cln: check if the backup is outdated on unlock

related: #3140

home.admin/config.scripts/cl.hsmtool.sh

@@ -14,13 +14,13 @@ if [ $# -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]||\
   echo
   echo "Usage:"
   echo "Create new wallet:"
-  echo "cl.hsmtool.sh [new] [mainnet|testnet|signet] [?seedpassword]"  
-  echo "cl.hsmtool.sh [new-force] [mainnet|testnet|signet] [?seedpassword]"  
+  echo "cl.hsmtool.sh [new] [mainnet|testnet|signet] [?seedpassword]"
+  echo "cl.hsmtool.sh [new-force] [mainnet|testnet|signet] [?seedpassword]"
   echo "There will be no seedpassword(passphrase) used by default"
   echo "new-force will backup the old wallet and will work without interaction"
   echo
-  echo "cl.hsmtool.sh [seed] [mainnet|testnet|signet] [\"space-separated-seed-words\"] [?seedpassword]"  
-  echo "cl.hsmtool.sh [seed-force] [mainnet|testnet|signet] [\"space-separated-seed-words\"] [?seedpassword]"  
+  echo "cl.hsmtool.sh [seed] [mainnet|testnet|signet] [\"space-separated-seed-words\"] [?seedpassword]"
+  echo "cl.hsmtool.sh [seed-force] [mainnet|testnet|signet] [\"space-separated-seed-words\"] [?seedpassword]"
   echo "The new hsm_secret will be not encrypted if no NewPassword is given"
   echo "seed-force will delete any old wallet and will work without dialog"
   echo
@@ -28,7 +28,7 @@ if [ $# -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]||\
   echo "cl.hsmtool.sh [encrypt|decrypt] <mainnet|testnet|signet>"
   echo "cl.hsmtool.sh [autounlock-on|autounlock-off] <mainnet|testnet|signet>"
   echo
-  echo "cl.hsmtool.sh [change-password] <mainnet|testnet|signet> <OldPassword> <NewPassword>"
+  echo "cl.hsmtool.sh [change-password] <mainnet|testnet|signet> <NewPassword>"
   echo
   exit 1
 fi
@@ -108,7 +108,7 @@ function encryptHSMsecret() {
     sudo chown bitcoin:bitcoin $passwordFile
     sudo chmod 600 $passwordFile
     walletPassword=$(sudo cat $passwordFile)
-  fi  
+  fi
   (echo $walletPassword; echo $walletPassword) | \
    sudo -u bitcoin lightning-hsmtool encrypt $hsmSecretPath || exit 1
   # setting value in raspiblitz.conf
@@ -117,7 +117,7 @@ function encryptHSMsecret() {
 }
 
 function decryptHSMsecret() {
- 
+
   # optional to give this function the decrypt password
   password=$1
 
@@ -161,7 +161,7 @@ function decryptHSMsecret() {
 
 ###########
 # Options #
-########### 
+###########
 if [ "$1" = "new" ] || [ "$1" = "new-force" ] || [ "$1" = "seed" ] || [ "$1" = "seed-force" ]; then
 
   # make sure /home/bitcoin/.lightning/bitcoin exists (when lightningd was not run yet)
@@ -181,7 +181,7 @@ if [ "$1" = "new" ] || [ "$1" = "new-force" ] || [ "$1" = "seed" ] || [ "$1" = "
     if sudo ls $hsmSecretPath 2>1 1>/dev/null; then
       echo "# The hsm_secret is already present at $hsmSecretPath."
       if [ ${CHAIN} = "mainnet" ]; then
-        if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info 2>1 1>/dev/null; then 
+        if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info 2>1 1>/dev/null; then
           echo "# There is a /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info so don't create new"
           # show seed
           sudo /home/admin/config.scripts/cl.install.sh display-seed mainnet
@@ -268,7 +268,8 @@ elif [ "$1" = "unlock" ]; then
   justUnlocked=0
   while [ $($lightningcli_alias getinfo 2>&1 | grep -c '"id":') -eq 0 ];do
     clError=$(sudo journalctl -n5 -u ${netprefix}lightningd)
-    
+    clLog=$(sudo tail -n 5 /home/bitcoin/.lightning/${CLNETWORK}/cl.log)
+
     # check passwordfile
     if [ "$(eval echo \$${netprefix}clEncryptedHSM)" = "on" ] && [ ! -f $passwordFile ];then
         passwordToFile
@@ -277,7 +278,7 @@ elif [ "$1" = "unlock" ]; then
     # getpassword
     elif [ $(echo "${clError}" | \
       grep -c 'encrypted-hsm: Could not read pass from stdin.') -gt 0 ];then
-      if [ ${justUnlocked} -eq 0 ];then 
+      if [ ${justUnlocked} -eq 0 ];then
         if [ -f $passwordFile ];then
           echo "# Wrong passwordFile is present"
         else
@@ -291,7 +292,7 @@ elif [ "$1" = "unlock" ]; then
         sleep 5
       fi
 
-    # configure --encrypted-hsm 
+    # configure --encrypted-hsm
     elif [ $(echo "${clError}" | \
       grep -c 'hsm_secret is encrypted, you need to pass the --encrypted-hsm startup option.') -gt 0 ];then
 
@@ -300,15 +301,21 @@ elif [ "$1" = "unlock" ]; then
         # setting value in raspiblitz config
         /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clEncryptedHSM "on"
         /home/admin/config.scripts/cl.install-service.sh $CHAIN
-    
-    # get new password 
+
+    # get new password
     elif [ $(echo "${clError}" | \
       grep -c 'Wrong password for encrypted hsm_secret.') -gt 0 ];then
       echo "# Wrong password"
       sudo rm -f $passwordFile
       passwordToFile "Wrong password - type the decryption password for the $CHAIN C-lightning wallet"
       sudo systemctl restart ${netprefix}lightningd
-    
+
+    # check if the backup plugin is needing to be reinitialized
+    elif [ $(echo "${clLog}" | \
+      grep -c 'Backup is out of date, we cannot continue safely. Emergency shutdown.') -gt 0 ];then
+      echo "# Backup is out of date, reinitiliazng and saving a copy in /home/bitcoin/ (on the SDcard / OS disk)"
+      /home/admin/config.scripts/cl-plugin.backup.sh on
+
     # fail
     elif [ $attempt -eq 12 ];then
       echo "# Failed to unlock the ${netprefix}lightningd wallet - giving up after 1 minute"
@@ -369,7 +376,7 @@ elif [ "$1" = "encrypt" ]; then
 # were $deletedWhen.
 # The words cannot be generated from the hsm_secret (one way function).
 # If you don't have the words the hsm_secret can be still backed up as a file or in hex:
-# https://lightning.readthedocs.io/BACKUP.html#hsm-secret 
+# https://lightning.readthedocs.io/BACKUP.html#hsm-secret
 # https://github.com/rootzoll/raspiblitz/blob/dev/FAQ.cl.md#seed
 " | sudo -u bitcoin tee /home/bitcoin/.lightning/${CLNETWORK}/seedwords.info
   # encrypt