From b9fb15fa79d75a134e1d607a929329bdaba17d15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Oliveira?= Date: Fri, 19 Aug 2022 17:29:35 +0100 Subject: [PATCH 1/3] feat: check package hash upon install and update --- lib/blockchain/bitcoin.js | 6 ++++++ lib/blockchain/bitcoincash.js | 4 ++++ lib/blockchain/common.js | 15 +++++++++++++++ lib/blockchain/dash.js | 4 ++++ lib/blockchain/ethereum.js | 4 ++++ lib/blockchain/litecoin.js | 4 ++++ lib/blockchain/monero.js | 4 ++++ lib/blockchain/zcash.js | 4 ++++ 8 files changed, 45 insertions(+) diff --git a/lib/blockchain/bitcoin.js b/lib/blockchain/bitcoin.js index 12c96815..fd0dfbeb 100644 --- a/lib/blockchain/bitcoin.js +++ b/lib/blockchain/bitcoin.js @@ -27,6 +27,10 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Bitcoin Core. This may take a minute...') !isDevMode() && common.es(`sudo supervisorctl stop bitcoin`) common.es(`curl -#o /tmp/bitcoin.tar.gz ${coinRec.url}`) + if (common.es(`sha256 /tmp/bitcoin.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + common.logger.info('Failed to update Bitcoin Core: Package signature do not match!') + return + } common.es(`tar -xzf /tmp/bitcoin.tar.gz -C /tmp/`) common.logger.info('Updating wallet...') @@ -63,6 +67,8 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Bitcoin Core is updated!') } +console.log(typeof common.es(`sha256sum ../../../../../Downloads/monero-linux-x64-v0.18.0.0.tar.bz2 | awk '{print $1}'`).trim()) + function buildConfig () { return `rpcuser=lamassuserver rpcpassword=${common.randomPass()} diff --git a/lib/blockchain/bitcoincash.js b/lib/blockchain/bitcoincash.js index d8ac0efe..88c1865f 100644 --- a/lib/blockchain/bitcoincash.js +++ b/lib/blockchain/bitcoincash.js @@ -20,6 +20,10 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Bitcoin Cash. This may take a minute...') common.es(`sudo supervisorctl stop bitcoincash`) common.es(`curl -#Lo /tmp/bitcoincash.tar.gz ${coinRec.url}`) + if (common.es(`sha256 /tmp/bitcoincash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + common.logger.info('Failed to update Bitcoin Cash: Package signature do not match!') + return + } common.es(`tar -xzf /tmp/bitcoincash.tar.gz -C /tmp/`) common.logger.info('Updating wallet...') diff --git a/lib/blockchain/common.js b/lib/blockchain/common.js index 8db73a72..1a32e092 100644 --- a/lib/blockchain/common.js +++ b/lib/blockchain/common.js @@ -29,37 +29,47 @@ module.exports = { const BINARIES = { BTC: { defaultUrl: 'https://bitcoincore.org/bin/bitcoin-core-0.20.1/bitcoin-0.20.1-x86_64-linux-gnu.tar.gz', + defaultUrlHash: '376194f06596ecfa40331167c39bc70c355f960280bd2a645fdbf18f66527397', defaultDir: 'bitcoin-0.20.1/bin', url: 'https://bitcoincore.org/bin/bitcoin-core-27.1/bitcoin-27.1-x86_64-linux-gnu.tar.gz', + UrlHash: 'c9840607d230d65f6938b81deaec0b98fe9cb14c3a41a5b13b2c05d044a48422', dir: 'bitcoin-27.1/bin' }, ETH: { url: 'https://gethstore.blob.core.windows.net/builds/geth-linux-amd64-1.14.8-a9523b64.tar.gz', + urlHash: 'fff507c90c180443456950e4fc0bf224d26ce5ea6896194ff864c3c3754c136b', dir: 'geth-linux-amd64-1.14.8-a9523b64' }, ZEC: { url: 'https://github.com/zcash/artifacts/raw/master/v5.9.0/bullseye/zcash-5.9.0-linux64-debian-bullseye.tar.gz', + urlHash: 'd385b9fbeeb145f60b0b339d256cabb342713ed3014cd634cf2d68078365abd2', dir: 'zcash-5.9.0/bin' }, DASH: { defaultUrl: 'https://github.com/dashpay/dash/releases/download/v18.1.0/dashcore-18.1.0-x86_64-linux-gnu.tar.gz', + defaultUrlHash: 'd89c2afd78183f3ee815adcccdff02098be0c982633889e7b1e9c9656fbef219', defaultDir: 'dashcore-18.1.0/bin', url: 'https://github.com/dashpay/dash/releases/download/v21.1.0/dashcore-21.1.0-x86_64-linux-gnu.tar.gz', + urlHash: 'a7d0c1b04d53a9b1b3499eb82182c0fa57f4c8768c16163e5d05971bf45d7928', dir: 'dashcore-21.1.0/bin' }, LTC: { defaultUrl: 'https://download.litecoin.org/litecoin-0.18.1/linux/litecoin-0.18.1-x86_64-linux-gnu.tar.gz', + defaultUrlHash: 'ca50936299e2c5a66b954c266dcaaeef9e91b2f5307069b9894048acf3eb5751', defaultDir: 'litecoin-0.18.1/bin', url: 'https://download.litecoin.org/litecoin-0.21.3/linux/litecoin-0.21.3-x86_64-linux-gnu.tar.gz', + urlHash: 'ea231c630e2a243cb01affd4c2b95a2be71560f80b64b9f4bceaa13d736aa7cb', dir: 'litecoin-0.21.3/bin' }, BCH: { url: 'https://github.com/bitcoin-cash-node/bitcoin-cash-node/releases/download/v27.1.0/bitcoin-cash-node-27.1.0-x86_64-linux-gnu.tar.gz', + urlHash: '0dcc387cbaa3a039c97ddc8fb99c1fa7bff5dc6e4bd3a01d3c3095f595ad2dce', dir: 'bitcoin-cash-node-27.1.0/bin', files: [['bitcoind', 'bitcoincashd'], ['bitcoin-cli', 'bitcoincash-cli']] }, XMR: { url: 'https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.3.tar.bz2', + urlHash: '47c7e6b4b88a57205800a2538065a7874174cd087eedc2526bee1ebcce0cc5e3', dir: 'monero-x86_64-linux-gnu-v0.18.3.3', files: [['monerod', 'monerod'], ['monero-wallet-rpc', 'monero-wallet-rpc']] } @@ -133,10 +143,15 @@ function fetchAndInstall (coinRec) { if (!binaries) throw new Error(`No such coin: ${coinRec.code}`) const url = requiresUpdate ? binaries.defaultUrl : binaries.url + const hash = requiresUpdate ? binaries.defaultUrlHash : binaries.urlHash const downloadFile = path.basename(url) const binDir = requiresUpdate ? binaries.defaultDir : binaries.dir es(`wget -q ${url}`) + if (es(`sha256 ${downloadFile} | awk '{print $1}'`).trim() !== hash) { + logger.info(`Failed to install ${coinRec.code}: Package signature do not match!`) + return + } es(`tar -xf ${downloadFile}`) const usrBinDir = isDevMode() ? path.resolve(BLOCKCHAIN_DIR, 'bin') : '/usr/local/bin' diff --git a/lib/blockchain/dash.js b/lib/blockchain/dash.js index 05ace3a7..af225729 100644 --- a/lib/blockchain/dash.js +++ b/lib/blockchain/dash.js @@ -20,6 +20,10 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Dash Core. This may take a minute...') common.es(`sudo supervisorctl stop dash`) common.es(`curl -#Lo /tmp/dash.tar.gz ${coinRec.url}`) + if (common.es(`sha256 /tmp/dash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + common.logger.info('Failed to update Dash Core: Package signature do not match!') + return + } common.es(`tar -xzf /tmp/dash.tar.gz -C /tmp/`) common.logger.info('Updating wallet...') diff --git a/lib/blockchain/ethereum.js b/lib/blockchain/ethereum.js index dd39468a..ab7d2985 100644 --- a/lib/blockchain/ethereum.js +++ b/lib/blockchain/ethereum.js @@ -8,6 +8,10 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating the Geth Ethereum wallet. This may take a minute...') common.es(`sudo supervisorctl stop ethereum`) common.es(`curl -#o /tmp/ethereum.tar.gz ${coinRec.url}`) + if (common.es(`sha256 /tmp/ethereum.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + common.logger.info('Failed to update Geth: Package signature do not match!') + return + } common.es(`tar -xzf /tmp/ethereum.tar.gz -C /tmp/`) common.logger.info('Updating wallet...') diff --git a/lib/blockchain/litecoin.js b/lib/blockchain/litecoin.js index cd02a77f..e488c171 100644 --- a/lib/blockchain/litecoin.js +++ b/lib/blockchain/litecoin.js @@ -20,6 +20,10 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Litecoin Core. This may take a minute...') common.es(`sudo supervisorctl stop litecoin`) common.es(`curl -#o /tmp/litecoin.tar.gz ${coinRec.url}`) + if (common.es(`sha256 /tmp/litecoin.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + common.logger.info('Failed to update Litecoin Core: Package signature do not match!') + return + } common.es(`tar -xzf /tmp/litecoin.tar.gz -C /tmp/`) common.logger.info('Updating wallet...') diff --git a/lib/blockchain/monero.js b/lib/blockchain/monero.js index 447b2722..4bf64983 100644 --- a/lib/blockchain/monero.js +++ b/lib/blockchain/monero.js @@ -22,6 +22,10 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Monero. This may take a minute...') common.es(`sudo supervisorctl stop monero monero-wallet`) common.es(`curl -#o /tmp/monero.tar.gz ${coinRec.url}`) + if (common.es(`sha256 /tmp/monero.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + common.logger.info('Failed to update Monero: Package signature do not match!') + return + } common.es(`tar -xf /tmp/monero.tar.gz -C /tmp/`) common.logger.info('Updating wallet...') diff --git a/lib/blockchain/zcash.js b/lib/blockchain/zcash.js index 51430969..59749f2d 100644 --- a/lib/blockchain/zcash.js +++ b/lib/blockchain/zcash.js @@ -13,6 +13,10 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating your Zcash wallet. This may take a minute...') common.es(`sudo supervisorctl stop zcash`) common.es(`curl -#Lo /tmp/zcash.tar.gz ${coinRec.url}`) + if (common.es(`sha256 /tmp/zcash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + common.logger.info('Failed to update Zcash: Package signature do not match!') + return + } common.es(`tar -xzf /tmp/zcash.tar.gz -C /tmp/`) common.logger.info('Updating wallet...') From f81b254d5ace6e4bdf3c858930ceed90d01fff5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Oliveira?= Date: Fri, 19 Aug 2022 17:30:47 +0100 Subject: [PATCH 2/3] fix: remove debug log --- lib/blockchain/bitcoin.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/blockchain/bitcoin.js b/lib/blockchain/bitcoin.js index fd0dfbeb..e3f5a57c 100644 --- a/lib/blockchain/bitcoin.js +++ b/lib/blockchain/bitcoin.js @@ -67,8 +67,6 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Bitcoin Core is updated!') } -console.log(typeof common.es(`sha256sum ../../../../../Downloads/monero-linux-x64-v0.18.0.0.tar.bz2 | awk '{print $1}'`).trim()) - function buildConfig () { return `rpcuser=lamassuserver rpcpassword=${common.randomPass()} From 06961c29723ad8be8b62bc1a85b22aae2845220e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Oliveira?= Date: Tue, 23 Aug 2022 11:47:54 +0100 Subject: [PATCH 3/3] fix: sha256sum command syntax --- lib/blockchain/bitcoin.js | 2 +- lib/blockchain/bitcoincash.js | 2 +- lib/blockchain/common.js | 2 +- lib/blockchain/dash.js | 2 +- lib/blockchain/ethereum.js | 2 +- lib/blockchain/litecoin.js | 2 +- lib/blockchain/monero.js | 2 +- lib/blockchain/zcash.js | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/blockchain/bitcoin.js b/lib/blockchain/bitcoin.js index e3f5a57c..e5a1a7d6 100644 --- a/lib/blockchain/bitcoin.js +++ b/lib/blockchain/bitcoin.js @@ -27,7 +27,7 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Bitcoin Core. This may take a minute...') !isDevMode() && common.es(`sudo supervisorctl stop bitcoin`) common.es(`curl -#o /tmp/bitcoin.tar.gz ${coinRec.url}`) - if (common.es(`sha256 /tmp/bitcoin.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + if (common.es(`sha256sum /tmp/bitcoin.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { common.logger.info('Failed to update Bitcoin Core: Package signature do not match!') return } diff --git a/lib/blockchain/bitcoincash.js b/lib/blockchain/bitcoincash.js index 88c1865f..53e4ab8e 100644 --- a/lib/blockchain/bitcoincash.js +++ b/lib/blockchain/bitcoincash.js @@ -20,7 +20,7 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Bitcoin Cash. This may take a minute...') common.es(`sudo supervisorctl stop bitcoincash`) common.es(`curl -#Lo /tmp/bitcoincash.tar.gz ${coinRec.url}`) - if (common.es(`sha256 /tmp/bitcoincash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + if (common.es(`sha256sum /tmp/bitcoincash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { common.logger.info('Failed to update Bitcoin Cash: Package signature do not match!') return } diff --git a/lib/blockchain/common.js b/lib/blockchain/common.js index 1a32e092..3e844f6c 100644 --- a/lib/blockchain/common.js +++ b/lib/blockchain/common.js @@ -148,7 +148,7 @@ function fetchAndInstall (coinRec) { const binDir = requiresUpdate ? binaries.defaultDir : binaries.dir es(`wget -q ${url}`) - if (es(`sha256 ${downloadFile} | awk '{print $1}'`).trim() !== hash) { + if (es(`sha256sum ${downloadFile} | awk '{print $1}'`).trim() !== hash) { logger.info(`Failed to install ${coinRec.code}: Package signature do not match!`) return } diff --git a/lib/blockchain/dash.js b/lib/blockchain/dash.js index af225729..51ed159f 100644 --- a/lib/blockchain/dash.js +++ b/lib/blockchain/dash.js @@ -20,7 +20,7 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Dash Core. This may take a minute...') common.es(`sudo supervisorctl stop dash`) common.es(`curl -#Lo /tmp/dash.tar.gz ${coinRec.url}`) - if (common.es(`sha256 /tmp/dash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + if (common.es(`sha256sum /tmp/dash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { common.logger.info('Failed to update Dash Core: Package signature do not match!') return } diff --git a/lib/blockchain/ethereum.js b/lib/blockchain/ethereum.js index ab7d2985..9434ebdc 100644 --- a/lib/blockchain/ethereum.js +++ b/lib/blockchain/ethereum.js @@ -8,7 +8,7 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating the Geth Ethereum wallet. This may take a minute...') common.es(`sudo supervisorctl stop ethereum`) common.es(`curl -#o /tmp/ethereum.tar.gz ${coinRec.url}`) - if (common.es(`sha256 /tmp/ethereum.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + if (common.es(`sha256sum /tmp/ethereum.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { common.logger.info('Failed to update Geth: Package signature do not match!') return } diff --git a/lib/blockchain/litecoin.js b/lib/blockchain/litecoin.js index e488c171..ce128dd0 100644 --- a/lib/blockchain/litecoin.js +++ b/lib/blockchain/litecoin.js @@ -20,7 +20,7 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Litecoin Core. This may take a minute...') common.es(`sudo supervisorctl stop litecoin`) common.es(`curl -#o /tmp/litecoin.tar.gz ${coinRec.url}`) - if (common.es(`sha256 /tmp/litecoin.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + if (common.es(`sha256sum /tmp/litecoin.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { common.logger.info('Failed to update Litecoin Core: Package signature do not match!') return } diff --git a/lib/blockchain/monero.js b/lib/blockchain/monero.js index 4bf64983..870f3920 100644 --- a/lib/blockchain/monero.js +++ b/lib/blockchain/monero.js @@ -22,7 +22,7 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating Monero. This may take a minute...') common.es(`sudo supervisorctl stop monero monero-wallet`) common.es(`curl -#o /tmp/monero.tar.gz ${coinRec.url}`) - if (common.es(`sha256 /tmp/monero.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + if (common.es(`sha256sum /tmp/monero.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { common.logger.info('Failed to update Monero: Package signature do not match!') return } diff --git a/lib/blockchain/zcash.js b/lib/blockchain/zcash.js index 59749f2d..a6baed51 100644 --- a/lib/blockchain/zcash.js +++ b/lib/blockchain/zcash.js @@ -13,7 +13,7 @@ function updateCore (coinRec, isCurrentlyRunning) { common.logger.info('Updating your Zcash wallet. This may take a minute...') common.es(`sudo supervisorctl stop zcash`) common.es(`curl -#Lo /tmp/zcash.tar.gz ${coinRec.url}`) - if (common.es(`sha256 /tmp/zcash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { + if (common.es(`sha256sum /tmp/zcash.tar.gz | awk '{print $1}'`).trim() !== coinRec.urlHash) { common.logger.info('Failed to update Zcash: Package signature do not match!') return }