Hello,
since I spent the last few days refreshing my online/offline installation, here are 2 scripts that I think might be of some use.
The first one downloads and installs Bitcoin Core and Armory on the "online" machine : a recent machine that supports the binary packages. It also configures Tor to go through a limited internet (firewall is outside the machine and after installation only the port 9001 is open)
The second one compiles Armory from source on the "offline" machine (obviously online during the process) : an old laptop that does not support the binary package.
The scripts pause when you have to manually check the GPG signatures. You will obviously check somewhere else that the included key ids are correct.
Step to install :
- Dowload and burn a debian install key (netinstall)
- During the install choose the full disk encryption (don't forget the passphrase !)
- On the
online machine run this script as root :
mkdir tmp
cd tmp
# Bitcoin Core
wget https://bitcoin.org/laanwj-releases.asc
gpg --import laanwj-releases.asc
wget https://bitcoin.org/bin/bitcoin-core-0.19.0.1/SHA256SUMS.asc
wget https://bitcoin.org/bin/bitcoin-core-0.19.0.1/bitcoin-0.19.0.1-x86_64-linux-gnu.tar.gz
gpg --verify SHA256SUMS.asc
sha256sum --ignore-missing -c SHA256SUMS.asc
echo "Please verify signatures ..."
read X
tar xvzf bitcoin-0.19.0.1-x86_64-linux-gnu.tar.gz
install -v -m 0755 -o root -g root -t /usr/local/bin bitcoin-0.19.0.1/bin/*
install -v -m 0755 -o root -g root -t /usr/local/lib bitcoin-0.19.0.1/lib/*
mkdir /usr/local/share/man/man1
install -v -m 0755 -o root -g root -t /usr/local/share/man/man1 bitcoin-0.19.0.1/share/man/man1/*
# Armory
gpg --recv-keys --keyserver keyserver.ubuntu.com 4922589A
wget https://github.com/goatpig/BitcoinArmory/releases/download/v0.96.5/sha256sum.txt.asc
wget https://github.com/goatpig/BitcoinArmory/releases/download/v0.96.5/armory_0.96.5_amd64_gcc7.2.deb
gpg --verify sha256sum.txt.asc
sha256sum --ignore-missing -c sha256sum.txt.asc
echo "Please verify signatures ..."
read X
apt-get install -y python-qt4 python-psutil libqtgui4 libqtcore4 qtcore4-l10n \
libmng1 libqt4-dbus libqt4-declarative libqt4-designer \
libqt4-help libqt4-network libqt4-script libqt4-scripttools \
libqt4-svg libqt4-test libqt4-xml libqt4-xmlpatterns \
libqtassistantclient4 libqtdbus4 qdbus libqt4-sql \
sip-api-12.4 python-enum34 qtchooser psmisc
dpkg -i armory_0.96.5_amd64_gcc7.2.deb
# Tor
apt-get install -y tor
echo "ExitPolicy reject *:* # no exits allowed" >> /etc/tor/torrc
echo "Log notice file /var/log/tor/notices.log" >> /etc/tor/torrc
/etc/init.d/tor restart
sleep 10
tail /var/log/tor/notices.log
echo "Press a key when you have a circuit ..."
read X
echo "FascistFirewall 1" >> /etc/tor/torrc
echo "FirewallPorts 9001" >> /etc/tor/torrc
echo "ReachableAddresses *:9001" >> /etc/tor/torrc
/etc/init.d/tor restart
- Firewall your online machine : once a Tor circuit is opened only the TCP outgoing port 9001 should be needed
- On the
offline machine :
- Remove the wifi/bluetooth card (if it's not possible find another laptop)
- Plug in an Ethernet cable
- Install Debian
- Configure it with Full Disk Encryption (DO NOT FORGET YOUR PASSPHRASE)
- Check that your USB-only laser printer is supported without additional driver
- Run the following script as root
apt-get install -y git-core build-essential pyqt4-dev-tools swig libqtcore4 libqt4-dev python-qt4 python-dev python-twisted python-psutil automake autotools-dev libtool rsync pkg-config
gpg --recv-keys --keyserver keyserver.ubuntu.com 4922589A
mkdir src
cd src
git clone git://github.com/goatpig/BitcoinArmory.git
cd BitcoinArmory
git checkout v0.96.5
git tag -v v0.96.5
git submodule init
git submodule update
./autogen.sh
./configure
make
make install
- Remove the Ethernet cable and fill the socket with glue
- Create a new wallet
- Print and verify your backup
- Export the watch only copy to the online machine