From f5be48770b1efdf1c5466d55f6417951abfa6050 Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Sun, 19 Dec 2021 16:27:27 +0000
Subject: [PATCH 1/5] remove duplicate sudos and improve clrescue import

---
 home.admin/_provision.setup.sh | 87 +++++++++++++++++++++++++---------
 1 file changed, 65 insertions(+), 22 deletions(-)

diff --git a/home.admin/_provision.setup.sh b/home.admin/_provision.setup.sh
index 06cb8ce3b..85ec25d79 100755
--- a/home.admin/_provision.setup.sh
+++ b/home.admin/_provision.setup.sh
@@ -71,7 +71,7 @@ chown -R admin:admin /home/admin/.${network} >>${logFile} 2>&1
 /home/admin/config.scripts/blitz.datadrive.sh link >> ${logFile}
 
 # test bitcoin config
-confExists=$(sudo ls /mnt/hdd/${network}/${network}.conf | grep -c "${network}.conf")
+confExists=$(ls /mnt/hdd/${network}/${network}.conf | grep -c "${network}.conf")
 echo "File Exists: /mnt/hdd/${network}/${network}.conf --> ${confExists}" >> ${logFile}
 
 # set password B as RPC password (from setup file)
@@ -142,9 +142,9 @@ if [ "${lightning}" != "lnd" ]; then
   # Remove LND from systemd
   echo "Remove LND" >> ${logFile}
   /home/admin/_cache.sh set message "Deactivate Lightning"
-  sudo systemctl disable lnd
-  sudo rm /etc/systemd/system/lnd.service 2>/dev/null
-  sudo systemctl daemon-reload
+  systemctl disable lnd
+  rm /etc/systemd/system/lnd.service 2>/dev/null
+  systemctl daemon-reload
 fi
 
 if [ "${lightning}" == "lnd" ]; then 
@@ -163,7 +163,7 @@ if [ "${lightning}" == "lnd" ]; then
   # if user uploaded an LND rescue file (raspiblitz.setup)
   if [ "${lndrescue}" != "" ]; then
     echo "Restore LND data from uploaded rescue file ${lndrescue} ..." >> ${logFile}
-    source <(sudo /home/admin/config.scripts/lnd.backup.sh lnd-import ${lndrescue})
+    source <(/home/admin/config.scripts/lnd.backup.sh lnd-import ${lndrescue})
     if [ "${error}" != "" ]; then
       /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lndrescue-import" "setup: lnd import backup failed" "${error}" ${logFile}
       exit 6
@@ -172,17 +172,17 @@ if [ "${lightning}" == "lnd" ]; then
     # preparing new LND config (raspiblitz.setup)
     echo "Creating new LND config ..." >> ${logFile}
     sudo -u bitcoin mkdir /mnt/hdd/lnd 2> /dev/null
-    sudo cp /home/admin/assets/lnd.bitcoin.conf /mnt/hdd/lnd/lnd.conf
-    sudo chown bitcoin:bitcoin /mnt/hdd/lnd/lnd.conf
-    sudo /home/admin/config.scripts/lnd.install.sh on mainnet
-    sudo /home/admin/config.scripts/lnd.setname.sh mainnet ${hostname}
+    cp /home/admin/assets/lnd.bitcoin.conf /mnt/hdd/lnd/lnd.conf
+    chown bitcoin:bitcoin /mnt/hdd/lnd/lnd.conf
+    /home/admin/config.scripts/lnd.install.sh on mainnet
+    /home/admin/config.scripts/lnd.setname.sh mainnet ${hostname}
   fi
 
   # make sure all directories are linked
-  sudo /home/admin/config.scripts/blitz.datadrive.sh link
+  /home/admin/config.scripts/blitz.datadrive.sh link
 
   # check if now a config exists
-  configLinkedCorrectly=$(sudo ls sudo ls /home/bitcoin/.lnd/lnd.conf | grep -c "lnd.conf")
+  configLinkedCorrectly=$(ls /home/bitcoin/.lnd/lnd.conf | grep -c "lnd.conf")
   if [ "${configLinkedCorrectly}" != "1" ]; then
     /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-link-broken" "link /home/bitcoin/.lnd/lnd.conf broken" "" ${logFile}
     exit 7
@@ -193,16 +193,16 @@ if [ "${lightning}" == "lnd" ]; then
   /home/admin/_cache.sh set message "LND Testrun"
 
   # just in case
-  sudo systemctl stop lnd 2>/dev/null
-  sudo systemctl disable lnd 2>/dev/null
+  systemctl stop lnd 2>/dev/null
+  systemctl disable lnd 2>/dev/null
 
   # copy lnd service
-  sudo cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service >> ${logFile}
+  cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service >> ${logFile}
 
   # start lnd up
   echo "Starting LND Service ..." >> ${logFile}
-  sudo systemctl enable lnd >> ${logFile}
-  sudo systemctl start lnd >> ${logFile}
+  systemctl enable lnd >> ${logFile}
+  systemctl start lnd >> ${logFile}
   echo "Starting LND Service ... executed" >> ${logFile}
 
   # check that lnd started
@@ -302,7 +302,7 @@ if [ "${lightning}" == "lnd" ]; then
   fi
 
   # now sync macaroons & TLS zo other users
-  sudo /home/admin/config.scripts/lnd.credentials.sh sync >> ${logFile}
+  /home/admin/config.scripts/lnd.credentials.sh sync >> ${logFile}
 
   # make a final lnd check
   source <(/home/admin/config.scripts/lnd.check.sh basic-setup)
@@ -324,7 +324,7 @@ if [ "${lightning}" == "cl" ]; then
   echo "############## c-lightning" >> ${logFile}
 
   /home/admin/_cache.sh set message "C-Lightning Install"
-  sudo /home/admin/config.scripts/cl.install.sh on mainnet >> ${logFile}
+  /home/admin/config.scripts/cl.install.sh on mainnet >> ${logFile}
   /home/admin/_cache.sh set message "C-Lightning Setup"
 
   # OLD WALLET FROM CLIGHTNING RESCUE
@@ -337,6 +337,41 @@ if [ "${lightning}" == "cl" ]; then
       exit 16
     fi
 
+    # detect if the imported hsm_secret is encrypted and set in raspiblitz.conf
+    # use the variables for the default network 
+    source <(/home/admin/config.scripts/network.aliases.sh getvars cl mainnet)
+    hsmSecretPath="/home/bitcoin/.lightning/bitcoin/hsm_secret"
+    # check if encrypted
+    trap 'rm -f "$output"' EXIT
+    output=$(mktemp -p /dev/shm/)
+    echo "test" | sudo -u bitcoin lightning-hsmtool decrypt "$hsmSecretPath" \
+     2> "$output"
+    if [ "$(grep -c "hsm_secret is not encrypted" < "$output")" -gt 0 ];then
+      echo "# The hsm_secret is not encrypted"
+      echo "# Record in raspiblitz.conf"
+      /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clEncryptedHSM "off"
+    else
+      cat $output
+      echo "# The hsm_secret is encrypted"
+      echo "# Record in raspiblitz.conf"
+      /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clEncryptedHSM "off"
+    fi
+
+    # set the lightningd service file on each active network
+    # init backup plugin, restart cl
+    if [ "${cl}" == "on" ] || [ "${cl}" == "1" ]; then
+      /home/admin/config.scripts/cl.install-service.sh mainnet
+      /home/admin/config.scripts/cl-plugin.backup.sh on mainnet
+    fi
+    if [ "${tcl}" == "on" ] || [ "${tcl}" == "1" ]; then
+      /home/admin/config.scripts/cl.install-service.sh testnet
+      /home/admin/config.scripts/cl-plugin.backup.sh on testnet
+    fi
+    if [ "${scl}" == "on" ] || [ "${scl}" == "1" ]; then
+      /home/admin/config.scripts/cl.install-service.sh signet
+      /home/admin/config.scripts/cl-plugin.backup.sh on signet
+    fi
+
   # OLD WALLET FROM SEEDWORDS
   elif [ "${seedWords}" != "" ]; then
 
@@ -355,8 +390,16 @@ if [ "${lightning}" == "cl" ]; then
 
     echo "Generate new CL wallet ..." >> ${logFile}
 
-    # generate new wallet
-    source <(/home/admin/config.scripts/cl.hsmtool.sh new-force mainnet)
+    # a new wallet is generated in /home/admin/config.scripts/cl.install.sh on mainnet
+    walletExistsNow=$(ls /home/bitcoin/.lightning/bitcoin/hsm_secret 2>/dev/null | grep -c "hsm_secret")
+    seedwordsFileExitNow=$(ls /home/bitcoin/.lightning/bitcoin/seedwords.info 2>/dev/null | grep -c "seedwords.info")
+    if [ "${walletExistsNow}" -gt 0 ] && [ "${seedwordsFileExitNow}" -gt 0 ]; then
+      # get existing ${seedwords} and "${seedwords6x4}"
+      source /home/bitcoin/.lightning/bitcoin/seedwords.info
+    else
+      # generate new wallet
+      source <(/home/admin/config.scripts/cl.hsmtool.sh new-force mainnet)
+    fi
 
     # check if got new seedwords
     if [ "${seedwords}" == "" ] || [ "${seedwords6x4}" == "" ]; then
@@ -365,9 +408,9 @@ if [ "${lightning}" == "cl" ]; then
     fi
 
     # check if wallet really got created 
-    walletExistsNow=$(sudo ls /home/bitcoin/.lightning/bitcoin/hsm_secret 2>/dev/null | grep -c "hsm_secret")
+    walletExistsNow=$(ls /home/bitcoin/.lightning/bitcoin/hsm_secret 2>/dev/null | grep -c "hsm_secret")
     if [ $walletExistsNow -eq 0 ]; then
-      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "cl-wallet-new-nowallet" "cl.hsmtool.sh new-force did not created wallet" "/home/bitcoin/.lightning/bitcoin/hsm_secret --> missing" ${logFile}
+      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "cl-wallet-new-nowallet" "cl.hsmtool.sh new-force did not create wallet" "/home/bitcoin/.lightning/bitcoin/hsm_secret --> missing" ${logFile}
       exit 19
     fi
 

From 40d2df860cec9a41786d2320e101812d7690c37d Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Sun, 19 Dec 2021 16:47:06 +0000
Subject: [PATCH 2/5] lnd.compact: use pkill instead of killall #2752

---
 home.admin/config.scripts/lnd.compact.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/home.admin/config.scripts/lnd.compact.sh b/home.admin/config.scripts/lnd.compact.sh
index e2828572f..e1796ed8a 100644
--- a/home.admin/config.scripts/lnd.compact.sh
+++ b/home.admin/config.scripts/lnd.compact.sh
@@ -78,7 +78,7 @@ done
 echo "# LND state:"
 sudo -u bitcoin lncli state
 
-sudo killall lnd >> /home/admin/lnd.db.bolt.auto-compact.log 2>&1
+sudo pkill lnd >> /home/admin/lnd.db.bolt.auto-compact.log 2>&1
 
 echo
 echo "# Finished compacting."

From fe61c69c311b0d47813a6a894abc12506afaec46 Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Sun, 19 Dec 2021 16:56:38 +0000
Subject: [PATCH 3/5] update: download both lnd and cl rescue if active

---
 home.admin/99updateMenu.sh | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/home.admin/99updateMenu.sh b/home.admin/99updateMenu.sh
index ef3858838..fb55a9daf 100755
--- a/home.admin/99updateMenu.sh
+++ b/home.admin/99updateMenu.sh
@@ -40,13 +40,12 @@ Do you want to download Lightning Data Backup now?
       echo "*************************************"
       echo "please wait .."
       sleep 2
-      if [ "${lightning}" == "lnd" ]; then
+      if [ "${lightning}" == "lnd" ] || [ "${lnd}" = "on" ]; then
         /home/admin/config.scripts/lnd.compact.sh interactive
         /home/admin/config.scripts/lnd.backup.sh lnd-export-gui
-      elif [ "${lightning}" == "cl" ]; then
+      fi
+      if [ "${lightning}" == "cl" ] || [ "${cl}" = "on" ]; then
         /home/admin/config.scripts/cl.backup.sh cl-export-gui
-      else
-        echo "TODO: Implement Data Backup for '${lightning}'"
       fi
       echo
       echo "PRESS ENTER to continue once you're done downloading."
@@ -58,14 +57,13 @@ Do you want to download Lightning Data Backup now?
       echo "*************************************"
       echo "please wait .."
       sleep 2
-      if [ "${lightning}" == "lnd" ]; then
+      if [ "${lightning}" == "lnd" ] || [ "${lnd}" = "on" ]; then
         /home/admin/config.scripts/lnd.backup.sh lnd-export
-      elif [ "${lightning}" == "cl" ]; then
-        /home/admin/config.scripts/cl.backup.sh cl-export
-      else
-        echo "TODO: Implement Data Backup for '${lightning}'"
-        sleep 3
       fi
+      if [ "${lightning}" == "cl" ] || [ "${cl}" = "on" ]; then
+        /home/admin/config.scripts/cl.backup.sh cl-export
+      fi
+      sleep 3
     fi
   fi
 

From 6986e7e02073f07e2391d432c85c65694c8bf6dc Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Sun, 19 Dec 2021 18:06:16 +0000
Subject: [PATCH 4/5] lnd.compact: kill process without exiting #2752

---
 home.admin/config.scripts/lnd.compact.sh | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/home.admin/config.scripts/lnd.compact.sh b/home.admin/config.scripts/lnd.compact.sh
index e1796ed8a..98e553322 100644
--- a/home.admin/config.scripts/lnd.compact.sh
+++ b/home.admin/config.scripts/lnd.compact.sh
@@ -45,9 +45,6 @@ echo
 echo "# Stop LND"
 sudo systemctl stop lnd
 
-trap "exit" INT TERM ERR
-trap "kill 0" EXIT
-
 echo "# Run LND with --db.bolt.auto-compact"
 sudo -u bitcoin /usr/local/bin/lnd --configfile=/home/bitcoin/.lnd/lnd.conf --db.bolt.auto-compact > /home/admin/lnd.db.bolt.auto-compact.log &
 
@@ -62,9 +59,6 @@ while [ $(sudo -u bitcoin lncli state 2>&1 | grep -c "connection refused") -gt 0
   sleep 10
 done
 
-echo "# LND state:"
-sudo -u bitcoin lncli state
-
 counter=0
 while [ $(sudo -u bitcoin lncli state | grep -c "WAITING_TO_START") -gt 0 ]; do
   echo
@@ -78,7 +72,7 @@ done
 echo "# LND state:"
 sudo -u bitcoin lncli state
 
-sudo pkill lnd >> /home/admin/lnd.db.bolt.auto-compact.log 2>&1
+sudo -u bitcoin pkill lnd 2>/dev/null
 
 echo
 echo "# Finished compacting."

From dc581a940398fe06baa4e847f500291202bcebf1 Mon Sep 17 00:00:00 2001
From: openoms <oms@tuta.io>
Date: Sun, 19 Dec 2021 18:35:27 +0000
Subject: [PATCH 5/5] improve lightning backup texts

---
 home.admin/99updateMenu.sh                    | 31 ++++++++++++-------
 home.admin/config.scripts/cl.backup.sh        | 18 +++++------
 home.admin/config.scripts/lnd.backup.sh       | 16 +++++-----
 .../setup.scripts/dialogLightningWallet-cl.sh |  2 +-
 4 files changed, 37 insertions(+), 30 deletions(-)

diff --git a/home.admin/99updateMenu.sh b/home.admin/99updateMenu.sh
index fb55a9daf..b5201ca91 100755
--- a/home.admin/99updateMenu.sh
+++ b/home.admin/99updateMenu.sh
@@ -34,27 +34,34 @@ Channel Data and download that file to your laptop.
 Do you want to download Lightning Data Backup now?
       " 12 58
     if [ $? -eq 0 ]; then
-      clear
-      echo "*************************************"
-      echo "* PREPARING LIGHTNING BACKUP DOWNLOAD"
-      echo "*************************************"
-      echo "please wait .."
-      sleep 2
       if [ "${lightning}" == "lnd" ] || [ "${lnd}" = "on" ]; then
+        clear
+        echo "***********************************"
+        echo "* PREPARING THE LND BACKUP DOWNLOAD"
+        echo "***********************************"
+        echo "please wait .."
         /home/admin/config.scripts/lnd.compact.sh interactive
         /home/admin/config.scripts/lnd.backup.sh lnd-export-gui
+        echo
+        echo "PRESS ENTER to continue once you're done downloading."
+        read key
       fi
       if [ "${lightning}" == "cl" ] || [ "${cl}" = "on" ]; then
+        clear
+        echo "*******************************************"
+        echo "* PREPARING THE C-LIGHTNING BACKUP DOWNLOAD"
+        echo "*******************************************"
+        echo "please wait .."
         /home/admin/config.scripts/cl.backup.sh cl-export-gui
+        echo
+        echo "PRESS ENTER to continue once you're done downloading."
+        read key
       fi
-      echo
-      echo "PRESS ENTER to continue once you're done downloading."
-      read key
     else
       clear
-      echo "*************************************"
-      echo "* JUST MAKING BACKUP TO OLD SD CARD"
-      echo "*************************************"
+      echo "*****************************************"
+      echo "* JUST MAKING A BACKUP TO THE OLD SD CARD"
+      echo "*****************************************"
       echo "please wait .."
       sleep 2
       if [ "${lightning}" == "lnd" ] || [ "${lnd}" = "on" ]; then
diff --git a/home.admin/config.scripts/cl.backup.sh b/home.admin/config.scripts/cl.backup.sh
index 2cd6dd80d..e46a411bc 100644
--- a/home.admin/config.scripts/cl.backup.sh
+++ b/home.admin/config.scripts/cl.backup.sh
@@ -94,15 +94,15 @@ if [ ${mode} = "cl-export-gui" ]; then
   # offer SCP for download
   clear
   echo
-  echo "****************************"
-  echo "* DOWNLOAD THE RESCUE FILE *"
-  echo "****************************"
+  echo "****************************************"
+  echo "* DOWNLOAD THE C-LIGHTNING RESCUE FILE *"
+  echo "****************************************"
   echo 
   echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
   echo "scp '${fileowner}@${localip}:${filename}' ./"
   echo "ON WINDOWS USE:"
   echo "scp ${fileowner}@${localip}:${filename} ."
-  echo ""
+  echo
   echo "Use password A to authenticate file transfer."
   echo "Check for correct file size after transfer: ${size} byte"
   echo
@@ -191,19 +191,19 @@ if [ ${mode} = "cl-import-gui" ]; then
   while [ "${filename}" == "" ]
     do
       clear 
-      echo "**************************"
-      echo "* UPLOAD THE RESCUE FILE *"
-      echo "**************************"
+      echo "**************************************"
+      echo "* UPLOAD THE C-LIGHTNING RESCUE FILE *"
+      echo "**************************************"
       echo "If you have a cl-rescue backup file on your laptop you can now"
       echo "upload it and restore your latest C-Lightning state."
       echo
-      echo "CAUTION: Dont restore outdated states - risk of loosing funds!"
+      echo "CAUTION: Don't restore outdated states - risk of loosing funds!"
       echo
       echo "To make upload open a new terminal on your laptop,"
       echo "change into the directory where your cl-rescue file is and"
       echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
       echo "scp -r ./cl-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
-      echo ""
+      echo
       echo "Use ${passwordInfo} to authenticate file transfer."
       echo "PRESS ENTER when upload is done"
       read key
diff --git a/home.admin/config.scripts/lnd.backup.sh b/home.admin/config.scripts/lnd.backup.sh
index ccde0844a..786d9f655 100755
--- a/home.admin/config.scripts/lnd.backup.sh
+++ b/home.admin/config.scripts/lnd.backup.sh
@@ -92,16 +92,16 @@ if [ ${mode} = "lnd-export-gui" ]; then
   # offer SCP for download
   clear
   echo
-  echo "****************************"
-  echo "* DOWNLOAD THE RESCUE FILE *"
-  echo "****************************"
+  echo "********************************"
+  echo "* DOWNLOAD THE LND RESCUE FILE *"
+  echo "********************************"
   echo 
   echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
   echo "scp '${fileowner}@${localip}:${filename}' ./"
   echo "ON WINDOWS USE:"
   echo "scp ${fileowner}@${localip}:${filename} ."
   echo "Use password A to authenticate file transfer."
-  echo ""
+  echo
   echo "Check for correct file size after transfer: ${size} byte"
   echo "Use command: stat lnd-rescue-*.tar.gz"
   echo
@@ -187,9 +187,9 @@ if [ ${mode} = "lnd-import-gui" ]; then
   while [ "${filename}" == "" ]
     do
       clear 
-      echo "**************************"
-      echo "* UPLOAD THE RESCUE FILE *"
-      echo "**************************"
+      echo "******************************"
+      echo "* UPLOAD THE LND RESCUE FILE *"
+      echo "******************************"
       echo "If you have a lnd-rescue backup file on your laptop you can now"
       echo "upload it and restore your latest LND state."
       echo
@@ -199,7 +199,7 @@ if [ ${mode} = "lnd-import-gui" ]; then
       echo "change into the directory where your lnd-rescue file is and"
       echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
       echo "scp -r ./lnd-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
-      echo ""
+      echo
       echo "Use ${passwordInfo} to authenticate file transfer."
       echo "PRESS ENTER when upload is done"
       read key
diff --git a/home.admin/setup.scripts/dialogLightningWallet-cl.sh b/home.admin/setup.scripts/dialogLightningWallet-cl.sh
index 0ae1939a6..df52ecd01 100644
--- a/home.admin/setup.scripts/dialogLightningWallet-cl.sh
+++ b/home.admin/setup.scripts/dialogLightningWallet-cl.sh
@@ -110,7 +110,7 @@ if [ ${uploadRESCUE} -eq 1 ]; then
     exit 3
   fi
 
-  # clear setup state from all fomer possible choices (previous loop)
+  # clear setup state from all former possible choices (previous loop)
   sudo sed -i '/^clrescue=/d' $SETUPFILE
 
   # store result in setup state