Non-interactive import via ./ethd keys import

ethd

@@ -637,7 +637,7 @@ the \"Compacting database\" stage it may not output logs for an hour or so, that
     echo ""
 }
 
-keyimport() {
+prep-keyimport() {
     set -Eeuo pipefail
     if [ ! -f "./${ENV_FILE}" ]; then
         echo "${ENV_FILE} configuration file not found, aborting."
@@ -686,7 +686,7 @@ keyimport() {
                     echo "KEYSTORE_PASSWORD not set, aborting"
                     exit 1
                 fi
-                if [ ${__prysm} = 1 ]; then
+                if [ ${__oldskool:-} = 1 -a ${__prysm} = 1 ]; then
                     if [ -z ${WALLET_PASSWORD+x} ]; then
                         echo "Using Prysm and WALLET_PASSWORD not set, aborting"
                         exit 1
@@ -701,6 +701,11 @@ keyimport() {
                 ;;
         esac
     done
+}
+
+keyimport() {
+    __oldskool=1
+    prep-keyimport "$@"
     if [ ${__non_interactive} = 1 ]; then
         cmd run --rm validator-import --non-interactive
     else
@@ -709,7 +714,18 @@ keyimport() {
 }
 
 keys() {
-    cmd run --rm validator-keys "$@"
+    __oldskool=0
+    if [ "${1:-}" = "import" ]; then
+        shift
+        prep-keyimport "$@"
+        if [ ${__non_interactive} = 1 ]; then
+            cmd run --rm validator-keys import --non-interactive
+        else
+            cmd run --rm validator-keys import
+        fi
+    else
+        cmd run --rm validator-keys "$@"
+    fi
 }
 
 upgrade() {
@@ -1359,7 +1375,7 @@ handle_root
 determine_compose
 
 if [ $command = "install" ]; then
-    $command $@
+    $command "$@"
 fi
 
 if ! type -P whiptail >/dev/null 2>&1; then
@@ -1377,4 +1393,4 @@ if ! cmd --help >/dev/null 2>&1; then
     exit 1
 fi
 
-"$command" $@
+$command "$@"

lighthouse-base.yml

@@ -178,6 +178,8 @@ services:
       - lhvalidator-data:/var/lib/lighthouse
       - ./.eth/validator_keys:/validator_keys
       - /etc/localtime:/etc/localtime:ro
+    environment:
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
     depends_on:
       - validator
     entrypoint:

lighthouse-vc-only.yml

@@ -117,6 +117,8 @@ services:
       - lhvalidator-data:/var/lib/lighthouse
       - ./.eth/validator_keys:/validator_keys
       - /etc/localtime:/etc/localtime:ro
+    environment:
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
     depends_on:
       - validator
     entrypoint:

lodestar-base.yml

@@ -168,6 +168,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     environment:
       - LSBUGGED="true"
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
     depends_on:
       - validator
     entrypoint:

lodestar-vc-only.yml

@@ -107,6 +107,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     environment:
       - LSBUGGED="true"
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
     depends_on:
       - validator
     entrypoint:

nimbus-base.yml

@@ -119,6 +119,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     environment:
       - NIMBUGGED="true"
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
     depends_on:
       - consensus
     entrypoint:

prysm-base.yml

@@ -201,6 +201,7 @@ services:
       - ./.eth/validator_keys:/validator_keys
       - /etc/localtime:/etc/localtime:ro
     environment:
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - PRYSM="true"
     depends_on:
       - validator

prysm-vc-only.yml

@@ -138,6 +138,7 @@ services:
       - ./.eth/validator_keys:/validator_keys
       - /etc/localtime:/etc/localtime:ro
     environment:
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - PRYSM="true"
     depends_on:
       - validator

prysm/create-wallet.sh

@@ -1,22 +1,21 @@
 #!/bin/bash
 set -Eeuo pipefail
 
-while true; do
-  prompt="Please choose a wallet password: "
-  read -srp "${prompt}" password1
-  echo
-  read -srp "Please re-enter the wallet password: " password2
-  if [ "$password1" == "$password2" ]; then
-    break
-  else
-    echo "The two entered passwords do not match, please try again."
-    echo
-  fi
-done
+__password=$(echo $RANDOM | md5sum | head -c 32)
 
-echo
-echo "$password1" >/var/lib/prysm/password.txt
+echo "$__password" >/tmp/password.txt
+echo "Wallet password created"
+set +e
+__result=$(validator --datadir=/var/lib/prysm wallet create --${NETWORK} --wallet-dir=/var/lib/prysm --keymanager-kind=imported --accept-terms-of-use --wallet-password-file=/tmp/password.txt 2>&1)
+if echo $__result | grep -qi error; then
+    echo "An error occured while attempting to create a Prysm wallet"
+    echo $__result
+    exit 1
+else
+    echo $__result
+fi
+set -e
+echo "Wallet has been created"
+echo "$__password" >/var/lib/prysm/password.txt
 chmod 600 /var/lib/prysm/password.txt
-echo "Wallet password has been stored."
-validator --datadir /var/lib/prysm wallet create --${NETWORK} --wallet-dir /var/lib/prysm --keymanager-kind direct --accept-terms-of-use --wallet-password-file /var/lib/prysm/password.txt
-echo "Wallet has been created."
+echo "Wallet password stored"

teku-base.yml

@@ -109,6 +109,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     environment:
       - TLS="true"
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
     depends_on:
       - consensus
     entrypoint:

teku-vc-only.yml

@@ -82,6 +82,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     environment:
       - TLS="true"
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
     depends_on:
       - validator
     entrypoint:

vc-utils/keymanager.sh

@@ -33,6 +33,15 @@ print-api-token() {
     echo $__token
 }
 
+get-prysm-wallet() {
+    if [ -f /var/lib/prysm/password.txt ]; then
+        echo "The password for the Prysm wallet is:"
+        cat /var/lib/prysm/password.txt
+    else
+        echo "No stored password found for a Prysm wallet."
+    fi
+}
+
 recipient-get() {
     if [ -z "$__pubkey" ]; then
       echo "Please specify a validator public key"
@@ -48,7 +57,7 @@ recipient-get() {
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "The authorization token is invalid. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         404) echo "Path not found error. Was that the right pubkey? Error: $(echo $__result | jq -r '.message')"; exit 1;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
 }
@@ -73,7 +82,7 @@ recipient-set() {
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "The authorization token is invalid. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         404) echo "Path not found error. Was that the right pubkey? Error: $(echo $__result | jq -r '.message')"; exit 1;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
 }
@@ -93,7 +102,7 @@ recipient-delete() {
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "A fee recipient was found, but cannot be deleted. It may be in a configuration file. Message: $(echo $__result | jq -r '.message')"; exit 0;;
         404) echo "The key was not found on the server, nothing to delete. Message: $(echo $__result | jq -r '.message')"; exit 0;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
 }
@@ -114,7 +123,7 @@ gas-get() {
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "The authorization token is invalid. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         404) echo "Path not found error. Was that the right pubkey? Error: $(echo $__result | jq -r '.message')"; exit 0;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
 }
@@ -139,7 +148,7 @@ gas-set() {
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "The authorization token is invalid. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         404) echo "Path not found error. Was that the right pubkey? Error: $(echo $__result | jq -r '.message')"; exit 0;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
 }
@@ -160,7 +169,7 @@ gas-delete() {
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "A gas limit was found, but cannot be deleted. It may be in a configuration file. Message: $(echo $__result | jq -r '.message')"; exit 0;;
         404) echo "The key was not found on the server, nothing to delete. Message: $(echo $__result | jq -r '.message')"; exit 0;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
 }
@@ -175,7 +184,7 @@ validator-list() {
         200);;
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "The authorization token is invalid. Error: $(echo $__result | jq -r '.message')"; exit 1;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
     if [ $(echo $__result | jq '.data | length') -eq 0 ]; then
@@ -204,7 +213,7 @@ validator-delete() {
         400) echo "The pubkey was formatted wrong. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "The authorization token is invalid. Error: $(echo $__result | jq -r '.message')"; exit 1;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
 
@@ -268,6 +277,7 @@ validator-import() {
 
     if [ ${__non_interactive} = 1 ]; then
         __password="${KEYSTORE_PASSWORD}"
+        __justone=1
     else
         echo "WARNING - imported keys are immediately live. If these keys exist elsewhere,"
         echo "you WILL get slashed. If it has been less than 15 minutes since you deleted them elsewhere,"
@@ -334,14 +344,21 @@ validator-import() {
         for __protectfile in /validator_keys/slashing_protection*.json; do
             [ -f "$__protectfile" ] || continue
             if cat $__protectfile | grep -q "$__pubkey"; then
-                __do_a_protec=1
                 echo "Found slashing protection import file $__protectfile for $__pubkey"
-                echo "It will be imported"
+                if [ $(cat $__protectfile | jq ".data[] | select(.pubkey==\"$__pubkey\") | .signed_blocks | length") -gt 0 \
+                    -o $(cat $__protectfile | jq ".data[] | select(.pubkey==\"$__pubkey\") | .signed_attestations | length") -gt 0 ]; then
+                    __do_a_protec=1
+                    echo "It will be imported"
+                else
+                    echo "WARNING: The file does not contain importable data and will be skipped."
+                    echo "Your validator will be imported WITHOUT slashing protection data."
+                    echo
+                fi
                 break
             fi
         done
         if [ "$__do_a_protec" -eq 0 ]; then
-                echo "No slashing protection import file found for $__pubkey"
+                echo "No viable slashing protection import file found for $__pubkey"
                 echo "Proceeding without slashing protection."
         fi
         __keystore_json=$(cat $__keyfile)
@@ -361,7 +378,7 @@ validator-import() {
         400) echo "The pubkey was formatted wrong. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         401) echo "No authorization token found. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         403) echo "The authorization token is invalid. Error: $(echo $__result | jq -r '.message')"; exit 1;;
-        500) echo "Internal server error. This is a bug. Error: $(echo $__result | jq -r '.message')"; exit 1;;
+        500) echo "Internal server error. Error: $(echo $__result | jq -r '.message')"; exit 1;;
         *) echo "Unexpected return code. Result: $(echo $__result)"; exit 1;;
     esac
         if ! echo $__result | grep -q "data"; then
@@ -436,6 +453,8 @@ usage() {
     echo "      Print the token for the keymanager API running on port 7500."
     echo "      This is also the token for the Prysm Web UI"
     echo
+    echo " get-prysm-wallet"
+    echo "      Print Prysm's wallet password"
 }
 
 set -e
@@ -452,7 +471,8 @@ case "$3" in
         validator-delete
         ;;
     import)
-        validator-import
+        shift 3
+        validator-import "$@"
         ;;
     get-recipient)
         __pubkey=$4
@@ -483,6 +503,9 @@ case "$3" in
     get-api-token)
         print-api-token
         ;;
+    get-prysm-wallet)
+        get-prysm-wallet
+        ;;
     *)
         usage
         ;;