diff --git a/pkgs/generate-secrets/default.nix b/pkgs/generate-secrets/default.nix index 10c20f2..00a15cf 100644 --- a/pkgs/generate-secrets/default.nix +++ b/pkgs/generate-secrets/default.nix @@ -1,9 +1,15 @@ { pkgs }: with pkgs; let - rpcauth = pkgs.writeScriptBin "rpcauth" (builtins.readFile ./rpcauth/rpcauth.py); + rpcauthSrc = builtins.fetchurl { + url = "https://raw.githubusercontent.com/bitcoin/bitcoin/d6cde007db9d3e6ee93bd98a9bbfdce9bfa9b15b/share/rpcauth/rpcauth.py"; + sha256 = "189mpplam6yzizssrgiyv70c9899ggh8cac76j4n7v0xqzfip07n"; + }; + rpcauth = pkgs.writeScriptBin "rpcauth" '' + exec ${pkgs.python35}/bin/python ${rpcauthSrc} "$@" + ''; in writeScript "generate-secrets" '' - export PATH=${lib.makeBinPath [ coreutils apg openssl gnugrep rpcauth python35 ]} + export PATH=${lib.makeBinPath [ coreutils apg openssl gnugrep rpcauth ]} . ${./generate-secrets.sh} ${./openssl.cnf} '' diff --git a/pkgs/generate-secrets/rpcauth/rpcauth.py b/pkgs/generate-secrets/rpcauth/rpcauth.py deleted file mode 100644 index b14c801..0000000 --- a/pkgs/generate-secrets/rpcauth/rpcauth.py +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env python3 -# Copyright (c) 2015-2018 The Bitcoin Core developers -# Distributed under the MIT software license, see the accompanying -# file COPYING or http://www.opensource.org/licenses/mit-license.php. - -from argparse import ArgumentParser -from base64 import urlsafe_b64encode -from binascii import hexlify -from getpass import getpass -from os import urandom - -import hmac - -def generate_salt(size): - """Create size byte hex salt""" - return hexlify(urandom(size)).decode() - -def generate_password(): - """Create 32 byte b64 password""" - return urlsafe_b64encode(urandom(32)).decode('utf-8') - -def password_to_hmac(salt, password): - m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256') - return m.hexdigest() - -def main(): - parser = ArgumentParser(description='Create login credentials for a JSON-RPC user') - parser.add_argument('username', help='the username for authentication') - parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?') - args = parser.parse_args() - - if not args.password: - args.password = generate_password() - elif args.password == '-': - args.password = getpass() - - # Create 16 byte hex salt - salt = generate_salt(16) - password_hmac = password_to_hmac(salt, args.password) - - print('String to be appended to bitcoin.conf:') - print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac)) - print('Your password:\n{0}'.format(args.password)) - -if __name__ == '__main__': - main()