From b15d71605e549eaeddd3094ac54eedbb566b7e33 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Fri, 27 Aug 2021 17:09:11 +0200
Subject: [PATCH] joinmarket: fix leaking passwords

Previously, `bitcoin-rpcpassword-privileged` and `jm-wallet-password` were
passed as world readable arguments to sed and jm-genwallet subprocesses.
---
 modules/joinmarket.nix | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/modules/joinmarket.nix b/modules/joinmarket.nix
index bdadc92..e6e873d 100644
--- a/modules/joinmarket.nix
+++ b/modules/joinmarket.nix
@@ -33,7 +33,6 @@ let
     rpc_host = ${bitcoind.rpc.address}
     rpc_port = ${toString bitcoind.rpc.port}
     rpc_user = ${bitcoind.rpc.users.privileged.name}
-    @@RPC_PASSWORD@@
     ${optionalString (cfg.rpcWalletFile != null) "rpc_wallet_file = ${cfg.rpcWalletFile}"}
 
     [MESSAGING:server1]
@@ -237,11 +236,13 @@ in {
       requires = [ "bitcoind.service" ];
       after = [ "bitcoind.service" ];
       preStart = ''
-        install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
-          sed -i \
-            "s|@@RPC_PASSWORD@@|rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)|" \
-            '${cfg.dataDir}/joinmarket.cfg'
-        '';
+        {
+          cat ${configFile}
+          echo
+          echo '[BLOCKCHAIN]'
+          echo "rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)"
+        } > '${cfg.dataDir}/joinmarket.cfg'
+      '';
       # Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
       postStart = mkIf (bitcoind.network == "mainnet") ''
         walletname=wallet.jmdat
@@ -252,12 +253,14 @@ in {
             ${bitcoind.cli}/bin/bitcoin-cli -named createwallet \
               wallet_name="${cfg.rpcWalletFile}" disable_private_keys=true
           ''}
-          pw=$(cat "${secretsDir}"/jm-wallet-password)
           cd ${cfg.dataDir}
-          if ! ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
-                 | grep 'recovery_seed' \
-                 | cut -d ':' -f2 \
-                 | (umask u=r,go=; cat > jm-wallet-seed); then
+          # Strip trailing newline from password file
+          if ! tr -d "\n" <"${secretsDir}/jm-wallet-password" \
+               | ${nbPkgs.joinmarket}/bin/jm-genwallet \
+                   --datadir=${cfg.dataDir} --wallet-password-stdin $walletname \
+               | grep 'recovery_seed' \
+               | cut -d ':' -f2 \
+               | (umask u=r,go=; cat > jm-wallet-seed); then
             echo "wallet creation failed"
             rm -f "$wallet" jm-wallet-seed
             exit 1