From 47b2a2e338ec18af5c4df2af55faa88cf89e6171 Mon Sep 17 00:00:00 2001 From: The MMGen Project Date: Thu, 7 May 2026 17:52:59 +0000 Subject: [PATCH] mmgen-autosign: move help notes to separate module --- mmgen/help/__init__.py | 4 +- mmgen/help/autosign.py | 131 +++++++++++++++++++++++++++++++++++++++++ mmgen/main_autosign.py | 120 +------------------------------------ 3 files changed, 136 insertions(+), 119 deletions(-) create mode 100755 mmgen/help/autosign.py diff --git a/mmgen/help/__init__.py b/mmgen/help/__init__.py index 9524f08c..c4f13cb1 100755 --- a/mmgen/help/__init__.py +++ b/mmgen/help/__init__.py @@ -60,10 +60,10 @@ def gen_arg_tuple(cfg, func, text): return getattr(importlib.import_module( f'{cfg._help_pkg}.help_notes').help_notes(proto, cfg), k)(*args, **kwargs) - def help_mod(modname): + def help_mod(modname, *args, **kwargs): import importlib return importlib.import_module( - f'{cfg._opts.help_pkg}.{modname}').help(proto, cfg) + f'{cfg._opts.help_pkg}.{modname}').help(proto, cfg, *args, **kwargs) from ..protocol import init_proto_from_cfg proto = init_proto_from_cfg(cfg, need_amt=True) diff --git a/mmgen/help/autosign.py b/mmgen/help/autosign.py new file mode 100755 index 00000000..1e97222c --- /dev/null +++ b/mmgen/help/autosign.py @@ -0,0 +1,131 @@ +#!/usr/bin/env python3 +# +# MMGen Wallet, a terminal-based cryptocurrency wallet +# Copyright (C)2013-2026 The MMGen Project +# Licensed under the GNU General Public License, Version 3: +# https://www.gnu.org/licenses +# Public project repositories: +# https://github.com/mmgen/mmgen-wallet +# https://gitlab.com/mmgen/mmgen-wallet + +""" +help.autosign: autosign help notes for the MMGen Wallet suite +""" + +def help(proto, cfg, *, asi): + return f""" + + OPERATIONS + +clean - clean the removable device of unneeded files, removing only non- + essential data +gen_key - generate the wallet encryption key and copy it to the removable + device mounted at mountpoint ‘{asi.mountpoint}’ (as currently + configured) +setup - full setup: run ‘gen_key’ and create temporary signing wallet(s) + for all configured coins +xmr_setup - set up Monero temporary signing wallet(s). Not required during + normal operation: use ‘setup’ with --xmrwallets instead +macos_ramdisk_setup - set up the ramdisk used for storing the temporary signing + wallet(s) (macOS only). Required only when creating the wallet(s) + manually, without ‘setup’ +macos_ramdisk_delete - delete the macOS ramdisk +disable_swap - disable disk swap to prevent potentially sensitive data in + volatile memory from being swapped to disk. Applicable only when + creating temporary signing wallet(s) manually, without ‘setup’ +enable_swap - reenable disk swap. For testing only, should not be invoked in + a production environment +wait - start in loop mode: wait-mount-sign-unmount-wait +wipe_key - wipe the wallet encryption key on the removable device, making + signing transactions or stealing the user’s seed impossible. + The operation is intended as a ‘kill switch’ and thus performed + without prompting +list_led - list boards with tested LED signaling support +test_led - test the current board for LED signaling support + + + USAGE NOTES + +If no operation is specified, this program mounts a removable device +(typically a USB flash drive) containing unsigned MMGen transactions, message +files, and/or XMR wallet output files, signs them, unmounts the removable +device and exits. + +If invoked with ‘wait’, the program waits in a loop, mounting the removable +device, performing signing operations and unmounting the device every time it +is inserted. + +The removable device must have a partition with a filesystem labeled MMGEN_TX +and a user-writable root directory. For interoperability between OS-es, it’s +recommended to use the exFAT file system. + +On both the signing and online machines the mountpoint ‘{asi.mountpoint}’ +(as currently configured) must exist. Linux (not macOS) machines must have +an ‘/etc/fstab’ with the following entry: + + LABEL=MMGEN_TX {asi.mountpoint} auto noauto,user 0 0 + +Signing is performed with a temporary wallet created in volatile memory in +the directory ‘{asi.wallet_dir}’ (as currently configured). The wallet is +encrypted with a 32-byte password saved in the file ‘autosign.key’ in the +root of the removable device’s filesystem. + + + LED SIGNALING SUPPORT + +On supported platforms (selected Orange Pi, Rock Pi, Banana Pi, Nano Pi and +Raspberry Pi boards), a flashing LED indicates whether signing is in progress +or the program is in standby mode, i.e. ready for device insertion or removal. + +The operation ‘test_led’ tests the current installation for LED support, while +‘list_led’ displays a list of supported board/OS combinations. Note that this +list is not exhaustive: signaling may work with other boards, especially those +produced by the listed manufacturers. If ‘test_led’ reports that your board is +not supported, please submit an issue to the mmgen-wallet repository on Github +or via e-mail, including the board model, OS version and output of the +following shell command: + + ls -RH /sys/class/leds/{{*status*,*led*}} + +In the absence of LED support, the user must observe the signing progress +on-screen and wait for the “safe to extract” message to appear. + + +The password and temporary wallet may be created in one operation by invoking +‘mmgen-autosign setup’ with the removable device inserted. In this case, the +temporary wallet is created from the user’s default wallet, if it exists and +the user so desires. If not, the user is prompted to enter a seed phrase. + +Alternatively, the password and temporary wallet may be created separately by +first invoking ‘mmgen-autosign gen_key’ and then creating and encrypting the +wallet using the -P (--passwd-file) option: + + $ mmgen-walletconv -iwords -d{asi.wallet_dir} -p1 -N -P{asi.mountpoint}/autosign.key -Lfoo + +Note that the hash preset must be ‘1’. To use a wallet file as the source +instead of an MMGen seed phrase, omit the ‘-i’ option and add the wallet +file path to the end of the command line. Multiple temporary wallets may +be created in this way and used for signing (note, however, that for XMR +operations only one wallet is supported). + +Autosigning is currently supported on Linux and macOS only. + + + SECURITY NOTE + +By placing wallet and password on separate devices, this program creates +a two-factor authentication setup whereby an attacker must gain physical +control of both the removable device and signing machine in order to sign +transactions. It’s therefore recommended to always keep the removable device +secure, separated from the signing machine and hidden (in your pocket, for +example) when not transacting. In addition, since login access on the +signing machine is required to steal the user’s seed, it’s good practice +to lock the signing machine’s screen once the setup process is complete. + +As a last resort, cutting power to the signing machine will destroy the +volatile memory where the temporary wallet resides and foil any attack, +even if you’ve lost control of the removable device. + +Always remember to power off the signing machine when your signing session +is over. +""" diff --git a/mmgen/main_autosign.py b/mmgen/main_autosign.py index 252e87e8..ee7aea56 100755 --- a/mmgen/main_autosign.py +++ b/mmgen/main_autosign.py @@ -69,129 +69,15 @@ opts_data = { -x, --xmrwallets=L Range or list of wallet numbers to be used for XMR autosigning """, - 'notes': """ - - OPERATIONS - -clean - clean the removable device of unneeded files, removing only non- - essential data -gen_key - generate the wallet encryption key and copy it to the removable - device mounted at mountpoint ‘{asi.mountpoint}’ (as currently - configured) -setup - full setup: run ‘gen_key’ and create temporary signing wallet(s) - for all configured coins -xmr_setup - set up Monero temporary signing wallet(s). Not required during - normal operation: use ‘setup’ with --xmrwallets instead -macos_ramdisk_setup - set up the ramdisk used for storing the temporary signing - wallet(s) (macOS only). Required only when creating the wallet(s) - manually, without ‘setup’ -macos_ramdisk_delete - delete the macOS ramdisk -disable_swap - disable disk swap to prevent potentially sensitive data in - volatile memory from being swapped to disk. Applicable only when - creating temporary signing wallet(s) manually, without ‘setup’ -enable_swap - reenable disk swap. For testing only, should not be invoked in - a production environment -wait - start in loop mode: wait-mount-sign-unmount-wait -wipe_key - wipe the wallet encryption key on the removable device, making - signing transactions or stealing the user’s seed impossible. - The operation is intended as a ‘kill switch’ and thus performed - without prompting -list_led - list boards with tested LED signaling support -test_led - test the current board for LED signaling support - - - USAGE NOTES - -If no operation is specified, this program mounts a removable device -(typically a USB flash drive) containing unsigned MMGen transactions, message -files, and/or XMR wallet output files, signs them, unmounts the removable -device and exits. - -If invoked with ‘wait’, the program waits in a loop, mounting the removable -device, performing signing operations and unmounting the device every time it -is inserted. - -The removable device must have a partition with a filesystem labeled MMGEN_TX -and a user-writable root directory. For interoperability between OS-es, it’s -recommended to use the exFAT file system. - -On both the signing and online machines the mountpoint ‘{asi.mountpoint}’ -(as currently configured) must exist. Linux (not macOS) machines must have -an ‘/etc/fstab’ with the following entry: - - LABEL=MMGEN_TX {asi.mountpoint} auto noauto,user 0 0 - -Signing is performed with a temporary wallet created in volatile memory in -the directory ‘{asi.wallet_dir}’ (as currently configured). The wallet is -encrypted with a 32-byte password saved in the file ‘autosign.key’ in the -root of the removable device’s filesystem. - - - LED SIGNALING SUPPORT - -On supported platforms (selected Orange Pi, Rock Pi, Banana Pi, Nano Pi and -Raspberry Pi boards), a flashing LED indicates whether signing is in progress -or the program is in standby mode, i.e. ready for device insertion or removal. - -The operation ‘test_led’ tests the current installation for LED support, while -‘list_led’ displays a list of supported board/OS combinations. Note that this -list is not exhaustive: signaling may work with other boards, especially those -produced by the listed manufacturers. If ‘test_led’ reports that your board is -not supported, please submit an issue to the mmgen-wallet repository on Github -or via e-mail, including the board model, OS version and output of the -following shell command: - - ls -RH /sys/class/leds/{{*status*,*led*}} - -In the absence of LED support, the user must observe the signing progress -on-screen and wait for the “safe to extract” message to appear. - - -The password and temporary wallet may be created in one operation by invoking -‘mmgen-autosign setup’ with the removable device inserted. In this case, the -temporary wallet is created from the user’s default wallet, if it exists and -the user so desires. If not, the user is prompted to enter a seed phrase. - -Alternatively, the password and temporary wallet may be created separately by -first invoking ‘mmgen-autosign gen_key’ and then creating and encrypting the -wallet using the -P (--passwd-file) option: - - $ mmgen-walletconv -iwords -d{asi.wallet_dir} -p1 -N -P{asi.mountpoint}/autosign.key -Lfoo - -Note that the hash preset must be ‘1’. To use a wallet file as the source -instead of an MMGen seed phrase, omit the ‘-i’ option and add the wallet -file path to the end of the command line. Multiple temporary wallets may -be created in this way and used for signing (note, however, that for XMR -operations only one wallet is supported). - -Autosigning is currently supported on Linux and macOS only. - - - SECURITY NOTE - -By placing wallet and password on separate devices, this program creates -a two-factor authentication setup whereby an attacker must gain physical -control of both the removable device and signing machine in order to sign -transactions. It’s therefore recommended to always keep the removable device -secure, separated from the signing machine and hidden (in your pocket, for -example) when not transacting. In addition, since login access on the -signing machine is required to steal the user’s seed, it’s good practice -to lock the signing machine’s screen once the setup process is complete. - -As a last resort, cutting power to the signing machine will destroy the -volatile memory where the temporary wallet resides and foil any attack, -even if you’ve lost control of the removable device. - -Always remember to power off the signing machine when your signing session -is over. -""" + 'notes': '{n_as}' }, 'code': { 'options': lambda s: s.format( asi = asi, mn_fmts = fmt_list(asi.mn_fmts, fmt='no_spc'), ), - 'notes': lambda s: s.format(asi=asi) + 'notes': lambda s, help_mod: s.format( + n_as = help_mod('autosign', asi=asi)) } }