mirror of
https://github.com/fort-nix/nix-bitcoin.git
synced 2024-11-24 07:32:19 +03:00
a359cdfb66
Password length and alphabet is unchanged, but the restriction to include at least one numeric and one capital char has been removed. This restriction is not needed by client applications, adds code complexity, and even (insignificantly) reduces entropy. Reason for switching to pwgen: apg uses /dev/random instead of /dev/urandom which brings no security benefits but can stall the generate-secrets script on low-entropy devices due to blocking. Since `security.rngd` has been disabled in NixOS 20.09, blocking in generate-secrets can also appear on regular NixOS desktop systems.
16 lines
539 B
Nix
16 lines
539 B
Nix
{ pkgs }: with pkgs;
|
|
|
|
let
|
|
rpcauthSrc = builtins.fetchurl {
|
|
url = "https://raw.githubusercontent.com/bitcoin/bitcoin/d6cde007db9d3e6ee93bd98a9bbfdce9bfa9b15b/share/rpcauth/rpcauth.py";
|
|
sha256 = "189mpplam6yzizssrgiyv70c9899ggh8cac76j4n7v0xqzfip07n";
|
|
};
|
|
rpcauth = pkgs.writeScriptBin "rpcauth" ''
|
|
exec ${pkgs.python3}/bin/python ${rpcauthSrc} "$@"
|
|
'';
|
|
in
|
|
writers.writeBash "generate-secrets" ''
|
|
export PATH=${lib.makeBinPath [ coreutils pwgen openssl gnugrep rpcauth ]}
|
|
. ${./generate-secrets.sh} ${./openssl.cnf}
|
|
''
|