mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2024-11-20 02:09:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
2fa6d25dc5
raspiblitz/home.admin/config.scripts/bonus.faraday.sh

276 lines
8.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# NOTICE: Faraday is now prt of the 'bonus.lit.sh' bundle
# this single install script will still be available for now
# but main focus for the future development should be on LIT
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "Bonus App: faraday -> https://github.com/lightninglabs/faraday"
echo "lnd.faraday.sh [status|on|off]"
echo "# DEPRECATED use instead: bonus.lit.sh"
exit 1
fi
version="0.2.3-alpha"
echo "## bonus.faraday.sh ${version}"
# version and trusted release signer
PGPkeys="https://keybase.io/carlakirkcohen/pgp_keys.asc"
PGPcheck="15E7ECF257098A4EF91655EB4CA7FE54A6213C91"
# 1. parameter [info|verified|reckless]
mode="$1"
# GATHER DATA
source /home/admin/raspiblitz.info
source <(/home/admin/_cache.sh get state)
source /mnt/hdd/raspiblitz.conf
# setting download directory
downloadDir="/home/admin/download"
# detect CPU architecture & fitting download link
cpuArchitecture=""
if [ $(uname -m | grep -c 'arm') -eq 1 ] ; then
cpuArchitecture="armv7"
fi
if [ $(uname -m | grep -c 'aarch64') -eq 1 ] ; then
cpuArchitecture="arm64"
fi
if [ $(uname -m | grep -c 'x86_64') -eq 1 ] ; then
cpuArchitecture="amd64"
fi
if [ $(uname -m | grep -c 'i386\|i486\|i586\|i686\|i786') -eq 1 ] ; then
cpuArchitecture="386"
fi
# check if already installed
installed=0
installedVersion=$(sudo -u faraday /home/faraday/bin/frcli --version 2>/dev/null)
if [ ${#installedVersion} -gt 0 ]; then
installed=1
fi
# STATUS
if [ "${mode}" = "status" ]; then
echo "# status data"
echo "cpuArchitecture='${cpuArchitecture}'"
echo "version='${version}'"
echo "installed=${installed}"
exit 1
fi
# MENU INFO
if [ "${mode}" = "menu" ]; then
if [ ${installed} -q 0 ]; then
whiptail --title " ERROR " --msgbox "Faraday is not installed" 7 30
exit 1
fi
whiptail --title " Faraday " --msgbox "
Faraday is a command line tool. Details see:
https://github.com/lightninglabs/faraday
Terminal-Shortcut: 'faraday' to switch to the dedicated user.
Or use like: sudo -u faraday /home/faraday/bin/frcli -help
" 13 70
exit 1
fi
# INSTALL
if [ "${mode}" = "on" ] || [ "${mode}" = "1" ]; then
if [ -f /etc/systemd/system/faraday.service ]; then
echo "# FAIL - already installed"
sleep 3
exit 1
fi
echo "# INSTALL bonus.faraday.sh version: ${version}"
echo
echo "# clean & change into download directory"
sudo rm -r ${downloadDir}/*
cd "${downloadDir}"
echo "# extract the SHA256 hash from the manifest file for the corresponding platform"
downloadLink="https://github.com/lightninglabs/faraday/releases/download/v${version}/manifest-v${version}.txt"
sudo -u admin wget -N ${downloadLink}
checkDownload=$(ls manifest-v${version}.txt 2>/dev/null | grep -c manifest-v${version}.txt)
if [ ${checkDownload} -eq 0 ]; then
echo "downloadLink='${downloadLink}'"
echo "error='download manifest failed'"
exit 1
fi
SHA256=$(grep -i "linux-${cpuArchitecture}" manifest-v$version.txt | cut -d " " -f1)
echo "# SHA256 hash: $SHA256"
if [ ${#SHA256} -eq 0 ]; then
echo "error='getting checksum failed'"
exit 1
fi
echo
echo "# get Binary"
binaryName="faraday-linux-${cpuArchitecture}-v${version}.tar.gz"
sudo -u admin wget -N https://github.com/lightninglabs/faraday/releases/download/v${version}/${binaryName}
checkDownload=$(ls ${binaryName} 2>/dev/null | grep -c ${binaryName})
if [ ${checkDownload} -eq 0 ]; then
echo "error='download binary failed'"
exit 1
fi
echo
echo "# check binary was not manipulated (checksum test)"
sudo -u admin wget -N https://github.com/lightninglabs/faraday/releases/download/v${version}/manifest-v${version}.txt.sig
sudo -u admin wget -N -O "${downloadDir}/pgp_keys.asc" ${PGPkeys}
binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1)
if [ "${binaryChecksum}" != "${SHA256}" ]; then
echo "error='checksum not matching'"
exit 1
fi
echo
echo "# getting gpg finger print"
gpg --show-keys ./pgp_keys.asc
fingerprint=$(sudo gpg --show-keys "${downloadDir}/pgp_keys.asc" 2>/dev/null | grep "${PGPcheck}" -c)
if [ ${fingerprint} -lt 1 ]; then
echo "error='PGP author check failed'"
exit 1
fi
echo "fingerprint='${fingerprint}'"
echo
echo "# checking PGP finger print"
gpg --import ./pgp_keys.asc
sleep 3
verifyResult=$(LANG=en_US.utf8; gpg --verify manifest-v${version}.txt.sig 2>&1)
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
echo "goodSignature='${goodSignature}'"
correctKey=$(echo ${verifyResult} | tr -d " \t\n\r" | grep "${PGPcheck}" -c)
echo "correctKey='${correctKey}'"
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
echo "error='PGP verify fail'"
exit 1
fi
# create dedicated user
echo "# Add the 'faraday' user"
sudo adduser --disabled-password --gecos "" faraday
# set PATH for the user
sudo bash -c "echo 'PATH=\$PATH:/home/faraday/bin/' >> /home/faraday/.profile"
# install
echo
echo "# unzip binary: ${binaryName}"
sudo -u admin tar -xzf ${binaryName}
# removing the tar.gz ending from the binary
directoryName="${binaryName%.*.*}"
echo "# install binary directory '${directoryName}'"
sudo -u faraday mkdir -p /home/faraday/bin
sudo install -m 0755 -o faraday -g faraday -t /home/faraday/bin ${directoryName}/*
sleep 3
installed=$(sudo -u faraday /home/faraday/bin/frcli --version)
if [ ${#installed} -eq 0 ]; then
echo "error='install failed'"
exit 1
fi
# make sure symlink to central app-data directory exists ***"
sudo rm -rf /home/faraday/.lnd # not a symlink.. delete it silently
# create symlink
sudo ln -s /mnt/hdd/app-data/lnd/ /home/faraday/.lnd
# sync all macaroons and unix groups for access
/home/admin/config.scripts/lnd.credentials.sh sync "${chain:-main}net"
# macaroons will be checked after install
# add user to group with admin access to lnd
sudo /usr/sbin/usermod --append --groups lndadmin faraday
# add user to group with readonly access on lnd
sudo /usr/sbin/usermod --append --groups lndreadonly faraday
# add user to group with invoice access on lnd
sudo /usr/sbin/usermod --append --groups lndinvoice faraday
# add user to groups with all macaroons
sudo /usr/sbin/usermod --append --groups lndinvoices faraday
sudo /usr/sbin/usermod --append --groups lndchainnotifier faraday
sudo /usr/sbin/usermod --append --groups lndsigner faraday
sudo /usr/sbin/usermod --append --groups lndwalletkit faraday
sudo /usr/sbin/usermod --append --groups lndrouter faraday
# install service
echo "*** Install systemd ***"
echo "
[Unit]
Description=faraday
Wants=lnd.service
After=lnd.service
[Service]
User=faraday
WorkingDirectory=/home/faraday/
ExecStart=/home/faraday/bin/faraday \
#--network=${chain}net
#--connect_bitcoin \
#--bitcoin.host=127.0.0.1:8332 \
#--bitcoin.user=raspibolt \
#--bitcoin.password=PASSWORD_B
Restart=always
TimeoutSec=120
RestartSec=30
StandardOutput=null
StandardError=journal
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
" | sudo tee -a /etc/systemd/system/faraday.service
sudo systemctl enable faraday
echo "# OK - the Faraday service is now enabled"
if [ "${state}" == "ready" ]; then
sudo systemctl start faraday
fi
echo "# default config path"
sudo mkdir /home/faraday/.faraday
sudo mkdir /home/faraday/.faraday/${chain}net
sudo chown -R faraday:faraday /home/faraday/.faraday
echo "# flag in raspiblitz config"
/home/admin/config.scripts/blitz.conf.sh set faraday "on"
echo "# OK Faraday is installed"
echo "# please 'restart' for clean creation of faraday tls/macaroons"
exit 1
fi
# DEINSTALL
if [ "${mode}" = "off" ] || [ "${mode}" = "0" ]; then
echo "# DEINSTALL"
echo "# remove systemd service"
sudo systemctl stop faraday
sudo systemctl disable faraday
sudo rm /etc/systemd/system/faraday.service
echo "# remove faraday user & binary"
sudo userdel -r -f faraday
echo "# modify config file"
/home/admin/config.scripts/blitz.conf.sh set faraday "off"
exit 1
fi
echo "error='parameter not known'"
exit 1
Reference in New Issue View Git Blame Copy Permalink