joinmarket: fix wallet creation

- Fix jm-wallet-seed being globally readable.

- Handle seed extraction failures.
  If seed extraction fails, remove the newly created wallet.
  This guarantees that wallets always have an accompanying seed.
This commit is contained in:
Erik Arvstedt 2021-02-01 22:53:17 +01:00
parent 7458350108
commit d9c87b6a8f
No known key found for this signature in database
GPG Key ID: 33312B944DD97846

View File

@ -185,18 +185,19 @@ in {
# Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet # Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
ExecStartPost = mkIf (bitcoind.network == "mainnet") (nbLib.privileged '' ExecStartPost = mkIf (bitcoind.network == "mainnet") (nbLib.privileged ''
walletname=wallet.jmdat walletname=wallet.jmdat
wallet=${cfg.dataDir}/wallets/$walletname
if [[ ! -f $wallet ]]; then
echo "Create wallet"
pw=$(cat "${secretsDir}"/jm-wallet-password) pw=$(cat "${secretsDir}"/jm-wallet-password)
mnemonic=${secretsDir}/jm-wallet-seed cd ${cfg.dataDir}
if [[ ! -f ${cfg.dataDir}/wallets/$walletname ]]; then if ! sudo -u ${cfg.user} ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
echo Create joinmarket wallet | grep 'recovery_seed' \
# Use bash variables so commands don't proceed on previous failures | cut -d ':' -f2 \
# (like with pipes) | (umask u=r,go=; cat > "${secretsDir}/jm-wallet-seed"); then
cd ${cfg.dataDir} && \ echo "wallet creation failed"
out=$(sudo -u ${cfg.user} \ rm -f "$wallet" "${secretsDir}/jm-wallet-seed"
${nbPkgs.joinmarket}/bin/jm-genwallet \ exit 1
--datadir=${cfg.dataDir} $walletname $pw) fi
recoveryseed=$(echo "$out" | grep 'recovery_seed')
echo "$recoveryseed" | cut -d ':' -f2 > $mnemonic
fi fi
''); '');
ExecStart = "${nbPkgs.joinmarket}/bin/joinmarketd"; ExecStart = "${nbPkgs.joinmarket}/bin/joinmarketd";