mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-03-01 09:00:15 +01:00
bec03c8566
* cln: use default normal feerate to withdraw all * Bugfix: bad subsititution (#3668) Fix for error: /home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution * whiptail one line * fix syntax * lnproxy: fix api access through nginx (#3671) * lnproxy: fix api access through nginx * fix tor config and fit the menu * add to the menu and provision * merge #3682 * cln update to v23.02, backup-plugin update, add poetry (#3684) * cln backup-plugin update, add poetry * fix mkdir error, remove commented code, fmt #3677 * poetry and path fixes * add terminal feedback, format #3676 * detect the full name of the plugin * install pyln-client tqdm with pip * git-verify: add --keyid-format LONG to recognise if the signing key is not the main key * cln update to v23.02 * cln-grpc: add protobuf-compiler dep * rtl update to v0.13.6 and formatting * C-lightningREST update to v0.10.1 * CLN FAQ update (#3666) * improve the detection of existing cln aliases * add the emergencyrecover instructions to CLN FAQ * update help entries * Update Tallycoin to version 1.8.0 (#3693) * add tallycoin update info to CHANGES * Fix typo in README.md (#3699) excepted -> accepted * #3694 add LCD info * #3664 att timeout 30s to ln monitor calls (#3665) * fix setting LND_REST_ENDPOINT (#3689) * btcpay update v1.8.2, postgres database fix (#3697) * btcpay update v1.8.0, postgres database fix * btcpayserver update to v1.8.2 * update lnbits to 0.10.2 and use poetry instead of venv (#3703) * fix apt update Key error for influx repo (#3711) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * fix missing timeout value for nc cmnd (#3712) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * #3706 Update CLN v23.02.2 (#3716) * used patched/rolledback 23.02.2 release * check rusty sig * fix typo * fix default lightning setting * #3683 Update LIT to 0.8.6 (#3717) * update LIT to 0.8.6 * activate lnd rpcmiddleware * CHANGES.md * #3667 change all up/download from sftp tp scp (#3718) * #3722 add no hostkeys available detection (#3723) * #1186 FinTS/HBCI interface (#3704) * #1186 FinTS install script first draft * only start app when blitz is ready * improve menu * improve dit lnbits config * preserve edit * improve edit * improve edit * fix insertion * dont use fingerprint * now use main repo * add port * show local ip * fix typo * show port SSL * Update bonus.lndg.sh (#3725) * Update bonus.lndg.sh Changes version to v1.6.0. Fixes update menu bug. Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats). * Update bonus.lndg.sh Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future). * #3725 update lndg version in CHANGES * #3692 update lnd to v0.16.0-beta (#3732) * update SD CARD base image info * Clenaup CHANGES info * RTL install fix (#3739) * c-lightning-REST update to 0.10.2, fmt * rtl: npm insatll with --legacy-peer-deps * purge c-lightning-REST as well with RTL * jam update to v0.1.5 (#3736) * 3733 CLN GRPC > JRPC (#3741) * change exit code * change to cln_jrpc * deactivate the cln_grpc settings * set v1.9.0rc3 version * improve git verify * move fatpack into external script --------- Co-authored-by: openoms <oms@tuta.io> Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: DJ Booth <djbooth007@gmail.com> Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com> Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com> Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>
93 lines
3.1 KiB
Bash
93 lines
3.1 KiB
Bash
#!/bin/bash
|
|
|
|
# command info
|
|
if [ $# -lt 3 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
|
echo "script use to verify a git commit or tag"
|
|
echo "Usage:"
|
|
echo "Run after 'git reset --hard VERSION' with the user running the installation"
|
|
echo "To verify the checked out commit:"
|
|
echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint]"
|
|
echo "To use 'git verify-tag' add the 'tag':"
|
|
echo "blitz.git-verify.sh [PGPsigner] [PGPpubkeyLink] [PGPpubkeyFingerprint] <tag>"
|
|
exit 1
|
|
fi
|
|
|
|
# Example for commits created on GitHub:
|
|
# PGPsigner="web-flow"
|
|
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
|
|
# PGPpubkeyFingerprint="4AEE18F83AFDEB23"
|
|
|
|
# Example for commits signed with a personal PGP key:
|
|
# PGPsigner="janoside"
|
|
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
|
|
# PGPpubkeyFingerprint="F579929B39B119CC7B0BB71FB326ACF51F317B69"
|
|
|
|
# Run with the installing user to clear permissions:
|
|
# sudo -u btcrpcexplorer /home/admin/config.scripts/blitz.git-verify.sh \
|
|
# "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
|
|
|
|
PGPsigner="$1"
|
|
PGPpubkeyLink="$2"
|
|
PGPpubkeyFingerprint="$3"
|
|
|
|
wget -O /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"
|
|
|
|
# in the case the wget above fails, try to use curl instead
|
|
if [ $? -ne 0 ]; then
|
|
echo "# WARNING --> wget failed to download the PGP key, trying curl instead" >&2
|
|
curl -o /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"
|
|
if [ $? -ne 0 ]; then
|
|
echo "# ERROR --> curl failed to download the PGP key" >&2
|
|
echo "# Exiting" >&2
|
|
exit 6
|
|
fi
|
|
fi
|
|
|
|
gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
|
|
fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
|
|
if [ "${fingerprint}" -lt 1 ]; then
|
|
echo
|
|
echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2
|
|
echo "# Should contain PGP: ${PGPpubkeyFingerprint}" >&2
|
|
echo "# Exiting" >&2
|
|
exit 7
|
|
fi
|
|
gpg --import /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
|
|
rm /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
|
|
|
|
trap 'rm -f "$_temp"' EXIT
|
|
_temp="$(mktemp -p /dev/shm/)"
|
|
|
|
if [ $# -eq 3 ]; then
|
|
commitHash="$(git log --oneline | head -1 | awk '{print $1}')"
|
|
gitCommand="git verify-commit $commitHash"
|
|
commitOrTag="$commitHash commit"
|
|
elif [ $# -eq 4 ]; then
|
|
gitCommand="git verify-tag $4"
|
|
commitOrTag="$4 tag"
|
|
fi
|
|
echo "# running: ${gitCommand}"
|
|
if ${gitCommand} 2>&1 >&"$_temp"; then
|
|
goodSignature=1
|
|
else
|
|
goodSignature=0
|
|
fi
|
|
echo
|
|
cat "$_temp"
|
|
echo "# goodSignature(${goodSignature})"
|
|
|
|
correctKey=$(tr -d " \t\n\r" <"$_temp" | grep "${PGPpubkeyFingerprint}" -c)
|
|
echo "# correctKey(${correctKey})"
|
|
|
|
if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then
|
|
echo
|
|
echo "# BUILD FAILED --> PGP verification not OK / signature(${goodSignature}) verify(${correctKey})"
|
|
exit 1
|
|
else
|
|
echo
|
|
echo "##########################################################################"
|
|
echo "# OK --> the PGP signature of the checked out ${commitOrTag} is correct"
|
|
echo "##########################################################################"
|
|
echo
|
|
exit 0
|
|
fi
|