Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(entrypoint): add support for rotating mnemonic through docker entrypoint #311

Closed
wants to merge 2 commits into from
Closed

feat(entrypoint): add support for rotating mnemonic through docker entrypoint #311

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b054cf1
feat(entrypoint): add support for rotating mnemonic through docker en…
Sep 16, 2022
c7afb55
Merge branch 'main' into talal/rotate-mnemonic-entrypoint
Nov 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,13 @@ copy-binary-from-image: guard-SEMVER
upload-binaries-to-s3: guard-S3_PATH
aws s3 cp ./bin ${S3_PATH}/ --recursive

.PHONY: docker-image-all
docker-image-all: git-submodule-setup
make docker-image
make docker-image-malicious
.PHONY: all
all: git-submodule-setup docker-image docker-image-malicious

.PHONY: git-submodule-setup
git-submodule-setup:
git submodule init
git submodule update

guard-%:
@ if [ -z '${${*}}' ]; then echo 'Environment variable $* not set' && exit 1; fi
@ if [ -z '${${*}}' ]; then echo 'Environment variable $* not set' && exit 1; fi
67 changes: 48 additions & 19 deletions entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,37 @@ create_mnemonic() {
return $ERR
fi

(echo ${PASSWORD} | tofnd ${ARGS} -m create) && echo "... ok" && return $OK
(echo "${PASSWORD}" | tofnd "${ARGS[@]}" -m create) && echo "... ok" && return $OK
return $ERR
}

rotate_mnemonic() {
if [ -a "$ROTATE_PATH" ]; then
echo "File found at $ROTATE_PATH. Attempting to rotate mnemonic"

if [ -a "$IMPORT_PATH" ]; then
timestamp=$(date +%Y-%m-%d-%m)
backup_path="$IMPORT_PATH-$timestamp.bak"
mv "$IMPORT_PATH" "$backup_path"
echo "Warning: Previous import file found. Delete $backup_path file after backing up."
fi

if [ -n "${NOPASSWORD}" ]; then \
echo "Rotating without password"
(tofnd "${ARGS[@]}" -m rotate) || return $ERR
else
echo "Rotating with password"
(echo "$PASSWORD" | tofnd "${ARGS[@]}" -m rotate) || return $ERR
fi
printf "\n\n"
mv "$EXPORT_PATH" "$IMPORT_PATH"
rm "$ROTATE_PATH"
else
echo "Mnemonic rotation skipped. No file found at $ROTATE_PATH"
fi
return $OK
}

# import: import a mnemonic from $IMPORT_PATH
import_mnemonic() {
echo "Importing mnemonic ..."
Expand All @@ -35,10 +62,10 @@ import_mnemonic() {

if [ -n "${NOPASSWORD}" ]; then \
echo "No password"
(cat $IMPORT_PATH | tofnd ${ARGS} -m import) || return $ERR
(tofnd "${ARGS[@]}" -m import < "$IMPORT_PATH") || return $ERR
else
echo "With password"
((echo $PASSWORD && cat $IMPORT_PATH) | tofnd ${ARGS} -m import) || return $ERR
( (echo "$PASSWORD" && cat "$IMPORT_PATH") | tofnd "${ARGS[@]}" -m import) || return $ERR
fi

echo "... ok"
Expand All @@ -48,7 +75,7 @@ import_mnemonic() {
# export: export the mnemonic to $EXPORT_PATH
export_mnemonic() {
echo "Exporting mnemonic ..."
echo ${PASSWORD} | tofnd ${ARGS} -m export || return $ERR
echo "${PASSWORD}" | tofnd "${ARGS[@]}" -m export || return $ERR
echo "... ok"
return $OK
}
Expand All @@ -61,19 +88,24 @@ PASSWORD="${PASSWORD:-$EMPTY_STRING}"
TOFND_HOME=${TOFND_HOME:-"./.tofnd"}
IMPORT_PATH=$TOFND_HOME/import
EXPORT_PATH=$TOFND_HOME/export
ROTATE_PATH=$TOFND_HOME/rotate

echo "Using tofnd root:" $TOFND_HOME
echo "Using tofnd root:" "$TOFND_HOME"

# gather user's args

ARGS=()
# add '--no-password' and '--unsafe' flags to args if enabled
ARGS=${NOPASSWORD:+"--no-password"}
if [ -n "$NOPASSWORD" ]; then ARGS+=("--no-password"); fi

# add '--unsafe' flag to args if enabled
ARGS+=${UNSAFE:+" --unsafe"}
# add '--address' flag to args if enabled
ARGS+=${ADDRESS:+" --address ${ADDRESS}"}
# add '--port' flag to args if enabled
ARGS+=${PORT:+" --port ${PORT}"}
if [ -n "$UNSAFE" ]; then ARGS+=("--unsafe"); fi

# # add '--address' flag to args if enabled
if [ -n "$ADDRESS" ]; then ARGS+=("--address" "$ADDRESS"); fi

# # add '--port' flag to args if enabled
if [ -n "$PORT" ]; then ARGS+=("--port" "$PORT"); fi

# check mnemonic arg
if [ -n "${MNEMONIC_CMD}" ]; then \
Expand All @@ -83,11 +115,10 @@ if [ -n "${MNEMONIC_CMD}" ]; then \
# Order of set up: 1) import mnemonic, 2) create mnemonic.
# If 2) then move the mnemonic to $IMPORT_PATH so that tofnd will not complain
auto)
echo "Trying import" && import_mnemonic \
|| (echo "... skipping. Trying to create" && create_mnemonic && mv $EXPORT_PATH $IMPORT_PATH) \
|| echo "... skipping"
echo "Trying to import mnemonic" && import_mnemonic \
|| (echo "Unable to import mnemonic. Trying to create mnemonic" && create_mnemonic && mv "$EXPORT_PATH" "$IMPORT_PATH") \
|| rotate_mnemonic && echo "Proceeding without creating or importing mnemonic. Using existing mnemonic"
;;

existing)
;;

Expand All @@ -111,11 +142,9 @@ if [ -n "${MNEMONIC_CMD}" ]; then \
exit $ERR
;;
esac

echo "Using existing mnemonic ..."
ARGS+=" -m existing"
ARGS+=("-m" "existing")
fi

# execute tofnd daemon
exec echo ${PASSWORD} | tofnd ${ARGS} "$@"; \
exec echo "${PASSWORD}" | tofnd "${ARGS[@]}" "$@"; \