line) + - [How do I setup fresh/clean/reset and without going into recovery mode?](#how-do-i-setup-freshcleanreset-and-without-going-into-recovery-mode) + - [My blockchain data is corrupted - what can I do?](#my-blockchain-data-is-corrupted---what-can-i-do) + - [I have two RaspiBlitz in my network - can they both be public?](#i-have-two-raspiblitz-in-my-network---can-they-both-be-public) + - [How can I enforce UASP mode for my SSD controller?](#how-can-i-enforce-uasp-mode-for-my-ssd-controller) + - [I am facing maintenance/emergency mode on boot. How do I fix it?](#i-am-facing-maintenanceemergency-mode-on-boot-how-do-i-fix-it) +- [Extras](#extras) + - [How do I connect a UPS to the RaspiBlitz?](#how-do-i-connect-a-ups-to-the-raspiblitz) + - [Can I run my RaspiBlitz on Solar Energy?](#can-i-run-my-raspiblitz-on-solar-energy) + - [How to use the Let's Encrypt client](#how-to-use-the-lets-encrypt-client) + - [Let's Encrypt - HTTP-01](#lets-encrypt---http-01) + - [Let's Encrypt - DNS-01](#lets-encrypt---dns-01) + - [Let's Encrypt - eMail Address](#lets-encrypt---email-address) + - [Let's Encrypt - Installation details](#lets-encrypt---installation-details) + - [What is this mnemonic seed word list?](#what-is-this-mnemonic-seed-word-list) + - [How do I set up VNC?](#how-do-i-set-up-vnc) + - [Why use BTRFS on RaspiBlitz?](#why-use-btrfs-on-raspiblitz) + - [Storing your important Data in RAID1 with a USB Thumb Drive](#storing-your-important-data-in-raid1-with-a-usb-thumb-drive) + - [Snapshotting the Blockchain](#snapshotting-the-blockchain) + - [How do I use BTRFS on RaspiBlitz?](#how-do-i-use-btrfs-on-raspiblitz) + - [How to recover a BTRFS partition?](#how-to-recover-a-btrfs-partition) --- ## Upgrade @@ -255,7 +258,7 @@ useradd -g forwardings -d /home [USERNAME] echo 'command="date" [CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]' > /etc/ssh/authorized_keys/[USERNAME] ``` -As a result you should see a "good signature" message with a main fingerprint the same as you can find on the [keybase.io/rootzoll](https://keybase.io/rootzoll) that is ending on `1C73 060C 7C17 6461` the sub fingerprint should end on `A2D7 AA9D D1B5 CC56 47DA`. If that fingerprint is correct, the SD card image you downloaded is a original release RaspiBlitz. +### How to reset the ssh config and keys? - shutdown the RaspiBlitz - if you dont have touchscreen activated, disconnect LAN cable, wait until HDD/SSD activity slows down (no constant blinking) and then cut the power - take out the SD card and connect it to your laptop - it should appear as a `boot` drive From 92f69bb29e00393ebd041c202bdabd141c1b763a Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Fri, 3 Feb 2023 17:44:24 +0100 Subject: [PATCH 32/47] 3524 Re-Add IP2Tor (#3643) --- CHANGES.md | 2 +- README.md | 22 ++++- .../blitz.subscriptions.ip2tor.py | 82 +++++++++++++------ .../config.scripts/blitz.subscriptions.py | 2 +- .../config.scripts/bonus.btcpayserver.sh | 8 +- home.admin/config.scripts/bonus.lnbits.sh | 28 +++---- .../config.scripts/bonus.sphinxrelay.sh | 6 +- home.admin/config.scripts/lnd.export.sh | 6 +- 8 files changed, 104 insertions(+), 52 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 064ec722d..c3ceb2a34 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -31,7 +31,7 @@ - Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez) - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file) - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox) -- Info: IP2Tor unavailable & deactivated in SSH menus [details](https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480) +- Info: IP2Tor fix fulmo shop & added new ip2tor.com shop - Info: 32GB sdcard is now enforced (after being recommended since v1.5) - Info: 'Reindex Blockchain' is not part of 'repair' menu diff --git a/README.md b/README.md index b21e5bac6..8237b690c 100644 --- a/README.md +++ b/README.md @@ -772,7 +772,7 @@ Using pre-signed bitcoin transactions (PSBT) and [Hardware Wallet Interface](htt At the moment it is very Linux-focused. The same applies to multi-signature setups. -The goal of the Specter Desktop wallet is to make a convenient and user-friendly GUI around Bitcoin Core, focusing on multi-signature setups with air-gapped hardware wallets like Trezor, Ledger, COLDCARD or the Specter-DIY. +The goal of the Specter Desktop wallet is to make a sub and user-friendly GUI around Bitcoin Core, focusing on multi-signature setups with air-gapped hardware wallets like Trezor, Ledger, COLDCARD or the Specter-DIY. ![SPECTER](pictures/specter.jpg) @@ -855,6 +855,11 @@ LNbits is a very simple server that sits on top of your Lightning Wallet. ![LNBITS](pictures/lnbits.png) +It can be used together with IP2Tor to provide: + +- Lightning Paper Vouchers (Plugin: LNURLw) +- Merchant Onboarding (Plugin: TPOS) + [![Video Tutorial](pictures/video-vouchers.png)](https://www.youtube.com/watch?v=0Bt3tHULAnw) You can also develop your own extensions on it. @@ -1009,7 +1014,20 @@ At the moment, the following subscription services are available: ##### IP2TOR (paid) -DEACTIVATED SINCE 1.9 --> see for background: https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480 +IP2TOR is a tunnel service where you can run your RaspiBlitz anonymously behind TOR but you rent a port on a clearnet IP through which you can make services of your RaspiBlitz easy reachable for everybody on the internet. +You don't need to care about your local router or firewall settings. +You can pay for this service directly through Lightning from your RaspiBlitz as subscription. + +At first you select what services of your RaspiBlitz you like to tunnel through a IP2TOR bridge. + +You will get a list of available IP2TOR shops & bridge offerings. +Select `OK` on an IP2TOR bridge offering and you will see more details on it, such as how many satoshis the subscription will cost you. +Your node should be funded and have channels open already at this point. + +If you choose `AGREE` on the details of a IP2TOR bridge offering the RaspiBlitz tries for you to setup the IP2TOR bridge. +If everything worked you will find now the subscription under `MAINMENU` > `SUBSCRIBE` > `LIST My Subscriptions` where you can cancel it again. + +To try out the IP2TOR tunnel choose in `MAINMENU` the extra menu point of the Service you choose the bridge for and it should give you now an updated URL or try calling the API on the IP and Port that is displayed under the details of the subscription in the `LIST My Subscriptions` section. ##### HTTPS with LetsEncrypt (free) diff --git a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py index c58c93d46..673d329fa 100755 --- a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py +++ b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py @@ -595,37 +595,68 @@ def menuMakeSubscription(blitzServiceName, torAddress, torPort): torTarget = "{0}:{1}".format(torAddress, torPort) ############################ - # PHASE 1: Enter Shop URL - - # see if user had before entered another shop of preference - shopurl = DEFAULT_SHOPURL - try: - subscriptions = toml.load(SUBSCRIPTIONS_FILE) - shopurl = subscriptions['shop_ip2tor'] - print("# using last shop url set in subscriptions.toml") - except Exception as e: - print("# using default shop url") - - # remove https:// from shop url (to keep it short) - if shopurl.find("://") > 0: - shopurl = shopurl[shopurl.find("://") + 3:] + # PHASE 1: Choose Shop URL + shopurl = "" while True: - # input shop url + # see if user had before entered another shop of preference + lastusedShop = "" + try: + subscriptions = toml.load(SUBSCRIPTIONS_FILE) + lastusedShop = subscriptions['shop_ip2tor'] + print("# using last shop url set in subscriptions.toml") + except Exception as e: + print("# using default shop url") + + # set choices of shops + choices = [] + + # remove https:// from shop url (to keep it short) + if lastusedShop.find("://") > 0: lastusedShop = lastusedShop[lastusedShop.find("://") + 3:] + + # IP2TOR.COM Shop + choice_url_ip2torcom="ip2tor.com" + choices.append(("A", "ip2tor.com Shop")) + if lastusedShop == choice_url_ip2torcom: lastusedShop="" + + # FULMO Shop + choice_url_fulmo="fulmo7x6yvgz6zs2b2ptduvzwevxmizhq23klkenslt5drxx2physlqd.onion" + choices.append(("B", "Fulmo Shop")) + if lastusedShop == choice_url_fulmo: lastusedShop="" + + # add before option if different from static options + if len(lastusedShop) > 0: choices.append(("Y", lastusedShop)) + + # enter own shop address option + choices.append(("X", "Enter a new Shop URL")) + + # select dialog d = Dialog(dialog="dialog", autowidgetsize=True) - d.set_background_title("Select IP2TOR Bridge Shop (communication secured thru TOR)") - code, text = d.inputbox( - "Enter Address of the IP2TOR Shop (OR JUST PRESS OK):", - height=10, width=72, init=shopurl, - title="Shop Address") + d.set_background_title("IP2TOR - Select Shop") + code, selected = d.menu( + "\nChoose your IP2Tor provider/shop:", + choices=choices, width=75, height=10, title="Select IP2Tor Shop") # if user canceled if code != d.OK: sys.exit(0) - # get host list from shop - shopurl = text + if selected == "A" : shopurl=choice_url_ip2torcom + if selected == "B" : shopurl=choice_url_fulmo + if selected == "Y" : shopurl=lastusedShop + + # input shop url + if selected == "X": + d = Dialog(dialog="dialog", autowidgetsize=True) + d.set_background_title("IP2TOR - Add new Shop") + code, shopurl = d.inputbox( + "Enter Address of the IP2TOR Shop (OR JUST PRESS OK):", + height=10, width=72, init=shopurl, + title="Shop Address") + if shopurl.find("://") > 0: shopurl = shopurl[shopurl.find("://") + 3:] + + # try & get host list from shop os.system('clear') try: hosts = shopList(shopurl) @@ -686,6 +717,9 @@ Try again later, enter another address or cancel. if len(host['terms_of_service']) == 0: host['terms_of_service'] = "-" if len(host['terms_of_service_url']) == 0: host['terms_of_service_url'] = "-" + description=host['terms_of_service'] + if "description" in host: description = "{0} / {1}".format(host['description'], host['terms_of_service']) + # show details of selected d = Dialog(dialog="dialog", autowidgetsize=True) d.set_background_title("IP2TOR Bridge Offer Details: {0}".format(shopurl)) @@ -704,7 +738,7 @@ the "SUBSCRIPTONS" menu on your RaspiBlitz. There will be no refunds for not used hours. There is no guarantee for quality of service. -The service has the following additional terms: +The service has the following additional description & terms: {5} More information on the service you can find under: @@ -715,7 +749,7 @@ More information on the service you can find under: host['tor_bridge_price_extension_sats'], host['ip'], torTarget, - host['terms_of_service'], + description, host['terms_of_service_url'], blitzServiceName ) diff --git a/home.admin/config.scripts/blitz.subscriptions.py b/home.admin/config.scripts/blitz.subscriptions.py index c184776a0..eae24c06a 100755 --- a/home.admin/config.scripts/blitz.subscriptions.py +++ b/home.admin/config.scripts/blitz.subscriptions.py @@ -225,7 +225,7 @@ def main(): choices = list() choices.append(("LIST", "My Subscriptions")) - #choices.append(("NEW1", "+ IP2TOR Bridge (paid)")) + choices.append(("NEW1", "+ IP2TOR Bridge (paid)")) choices.append(("NEW2", "+ LetsEncrypt HTTPS Domain (free)")) d = Dialog(dialog="dialog", autowidgetsize=True) diff --git a/home.admin/config.scripts/bonus.btcpayserver.sh b/home.admin/config.scripts/bonus.btcpayserver.sh index 42f180c33..933e6298e 100644 --- a/home.admin/config.scripts/bonus.btcpayserver.sh +++ b/home.admin/config.scripts/bonus.btcpayserver.sh @@ -216,10 +216,10 @@ SHA1 ${sslFingerprintTOR}" IP2TOR: https://${ip2torIP}:${ip2torPort} SHA1 ${sslFingerprintTOR} go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain" -# elif [ ${#publicDomain} -eq 0 ]; then -# text="${text}\n -#To enable easy reachability with normal browser from the outside -#consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR" + elif [ ${#publicDomain} -eq 0 ]; then + text="${text}\n +To enable easy reachability with normal browser from the outside +consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR" fi text="${text}\n diff --git a/home.admin/config.scripts/bonus.lnbits.sh b/home.admin/config.scripts/bonus.lnbits.sh index ef1ac4e55..ea0c493fc 100644 --- a/home.admin/config.scripts/bonus.lnbits.sh +++ b/home.admin/config.scripts/bonus.lnbits.sh @@ -174,10 +174,10 @@ https://${ip2torDomain}:${ip2torPort} ready for public use" IP2TOR: https://${ip2torIP}:${ip2torPort} SHA1 ${sslFingerprintTOR}\n Consider adding a LetsEncrypt HTTPS Domain under OPTIONS." -# elif [ ${#publicDomain} -eq 0 ]; then -# text="${text}\n -#To enable easy reachability with normal browser from the outside -#Consider adding a IP2TOR Bridge under OPTIONS." + elif [ ${#publicDomain} -eq 0 ]; then + text="${text}\n +To enable easy reachability with normal browser from the outside +Consider adding a IP2TOR Bridge under OPTIONS." fi whiptail --title " LNbits ${fundinginfo}" --yes-button "OK" --no-button "OPTIONS" --yesno "${text}" 18 69 @@ -194,16 +194,16 @@ Consider adding a LetsEncrypt HTTPS Domain under OPTIONS." OPTIONS=() # IP2TOR options - #if [ "${ip2torDomain}" != "" ]; then - # # IP2TOR+LetsEncrypt active - offer cancel - # OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits") - #elif [ "${ip2torIP}" != "" ]; then - # # just IP2TOR active - offer cancel or Lets Encrypt - # OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits") - # OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits") - #else - # OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription") - #fi + if [ "${ip2torDomain}" != "" ]; then + # IP2TOR+LetsEncrypt active - offer cancel + OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits") + elif [ "${ip2torIP}" != "" ]; then + # just IP2TOR active - offer cancel or Lets Encrypt + OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits") + OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits") + else + OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription") + fi # Change Funding Source options (only if available) if [ "${LNBitsFunding}" == "lnd" ] && [ "${cl}" == "on" ]; then diff --git a/home.admin/config.scripts/bonus.sphinxrelay.sh b/home.admin/config.scripts/bonus.sphinxrelay.sh index fe3d3c498..6ade00144 100755 --- a/home.admin/config.scripts/bonus.sphinxrelay.sh +++ b/home.admin/config.scripts/bonus.sphinxrelay.sh @@ -108,9 +108,9 @@ iOS support is native, Android needs Orbot" At the moment your Sphinx Relay Server is just available within the local network - without transport encryption. Local server for test & debug: ${publicURL}/app"#\n -#To enable easy reachability from the outside consider -#adding a IP2TOR Bridge and reconnect: -#MAINMENU > SUBSCRIBE > IP2TOR > SPHINX" +To enable easy reachability from the outside consider +adding a IP2TOR Bridge and reconnect: +MAINMENU > SUBSCRIBE > IP2TOR > SPHINX" extraPairInfo="You need to be on the same local network to make this work." else diff --git a/home.admin/config.scripts/lnd.export.sh b/home.admin/config.scripts/lnd.export.sh index 79eac0a89..fa6307898 100755 --- a/home.admin/config.scripts/lnd.export.sh +++ b/home.admin/config.scripts/lnd.export.sh @@ -136,9 +136,9 @@ elif [ "${exportType}" = "btcpay" ]; then echo "NOTE: You have a IP2TOR connection for LND REST API .. so you can use this connection string also with a external BTCPay server." else echo "IMPORTANT: You can only use this connection string for a BTCPay server running on this RaspiBlitz." - #echo "If you want to connect from a external BTCPay server activate a IP2TOR tunnel for LND-REST first:" - #echo "MAIN MENU > SUBSCRIBE > IP2TOR > LND REST API" - #echo "Then come back and get a new connection string." + echo "If you want to connect from a external BTCPay server activate a IP2TOR tunnel for LND-REST first:" + echo "MAIN MENU > SUBSCRIBE > IP2TOR > LND REST API" + echo "Then come back and get a new connection string." fi echo "" From 82e26b118ba2eedc79ebda64d3fc510eca3af760 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Fri, 3 Feb 2023 18:38:20 +0000 Subject: [PATCH 33/47] disable suspend (#3587) * disable suspend * fix typo in the logrotate config --- build_sdcard.sh | 65 ++++++++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/build_sdcard.sh b/build_sdcard.sh index 837a74e57..5e6397e3e 100644 --- a/build_sdcard.sh +++ b/build_sdcard.sh @@ -273,8 +273,18 @@ sleep 3 ## give time to cancel export DEBIAN_FRONTEND=noninteractive -echo "*** Prevent sleep ***" # on all platforms +echo "*** Prevent sleep ***" # on all platforms https://wiki.debian.org/Suspend sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target +sudo mkdir /etc/systemd/sleep.conf.d +echo "[Sleep] +AllowSuspend=no +AllowHibernation=no +AllowSuspendThenHibernate=no +AllowHybridSleep=no" | sudo tee /etc/systemd/sleep.conf.d/nosuspend.conf +sudo mkdir /etc/systemd/logind.conf.d +echo "[Login] +HandleLidSwitch=ignore +HandleLidSwitchDocked=ignore" | sudo tee /etc/systemd/logind.conf.d/nosuspend.conf # FIXING LOCALES # https://github.com/rootzoll/raspiblitz/issues/138 @@ -478,11 +488,11 @@ sudo sed -i "s/^#SystemMaxFileSize=.*/SystemMaxFileSize=50M/g" /etc/systemd/jour echo " /var/log/syslog { - rotate 7 - daily - missingok - notifempty - delaycompress + rotate 7 + daily + missingok + notifempty + delaycompress compress postrotate invoke-rc.d rsyslog rotate > /dev/null @@ -504,23 +514,22 @@ echo " sharedscripts postrotate invoke-rc.d rsyslog rotate > /dev/null - enscript + endscript } - /var/log/kern.log /var/log/auth.log { - rotate 4 - size=100M - missingok - notifempty - compress - delaycompress - sharedscripts - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript + rotate 4 + size=100M + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript } /var/log/user.log @@ -529,16 +538,16 @@ echo " /var/log/debug /var/log/messages { - rotate 4 - weekly - missingok - notifempty - compress - delaycompress - sharedscripts - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript } " | sudo tee ./rsyslog sudo mv ./rsyslog /etc/logrotate.d/rsyslog From 358b13376ad0d8299d0347243878fb7652c15707 Mon Sep 17 00:00:00 2001 From: myxmaster <77545287+myxmaster@users.noreply.github.com> Date: Fri, 3 Feb 2023 19:39:27 +0100 Subject: [PATCH 34/47] prevent displaying 100.00%, although incorrect because of rounding (#3624) --- home.admin/config.scripts/bitcoin.monitor.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/home.admin/config.scripts/bitcoin.monitor.sh b/home.admin/config.scripts/bitcoin.monitor.sh index e1dda5a15..38cc933a4 100755 --- a/home.admin/config.scripts/bitcoin.monitor.sh +++ b/home.admin/config.scripts/bitcoin.monitor.sh @@ -156,11 +156,12 @@ if [ "$2" = "info" ]; then btc_blocks_behind=$((${btc_blocks_headers} - ${btc_blocks_verified})) btc_sync_initialblockdownload=$(echo "${blockchaininfo}" | jq -r '.initialblockdownload' | grep -c 'true') btc_sync_progress=$(echo "${blockchaininfo}" | jq -r '.verificationprogress') - btc_sync_percentage=$(echo ${btc_sync_progress} | awk '{printf( "%.2f%%", 100 * $1)}') - if [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_headers}" == "${btc_blocks_verified}" ]; then + if (( $(awk 'BEGIN { print( '${btc_sync_progress}'<0.99995 ) }') )); then + # #3620 prevent displaying 100.00%, although incorrect because of rounding + btc_sync_percentage=$(awk 'BEGIN { printf( "%.2f%%", 100 * '${btc_sync_progress}') }') + elif [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_headers}" == "${btc_blocks_verified}" ]; then btc_sync_percentage="100.00" - elif [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_behind}" != "" ] && [ ${btc_blocks_behind} -lt 50 ]; then - # #3620 prevent that on catching the last 50 blocks its already 100.00% + else btc_sync_percentage="99.99" fi From b63981fb9f0fa4ca11e71393187fd5ceb6d35ce9 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Fri, 3 Feb 2023 19:44:18 +0000 Subject: [PATCH 35/47] fix check for torActive (#3638) --- home.admin/config.scripts/tor.network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/tor.network.sh b/home.admin/config.scripts/tor.network.sh index 2255505ae..40f2c3f1b 100755 --- a/home.admin/config.scripts/tor.network.sh +++ b/home.admin/config.scripts/tor.network.sh @@ -71,7 +71,7 @@ deactivateBitcoinOverTor() [ -f "/home/admin/raspiblitz.info" ] && . /home/admin/raspiblitz.info [ -f "/mnt/hdd/raspiblitz.conf" ] && . /mnt/hdd/raspiblitz.conf -torActive=$(sudo systemctl is-active tor@default | grep -c "active") +torActive=$(systemctl is-active tor@default | grep -c "^active") curl --socks5 127.0.0.1:9050 --socks5-hostname 127.0.0.1:9050 -m 5 -s https://check.torproject.org/api/ip | grep -q "\"IsTor\":true" && torFunctional=1 case "$1" in @@ -156,7 +156,7 @@ EOF sudo chmod -R 700 /mnt/hdd/tor sudo chown -R debian-tor:debian-tor /mnt/hdd/tor sudo systemctl restart tor@default - echo "OK - Tor is now $(sudo systemctl is-active tor@default)" + echo "OK - Tor is now $(systemctl is-active tor@default)" echo "needs reboot to activate new setting" ;; From 3b087a00cb28a4209f245aa537137b050306ae62 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Fri, 3 Feb 2023 20:46:07 +0100 Subject: [PATCH 36/47] #3468 Update electrs to 0.9.11 (#3613) --- CHANGES.md | 2 +- home.admin/config.scripts/bonus.electrs.sh | 65 ++++++++++++++-------- 2 files changed, 42 insertions(+), 25 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index c3ceb2a34..0b754011d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -15,7 +15,7 @@ - Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md) - Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta) - Update: Core Lightning v22.11.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v22.11.1) -- Update: Electrum Server in Rust (electrs) v0.9.10 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0910-nov-3-2022) +- Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023) - Update: Lightning Terminal v0.8.4-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.4-alpha) - Update: RTL v0.13.0 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.12.3) - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16) diff --git a/home.admin/config.scripts/bonus.electrs.sh b/home.admin/config.scripts/bonus.electrs.sh index 932af2697..3d8b25f90 100755 --- a/home.admin/config.scripts/bonus.electrs.sh +++ b/home.admin/config.scripts/bonus.electrs.sh @@ -1,7 +1,7 @@ #!/bin/bash # https://github.com/romanz/electrs/releases -ELECTRSVERSION="v0.9.10" +ELECTRSVERSION="v0.9.11" # https://github.com/romanz/electrs/commits/master # ELECTRSVERSION="446858ea621416916f84cbce61be92b748e8133e" @@ -73,7 +73,7 @@ if [ "$1" = "status" ]; then # no answer on that port echo "publicHTTPPortAnswering=0" fi - # add TOR info + # add Tor info if [ "${runBehindTor}" == "on" ]; then echo "TorRunning=1" if [ "$2" = "showAddress" ]; then @@ -269,7 +269,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then isInstalled=$(sudo ls /etc/systemd/system/electrs.service 2>/dev/null | grep -c 'electrs.service') if [ ${isInstalled} -eq 0 ]; then - #cleanup + # cleanup sudo rm -f /home/electrs/.electrs/config.toml echo @@ -290,9 +290,14 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then echo sudo -u electrs git clone https://github.com/romanz/electrs cd /home/electrs/electrs || exit 1 + sudo -u electrs git reset --hard $ELECTRSVERSION + + # verify sudo -u electrs /home/admin/config.scripts/blitz.git-verify.sh \ "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 + + # build sudo -u electrs /home/electrs/.cargo/bin/cargo build --locked --release || exit 1 echo @@ -303,7 +308,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then echo echo "# Getting RPC credentials from the bitcoin.conf" - #read PASSWORD_B + # read PASSWORD_B RPC_USER=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcuser | cut -c 9-) PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-) echo "# Done" @@ -479,8 +484,7 @@ fi # switch off if [ "$1" = "0" ] || [ "$1" = "off" ]; then - # setting value in raspiblitz config - /home/admin/config.scripts/blitz.conf.sh set ElectRS "off" + echo "# REMOVING ELECTRS" # if second parameter is "deleteindex" if [ "$2" == "deleteindex" ]; then @@ -488,23 +492,10 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then sudo rm -rf /mnt/hdd/app-storage/electrs/ fi - # Hidden Service if Tor is active - if [ "${runBehindTor}" = "on" ]; then - /home/admin/config.scripts/tor.onion-service.sh off electrs - fi - isInstalled=$(sudo ls /etc/systemd/system/electrs.service 2>/dev/null | grep -c 'electrs.service') if [ ${isInstalled} -eq 1 ]; then - - echo "# REMOVING ELECTRS" sudo systemctl disable electrs sudo rm /etc/systemd/system/electrs.service - # delete user and home directory - sudo userdel -rf electrs - # close ports on firewall - sudo ufw deny 50001 - sudo ufw deny 50002 - echo "# OK ElectRS removed." # restart BTC-RPC-Explorer to reconfigure itself to use electrs for address API if [ "${BTCRPCexplorer}" == "on" ]; then @@ -513,8 +504,25 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then fi else - echo "# ElectRS is not installed." + echo "# electrs.service is not installed." fi + + # Hidden Service if Tor is active + if [ "${runBehindTor}" = "on" ]; then + /home/admin/config.scripts/tor.onion-service.sh off electrs + fi + + # close ports on firewall + sudo ufw delete allow 50001 + sudo ufw delete allow 50002 + + # delete user and home directory + sudo userdel -rf electrs + + # setting value in raspiblitz config + /home/admin/config.scripts/blitz.conf.sh set ElectRS "off" + + echo "# OK ElectRS removed." exit 0 fi @@ -523,7 +531,7 @@ if [ "$1" = "update" ]; then cd /home/electrs/electrs || exit 1 sudo -u electrs git fetch - localVersion=$(git describe --tag) + localVersion=$(/home/electrs/electrs/target/release/electrs --version) updateVersion=$(curl --header "X-GitHub-Api-Version:2022-11-28" -s https://api.github.com/repos/romanz/electrs/releases/latest|grep tag_name|head -1|cut -d '"' -f4) if [ $localVersion = $updateVersion ]; then @@ -533,12 +541,21 @@ if [ "$1" = "update" ]; then sudo -u electrs git pull -p echo "# Reset to the latest release tag: $updateVersion" sudo -u electrs git reset --hard $updateVersion + + sudo -u electrs /home/admin/config.scripts/blitz.git-verify.sh \ + "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 + + echo "# Installing build dependencies" + sudo -u electrs curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo -u electrs sh -s -- --default-toolchain none -y + sudo apt install -y clang cmake build-essential # for building 'rust-rocksdb' + echo + echo "# Build Electrs ..." sudo -u electrs /home/electrs/.cargo/bin/cargo build --locked --release || exit 1 - + # update config - sed -i "/^server_banner =/d" /home/electrs/.electrs/config.toml - sudo bash -c "echo 'server_banner = \"Welcome to electrs $updateVersion - the Electrum Rust Server on your RaspiBlitz\"' >> /home/electrs/.electrs/config.toml" + sudo -u electrs sed -i "/^server_banner = /d" /home/electrs/.electrs/config.toml + sudo -u electrs bash -c "echo 'server_banner = \"Welcome to electrs $updateVersion - the Electrum Rust Server on your RaspiBlitz\"' >> /home/electrs/.electrs/config.toml" echo "# Updated Electrs to $updateVersion" fi From 3dd1d8aebf5eba2a8e6a4c970f4ef0bf9ded3fbc Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Fri, 3 Feb 2023 22:57:03 +0100 Subject: [PATCH 37/47] updated zeus instructions (#3652) --- home.admin/config.scripts/bonus.lndconnect.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/bonus.lndconnect.sh b/home.admin/config.scripts/bonus.lndconnect.sh index 41f10007b..86439d0b5 100755 --- a/home.admin/config.scripts/bonus.lndconnect.sh +++ b/home.admin/config.scripts/bonus.lndconnect.sh @@ -98,7 +98,7 @@ elif [ "${targetWallet}" = "zeus-ios" ]; then usingIP2TOR="LND-REST-API" forceTOR=1 host=$(sudo cat /mnt/hdd/tor/lndrest8080/hostname) - connectInfo="- start the Zeus Wallet --> lndconnect\n- scan the QR code \n- activate 'Tor' option \n- activate 'Certification Verification' option\n- save Node Config" + connectInfo="- start the Zeus Wallet --> Scan Node Config\n- scan the QR code \n- save Node Config" elif [ "${targetWallet}" = "zeus-android" ]; then @@ -106,7 +106,7 @@ elif [ "${targetWallet}" = "zeus-android" ]; then usingIP2TOR="LND-REST-API" forceTOR=1 host=$(sudo cat /mnt/hdd/tor/lndrest8080/hostname) - connectInfo="- start the Zeus Wallet --> lndconnect\n- scan the QR code \n- activate 'Tor' option \n- activate 'Certification Verification' option\n- save Node Config" + connectInfo="- start the Zeus Wallet --> Scan Node Config\n- scan the QR code \n- save Node Config" elif [ "${targetWallet}" = "sendmany-android" ]; then From 61823316dc1e780a2069a73cea1e3e63883196d0 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Fri, 3 Feb 2023 23:23:49 +0100 Subject: [PATCH 38/47] #3629 update to tallycoin-c 1.7.5 (#3653) --- CHANGES.md | 1 + home.admin/config.scripts/bonus.tallycoin-connect.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 0b754011d..b13bd0001 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -29,6 +29,7 @@ - Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage) - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) - Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez) +- Update: Tallycoin Connect v1.7.5 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.7.5) - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file) - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox) - Info: IP2Tor fix fulmo shop & added new ip2tor.com shop diff --git a/home.admin/config.scripts/bonus.tallycoin-connect.sh b/home.admin/config.scripts/bonus.tallycoin-connect.sh index 36e43bf40..2632e472a 100755 --- a/home.admin/config.scripts/bonus.tallycoin-connect.sh +++ b/home.admin/config.scripts/bonus.tallycoin-connect.sh @@ -8,7 +8,7 @@ HOME_DIR=/home/$USERNAME CONFIG_FILE=$APP_DATA_DIR/tallycoin_api.key RASPIBLITZ_INFO=/home/admin/raspiblitz.info SERVICE_FILE=/etc/systemd/system/tallycoin-connect.service -TC_VERSION=1.7.1 +TC_VERSION=1.7.5 # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then From 57434aa10712b23fc0b923a8f83e2bab316f25c4 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Sat, 4 Feb 2023 12:37:59 +0000 Subject: [PATCH 39/47] BTCpay and NBXplorer update, use postgres for new installs (#3641) * use postgres for new btcpay installs keep sqlite if the database is present clean and format the script with shellcheck * reinstall the service on update and check postgres * run userdel -rf btcpay when off * btcpay update to v1.7.5 * add systemctl daemon-reload when changing service * exit on failed builds * Restart=always * nbxplorer update to v2.3.58 * prevent the git error 'detected dubious ownership in repository' --- CHANGES.md | 2 +- .../config.scripts/bonus.btcpayserver.sh | 258 ++++++++++-------- home.admin/config.scripts/bonus.postgresql.sh | 53 ++-- 3 files changed, 175 insertions(+), 138 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index b13bd0001..23d5c6830 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -20,7 +20,7 @@ - Update: RTL v0.13.0 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.12.3) - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16) - Update: LNbits 0.9.6 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.6) -- Update: BTCPayServer 1.7.2 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.2) +- Update: BTCPayServer 1.7.5 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5) - Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0) - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5) - Update: JoinMarket v0.9.8 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.8) diff --git a/home.admin/config.scripts/bonus.btcpayserver.sh b/home.admin/config.scripts/bonus.btcpayserver.sh index 933e6298e..b627c516c 100644 --- a/home.admin/config.scripts/bonus.btcpayserver.sh +++ b/home.admin/config.scripts/bonus.btcpayserver.sh @@ -3,9 +3,9 @@ # Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0 # https://github.com/dgarage/NBXplorer/tags -NBXplorerVersion="v2.3.49" +NBXplorerVersion="v2.3.58" # https://github.com/btcpayserver/btcpayserver/releases -BTCPayVersion="v1.7.2" +BTCPayVersion="v1.7.5" # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then @@ -25,27 +25,19 @@ source /mnt/hdd/raspiblitz.conf source /home/admin/raspiblitz.info source <(/home/admin/_cache.sh get state) -function postgresConfig() { - - echo "# Generate the database" - sudo -u postgres psql -c "create database nbxplorermainnet;" - sudo -u postgres psql -c "create user nbxplorer with encrypted password 'raspiblitz';" - # change to ${newPassword} or use Passfile= - # sudo -u postgres psql -c "alter user btcpay with encrypted password '${newPassword}';" - # sudo -u btcpay sed -i "s/Password=*/Password='${newPassword}';/g" /home/btcpay/.nbxplorer/Main/settings.config - # sudo -u btcpay sed -i "s/Password=*/Password='${newPassword}';/g" /home/btcpay/.btcpayserver/Main/settings.config - sudo -u postgres psql -c "grant all privileges on database nbxplorermainnet to nbxplorer;" +function NBXplorerConfig() { + # check the postgres database + if sudo -u postgres psql -c '\l' | grep nbxplorermainnet; then + echo "# nbxplorermainnet database already exists" + else + echo "# Generate the database for nbxplorer" + sudo -u postgres psql -c "create database nbxplorermainnet;" + sudo -u postgres psql -c "create user nbxplorer with encrypted password 'raspiblitz';" + sudo -u postgres psql -c "grant all privileges on database nbxplorermainnet to nbxplorer;" + fi echo "# List databases with: sudo -u postgres psql -c '\l'" sudo -u postgres psql -c '\l' - ## clean postgresql: - # sudo su - postgres -c "/usr/lib/postgresql/${PGVERSION}/bin/pg_ctl stop --wait --pgdata=/var/lib/postgresql/${PGVERSION}/main" - # sudo pg_dropcluster ${PGVERSION} main - # sudo apt remove postgresql -y --purge - # sudo apt remove postgresql-${PGVERSION} -y --purge -} - -function NBXplorerConfig() { # https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#4-create-a-configuration-file echo echo "# Getting RPC credentials from the bitcoin.conf" @@ -66,7 +58,24 @@ nomigrateevts=1 function BtcPayConfig() { # set thumbprint FINGERPRINT=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in /home/btcpay/.lnd/tls.cert | cut -d"=" -f2) - echo "# setting the LND TLS thumbprint for BTCPay" + if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then + echo "# sqlite database exists" + databaseOption="# keep using sqlite as /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db exists (configured in the btcpayserver.service)" + else + echo "# sqlite database does not exist, using postgresql" + databaseOption="postgres=User ID=btcpay;Host=localhost;Port=5432;Application Name=btcpay;MaxPoolSize=20;Database=btcpaymainnet;Password='raspiblitz';" + if sudo -u postgres psql -c '\l' | grep btcpaymainnet; then + echo "# btcpaymainnet database already exists" + else + echo "# Generate the database for btcpay" + sudo -u postgres psql -c "create database btcpaymainnet;" + sudo -u postgres psql -c "create user btcpay with encrypted password 'raspiblitz';" + sudo -u postgres psql -c "grant all privileges on database btcpaymainnet to btcpay;" + fi + echo "# List databases with: sudo -u postgres psql -c '\l'" + sudo -u postgres psql -c '\l' + fi + echo "# Regenerate the btcpayserver settings (includes the LND TLS thumbprint)" # https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#3-create-a-configuration-file echo " ### Global settings ### @@ -82,24 +91,60 @@ BTC.explorer.url=http://127.0.0.1:24444/ BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=/home/btcpay/admin.macaroon;certthumbprint=$FINGERPRINT ### Database ### -# keep sqlite for now as configured in the btcpayserver.service -# postgres=User ID=btcpay;Password=urpassword;Application Name=btcpayserver;Host=localhost;Port=5432;Database=btcpay; +${databaseOption} explorer.postgres=User ID=nbxplorer;Host=localhost;Port=5432;Application Name=nbxplorer;MaxPoolSize=20;Database=nbxplorermainnet;Password='raspiblitz'; " | sudo -u btcpay tee /home/btcpay/.btcpayserver/Main/settings.config - #doesNetworkEntryAlreadyExists=$(sudo cat /home/btcpay/.btcpayserver/Main/settings.config | grep -c '^network=') - #echo "# setting new LND TLS thumbprint for BTCPay" - #s="BTC.lightning=type=lnd-rest\;server=https\://127.0.0.1:8080/\;macaroonfilepath=/home/btcpay/admin.macaroon\;" - #sudo -u btcpay sed -i "s|^${s}certthumbprint=.*|${s}certthumbprint=$FINGERPRINT|g" /home/btcpay/.btcpayserver/Main/settings.config +} + +function BtcPayService() { + if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then + echo "# sqlite database exists" + databaseOption=" -- --sqlitefile=sqllite.db" + else + echo "# sqlite database does not exist, using postgresql" + databaseOption="" + fi + # see the configuration options with: + # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- -h + # run manually to debug: + # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- --sqlitefile=sqllite.db + echo "# create the btcpayserver.service" + echo " +[Unit] +Description=BtcPayServer daemon +Requires=nbxplorer.service +After=nbxplorer.service + +[Service] +ExecStart=/home/btcpay/dotnet/dotnet run --no-launch-profile --no-build \ + -c Release --project \"/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj\" ${databaseOption} +User=btcpay +Group=btcpay +Type=simple +PIDFile=/run/btcpayserver/btcpayserver.pid +Restart=always +RestartSec=10 + +# Hardening measures +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true + +[Install] +WantedBy=multi-user.target +" | sudo tee /etc/systemd/system/btcpayserver.service + sudo systemctl daemon-reload } if [ "$1" = "status" ]; then echo "version='${BTCPayVersion}'" - isInstalled=$(compgen -u | grep -c btcpay) - echo "prepared=${isInstalled}" - isActive=$(sudo ls /etc/systemd/system/btcpayserver.service 2>/dev/null | grep -c 'btcpayserver.service') - echo "installed=${isActive}" + isInstalled=$(compgen -u | grep -c btcpay) + echo "prepared=${isInstalled}" + isActive=$(sudo ls /etc/systemd/system/btcpayserver.service 2>/dev/null | grep -c 'btcpayserver.service') + echo "installed=${isActive}" if [ "${BTCPayServer}" = "on" ]; then echo "switchedon=1" @@ -168,31 +213,31 @@ if [ "$1" = "menu" ]; then source <(sudo /home/admin/config.scripts/bonus.btcpayserver.sh status) if [ ${switchedon} -eq 0 ]; then - whiptail --title " BTCPay Server " --msgbox "BTCPay Server is not activated." 7 36 - exit 0 + whiptail --title " BTCPay Server " --msgbox "BTCPay Server is not activated." 7 36 + exit 0 fi if [ ${installed} -eq 0 ]; then - whiptail --title " BTCPay Server " --msgbox "BTCPay Server needs to be re-installed.\nPress OK to start process." 8 45 - /home/admin/config.scripts/bonus.btcpayserver.sh on - exit 0 + whiptail --title " BTCPay Server " --msgbox "BTCPay Server needs to be re-installed.\nPress OK to start process." 8 45 + /home/admin/config.scripts/bonus.btcpayserver.sh on + exit 0 fi # display possible problems with IP2TOR setup if [ ${#ip2torWarn} -gt 0 ]; then whiptail --title " Warning " \ - --yes-button "Back" \ - --no-button "Continue Anyway" \ - --yesno "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}\n\nCheck if locally responding: https://${localIP}:${httpsPort}\n\nCheck if service is reachable over Tor:\n${toraddress}" 14 72 + --yes-button "Back" \ + --no-button "Continue Anyway" \ + --yesno "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}\n\nCheck if locally responding: https://${localIP}:${httpsPort}\n\nCheck if service is reachable over Tor:\n${toraddress}" 14 72 if [ "$?" != "1" ]; then exit 0 - fi + fi fi text="Local Web Browser: https://${localIP}:${httpsPort}" if [ ${#publicDomain} -gt 0 ]; then - text="${text} + text="${text} Public Domain: https://${publicDomain}:${httpsPort} port forwarding on router needs to be active & may change port" fi @@ -222,7 +267,7 @@ To enable easy reachability with normal browser from the outside consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR" fi -text="${text}\n + text="${text}\n To get the 'Connection String' to activate Lightning Payments: MAINMENU > CONNECT > BTCPay Server" @@ -241,8 +286,8 @@ if [ "$1" = "write-tls-macaroon" ]; then echo "# make sure symlink to central app-data directory exists" if ! [[ -L "/home/btcpay/.lnd" ]]; then - sudo rm -rf "/home/btcpay/.lnd" # not a symlink.. delete it silently - sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/btcpay/.lnd" # and create symlink + sudo rm -rf "/home/btcpay/.lnd" # not a symlink.. delete it silently + sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/btcpay/.lnd" # and create symlink fi # copy admin macaroon @@ -264,7 +309,7 @@ if [ "$1" = "cln-lightning-rpc-access" ]; then if [ "${cl}" = "on" ]; then source <(/home/admin/config.scripts/network.aliases.sh getvars cl mainnet) - if [ $(grep -c "^rpc-file-mode=0660" < ${CLCONF}) -eq 0 ]; then + if [ $(grep -c "^rpc-file-mode=0660" <${CLCONF}) -eq 0 ]; then echo "rpc-file-mode=0660" | tee -a ${CLCONF} if [ "${state}" == "ready" ]; then sudo systemctl restart lightningd @@ -341,9 +386,9 @@ if [ "$1" = "install" ]; then echo "DOTNET_CLI_TELEMETRY_OPTOUT=1" | sudo tee -a /etc/environment # NBXplorer - echo "# Install NBXplorer" + echo "# Install NBXplorer $NBXplorerVersion" cd /home/btcpay || exit 1 - echo "# Download the NBXplorer source code ..." + echo "# Download the NBXplorer source code $NBXplorerVersion" sudo -u btcpay git clone https://github.com/dgarage/NBXplorer.git 2>/dev/null cd NBXplorer || exit 1 sudo -u btcpay git reset --hard $NBXplorerVersion @@ -352,14 +397,17 @@ if [ "$1" = "install" ]; then PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc" PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE" sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 - echo "# Build NBXplorer ..." + echo "# Build NBXplorer $NBXplorerVersion" # from the build.sh with path - sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj + sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || ( + echo "# Build failed" + exit 1 + ) # BTCPayServer echo "# Install BTCPayServer" cd /home/btcpay || exit 1 - echo "# Download the BTCPayServer source code ..." + echo "# Download the BTCPayServer source code $BTCPayVersion" sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null cd btcpayserver || exit 1 sudo -u btcpay git reset --hard $BTCPayVersion @@ -372,9 +420,13 @@ if [ "$1" = "install" ]; then #PGPpubkeyFingerprint="8E5530D9D1C93097" sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 - echo "# Build BTCPayServer ..." + echo "# Build BTCPayServer $BTCPayVersion" # from the build.sh with path - sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj + sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release \ + /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || ( + echo "# Build failed" + exit 1 + ) exit 0 fi @@ -430,13 +482,13 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # setup nginx symlinks if ! [ -f /etc/nginx/sites-available/btcpay_ssl.conf ]; then - sudo cp /home/admin/assets/nginx/sites-available/btcpay_ssl.conf /etc/nginx/sites-available/btcpay_ssl.conf + sudo cp /home/admin/assets/nginx/sites-available/btcpay_ssl.conf /etc/nginx/sites-available/btcpay_ssl.conf fi if ! [ -f /etc/nginx/sites-available/btcpay_tor.conf ]; then - sudo cp /home/admin/assets/nginx/sites-available/btcpay_tor.conf /etc/nginx/sites-available/btcpay_tor.conf + sudo cp /home/admin/assets/nginx/sites-available/btcpay_tor.conf /etc/nginx/sites-available/btcpay_tor.conf fi if ! [ -f /etc/nginx/sites-available/btcpay_tor_ssl.conf ]; then - sudo cp /home/admin/assets/nginx/sites-available/btcpay_tor_ssl.conf /etc/nginx/sites-available/btcpay_tor_ssl.conf + sudo cp /home/admin/assets/nginx/sites-available/btcpay_tor_ssl.conf /etc/nginx/sites-available/btcpay_tor_ssl.conf fi sudo ln -sf /etc/nginx/sites-available/btcpay_ssl.conf /etc/nginx/sites-enabled/ sudo ln -sf /etc/nginx/sites-available/btcpay_tor.conf /etc/nginx/sites-enabled/ @@ -522,26 +574,23 @@ WantedBy=multi-user.target echo "# Starting nbxplorer" sudo systemctl start nbxplorer echo "# Checking for nbxplorer config" - while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ] - do - echo "# Waiting for nbxplorer to start - CTRL+C to abort" - sleep 10 - hasFailed=$(sudo systemctl status nbxplorer | grep -c "Active: failed") - if [ ${hasFailed} -eq 1 ]; then - echo "# seems like starting nbxplorer service has failed - see: systemctl status nbxplorer" - echo "# maybe report here: https://github.com/rootzoll/raspiblitz/issues/214" - fi + while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ]; do + echo "# Waiting for nbxplorer to start - CTRL+C to abort" + sleep 10 + hasFailed=$(sudo systemctl status nbxplorer | grep -c "Active: failed") + if [ ${hasFailed} -eq 1 ]; then + echo "# seems like starting nbxplorer service has failed - see: systemctl status nbxplorer" + echo "# maybe report here: https://github.com/rootzoll/raspiblitz/issues/214" + fi done else echo "# Because the system is not 'ready' the service 'nbxplorer' will not be started at this point .. its enabled and will start on next reboot" fi - postgresConfig - NBXplorerConfig # whitelist localhost in bitcoind - if ! sudo grep -Eq "^whitelist=127.0.0.1" /mnt/hdd/bitcoin/bitcoin.conf;then + if ! sudo grep -Eq "^whitelist=127.0.0.1" /mnt/hdd/bitcoin/bitcoin.conf; then echo "whitelist=127.0.0.1" | sudo tee -a /mnt/hdd/bitcoin/bitcoin.conf bitcoindRestart=yes fi @@ -554,38 +603,11 @@ WantedBy=multi-user.target sudo systemctl restart nbxplorer fi - # see the configuration options with: - # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release -p "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- -h - # run manually to debug: - # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- --sqlitefile=sqllite.db - echo "# create the btcpayserver.service" - echo " -[Unit] -Description=BtcPayServer daemon -Requires=nbxplorer.service -After=nbxplorer.service + BtcPayConfig -[Service] -ExecStart=/home/btcpay/dotnet/dotnet run --no-launch-profile --no-build \ - -c Release --project \"/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj\" \ - -- --sqlitefile=sqllite.db -User=btcpay -Group=btcpay -Type=simple -PIDFile=/run/btcpayserver/btcpayserver.pid -Restart=on-failure + BtcPayService -# Hardening measures -PrivateTmp=true -ProtectSystem=full -NoNewPrivileges=true -PrivateDevices=true - -[Install] -WantedBy=multi-user.target -" | sudo tee /etc/systemd/system/btcpayserver.service sudo systemctl enable btcpayserver - if [ "${state}" == "ready" ]; then echo "# Starting btcpayserver" sudo systemctl start btcpayserver @@ -593,14 +615,14 @@ WantedBy=multi-user.target while [ ! -f "/home/btcpay/.btcpayserver/Main/settings.config" ]; do echo "# Waiting for btcpayserver to start - CTRL+C to abort .." sleep 30 - hasFailed=$(sudo systemctl status btcpayserver | grep -c "Active: failed") + hasFailed=$(sudo systemctl status btcpayserver | grep -c "Active: failed") if [ ${hasFailed} -eq 1 ]; then echo "# seems like starting btcpayserver service has failed - see: systemctl status btcpayserver" echo "# maybe report here: https://github.com/rootzoll/raspiblitz/issues/214" fi done else - echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. its enabled and will start on next reboot" + echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. it is enabled and will start on next reboot" fi sudo -u btcpay mkdir -p /home/btcpay/.btcpayserver/Main/ @@ -634,7 +656,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then else if (whiptail --title " DELETE DATA? " --yesno "Do you want to delete\nthe BTCPay Server Data?" 8 30); then deleteData=1 - else + else deleteData=0 fi fi @@ -684,7 +706,10 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then else echo "# keeping data" fi - echo "# OK BTCPayServer deactivaed." + echo "# OK BTCPayServer deactivated." + + echo "# delete the btcpay user home directory" + sudo userdel -rf btcpay 2>/dev/null # needed for API/WebUI as signal that install ran thru echo "result='OK'" @@ -693,6 +718,11 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then fi if [ "$1" = "update" ]; then + + # prevent the git error 'detected dubious ownership in repository' + git config --global --add safe.directory /home/btcpay/NBXplorer + git config --global --add safe.directory /home/btcpay/btcpayserver + echo "# Update NBXplorer" cd /home/btcpay || exit 1 cd NBXplorer || exit 1 @@ -712,7 +742,7 @@ if [ "$1" = "update" ]; then TAG=$(git tag | sort -V | tail -1) echo "# Up-to-date on version $TAG" else - echo "# Pulling latest changes..." + echo "# Pulling the latest changes..." sudo -u btcpay git pull -p TAG=$(git tag | sort -V | tail -1) echo "# Reset to the latest release tag: $TAG" @@ -720,22 +750,24 @@ if [ "$1" = "update" ]; then PGPsigner="nicolasdorier" PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc" PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE" + sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \ - "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 - echo "# Build NBXplorer ..." + "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 + + echo "# Build NBXplorer $TAG" # from the build.sh with path sudo systemctl stop nbxplorer - sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj + sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || ( + echo "# Build failed" + exit 1 + ) # whitelist localhost in bitcoind - if ! sudo grep -Eq "^whitelist=127.0.0.1" /mnt/hdd/bitcoin/bitcoin.conf;then + if ! sudo grep -Eq "^whitelist=127.0.0.1" /mnt/hdd/bitcoin/bitcoin.conf; then echo "whitelist=127.0.0.1" | sudo tee -a /mnt/hdd/bitcoin/bitcoin.conf echo "# Restarting bitcoind" sudo systemctl restart bitcoind fi - # POSTGRES - postgresConfig - NBXplorerConfig sudo systemctl start nbxplorer @@ -747,6 +779,9 @@ if [ "$1" = "update" ]; then BtcPayConfig + # always update the btcpayserver.service + BtcPayService + echo "# Update BTCPayServer" cd /home/btcpay || exit 1 cd btcpayserver || exit 1 @@ -775,10 +810,13 @@ if [ "$1" = "update" ]; then # https://github.com/rootzoll/raspiblitz/issues/3025 # sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \ # "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 - echo "# Build BTCPayServer ..." + echo "# Build BTCPayServer $TAG" # from the build.sh with path sudo systemctl stop btcpayserver - sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj + sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || ( + echo "# Build failed" + exit 1 + ) sudo systemctl start btcpayserver echo "# Updated BTCPayServer to $TAG" fi diff --git a/home.admin/config.scripts/bonus.postgresql.sh b/home.admin/config.scripts/bonus.postgresql.sh index 1a085abfb..ed5fd10bb 100644 --- a/home.admin/config.scripts/bonus.postgresql.sh +++ b/home.admin/config.scripts/bonus.postgresql.sh @@ -2,12 +2,12 @@ # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then - echo "config script to install PostgreSQL" - echo "bonus.postgresql.sh [on|off]" - echo "bonus.postgresql.sh [backup] [database]" - echo "bonus.postgresql.sh [restore] [database] [user] [password]" - echo "bonus.postgresql.sh [info]" - exit 1 + echo "config script to install PostgreSQL" + echo "bonus.postgresql.sh [on|off]" + echo "bonus.postgresql.sh [backup] [database]" + echo "bonus.postgresql.sh [restore] [database] [user] [password]" + echo "bonus.postgresql.sh [info]" + exit 1 fi command=$1 @@ -36,22 +36,22 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then fi fix_postgres=0 - if [ -L $postgres_datadir ] ; then - if [ -e $postgres_datadir ] ; then - echo "# Good link in $postgres_datadir" - else - echo "# Broken link in $postgres_datadir" - fix_postgres=1 - fi - elif [ -e $postgres_datadir ] ; then - echo "# Not a link in $postgres_datadir" - fix_postgres=1 + if [ -L $postgres_datadir ]; then + if [ -e $postgres_datadir ]; then + echo "# Good link in $postgres_datadir" + else + echo "# Broken link in $postgres_datadir" + fix_postgres=1 + fi + elif [ -e $postgres_datadir ]; then + echo "# Not a link in $postgres_datadir" + fix_postgres=1 else - echo "# Missing Link in $postgres_datadir" - fix_postgres=1 + echo "# Missing Link in $postgres_datadir" + fix_postgres=1 fi - if [ fix_postgres = 1 ] || [ ! -d /mnt/hdd/app-data/postgresql ]; then + if [ ${fix_postgres} = 1 ] || [ ! -d /mnt/hdd/app-data/postgresql ]; then echo "# Move the PostgreSQL data to /mnt/hdd/app-data/postgresql" sudo systemctl stop postgresql 2>/dev/null sudo rsync -av $postgres_datadir /mnt/hdd/app-data @@ -67,9 +67,8 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then # wait for the postgres server to start count=0 count_max=30 - while ! nc -zv 127.0.0.1 5432 2>/dev/null; - do - count=`expr $count + 1` + while ! nc -zv 127.0.0.1 5432 2>/dev/null; do + count=$((count + 1)) echo "sleep $count/$count_max" sleep 1 if [ $count = $count_max ]; then @@ -103,16 +102,16 @@ fi # backup backup_target="/mnt/hdd/app-data/backup/$db_name" -backup_file="${db_name}_`date +%d`-`date +%m`-`date +%Y`_`date +%H`-`date +%M`_dump" +backup_file="${db_name}_$(date +%d)-$(date +%m)-$(date +%Y)_$(date +%H)-$(date +%M)_dump" if [ ! -d $backup_target ]; then - sudo mkdir -p $backup_target 1>&2 + sudo mkdir -p $backup_target 1>&2 fi # https://www.postgresql.org/docs/current/backup-dump.html if [ "$command" = "backup" ] && [ "$db_name" != "" ]; then echo "*** BACKUP POSTGRESQL $db_name ***" - sudo -u postgres pg_dump $db_name > $backup_target/${backup_file}.sql || exit 1 + sudo -u postgres pg_dump $db_name >$backup_target/${backup_file}.sql || exit 1 # Delete old backups (keep last 3 backups) sudo chown -R admin:admin $backup_target ls -tp $backup_target/*.sql | grep -v '/$' | tail -n +4 | tr '\n' '\0' | xargs -0 rm -- 2>/dev/null @@ -154,7 +153,7 @@ if [ "$command" = "restore" ] && [ "$db_name" != "" ] && [ "$db_user" != "" ] && echo "# Import SQL Dump" sudo mkdir -p $backup_target/logs 1>&2 sudo chown -R postgres:postgres $backup_file - sudo -u postgres psql $db_name < ${backup_file} > $backup_target/logs/sql_import.log || exit 1 + sudo -u postgres psql $db_name <${backup_file} >$backup_target/logs/sql_import.log || exit 1 echo "$backup_target/sql_import.log written" echo "OK - database $db_name restored from ${backup_file}" exit 0 @@ -176,4 +175,4 @@ if [ "$command" = "info" ]; then fi echo "FAIL - Unknown Parameter $command" -exit 1 \ No newline at end of file +exit 1 From 5d6521f8eec98c9262ac91eef63e3dca5771fbc2 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Sun, 5 Feb 2023 20:10:02 +0000 Subject: [PATCH 40/47] fix: don't exit if the hsm_secret is decrypted ok (#3654) related #3639 --- home.admin/config.scripts/cl.hsmtool.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/cl.hsmtool.sh b/home.admin/config.scripts/cl.hsmtool.sh index d117f4944..4912a09e3 100644 --- a/home.admin/config.scripts/cl.hsmtool.sh +++ b/home.admin/config.scripts/cl.hsmtool.sh @@ -156,7 +156,7 @@ function decryptHSMsecret() { /home/admin/config.scripts/cl.hsmtool.sh unlock ${CHAIN} # attempt to decrypt again sudo cat $passwordFile | sudo -u bitcoin lightning-hsmtool decrypt \ - "$hsmSecretPath" || echo "# Couldn't decrypt"; exit 1 + "$hsmSecretPath" || (echo "# Couldn't decrypt"; exit 1) fi fi shredPasswordFile From d11dafd1db3d816823d8d3d7c7edb5ab29902ca1 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Sun, 5 Feb 2023 20:11:32 +0000 Subject: [PATCH 41/47] joininbox update to v0.7.6 with Joinmarket v0.9.9 (#3655) * update joininbox to v0.7.6 no qtgui with JM v0.9.9 * add to CHANGES --- CHANGES.md | 4 ++-- home.admin/config.scripts/bonus.joinmarket.sh | 22 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 23d5c6830..694b4e701 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,8 +23,8 @@ - Update: BTCPayServer 1.7.5 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5) - Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0) - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5) -- Update: JoinMarket v0.9.8 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.8) -- Update: JoininBox v0.7.4 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.3) +- Update: JoinMarket v0.9.9 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.9) +- Update: JoininBox v0.7.6 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.6) - Update: Balance of Satoshis 13.15.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#13150) - Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage) - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md) diff --git a/home.admin/config.scripts/bonus.joinmarket.sh b/home.admin/config.scripts/bonus.joinmarket.sh index e15ee9d27..d36f00b46 100755 --- a/home.admin/config.scripts/bonus.joinmarket.sh +++ b/home.admin/config.scripts/bonus.joinmarket.sh @@ -6,7 +6,7 @@ # https://github.com/openoms/joininbox # https://github.com/openoms/joininbox/tags -JBTAG="v0.7.5" # installs JoinMarket v0.9.8 +JBTAG="v0.7.6" # installs JoinMarket v0.9.9 # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then @@ -20,9 +20,9 @@ fi # show info menu if [ "$1" = "menu" ]; then whiptail --title " JoinMarket info " \ - --yes-button "Start Joininbox" \ - --no-button "Cancel" \ - --yesno "Usage notes: + --yes-button "Start Joininbox" \ + --no-button "Cancel" \ + --yesno "Usage notes: https://github.com/openoms/bitcoin-tutorials/blob/master/joinmarket/README.md Can also type: 'jm' in the command line to switch to the dedicated user, @@ -35,8 +35,8 @@ and start the JoininBox menu. fi # check if sudo -if [ "$EUID" -ne 0 ] - then echo "Please run as root (with sudo)" +if [ "$EUID" -ne 0 ]; then + echo "Please run as root (with sudo)" exit fi @@ -80,7 +80,7 @@ if [ "$1" = "install" ]; then # https://github.com/openoms/joininbox/releases/ sudo -u joinmarket git reset --hard ${JBTAG} sudo -u joinmarket /home/admin/config.scripts/blitz.git-verify.sh \ - "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "${JBTAG}" || exit 1 + "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "${JBTAG}" || exit 1 # copy the scripts in place sudo -u joinmarket cp /home/joinmarket/joininbox/scripts/* /home/joinmarket/ @@ -161,7 +161,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # make sure the Bitcoin Core wallet is on /home/admin/config.scripts/network.wallet.sh on - if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ];then + if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ]; then echo "# Create a non-descriptor wallet.dat" /usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false else @@ -187,9 +187,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then ln -s /mnt/hdd/app-data/.joinmarket /home/joinmarket/ 2>/dev/null chown -R joinmarket:joinmarket /home/joinmarket/.joinmarket # specify wallet.dat in old config for multiwallet for multiwallet support - if [ -f "/home/joinmarket/.joinmarket/joinmarket.cfg" ] ; then + if [ -f "/home/joinmarket/.joinmarket/joinmarket.cfg" ]; then sudo -u joinmarket sed -i "s/^rpc_wallet_file =.*/rpc_wallet_file = wallet.dat/g" \ - /home/joinmarket/.joinmarket/joinmarket.cfg + /home/joinmarket/.joinmarket/joinmarket.cfg echo "# specified to use wallet.dat in the recovered joinmarket.cfg" fi @@ -210,7 +210,7 @@ source /home/joinmarket/_commands.sh if [ -z \"\$TMUX\" ]; then /home/joinmarket/menu.sh fi -" | sudo -u joinmarket tee -a /home/joinmarket/.bashrc +" | sudo -u joinmarket tee -a /home/joinmarket/.bashrc # configure joinmarket (includes a check if it is installed) if sudo -u joinmarket /home/joinmarket/start.joininbox.sh; then From e9c98ab82288ab88312a8f71c9e14eaec343c880 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Sun, 5 Feb 2023 20:36:51 +0000 Subject: [PATCH 42/47] feat: add lnproxy server, webui and check payment hashes as a client (#3637) * lnproxy: check if payment hashes match #3636 * go update to 1.19.5 and verify checkums * add lnproxy install script * add lnproxy-webui * pin versions and fix formatting * add nginx configs for lnproxy --- home.admin/_commands.sh | 36 ++- .../nginx/sites-available/lnproxy_ssl.conf | 27 ++ .../nginx/sites-available/lnproxy_tor.conf | 26 ++ .../sites-available/lnproxy_tor_ssl.conf | 26 ++ .../blitz.check-invoice-wrap.py | 54 ++++ home.admin/config.scripts/bonus.go.sh | 105 +++++--- home.admin/config.scripts/bonus.lnproxy.sh | 252 ++++++++++++++++++ 7 files changed, 473 insertions(+), 53 deletions(-) create mode 100644 home.admin/assets/nginx/sites-available/lnproxy_ssl.conf create mode 100644 home.admin/assets/nginx/sites-available/lnproxy_tor.conf create mode 100644 home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf create mode 100644 home.admin/config.scripts/blitz.check-invoice-wrap.py create mode 100644 home.admin/config.scripts/bonus.lnproxy.sh diff --git a/home.admin/_commands.sh b/home.admin/_commands.sh index f7d77935c..5c2a67013 100755 --- a/home.admin/_commands.sh +++ b/home.admin/_commands.sh @@ -78,16 +78,17 @@ function blitzhelp() { echo " ckbunker CKbunker" echo echo "Extras:" - echo " manage use the lndmanage bonus app" echo " whitepaper download the whitepaper from the blockchain to /home/admin/bitcoin.pdf" echo " notifyme wrapper for blitz.notify.sh that will send a notification using the configured method and settings" echo " suez visualize channels (for the default ln implementation and chain when installed)" + exho " lnproxy wrap invoices with lnproxy" echo echo "LND:" echo " lncli LND commandline interface (when installed)" echo " balance your satoshi balance" echo " channels your lightning channels" echo " fwdreport show forwarding report" + echo " manage use the lndmanage bonus app" echo echo "CLN:" echo " lightning-cli Core Lightning commandline interface (when installed)" @@ -529,17 +530,32 @@ function bm() { # command: lnproxy function lnproxy() { - if [ $(cat /mnt/hdd/raspiblitz.conf 2>/dev/null | grep -c "runBehindTor=on") -eq 1 ]; then - echo - echo "Requesting a wrapped invoice from rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion ..." - echo - torify curl http://rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion/api/${1} + source /mnt/hdd/raspiblitz.conf + if [ $# -gt 0 ]; then + invoice=$1 else - echo - echo "Requesting a wrapped invoice from https://lnproxy.org ..." - echo - curl https://lnproxy.org/api/${1} + echo "Paste the invoice to be wrapped and press enter:" + read -r invoice fi + if systemctl is-active --quiet tor@default; then + if [ -z "${lnproxy_override_tor}" ]; then + lnproxy_override_tor="rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion/api" + fi + wrapped=$(torsocks curl -sS http://${lnproxy_override_tor}/${invoice}) + echo + echo "Requesting a wrapped invoice from ${lnproxy_override_tor}" + else + if [ -z "${lnproxy_override_clearnet}" ]; then + lnproxy_override_clearnet="lnproxy.org/api" + fi + wrapped=$(curl -sS https://${lnproxy_override_clearnet}/${invoice}) + echo + echo "Requesting a wrapped invoice from ${lnproxy_override_clearnet}" + fi + echo + /home/admin/config.scripts/blitz.check-invoice-wrap.py "$1" "$wrapped" + echo + echo $wrapped } # command: suez diff --git a/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf b/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf new file mode 100644 index 000000000..ab7d7009c --- /dev/null +++ b/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf @@ -0,0 +1,27 @@ +## lnproxy_ssl.conf + +server { + listen 4749 ssl http2; + listen [::]:4749 ssl http2; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + include /etc/nginx/snippets/gzip-params.conf; + + access_log /var/log/nginx/access_lnproxy.log; + error_log /var/log/nginx/error_lnproxy.log; + + location /api/ { + proxy_pass http://127.0.0.1:4747; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + + location / { + proxy_pass http://127.0.0.1:4748; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } +} diff --git a/home.admin/assets/nginx/sites-available/lnproxy_tor.conf b/home.admin/assets/nginx/sites-available/lnproxy_tor.conf new file mode 100644 index 000000000..9bfd1113c --- /dev/null +++ b/home.admin/assets/nginx/sites-available/lnproxy_tor.conf @@ -0,0 +1,26 @@ +## lnproxy_tor.conf + +server { + listen 4750; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + include /etc/nginx/snippets/gzip-params.conf; + + access_log /var/log/nginx/access_lnproxy.log; + error_log /var/log/nginx/error_lnproxy.log; + + location /api/ { + proxy_pass http://127.0.0.1:4747; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + + location / { + proxy_pass http://127.0.0.1:4748; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } +} diff --git a/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf b/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf new file mode 100644 index 000000000..65b998244 --- /dev/null +++ b/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf @@ -0,0 +1,26 @@ +## lnproxy_tor_ssl.conf + +server { + listen 4751 ssl http2; + server_name _; + + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + + include /etc/nginx/snippets/gzip-params.conf; + + access_log /var/log/nginx/access_lnproxy.log; + error_log /var/log/nginx/error_lnproxy.log; + + location /api/ { + proxy_pass http://127.0.0.1:4747; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } + + location / { + proxy_pass http://127.0.0.1:4748; + + include /etc/nginx/snippets/ssl-proxy-params.conf; + } +} diff --git a/home.admin/config.scripts/blitz.check-invoice-wrap.py b/home.admin/config.scripts/blitz.check-invoice-wrap.py new file mode 100644 index 000000000..32a1aab04 --- /dev/null +++ b/home.admin/config.scripts/blitz.check-invoice-wrap.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python3 +# adapted from: https://github.com/lnproxy/lnproxy-cli/blob/fe18d16e42b58f635b94c7da59a34d5e092e4d56/check-wrap.py +# Parses payment hashes and amounts in bolt11 invoices to check lnproxy +# Can skip most bolt11 checks since both the user's wallet and lnproxy will do that + +from decimal import Decimal + +CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l" +units = { + 'p': 10**12, + 'n': 10**9, + 'u': 10**6, + 'm': 10**3, +} + +def parse(invoice): + invoice = invoice.lower() + pos = invoice.rfind('1') + amount = invoice[4:pos] + if amount == '': + amount = Decimal(0) + else: + amount = Decimal(amount[:-1]) / units[amount[-1]] + data = invoice[pos+1+7:] + i = 0 + while i < len(data): + if data[i] == 'p' and data[i+1:i+1+2] == 'p5': + payment_hash = data[i+1+2:i+1+2+52] + break + else: + i += 3 + CHARSET.find(data[i+1]) * 32 + CHARSET.find(data[i+1+1]) + return (amount, payment_hash) + +from sys import stderr, argv +try: + if len(argv) != 3: + raise Exception("Incorrect number of arguments") + + amt1, hash1 = parse(argv[1]) + amt2, hash2 = parse(argv[2]) + + if hash1 != hash2: + print(f"Payment hashes do not match!", file=stderr) + exit(3) + + if amt1 != Decimal(0): + print(f"Hashes match, routing fee is {(amt2-amt1)*10**8:0,.0f} sat ({(amt2-amt1)/amt1*100:0.2f}%)") + else: + print(f"Hashes match") + +except Exception as err: + print('Error:', err) + print(f"usage: {argv[0]} ", file=stderr) + exit(2) diff --git a/home.admin/config.scripts/bonus.go.sh b/home.admin/config.scripts/bonus.go.sh index 771cb7222..931e76afb 100755 --- a/home.admin/config.scripts/bonus.go.sh +++ b/home.admin/config.scripts/bonus.go.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh # set version, check: https://golang.org/dl/ -goVersion="1.18.7" +goVersion="1.19.5" +# checksums: +amd64Checksum="36519702ae2fd573c9869461990ae550c8c0d955cd28d2827a6b159fda81ff95" +armv6lChecksum="ec14f04bdaf4a62bdcf8b55b9b6434cc27c2df7d214d0bb7076a7597283b026a" +arm64Checksum="fc0aa29c933cec8d76f5435d859aaf42249aa08c74eb2d154689ae44c08d23b3" + downloadFolder="/home/admin/download" -usage(){ +usage() { printf "Config script to install or remove Go\n" printf "./bonus.go.sh [on|off]\n" exit 1 @@ -12,51 +17,65 @@ usage(){ case "$1" in - 1|on) # switch on - . /etc/profile # get Go vars - needed if there was no log-out since Go installed - printf "Check Framework: Go\n" - if go version 2>/dev/null | grep -q "${goVersion}" ; then - printf "\nThe requested version of Go is already installed.\n" - go version - printf "\n" +1 | on) # switch on + . /etc/profile # get Go vars - needed if there was no log-out since Go installed + printf "# Check Framework: Go\n" + if go version 2>/dev/null | grep -q "${goVersion}"; then + printf "\nThe requested version of Go is already installed.\n" + go version + printf "\n" + else + goOSversion=$(dpkg --print-architecture) + if [ ${goOSversion} = "armv6l" ]; then + checksum=${armv6lChecksum} + elif [ ${goOSversion{} = "arm64" ]; then + checksum=${arm64Checksum} + elif [ ${goOSversion} = "amd64" ]; then + checksum=${amd64Checksum} else - architecture="$(uname -m)" - case "${architecture}" in - arm*) goOSversion="armv6l";; - aarch64) goOSversion="arm64";; - x86_64) goOSversion="amd64";; - *) printf %s"Not available for architecture=${architecture}\n"; exit 1 - esac - printf %s"\n*** Installing Go v${goVersion} for ${goOSversion} \n***" - wget https://dl.google.com/go/go${goVersion}.linux-${goOSversion}.tar.gz -P ${downloadFolder} - if [ ! -f "${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz" ]; then - printf "# FAIL # Download failed.\n" - rm -fv go${goVersion}.linux-${goOSversion}.tar.gz* - exit 1 - fi - printf "Clean old Go version\n" - sudo rm -rf /usr/local/go /usr/local/gocode - sudo tar -C /usr/local -xzf ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz - rm -fv ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz* - sudo mkdir -v /usr/local/gocode - sudo chmod -v 777 /usr/local/gocode - export GOROOT=/usr/local/go - export PATH=$PATH:$GOROOT/bin - export GOPATH=/usr/local/gocode - export PATH=$PATH:$GOPATH/bin - sudo grep -q "GOROOT=" /etc/profile || { printf "\nGOROOT=/usr/local/go\nPATH=\$PATH:\$GOROOT/bin/\nGOPATH=/usr/local/gocode\nPATH=\$PATH:\$GOPATH/bin/\n\n" | sudo tee -a /etc/profile; } - go env -w GOPATH=/usr/local/gocode # set GOPATH https://github.com/golang/go/wiki/SettingGOPATH - go version | grep -q "go" || { printf "FAIL: Unable to install Go\n"; exit 1; } - printf %s"Installed $(go version 2>/dev/null)\n\n" + echo "# architecture $goOSversion not supported" + exit 1 fi - ;; - 0|off) # switch off - printf "*** REMOVING GO ***\n" + printf %s"\n*** Installing Go v${goVersion} for ${goOSversion} \n***" + wget https://dl.google.com/go/go${goVersion}.linux-${goOSversion}.tar.gz -P ${downloadFolder} + if [ ! -f "${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz" ]; then + printf "# FAIL # Download failed.\n" + rm -fv go${goVersion}.linux-${goOSversion}.tar.gz* + exit 1 + fi + if ! echo ${checksum} ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz | sha256sum -c; then + printf "# FAIL: Download corrupted\n" + rm -fv ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz* + exit 1 + fi + + printf "# Clean old Go version\n" sudo rm -rf /usr/local/go /usr/local/gocode - printf "OK Go removed.\n" + sudo tar -C /usr/local -xzf ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz + rm -fv ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz* + sudo mkdir -v /usr/local/gocode + sudo chmod -v 777 /usr/local/gocode + export GOROOT=/usr/local/go + export PATH=$PATH:$GOROOT/bin + export GOPATH=/usr/local/gocode + export PATH=$PATH:$GOPATH/bin + sudo grep -q "GOROOT=" /etc/profile || { printf "\nGOROOT=/usr/local/go\nPATH=\$PATH:\$GOROOT/bin/\nGOPATH=/usr/local/gocode\nPATH=\$PATH:\$GOPATH/bin/\n\n" | sudo tee -a /etc/profile; } + go env -w GOPATH=/usr/local/gocode # set GOPATH https://github.com/golang/go/wiki/SettingGOPATH + go version | grep -q "go" || { + printf "FAIL: Unable to install Go\n" + exit 1 + } + printf %s"Installed $(go version 2>/dev/null)\n\n" + fi ;; - *) usage +0 | off) # switch off + printf "*** REMOVING GO ***\n" + sudo rm -rf /usr/local/go /usr/local/gocode + printf "# OK Go removed.\n" + ;; -esac \ No newline at end of file +*) usage ;; + +esac diff --git a/home.admin/config.scripts/bonus.lnproxy.sh b/home.admin/config.scripts/bonus.lnproxy.sh new file mode 100644 index 000000000..fb26b2494 --- /dev/null +++ b/home.admin/config.scripts/bonus.lnproxy.sh @@ -0,0 +1,252 @@ +#!/bin/bash + +# https://github.com/lnproxy/lnproxy/commits/main +LNPROXYVERSION="423723b58cc45daa2fdf6c8b22537d560aca4d7a" +# https://github.com/lnproxy/lnproxy-webui/commits/main +WEBUIVERSION=24d291c884a0b60126c1915301f29c893900a155 + +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "config script to install or uninstall the lnproxy server" + echo "bonus.lnproxy.sh [on|off|menu]" + echo "installs the version $LNPROXYVERSION by default" + exit 1 +fi + +source /mnt/hdd/raspiblitz.conf +localip=$(hostname -I | awk '{print $1}') + +# menu +if [ "$1" = "menu" ]; then + + if systemctl is-active --quiet lnproxy; then + # get network info + torAddress=$(sudo cat /mnt/hdd/tor/lnproxy/hostname 2>/dev/null) + fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2) + + if [ "${runBehindTor}" = "on" ] && [ -n "${torAddress}" ]; then + # Info with Tor + sudo /home/admin/config.scripts/blitz.display.sh qr "${torAddress}" + whiptail --title " lnproxy-webui and API" --msgbox "\ +Open in your local web browser: +http://${localip}:4748 +https://${localip}:4749 with Fingerprint: +${fingerprint}\n +Hidden Service address for Tor Browser (see LCD for QR): +${torAddress}\n +To use the API: +curl -k https://${localip}:4749/api/{invoice}?routing_msat={budget}\n +The Tor Hidden Service address to share for using the API: +${torAddress}/api +" 19 67 + sudo /home/admin/config.scripts/blitz.display.sh hide + else + # Info without Tor + whiptail --title " lnproxy-webui " --msgbox "Open in your local web browser: +http://${localip}:4748\n +Activate Tor to access the web interface from outside your local network. +" 15 57 + fi + echo "# please wait ..." + else + echo "# *** LNPROXY IS NOT INSTALLED ***" + fi + exit 0 +fi + +# install +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + + if systemctl is-active --quiet lnproxy; then + echo "# FAIL - lnproxy already installed" + sleep 3 + exit 1 + fi + + echo "*** INSTALL LNPROXY ***" + # check and install Go + /home/admin/config.scripts/bonus.go.sh on + + # create lnproxy user + sudo adduser --disabled-password --gecos "" lnproxy + + # create macaroon + cd /home/bitcoin || exit 1 + sudo -u bitcoin lncli bakemacaroon --save_to lnproxy.macaroon \ + uri:/lnrpc.Lightning/DecodePayReq \ + uri:/lnrpc.Lightning/LookupInvoice \ + uri:/invoicesrpc.Invoices/AddHoldInvoice \ + uri:/invoicesrpc.Invoices/SubscribeSingleInvoice \ + uri:/invoicesrpc.Invoices/CancelInvoice \ + uri:/invoicesrpc.Invoices/SettleInvoice \ + uri:/routerrpc.Router/SendPaymentV2 + sudo mv ./lnproxy.macaroon /home/lnproxy/ + sudo chown lnproxy:lnproxy /home/lnproxy/lnproxy.macaroon + sudo chmod 600 /home/lnproxy/lnproxy.macaroon + + # make sure symlink to central app-data directory exists + sudo rm -rf /home/lnproxy/.lnd # not a symlink.. delete it silently + # create symlink + sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/lnproxy/.lnd" + + # download source code + cd /home/lnproxy/ || exit 1 + sudo -u lnproxy git clone https://github.com/lnproxy/lnproxy.git /home/lnproxy/lnproxy + cd /home/lnproxy/lnproxy || exit 1 + sudo -u lnproxy git reset --hard ${LNPROXYVERSION} || exit 1 + + # build + sudo -u lnproxy /usr/local/go/bin/go get lnproxy + sudo -u lnproxy /usr/local/go/bin/go build + + # manual start (in tmux) + # sudo -u lnproxy /home/lnproxy/lnproxy/lnproxy -lnd-cert /home/lnproxy/.lnd/tls.cert /home/lnproxy/lnproxy.macaroon + + # create systemd service + cat < Date: Tue, 7 Feb 2023 20:24:58 +0100 Subject: [PATCH 43/47] Merge brreparing rc2 --- home.admin/_version.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/_version.info b/home.admin/_version.info index c818fb0f7..477181820 100644 --- a/home.admin/_version.info +++ b/home.admin/_version.info @@ -1,3 +1,3 @@ # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1') -codeVersion="1.9.0rc1" +codeVersion="1.9.0rc2" # keep last line with comment \ No newline at end of file From 00522b3d054be048dd6dd6667c2dc9e3e676a5c5 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Tue, 7 Feb 2023 19:28:14 +0000 Subject: [PATCH 44/47] bump nbxplorer to v2.3.59 (#3661) --- home.admin/config.scripts/bonus.btcpayserver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/bonus.btcpayserver.sh b/home.admin/config.scripts/bonus.btcpayserver.sh index b627c516c..b4d78be08 100644 --- a/home.admin/config.scripts/bonus.btcpayserver.sh +++ b/home.admin/config.scripts/bonus.btcpayserver.sh @@ -3,7 +3,7 @@ # Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0 # https://github.com/dgarage/NBXplorer/tags -NBXplorerVersion="v2.3.58" +NBXplorerVersion="v2.3.59" # https://github.com/btcpayserver/btcpayserver/releases BTCPayVersion="v1.7.5" From 795ed2919af7a5c0b7b2ed6b33a1b3df628d467e Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Tue, 7 Feb 2023 20:58:07 +0100 Subject: [PATCH 45/47] #3659 filter ald Torv1 addresses on update (#3662) --- home.admin/_provision.update.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home.admin/_provision.update.sh b/home.admin/_provision.update.sh index c434b1742..ba70cd960 100755 --- a/home.admin/_provision.update.sh +++ b/home.admin/_provision.update.sh @@ -146,6 +146,9 @@ else echo "WARN: /mnt/hdd/bitcoin/bitcoin.conf not found" >> ${logFile} fi +# delete old Tor v1 addresses from config - see: https://github.com/rootzoll/raspiblitz/issues/3659 +sed -i -E "/^addnode=[a-z0-9]{8,18}\.onion/d" /mnt/hdd/${network}/${network}.conf 2>/dev/null + echo "Version Code: ${codeVersion}" >> ${logFile} echo "Version Data: ${raspiBlitzVersion}" >> ${logFile} From b0567148ce5a2a7a45e7c94ef87617e1c14ea733 Mon Sep 17 00:00:00 2001 From: rootzoll Date: Tue, 7 Feb 2023 21:08:26 +0100 Subject: [PATCH 46/47] #3656 fix API & WebUI install --- home.admin/00settingsMenuBasics.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/00settingsMenuBasics.sh b/home.admin/00settingsMenuBasics.sh index 15121890f..a2854060d 100755 --- a/home.admin/00settingsMenuBasics.sh +++ b/home.admin/00settingsMenuBasics.sh @@ -185,8 +185,8 @@ if [ ${check} -eq 1 ]; then choice="on"; fi if [ "${blitzapi}" != "${choice}" ]; then echo "Blitz API + webUI settings changed .." anychange=1 - sudo /home/admin/config.scripts/blitz.web.api.sh ${choice} - sudo /home/admin/config.scripts/blitz.web.ui.sh ${choice} + sudo /home/admin/config.scripts/blitz.web.api.sh ${choice} DEFAULT + sudo /home/admin/config.scripts/blitz.web.ui.sh ${choice} DEFAULT errorOnInstall=$? if [ "${choice}" = "on" ]; then whiptail --title " Installed Blitz API + webUI" --msgbox "\ From 0a6b45068496554f43d26bb6d4cd817cbe60e954 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Tue, 7 Feb 2023 20:32:22 +0000 Subject: [PATCH 47/47] break scripts on fatal failures (#3658) --- .../config.scripts/bonus.btcpayserver.sh | 21 +++++-------------- home.admin/config.scripts/bonus.fulcrum.sh | 4 ++-- .../config.scripts/cl-plugin.cln-grpc.sh | 2 +- home.admin/config.scripts/cl.hsmtool.sh | 2 +- 4 files changed, 9 insertions(+), 20 deletions(-) diff --git a/home.admin/config.scripts/bonus.btcpayserver.sh b/home.admin/config.scripts/bonus.btcpayserver.sh index b4d78be08..13772ce68 100644 --- a/home.admin/config.scripts/bonus.btcpayserver.sh +++ b/home.admin/config.scripts/bonus.btcpayserver.sh @@ -399,10 +399,7 @@ if [ "$1" = "install" ]; then sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1 echo "# Build NBXplorer $NBXplorerVersion" # from the build.sh with path - sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || ( - echo "# Build failed" - exit 1 - ) + sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || exit 1 # BTCPayServer echo "# Install BTCPayServer" @@ -423,10 +420,7 @@ if [ "$1" = "install" ]; then echo "# Build BTCPayServer $BTCPayVersion" # from the build.sh with path sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release \ - /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || ( - echo "# Build failed" - exit 1 - ) + /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || exit 1 exit 0 fi @@ -757,10 +751,8 @@ if [ "$1" = "update" ]; then echo "# Build NBXplorer $TAG" # from the build.sh with path sudo systemctl stop nbxplorer - sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || ( - echo "# Build failed" - exit 1 - ) + sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || exit 1 + # whitelist localhost in bitcoind if ! sudo grep -Eq "^whitelist=127.0.0.1" /mnt/hdd/bitcoin/bitcoin.conf; then echo "whitelist=127.0.0.1" | sudo tee -a /mnt/hdd/bitcoin/bitcoin.conf @@ -813,10 +805,7 @@ if [ "$1" = "update" ]; then echo "# Build BTCPayServer $TAG" # from the build.sh with path sudo systemctl stop btcpayserver - sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || ( - echo "# Build failed" - exit 1 - ) + sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || exit 1 sudo systemctl start btcpayserver echo "# Updated BTCPayServer to $TAG" fi diff --git a/home.admin/config.scripts/bonus.fulcrum.sh b/home.admin/config.scripts/bonus.fulcrum.sh index cd177311f..bf008cc9a 100644 --- a/home.admin/config.scripts/bonus.fulcrum.sh +++ b/home.admin/config.scripts/bonus.fulcrum.sh @@ -52,10 +52,10 @@ if [ "$1" = on ]; then curl https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/pubkeys/calinkey.txt | sudo -u fulcrum gpg --import # look for 'Good signature' - sudo -u fulcrum gpg --verify Fulcrum-${fulcrumVersion}-${build}.tar.gz.asc || (echo "Failed to verify the GPG signature of Fulcrum-${fulcrumVersion}-${build}.tar.gz"; exit 1) + sudo -u fulcrum gpg --verify Fulcrum-${fulcrumVersion}-${build}.tar.gz.asc || exit 1 # look for 'OK' - sudo -u fulcrum sha256sum -c Fulcrum-${fulcrumVersion}-${build}.tar.gz.sha256sum --ignore-missing || (echo "Failed to verify the sha256 hash of Fulcrum-${fulcrumVersion}-${build}.tar.gz"; exit 1) + sudo -u fulcrum sha256sum -c Fulcrum-${fulcrumVersion}-${build}.tar.gz.sha256sum --ignore-missing || exit 1 # decompress sudo -u fulcrum tar -xvf Fulcrum-${fulcrumVersion}-${build}.tar.gz diff --git a/home.admin/config.scripts/cl-plugin.cln-grpc.sh b/home.admin/config.scripts/cl-plugin.cln-grpc.sh index 649db719a..00dbe4bb4 100644 --- a/home.admin/config.scripts/cl-plugin.cln-grpc.sh +++ b/home.admin/config.scripts/cl-plugin.cln-grpc.sh @@ -114,7 +114,7 @@ elif [ "$1" = off ]; then elif [ "$1" = update ]; then if [ "$(echo "$@" | grep -c source)" -gt 0 ];then - cd /home/bitcoin/lightning/ || (echo " The source is not present"; exit 1) + cd /home/bitcoin/lightning/ || exit 1 sudo -u bitcoin git pull fi sudo rm -rf /home/bitcoin/cl-plugins-available/cln-grpc diff --git a/home.admin/config.scripts/cl.hsmtool.sh b/home.admin/config.scripts/cl.hsmtool.sh index 4912a09e3..f69919253 100644 --- a/home.admin/config.scripts/cl.hsmtool.sh +++ b/home.admin/config.scripts/cl.hsmtool.sh @@ -156,7 +156,7 @@ function decryptHSMsecret() { /home/admin/config.scripts/cl.hsmtool.sh unlock ${CHAIN} # attempt to decrypt again sudo cat $passwordFile | sudo -u bitcoin lightning-hsmtool decrypt \ - "$hsmSecretPath" || (echo "# Couldn't decrypt"; exit 1) + "$hsmSecretPath" || exit 1 fi fi shredPasswordFile