coldcard / ckbunker Goto Github PK
View Code? Open in Web Editor NEWCKBunker - A Bitcoin HSM solution to securely authorize transactions using an online Coldcard (over Tor)
Home Page: http://ckbunker.com
License: Other
CKBunker - A Bitcoin HSM solution to securely authorize transactions using an online Coldcard (over Tor)
Home Page: http://ckbunker.com
License: Other
I was tinkering with adding this on myNode and ran into an error. I've got a few questions as well.
Questions
Error
[08/02/2021-22:01:24] Got bunker settings from: ./data/bp-1850f665aa1e22c0.dat
[08/02/2021-22:01:25] Web server at: http://localhost:9823/setup
[08/02/2021-22:01:25] Connecting to Coldcard.
[08/02/2021-22:01:25] Tord version: 0.3.5.12
[08/02/2021-22:01:25] Found Coldcard 207030635848.
[08/02/2021-22:01:28] Connected to Coldcard 207030635848.
Traceback (most recent call last):
File "/opt/mynode/ckbunker/env/bin/ck-bunker", line 11, in <module>
load_entry_point('bunker', 'console_scripts', 'ck-bunker')()
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 829, in __call__
return self.main(*args, **kwargs)
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/opt/mynode/ckbunker/main.py", line 77, in setup_hsm
asyncio.run(startup(True, local, config_file, None), debug=True)
File "/usr/local/lib/python3.7/asyncio/runners.py", line 43, in run
return loop.run_until_complete(main)
File "/usr/local/lib/python3.7/asyncio/base_events.py", line 587, in run_until_complete
return future.result()
File "/opt/mynode/ckbunker/main.py", line 114, in startup
await asyncio.gather(*aws)
File "/opt/mynode/ckbunker/conn.py", line 80, in run
await self.hsm_status()
File "/opt/mynode/ckbunker/conn.py", line 185, in hsm_status
h = h or (await self.send_recv(CCProtocolPacker.hsm_status()))
File "/opt/mynode/ckbunker/conn.py", line 167, in send_recv
return await asyncio.get_running_loop().run_in_executor(executor, doit)
File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run
result = self.fn(*self.args, **self.kwargs)
File "/opt/mynode/ckbunker/conn.py", line 163, in doit
return self.dev.send_recv(msg, **kws)
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/ckcc/client.py", line 163, in send_recv
return CCProtocolUnpacker.decode(resp)
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/ckcc/protocol.py", line 236, in decode
return d(msg)
File "/opt/mynode/ckbunker/env/lib/python3.7/site-packages/ckcc/protocol.py", line 250, in err_
raise CCProtoError("Coldcard Error: " + str(msg[4:], 'utf8', 'ignore'), msg[4:])
ckcc.protocol.CCProtoError: Coldcard Error: Unknown cmd
It would be extremely cool if it could be used as HSM for c-lightning.
With a routing lightning node, you need to put the coins in hot storage. Using a real HSM could ensure that the funds in the hot wallet are used only for routing. Siphoning off the funds would be impossible even if the server was breached.
Seems like we can't leave the page unattended for more than a minute to make changes before bein prompted to enter the crazy letters again.
Would be better if the TOTP QR code showed up on web browser for user to setup... couldn't get the phone to pick up the QR code from CC screen, have to manually enter the code in.
Using Mac Catalina V 10.15.7 and python 3.9
Tord is running as a service via brew. When I open ckbunker setup I get
Unable to connect to local 'tord' server
in terminal.
When I click 'Operate Tor hidden service' tab in bunker setup page via browser I get
No local 'tord' server
Only when I open Tor browser does Ckbunker recognize Tor and allow me to generate an onion address.
When an element of the rule is has no value, then the restriction does not apply. For example, if Destination Whitelist is empty, then the Coldcard will not consider the destination address when considering the rule.
If no rules are defined, then no PSBT will be signed. This can be useful for text message signing applications. On the other hand, an empty rule, allows any transaction to be signed, so be careful!
This reads to me as - if no rules are defined (empty parameter) then no PSBT will be signed, ie... all submitted PSBT's will be denied.
Maybe you should remove the
If no rules are defined, then no PSBT will be signed.
If empty==undefined, you should pick one word and use it throughout documentation.
My assessment of this section is : if all rules are empty then any PSBT submitted will be signed.
Please clarify so I can explain properly in Guide.
When I run ckbunker the captcha image is a broken image on login page ... localhost:9823 ... if i open image in new tab i get ... make_captcha.py line 37 in draw dx,dy = fn.getsize('W') attribute error 'FreeTypeFont' object has no attribute 'getsize' ...
I've seen this on another project; the API has changed and "getsize" method isn't offered anymore.
Seems jinja2 has change a bit and ckbunker need some adaptation.
I am having this error with jinja2 version 3.1.2:
AttributeError: module 'jinja2' has no attribute 'escape'
Reading https://jinja.palletsprojects.com/en/3.1.x/changes/ I see
Markup and escape should be imported from MarkupSafe.
I downgraded to 3.0.3 and now everything works well.
pip uninstall jinja2
pip install jinja2==3.0.3
Created a 2-3 on the Coldcard.
Created an HSM policy.
{ "never_log": false, "must_log": false, "priv_over_ux": false, "boot_to_hsm": null, "period": 1440, "set_sl": null, "allow_sl": null, "rules": [ { "whitelist": [], "per_period": 1000000, "max_amount": null, "users": [ "Single" ], "min_users": 1, "local_conf": false, "wallet": "1" }, { "whitelist": [], "per_period": 10000000, "max_amount": null, "users": [ "Multisig" ], "min_users": 1, "local_conf": false, "wallet": "CC-2-of-3" } ], "msg_paths": null, "share_xpubs": null, "share_addrs": null }
Started HSM mode and let it run for few hours... restarted the Coldcard and the multisig wallet was gone and the CC gave me an error that it couldn't run the HSM policy on device.
from @tehelsper
I've also noticed that the CC can lose connection with CKBunker after a while and need to be reset. This seemed to fix it. The ColdCard was still running and appeared to be in the expected state.
echo 0 > /sys/bus/usb/devices//authorized
echo 1 > /sys/bus/usb/devices//authorized
I've encountered an error when installing ckbunker on a RaspberryPi4 with aarch64-linux.
Hope someone knows a way to get the dependencies compatible...
Installing collected packages: Click, stem, attrs, chardet, multidict, idna, yarl, async-timeout, aiohttp, MarkupSafe, jinja2, aiohttp-jinja2, six, ecdsa, hidapi, pyaes, ckcc-protocol, bunker
Running setup.py install for hidapi ... error
ERROR: Command errored out with exit status 1:
command: /root/Coldcard/ENV/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-8vxcxhta/hidapi/setup.py'"'"'; file='"'"'/tmp/pip-install-8vxcxhta/hidapi/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-lsvtqog3/install-record.txt --single-version-externally-managed --compile --install-headers /root/Coldcard/ENV/include/site/python3.7/hidapi
cwd: /tmp/pip-install-8vxcxhta/hidapi/
Complete output (17 lines):
running install
running build
running build_ext
skipping 'hid.c' Cython extension (up-to-date)
skipping 'hidraw.c' Cython extension (up-to-date)
building 'hid' extension
creating build
creating build/temp.linux-aarch64-3.7
creating build/temp.linux-aarch64-3.7/hidapi
creating build/temp.linux-aarch64-3.7/hidapi/libusb
aarch64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ihidapi/hidapi -I/usr/include/libusb-1.0 -I/usr/include/python3.7m -I/root/Coldcard/ENV/include/python3.7m -c hid.c -o build/temp.linux-aarch64-3.7/hid.o
aarch64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ihidapi/hidapi -I/usr/include/libusb-1.0 -I/usr/include/python3.7m -I/root/Coldcard/ENV/include/python3.7m -c hidapi/libusb/hid.c -o build/temp.linux-aarch64-3.7/hidapi/libusb/hid.o
hidapi/libusb/hid.c:47:10: fatal error: libusb.h: No such file or directory
47 | #include <libusb.h>
| ^~~~~~~~~~
compilation terminated.
error: command 'aarch64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
ERROR: Command errored out with exit status 1: /root/Coldcard/ENV/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-8vxcxhta/hidapi/setup.py'"'"'; file='"'"'/tmp/pip-install-8vxcxhta/hidapi/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /tmp/pip-record-lsvtqog3/install-record.txt --single-version-externally-managed --compile --install-headers /root/Coldcard/ENV/include/site/python3.7/hidapi Check the logs for full command output.
A user is seeing this exception after installing CKBunker. Any ideas? Device is a Raspi 4.
Mar 31 06:54:55 myNode systemd[1]: ckbunker.service: Failed with result 'exit-code'.
Mar 31 06:54:55 myNode systemd[1]: ckbunker.service: Main process exited, code=exited, status=1/FAILURE
Mar 31 06:54:55 myNode ckbunker[1470]: AttributeError: module 'jinja2' has no attribute 'contextfunction'
Mar 31 06:54:55 myNode ckbunker[1470]: @jinja2.contextfunction # type: ignore
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/lib/python3.8/site-packages/aiohttp_jinja2/helpers.py", line 12, in
Mar 31 06:54:55 myNode ckbunker[1470]: from .helpers import GLOBAL_HELPERS
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/lib/python3.8/site-packages/aiohttp_jinja2/__init__.py", line 9, in
Mar 31 06:54:55 myNode ckbunker[1470]: import sys, os, asyncio, logging, aiohttp_jinja2, jinja2, time, weakref, re
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/webapp.py", line 5, in
Mar 31 06:54:55 myNode ckbunker[1470]: import webapp
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/main.py", line 110, in startup
Mar 31 06:54:55 myNode ckbunker[1470]: return future.result()
Mar 31 06:54:55 myNode ckbunker[1470]: File "/usr/local/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
Mar 31 06:54:55 myNode ckbunker[1470]: return loop.run_until_complete(main)
Mar 31 06:54:55 myNode ckbunker[1470]: File "/usr/local/lib/python3.8/asyncio/runners.py", line 44, in run
Mar 31 06:54:55 myNode ckbunker[1470]: asyncio.run(startup(False, local, config_file, psbt), debug=True)
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/main.py", line 68, in start_service
Mar 31 06:54:55 myNode ckbunker[1470]: return __callback(*args, **kwargs)
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/lib/python3.8/site-packages/click/core.py", line 760, in invoke
Mar 31 06:54:55 myNode ckbunker[1470]: return ctx.invoke(self.callback, **ctx.params)
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
Mar 31 06:54:55 myNode ckbunker[1470]: return _process_result(sub_ctx.command.invoke(sub_ctx))
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/lib/python3.8/site-packages/click/core.py", line 1657, in invoke
Mar 31 06:54:55 myNode ckbunker[1470]: rv = self.invoke(ctx)
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/lib/python3.8/site-packages/click/core.py", line 1055, in main
Mar 31 06:54:55 myNode ckbunker[1470]: return self.main(*args, **kwargs)
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/lib/python3.8/site-packages/click/core.py", line 1130, in __call__
Mar 31 06:54:55 myNode ckbunker[1470]: sys.exit(load_entry_point('bunker', 'console_scripts', 'ck-bunker')())
Mar 31 06:54:55 myNode ckbunker[1470]: File "/opt/mynode/ckbunker/env/bin/ck-bunker", line 33, in
Mar 31 06:54:55 myNode ckbunker[1470]: Traceback (most recent call last):
Mar 31 06:54:54 myNode ckbunker[1470]: [31/03/2022-06:54:54] /mnt/hdd/mynode/ckbunker/bp-1850f665aa1e22c0.dat: not found (probably fine)
Mar 31 06:54:53 myNode systemd[1]: Started CKBunker.
Currently I have a Coldcard that is now stuck while booting.
Steps to reproduce.
2. Enable HSM Mode
3. Plug into Dell R730 front usb port (left)
4. Device reboots many times in quick succession
5. Device halts and is bricked.
I believe this could be due to a power delivery issue.
Video
https://youtube.com/shorts/uAUxfT_uets?feature=share
Another thread of the same behavior.
https://www.reddit.com/r/coldcard/comments/11dxex7/mk4_no_longer_boots_past_title_screen/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.