ckbunker icon indicating copy to clipboard operation
ckbunker copied to clipboard
verified publisher icon Coldcard

Adding to myNode

Open tehelsper opened this issue 4 years ago • 6 comments

I was tinkering with adding this on myNode and ran into an error. I've got a few questions as well.

Questions

  • How critical is the data in the encrypted file? For example, if lost, are funds recoverable via seed or does it add new things you would need to backup to easily recover funds. Derivation paths, additional passwords, etc...?
  • Is there an easy way to run setup only once rather than needing to start with setup, track if user saves config, and restart service with "run"? That process works well for people on command line, but not for enabling a service. For example, I just want to link to :9823.
  • Would there be any security concerns running this as an always on service?

Error

[08/02/2021-22:01:24] Got bunker settings from: ./data/bp-1850f665aa1e22c0.dat
[08/02/2021-22:01:25] Web server at:    http://localhost:9823/setup
[08/02/2021-22:01:25] Connecting to Coldcard.
[08/02/2021-22:01:25] Tord version: 0.3.5.12
[08/02/2021-22:01:25] Found Coldcard 207030635848.
[08/02/2021-22:01:28] Connected to Coldcard 207030635848.
Traceback (most recent call last):
  File "/opt/mynode/ckbunker/env/bin/ck-bunker", line 11, in <module>
    load_entry_point('bunker', 'console_scripts', 'ck-bunker')()
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/opt/mynode/ckbunker/main.py", line 77, in setup_hsm
    asyncio.run(startup(True, local, config_file, None), debug=True)
  File "/usr/local/lib/python3.7/asyncio/runners.py", line 43, in run
    return loop.run_until_complete(main)
  File "/usr/local/lib/python3.7/asyncio/base_events.py", line 587, in run_until_complete
    return future.result()
  File "/opt/mynode/ckbunker/main.py", line 114, in startup
    await asyncio.gather(*aws)
  File "/opt/mynode/ckbunker/conn.py", line 80, in run
    await self.hsm_status()
  File "/opt/mynode/ckbunker/conn.py", line 185, in hsm_status
    h = h or (await self.send_recv(CCProtocolPacker.hsm_status()))
  File "/opt/mynode/ckbunker/conn.py", line 167, in send_recv
    return await asyncio.get_running_loop().run_in_executor(executor, doit)
  File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/opt/mynode/ckbunker/conn.py", line 163, in doit
    return self.dev.send_recv(msg, **kws)
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/ckcc/client.py", line 163, in send_recv
    return CCProtocolUnpacker.decode(resp)
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/ckcc/protocol.py", line 236, in decode
    return d(msg)
  File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/ckcc/protocol.py", line 250, in err_
    raise CCProtoError("Coldcard Error: " + str(msg[4:], 'utf8', 'ignore'), msg[4:])
ckcc.protocol.CCProtoError: Coldcard Error: Unknown cmd

tehelsper avatar Feb 09 '21 04:02 tehelsper

  • the data file is critical to operation, but not the funds... it holds the private key for the Tor service, so once lost, you have to pick a new private key for that which means new onion address.
  • re: run vs. setup ... I'm sure that could be changes to be more automatic. maybe a new mode that does either as needed.
  • its meant to run as always-on, so no security issues there.

doc-hex avatar Feb 09 '21 21:02 doc-hex

Thanks, that's helpful. I think I can start with a default password and only use "run" and not setup. User can then change the password / other settings.

Any thoughts on the python exception?

Does this look like a decent default?

ALLOW_REBOOTS: true
DATA_FILES: /mnt/hdd/mynode/ckbunker
EASY_CAPTCHA: false
#EXPLORA: http://explorerzydxu5ecjrkwceayqybizmpjjznk5izmitf2modhcusuqlid.onion
MASTER_PW: bolt
MAX_IDLE_TIME: 600
MAX_LOGIN_WAIT_TIME: 300
PING_RATE: 15
PLACEHOLDER_KEY: !!binary |
  YWJhYmFiYWJhYmFiYWJhYmFiYWJhYmFiYWJhYmFiYWI=
PORT_NUMBER: 9823
RECONNECT_DELAY: 10
SIMULATOR_SOCK: /tmp/ckcc-simulator.sock
TORD_PORT: default
TOR_SOCKS: socks5h://127.0.0.1:9150

What are the PLACEHOLDER_KEY and ESPLORA values used for?

tehelsper avatar Feb 10 '21 04:02 tehelsper

The python error went away after updating to the latest firmware.

Also, would it be possible to use a hash for MASTER_PW or use some sort of SSO? That way a plaintext copy does not live on disk.

tehelsper avatar Feb 11 '21 04:02 tehelsper

You're right it should be a hash: made an issue #11 for that. PR's welcome.

doc-hex avatar Feb 11 '21 13:02 doc-hex

I've also noticed that the CC can lose connection with CKBunker after a while and need to be reset. This seemed to fix it. The ColdCard was still running and appeared to be in the expected state.

echo 0 > /sys/bus/usb/devices//authorized echo 1 > /sys/bus/usb/devices//authorized

tehelsper avatar Feb 12 '21 04:02 tehelsper

What are the PLACEHOLDER_KEY and ESPLORA values used for?

PLACEHOLDER_KEY is used as a default encryption key, but is going away (gone as of 20200224, so next release maybe?) EXPLORA is the endpoint for explora api for broadcasting transaction. Useful.

lucasmoten avatar Feb 15 '21 00:02 lucasmoten