Use URL variables and small enhancements

bails/.local/bin/install-core

@@ -38,9 +38,10 @@ export LOCAL_DIR=$DOTFILES/.local
 export XDG_CONFIG_HOME=$DOTFILES/.config
 export XDG_CACHE_HOME=$DOTFILES/.cache
 export TMPDIR=$XDG_RUNTIME_DIR
+export DOWNLOAD_DIR=$HOME/.local/share/bitcoin-core
 
-readonly DOWNLOAD_DIR=$HOME/.local/share/bitcoin-core
-
+readonly BITCOIN_CORE_DOMAIN=https://bitcoincore.org
+readonly SECURITY_IN_A_BOX_TOR_URL="http://lxjacvxrozjlxd7pqced7dyefnbityrwqjosuuaqponlg3v7esifrzad.onion/en/"
 
 # Look for good signatures
 # Parameter 1 = Good Signatures required
@@ -96,77 +97,79 @@ search_key() {
 ###############################################################################
 printf '\033]2;Welcome to Bails!\a'
 
+# Clear the terminal
+clear -x
+
 # Close tor connection assistant to clean up the screen
 pkill tca &>/dev/null
 
 # Enable job control so background downloads can be foregrounded to show progress while user waits
 set -m
 
-# Check existing Bitcoin Core version
-cd "$DOWNLOAD_DIR" || exit 1
-
-# shellcheck disable=SC2010
-OLD_VER=$(ls -t | grep bitcoin-core- | head -1 | cut -d- -f3)
+# Setup Persistent Storage in background if it is not already
+( persistent-setup || systemctl reboot ) & tps_setup=$!
 
-# Download Bitcoin Core builder keys
-git clone https://github.com/bitcoin-core/guix.sigs --depth=1 & get_keys=$!
+# Download directly to Persistent Storage if it's already set up
+/usr/local/lib/tpscli is-unlocked && /usr/local/lib/tpscli is-active Dotfiles && \
+DOWNLOAD_DIR=$LOCAL_DIR/share/bitcoin-core
 
-# Download Bitcoin core checksums and signatures in background
-wget --no-host-directories --cut-dirs=1 --recursive --level=1 --accept=SHA256SUMS* --include-directories=bin https://bitcoincore.org/en/download/ & sig_dl=$!
-
-# Download verify-binaries tool
-wget -O verify.py https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/verify-binaries/verify.py & get_verify_tool=$!
+# Check for old versions
+cd "$DOWNLOAD_DIR" || exit 1
+OLD_VER=$(ls -t | grep bitcoin-core- | head -1 | cut -d- -f3)
 
-# Download Bitcoin Core in background to the destination directory # TODO use named pipe mkfifo to tell install-core when it's time to verify signatures.
-wget --continue --no-host-directories --cut-dirs=1 --recursive --level=1 --accept=x86_64-linux-gnu.tar.gz --include-directories=bin https://bitcoincore.org/en/download/ & core_download=$!
+# Get Bitcoin Core builder keys
+until git clone https://github.com/bitcoin-core/guix.sigs --depth=1; do
+    echo "Cloning Bitcoin Core release attestations failed, retrying in $((retry++)) seconds..."
+    rm -Rf guix.sigs
+    sleep $((retry++))
+done & get_keys=$!
 
 # Download chain parameters in background
-wget -O chainparams.cpp https://raw.githubusercontent.com/bitcoin/bitcoin/master/src/kernel/chainparams.cpp & get_size=$!
+wget --continue -O chainparams.cpp https://raw.githubusercontent.com/bitcoin/bitcoin/master/src/kernel/chainparams.cpp & get_size=$!
 
-# Clear the terminal
-clear -x
+# Query latest version
+until wget ${BITCOIN_CORE_DOMAIN}/en/download; do sleep $((retry++)); done
+VER=$(grep -oPm1 '(?<=bitcoin-core-).*(?=/SHA256SUMS.asc)' download
 
-# Setup Persistent Storage if it is not already
-persistent-setup || systemctl reboot
+# Download Bitcoin core checksums and signatures in background
+until wget -cxnH --cut-dirs=1 ${BITCOIN_CORE_DOMAIN}/bin/bitcoin-core-${VER}/SHA256SUMS{,.asc}; do sleep $((retry++)); done & sig_dl=$!
+# Download Bitcoin core binary in background
+until wget -cxnH --cut-dirs=1 ${BITCOIN_CORE_DOMAIN}/bin/bitcoin-core-${VER}/bitcoin-${VER}-x86_64-linux-gnu.tar.gz; do sleep $((retry++)); done & get_core=$!
 
 printf '\033]2;Getting Bitcoin Core builder keys...\a'
 ps -p $get_keys &>/dev/null && fg %"$(jobs -l | grep $get_keys | cut -f1 -d' ' | tr -c -d '[:digit:]')"
-gpg --show-keys guix.sigs/builder-keys/*.gpg > builder-keys
+(cd guix.sigs/"$VER" || exit 1; for name in *; do gpg --show-keys "$DOWNLOAD_DIR"/guix.sigs/builder-keys/"$name".gpg; done) > builder-keys
 
-if [[ -e $LOCAL_DIR/state/installed ]]; then # Refresh keys if updating
+if which bitcoind; then # Refresh keys if updating
     printf '\033]2;Updating all keys from keyserver...\a'
     gpg --refresh-keys
 else # Import a trusted set on first-run.
     for key in ./trusted-keys/*; do
         if grep "$(gpg --show-keys "$key" | grep 'Key fingerprint')" builder-keys; then
             gpg --import "$key"
         else
-            echo "Warning: Bails trusted key $key not found in bitcoin-core/guix.sigs repository, skipping."
+            echo "Warning: Bails trusted key $key not found in bitcoin-core/guix.sigs/$VER, skipping."
         fi
     done
 fi
+
+printf '\033]2;Setup Persistent Storage...\a'
+wait -f "$tps_setup"
+
 printf '\033]2;Getting Bitcoin Core signatures...\a'
 ps -p $sig_dl &>/dev/null && fg %"$(jobs -l | grep $sig_dl | cut -f1 -d' ' | tr -c -d '[:digit:]')"
-# shellcheck disable=SC2010
-NEW_VER=$(ls -t | grep bitcoin-core- | head -1 | cut -d- -f3)
-# Overwrite builder-keys with only those who signed the latest release
-(cd guix.sigs/"$NEW_VER" || exit 1; for name in *; do gpg --show-keys "$DOWNLOAD_DIR"/guix.sigs/builder-keys/"$name".gpg; done) > builder-keys
 # Switch into latest bitcoin-core directory
-cd bitcoin-core-"$NEW_VER" || {
-    zenity --error --title="Download failure" --text="Click OK to try downloading Bitcoin Core again." --ellipsize "$ICON" && \
-    {
-        pkill wget
-        rm --verbose ./*	# removes old downloads
-        sleep 5
-        install-core	# launch this script again
-    }
+cd bitcoin-core-"$VER" || exit 1
+if [ ! -f SHA256SUMS ]; then # TODO read the exit codes of verify.py to handle all error dialogs in a switch.
+    zenity --error --title="Signature file not found" --text="Click OK to try downloading Bitcoin Core again." --ellipsize "$ICON" && \
+    install-core	# Launch this script again
     exit 1
-}
+fi
 export BINVERIFY_MIN_GOOD_SIGS=${BINVERIFY_MIN_GOOD_SIGS:-3}
 who_trusts="the Bails maintainers"
-while [[ "$OLD_VER" != "$NEW_VER" ]] || [ ! -f $LOCAL_DIR/bin/bitcoind ]; do
+while true; do
+    printf '\033]2;Verify checksum signatures...\a'
     good_sig=$(gpg --verify SHA256SUMS.asc SHA256SUMS 2>&1 | grep --count 'Good signature')
-    printf '\033]2;Verify download signatures...\a'
     # TODO: When my PR is merged to bitcoin-core, lets update this file to use it entirely for the download process, using wget only to fetch the latest version number.
     if ((good_sig >= BINVERIFY_MIN_GOOD_SIGS)); then
         zenity --question --title='Further download verification' --text="Your Bitcoin Core download has been successfully verified by $good_sig signatures from individuals trusted by $who_trusts.\n\nFurther download verification is optional. It requires around 5 to 10 minutes.\n\nPerforming additional verification gives further assurance you have not downloaded an unexpected or tampered version of Bitcoin." --cancel-label='Continue Setup' --default-cancel --ok-label='More Verification' "$ICON" --icon-name=gtk-dialog-authentication
@@ -177,47 +180,29 @@ while [[ "$OLD_VER" != "$NEW_VER" ]] || [ ! -f $LOCAL_DIR/bin/bitcoind ]; do
         zenity --warning --title='Verify Bitcoin Core download' --text='Download verification is required.\n\nPerforming the verification steps ensures that you have not downloaded an unexpected or tampered version of Bitcoin, which may result in loss of funds.' --ok-label='Verify Now' "$ICON" --icon-name="gtk-dialog-authentication"
         verified=0
     fi
-    if [ ! -f SHA256SUMS ]; then # TODO read the exit codes of verify.py to handle all error dialogs in a switch.
-        zenity --error --title="Signature file not found" --text="Click OK to try downloading Bitcoin Core again." --ellipsize "$ICON" && \
-        {
-            pkill wget
-            rm --verbose ./*	# removes old download
-            sleep 5
-            install-core	# launch this script again
-        }
-        exit 1
-    fi
     [[ "$who_trusts" == "you" ]] || zenity --info --title="Choose trustworthy individuals" --text="Bitcoin releases are signed by a number of individuals, each with a unique public key. You decide which of these public keys you trust.\n\nTo validate your download's signatures, choose a few individuals who you find trustworthy." "$ICON" --icon-name=security-high
     who_trusts="you"
     check_sigs "$BINVERIFY_MIN_GOOD_SIGS" || BINVERIFY_MIN_GOOD_SIGS=3
 done
 
 # Bring Bitcoin Core download to foreground to display progress and wait for it to complete
 printf '\033]2;Downloading Bitcoin Core...\a'
-ps -p $core_download &>/dev/null && fg %"$(jobs -l | grep $core_download | cut -f1 -d' ' | tr -c -d '[:digit:]')"
+ps -p $get_core &>/dev/null && fg %"$(jobs -l | grep $get_core | cut -f1 -d' ' | tr -c -d '[:digit:]')"
 
-printf '\033]2;Getting Bitcoin Core verification script...\a'
-ps -p $get_verify_tool &>/dev/null && fg %"$(jobs -l | grep $get_verify_tool | cut -f1 -d' ' | tr -c -d '[:digit:]')"
-# Verify download integrity		# TODO make sure they can actually retry the download by re-running the script, that everything gets skipped that needs to be skipped.
-if python3 "$DOWNLOAD_DIR"/verify.py bin SHA256SUMS bitcoin-"$NEW_VER"-x86_64-linux-gnu.tar.gz; then
+# Verify download integrity
+if file_name=$(sha256sum --ignore-missing --check SHA256SUMS); then
     zenity --notification --text="Bitcoin Core download integrity successfully verified." --window-icon=checkbox-checked
 else
-    zenity --warning --title="Download integrity failure" --text="Checksum does not match what was expected.\n\nClick OK to try downloading Bitcoin Core again." --ellipsize "$ICON" && \
-    {
-        rm --verbose ./*	# removes old download
-        cd "$DOWNLOAD_DIR" || exit 1
-        rm --verbose ./*	# removes old download
-        sleep 5
-        install-core	# launch this script again
-    }
+    zenity --error --title="Download integrity failure" --text="Checksum does not match what was expected.\n\nClick OK to try downloading Bitcoin Core again." --ellipsize $ICON && \
+    install-core	# Launch this script again
     exit 1
 fi
 
 # Kill Bitcoin Core if running, wait for it to shutdown safely
 stop-btc
 
 printf '\033]2;Installing Bitcoin Core...\a'
-tar -xvf bitcoin-*-x86_64-linux-gnu.tar* --strip-components=1 --directory=$LOCAL_DIR
+tar -xvf ${file_name::-4} --strip-components=1 --directory=$LOCAL_DIR
 
 # Move completed verified download to persistent storage
 export XDG_DATA_HOME=$LOCAL_DIR/share
@@ -279,29 +264,25 @@ else
     HOME=/home/$USER
     link-dotfiles
     )
+    if (( $(find $DATA_DIR/wallets/* | wc -l) < 2 )); then
+    bails-wallet
+    fi
+    # Display info about IBD, keeping Tails private and extra reading material
+    zenity --info --title='Setup almost complete' --icon-name=bails128 "$ICON" --text='Bitcoin Core has begun syncing the block chain automatically.\nMake sure no one messes with the PC.\n\nTo lock the screen for privacy, press ❖+L (⊞+L or ⌘+L)\n\nIt is safer to exit Bitcoin Core (Ctrl+Q), <a href="file:///usr/share/doc/tails/website/doc/first_steps/shutdown.en.html">shutdown Tails</a> and take your Bails USB stick with you or store it in a safe place than leave Tails running unattended where people you distrust could tamper with it.\n\nIf you want to learn more about using Tails safely read the <a href="file:///usr/share/doc/tails/website/doc.en.html">documentation</a>.\n\nAnother excellent read to improve your physical and digital security tactics is the <a href="http://lxjacvxrozjlxd7pqced7dyefnbityrwqjosuuaqponlg3v7esifrzad.onion/en/">security in-a-box</a> website.'
 fi &>/dev/null
 touch $LOCAL_DIR/state/installed
 
-if (( $(find $DATA_DIR/wallets/* | wc -l) < 2 )); then
-    bails-wallet
-fi
-# Display info about IBD, keeping Tails private and extra reading material
-zenity --info --title='Setup almost complete' --icon-name=bails128 "$ICON" --text='Bitcoin Core has begun syncing the block chain automatically.\nMake sure no one messes with the PC.\n\nTo lock the screen for privacy, press ❖+L (⊞+L or ⌘+L)\n\nIt is safer to exit Bitcoin Core (Ctrl+Q), <a href="file:///usr/share/doc/tails/website/doc/first_steps/shutdown.en.html">shutdown Tails</a> and take your Bails USB stick with you or store it in a safe place than leave Tails running unattended where people you distrust could tamper with it.\n\nIf you want to learn more about using Tails safely read the <a href="file:///usr/share/doc/tails/website/doc.en.html">documentation</a>.\n\nAnother excellent read to improve your physical and digital security tactics is the <a href="http://lxjacvxrozjlxd7pqced7dyefnbityrwqjosuuaqponlg3v7esifrzad.onion/en/">security in-a-box</a> website.'
-
-exit 0
 # Exit by killing controlling terminal
-#echo "Bails installation complete! 
-#
-#Closing this window in 30 seconds, press any key to abort.
-#"
-#
-#for ((i = 30; i >= 1; i--)); do
-#    echo -n "$i "
-#    read -r -t 1 -n 1 && { printf '\n%s\n' "Aborted."; exit 0; }
-#done
-#
-#echo "
-#Closing terminal window..."
-#sleep 3
-#PARENT_PID=$(ps -o ppid= -p $$)
-#kill -9 "$PARENT_PID"
+echo "Bails installation complete! 
+
+Closing this window in 30 seconds, press any key to abort.
+"
+for ((i = 30; i >= 1; i--)); do
+    echo -n "$i "
+    read -r -t 1 -n 1 && { printf '\n%s\n' "Aborted."; exit 0; }
+done
+echo "
+Closing terminal window..."
+sleep 3
+PARENT_PID=$(ps -o ppid= -p $$)
+kill -9 "$PARENT_PID"

bails/.local/bin/persistent-setup

@@ -36,7 +36,7 @@ passwd_unset=$(passwd -S "$USER" | grep -c NP)
     --no-wrap --ok-label='Continue' "$ICON" --icon-name=bails128
 printf '\033]2;Setup the Persistent Storage\a'
 
-# check for already unlocked Persistent Storage
+# Check for already unlocked Persistent Storage
 pgrep -f spaced-repetition || if /usr/local/lib/tpscli is-unlocked; then
     # Check for existing Persistent Storage passphrase
     until [ -d $INSTALL_DIR ]; do
@@ -82,8 +82,8 @@ Write on a hard surface to avoid leaving an imprint of the secret.' \
         --ok-label='I Will Write My Passphrase Down' --icon-name=org.gnome.TextEditor
     # Persistent storage creation
     until /usr/local/lib/tpscli is-unlocked; do
-            sleep 12
-            notify-send --icon=bails128 'Important: Click ↻ or choose the suggested passphrase.' 'To help remember:\n\nCreate a mental image or mnemonic using the words, in order.\nIt might be a story, scenario, or sentence that you can remember and that reminds you of the particular passphrase you chose.'
+        sleep 12
+        notify-send --icon=bails128 'Important: Click ↻ or choose the suggested passphrase.' 'To help remember:\n\nCreate a mental image or mnemonic using the words, in order.\nIt might be a story, scenario, or sentence that you can remember and that reminds you of the particular passphrase you chose.'
     done & notifying+=($!)
 
     until /usr/local/lib/tpscli is-unlocked; do
@@ -134,7 +134,7 @@ if ((passwd_unset)) && ! [ -d "$INSTALL_DIR" ]; then
             --ok-label='I Will Destroy It Once Memorized' "$ICON"
     fi
 
-# Checking features of the Persistent Storage
+# Check features of the Persistent Storage
 if /usr/local/lib/tpscli is-active PersistentDirectory && \
     /usr/local/lib/tpscli is-active GnuPG && \
     /usr/local/lib/tpscli is-active Dotfiles; then
@@ -171,7 +171,7 @@ until /usr/local/lib/tpscli is-active PersistentDirectory && \
         }
 done
 
-# Closes the Persistent Storage window
+# Close the Persistent Storage window
 pkill -f "python3 /usr/local/lib/tps-frontend" &>/dev/null
 pkill -f 'zenity --notification' &>/dev/null
 

bails/.local/bin/spaced-repetition

@@ -30,7 +30,7 @@ screen_is_locked() {
     [ "$session_state" = "yes" ]
 }
 
-# Function to prompt for passphrase using pinentry-gnome3
+# Prompt for passphrase using pinentry-gnome3
 get_passphrase() {
     passphrase="$(echo -e "SETPROMPT $enter Persistent Storage passphrase:\nGETPIN" | pinentry-gnome3 --timeout 99999 2>&1 | grep D | cut -c3-)"
     [ "$passphrase" ]