generate-secrets: fetch rpcauth.py from github

No need to vendor this.
2020-08-27 12:17:40 +02:00 · 2020-08-27 12:17:40 +02:00 · ca18ffb90a
commit ca18ffb90a
parent 4d6127bb76
2 changed files with 8 additions and 48 deletions
--- a/pkgs/generate-secrets/default.nix
+++ b/pkgs/generate-secrets/default.nix
@ -1,9 +1,15 @@
 { pkgs }: with pkgs;

 let
-  rpcauth = pkgs.writeScriptBin "rpcauth" (builtins.readFile ./rpcauth/rpcauth.py);
+  rpcauthSrc = builtins.fetchurl {
+    url = "https://raw.githubusercontent.com/bitcoin/bitcoin/d6cde007db9d3e6ee93bd98a9bbfdce9bfa9b15b/share/rpcauth/rpcauth.py";
+    sha256 = "189mpplam6yzizssrgiyv70c9899ggh8cac76j4n7v0xqzfip07n";
+  };
+  rpcauth = pkgs.writeScriptBin "rpcauth" ''
+    exec ${pkgs.python35}/bin/python ${rpcauthSrc} "$@"
+  '';
 in
 writeScript "generate-secrets" ''
-  export PATH=${lib.makeBinPath [ coreutils apg openssl gnugrep rpcauth python35 ]}
+  export PATH=${lib.makeBinPath [ coreutils apg openssl gnugrep rpcauth ]}
  . ${./generate-secrets.sh} ${./openssl.cnf}
 ''
--- a/pkgs/generate-secrets/rpcauth/rpcauth.py
+++ b/pkgs/generate-secrets/rpcauth/rpcauth.py
@ -1,46 +0,0 @@
-#!/usr/bin/env python3
-# Copyright (c) 2015-2018 The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-from argparse import ArgumentParser
-from base64 import urlsafe_b64encode
-from binascii import hexlify
-from getpass import getpass
-from os import urandom
-
-import hmac
-
-def generate_salt(size):
-    """Create size byte hex salt"""
-    return hexlify(urandom(size)).decode()
-
-def generate_password():
-    """Create 32 byte b64 password"""
-    return urlsafe_b64encode(urandom(32)).decode('utf-8')
-
-def password_to_hmac(salt, password):
-    m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
-    return m.hexdigest()
-
-def main():
-    parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
-    parser.add_argument('username', help='the username for authentication')
-    parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
-    args = parser.parse_args()
-
-    if not args.password:
-        args.password = generate_password()
-    elif args.password == '-':
-        args.password = getpass()
-
-    # Create 16 byte hex salt
-    salt = generate_salt(16)
-    password_hmac = password_to_hmac(salt, args.password)
-
-    print('String to be appended to bitcoin.conf:')
-    print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
-    print('Your password:\n{0}'.format(args.password))
-
-if __name__ == '__main__':
-    main()