Use rpcauth for btc authentication rather than user/pass
This commit is contained in:
parent
e821e7c8bb
commit
35a47949de
|
@ -12,9 +12,12 @@ daemon=1
|
|||
txindex=1
|
||||
|
||||
# Connection settings
|
||||
rpcuser=mynode
|
||||
#rpcuser=mynode
|
||||
# This password was randomly generated by your device. Changing it may cause problems.
|
||||
rpcpassword=bolt
|
||||
#rpcpassword=bolt
|
||||
|
||||
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
|
||||
|
||||
rpcport=8332
|
||||
rpcbind=127.0.0.1
|
||||
rpcallowip=127.0.0.1
|
||||
|
|
|
@ -12,9 +12,12 @@ daemon=1
|
|||
txindex=1
|
||||
|
||||
# Connection settings
|
||||
rpcuser=mynode
|
||||
#rpcuser=mynode
|
||||
# This password was randomly generated by your device. Changing it may cause problems.
|
||||
rpcpassword=bolt
|
||||
#rpcpassword=bolt
|
||||
|
||||
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
|
||||
|
||||
rpcport=8332
|
||||
rpcbind=127.0.0.1
|
||||
rpcallowip=127.0.0.1
|
||||
|
|
|
@ -10,6 +10,7 @@ ExecStartPre=/usr/bin/wait_on_uploader.sh
|
|||
ExecStartPre=/bin/sh -c 'cat /mnt/hdd/mynode/quicksync/.quicksync_complete'
|
||||
EnvironmentFile=/mnt/hdd/mynode/bitcoin/env
|
||||
ExecStart=/usr/local/bin/bitcoind -daemon $BTCARGS -deprecatedrpc=accounts -par=-1 -conf=/home/bitcoin/.bitcoin/bitcoin.conf -printtoconsole -pid=/home/bitcoin/.bitcoin/bitcoind.pid
|
||||
ExecStartPost=+/usr/bin/mynode_post_bitcoin.sh
|
||||
PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid
|
||||
User=bitcoin
|
||||
Group=bitcoin
|
||||
|
|
46
rootfs/standard/usr/bin/gen_rpcauth.py
Executable file
46
rootfs/standard/usr/bin/gen_rpcauth.py
Executable file
|
@ -0,0 +1,46 @@
|
|||
#!/usr/bin/env python3
|
||||
# Copyright (c) 2015-2018 The Bitcoin Core developers
|
||||
# Distributed under the MIT software license, see the accompanying
|
||||
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
from argparse import ArgumentParser
|
||||
from base64 import urlsafe_b64encode
|
||||
from binascii import hexlify
|
||||
from getpass import getpass
|
||||
from os import urandom
|
||||
|
||||
import hmac
|
||||
|
||||
def generate_salt(size):
|
||||
"""Create size byte hex salt"""
|
||||
return hexlify(urandom(size)).decode()
|
||||
|
||||
def generate_password():
|
||||
"""Create 32 byte b64 password"""
|
||||
return urlsafe_b64encode(urandom(32)).decode('utf-8')
|
||||
|
||||
def password_to_hmac(salt, password):
|
||||
m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
|
||||
return m.hexdigest()
|
||||
|
||||
def main():
|
||||
parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
|
||||
parser.add_argument('username', help='the username for authentication')
|
||||
parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
|
||||
args = parser.parse_args()
|
||||
|
||||
if not args.password:
|
||||
args.password = generate_password()
|
||||
elif args.password == '-':
|
||||
args.password = getpass()
|
||||
|
||||
# Create 16 byte hex salt
|
||||
salt = generate_salt(16)
|
||||
password_hmac = password_to_hmac(salt, args.password)
|
||||
|
||||
#print('String to be appended to bitcoin.conf:')
|
||||
print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
|
||||
#print('Your password:\n{0}'.format(args.password))
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
14
rootfs/standard/usr/bin/mynode_post_bitcoin.sh
Executable file
14
rootfs/standard/usr/bin/mynode_post_bitcoin.sh
Executable file
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
|
||||
source /usr/share/mynode/mynode_config.sh
|
||||
|
||||
set -x
|
||||
|
||||
sleep 60s
|
||||
|
||||
# Give admin the ability to access the BTC cookie
|
||||
cp -f /mnt/hdd/mynode/bitcoin/.cookie /home/admin/.bitcoin/.cookie
|
||||
chown admin:admin /home/admin/.bitcoin/.cookie
|
||||
|
||||
# Sync FS
|
||||
sync
|
|
@ -102,7 +102,9 @@ fi
|
|||
cp -f /usr/share/mynode/bitcoin.conf /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
|
||||
PW=$(cat /mnt/hdd/mynode/settings/.btcrpcpw)
|
||||
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
RPCAUTH=$(gen_rpcauth.py mynode $PW)
|
||||
#sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
|
||||
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
|
||||
chown bitcoin:bitcoin /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
|
@ -134,14 +136,12 @@ fi
|
|||
echo "BTC_RPC_PASSWORD=$PW" > /mnt/hdd/mynode/settings/.btcrpc_environment
|
||||
chown bitcoin:bitcoin /mnt/hdd/mynode/settings/.btcrpc_environment
|
||||
if [ -f /mnt/hdd/mynode/bitcoin/bitcoin.conf ]; then
|
||||
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
fi
|
||||
if [ -f /home/admin/.bitcoin/bitcoin.conf ]; then
|
||||
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /home/admin/.bitcoin/bitcoin.conf
|
||||
else
|
||||
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
|
||||
chown admin:admin /home/admin/.bitcoin/bitcoin.conf
|
||||
#sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||
fi
|
||||
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
|
||||
chown admin:admin /home/admin/.bitcoin/bitcoin.conf
|
||||
|
||||
|
||||
# Reset BTCARGS
|
||||
echo "BTCARGS=" > /mnt/hdd/mynode/bitcoin/env
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
set -e
|
||||
|
||||
# Wait to see if bitcoind is synced
|
||||
echo "Checking if Bitcoin is synced..."
|
||||
while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do
|
||||
|
@ -8,6 +11,6 @@ while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do
|
|||
done
|
||||
|
||||
# And finally, make sure bitcoind responds to API requests
|
||||
bitcoin-cli -rpcwait getblockchaininfo
|
||||
bitcoin-cli -datadir=/mnt/hdd/mynode/bitcoin -rpcwait getblockchaininfo
|
||||
|
||||
exit 0
|
|
@ -12,9 +12,12 @@ daemon=1
|
|||
txindex=1
|
||||
|
||||
# Connection settings
|
||||
rpcuser=mynode
|
||||
#rpcuser=mynode
|
||||
# This password was randomly generated by your device. Changing it may cause problems.
|
||||
rpcpassword=bolt
|
||||
#rpcpassword=bolt
|
||||
|
||||
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
|
||||
|
||||
rpcport=8332
|
||||
rpcbind=127.0.0.1
|
||||
rpcallowip=127.0.0.1
|
||||
|
|
|
@ -9,7 +9,7 @@ mynode_bitcoin_cli = Blueprint('mynode_bitcoin_cli',__name__)
|
|||
|
||||
### Helper functions
|
||||
def runcmd(cmd):
|
||||
cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf "+cmd+"; exit 0"
|
||||
cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf --datadir=/mnt/hdd/mynode/bitcoin "+cmd+"; exit 0"
|
||||
try:
|
||||
results = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
|
||||
except Exception as e:
|
||||
|
|
Loading…
Reference in New Issue
Block a user