From 60def0ead76e709f702640b2a506ed1f9d107d8d Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Thu, 21 Sep 2023 15:06:27 +0930
Subject: [PATCH] hsmd: remove #if DEVELOPER in favor of runtime flag.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 hsmd/hsmd.c    | 47 +++++++++++++++++++----------------------------
 hsmd/libhsmd.c | 10 ++--------
 hsmd/libhsmd.h |  5 +++++
 3 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/hsmd/hsmd.c b/hsmd/hsmd.c
index 1af682ffe..b2b4be0be 100644
--- a/hsmd/hsmd.c
+++ b/hsmd/hsmd.c
@@ -35,13 +35,6 @@
  * stream from lightningd. */
 #define REQ_FD 3
 
-#if DEVELOPER
-/* If they specify --dev-force-privkey it ends up in here. */
-extern struct privkey *dev_force_privkey;
-/* If they specify --dev-force-bip32-seed it ends up in here. */
-extern struct secret *dev_force_bip32_seed;
-#endif
-
 /* Temporary storage for the secret until we pass it to `hsmd_init` */
 struct secret hsm_secret;
 
@@ -87,6 +80,9 @@ static UINTMAP(struct client *) clients;
 static struct client *dbid_zero_clients[3];
 static size_t num_dbid_zero_clients;
 
+/* Are we in developer mode */
+static bool developer;
+
 /*~ We need this deep inside bad_req_fmt, and for memleak, so we make it a
  * global. */
 static struct daemon_conn *status_conn;
@@ -437,10 +433,6 @@ static struct io_plan *init_hsm(struct io_conn *conn,
 				struct client *c,
 				const u8 *msg_in)
 {
-	struct privkey *privkey;
-	struct secret *seed;
-	struct secrets *secrets;
-	struct sha256 *shaseed;
 	struct secret *hsm_encryption_key;
 	struct bip32_key_version bip32_key_version;
 	u32 minversion, maxversion;
@@ -454,7 +446,11 @@ static struct io_plan *init_hsm(struct io_conn *conn,
 	 * an extension of the simple comma-separated format output by the
 	 * BOLT tools/extract-formats.py tool. */
 	if (!fromwire_hsmd_init(NULL, msg_in, &bip32_key_version, &chainparams,
-				&hsm_encryption_key, &privkey, &seed, &secrets, &shaseed,
+				&hsm_encryption_key,
+				&dev_force_privkey,
+				&dev_force_bip32_seed,
+				&dev_force_channel_secrets,
+				&dev_force_channel_secrets_shaseed,
 				&minversion, &maxversion))
 		return bad_req(conn, c, msg_in);
 
@@ -476,12 +472,12 @@ static struct io_plan *init_hsm(struct io_conn *conn,
 	/*~ Don't swap this. */
 	sodium_mlock(hsm_secret.data, sizeof(hsm_secret.data));
 
-#if DEVELOPER
-	dev_force_privkey = privkey;
-	dev_force_bip32_seed = seed;
-	dev_force_channel_secrets = secrets;
-	dev_force_channel_secrets_shaseed = shaseed;
-#endif
+	if (!developer) {
+		assert(!dev_force_privkey);
+		assert(!dev_force_bip32_seed);
+		assert(!dev_force_channel_secrets);
+		assert(!dev_force_channel_secrets_shaseed);
+	}
 
 	/* Once we have read the init message we know which params the master
 	 * will use */
@@ -558,7 +554,6 @@ static struct io_plan *pass_client_hsmfd(struct io_conn *conn,
 			     send_pending_client_fd, c);
 }
 
-#if DEVELOPER
 static struct io_plan *handle_memleak(struct io_conn *conn,
 				      struct client *c,
 				      const u8 *msg_in)
@@ -582,7 +577,6 @@ static struct io_plan *handle_memleak(struct io_conn *conn,
 	reply = towire_hsmd_dev_memleak_reply(NULL, found_leak);
 	return req_reply(conn, c, take(reply));
 }
-#endif /* DEVELOPER */
 
 u8 *hsmd_status_bad_request(struct hsmd_client *client, const u8 *msg, const char *error)
 {
@@ -645,13 +639,10 @@ static struct io_plan *handle_client(struct io_conn *conn, struct client *c)
 	case WIRE_HSMD_CLIENT_HSMFD:
 		return pass_client_hsmfd(conn, c, c->msg_in);
 
-#if DEVELOPER
 	case WIRE_HSMD_DEV_MEMLEAK:
-		return handle_memleak(conn, c, c->msg_in);
-#else
-	case WIRE_HSMD_DEV_MEMLEAK:
-#endif /* DEVELOPER */
-
+		if (developer)
+			return handle_memleak(conn, c, c->msg_in);
+		/* fall thru */
 	case WIRE_HSMD_NEW_CHANNEL:
 	case WIRE_HSMD_READY_CHANNEL:
 	case WIRE_HSMD_SIGN_COMMITMENT_TX:
@@ -745,8 +736,8 @@ int main(int argc, char *argv[])
 
 	setup_locale();
 
-	/* This sets up tmpctx, various DEVELOPER options, backtraces, etc. */
-	subdaemon_setup(argc, argv);
+	/* This sets up tmpctx, various --developer options, backtraces, etc. */
+	developer = subdaemon_setup(argc, argv);
 
 	/* A trivial daemon_conn just for writing. */
 	status_conn = daemon_conn_new(NULL, STDIN_FILENO, NULL, NULL, NULL);
diff --git a/hsmd/libhsmd.c b/hsmd/libhsmd.c
index 1eb0e5b7c..c84b6f538 100644
--- a/hsmd/libhsmd.c
+++ b/hsmd/libhsmd.c
@@ -16,12 +16,10 @@
 #include <sodium/utils.h>
 #include <wally_psbt.h>
 
-#if DEVELOPER
 /* If they specify --dev-force-privkey it ends up in here. */
 struct privkey *dev_force_privkey;
 /* If they specify --dev-force-bip32-seed it ends up in here. */
 struct secret *dev_force_bip32_seed;
-#endif
 
 /*~ Nobody will ever find it here!  hsm_secret is our root secret, the bip32
  * tree, bolt12 payer_id keys and derived_secret are derived from that, and
@@ -228,8 +226,7 @@ static void node_key(struct privkey *node_privkey, struct pubkey *node_id)
 	} while (!secp256k1_ec_pubkey_create(secp256k1_ctx, &node_id->pubkey,
 					     node_privkey->secret.data));
 
-#if DEVELOPER
-	/* In DEVELOPER mode, we can override with --dev-force-privkey */
+	/* In --developer mode, we can override with --dev-force-privkey */
 	if (dev_force_privkey) {
 		*node_privkey = *dev_force_privkey;
 		if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &node_id->pubkey,
@@ -237,7 +234,6 @@ static void node_key(struct privkey *node_privkey, struct pubkey *node_id)
 			hsmd_status_failed(STATUS_FAIL_INTERNAL_ERROR,
 				      "Failed to derive pubkey for dev_force_privkey");
 	}
-#endif
 }
 
 /*~ This returns the secret key for this node. */
@@ -2053,8 +2049,7 @@ u8 *hsmd_init(struct secret hsm_secret,
 				     bip32_key_version.bip32_privkey_version,
 				     0, &master_extkey) != WALLY_OK);
 
-#if DEVELOPER
-	/* In DEVELOPER mode, we can override with --dev-force-bip32-seed */
+	/* In --developer mode, we can override with --dev-force-bip32-seed */
 	if (dev_force_bip32_seed) {
 		if (bip32_key_from_seed(dev_force_bip32_seed->data,
 					sizeof(dev_force_bip32_seed->data),
@@ -2063,7 +2058,6 @@ u8 *hsmd_init(struct secret hsm_secret,
 			hsmd_status_failed(STATUS_FAIL_INTERNAL_ERROR,
 					   "Can't derive bip32 master key");
 	}
-#endif /* DEVELOPER */
 
 	/* BIP 32:
 	 *
diff --git a/hsmd/libhsmd.h b/hsmd/libhsmd.h
index 05d427cc9..638819391 100644
--- a/hsmd/libhsmd.h
+++ b/hsmd/libhsmd.h
@@ -89,4 +89,9 @@ void hsmd_status_failed(enum status_failreason code,
 bool hsmd_check_client_capabilities(struct hsmd_client *client,
 				    enum hsmd_wire t);
 
+/* If they specify --dev-force-privkey it ends up in here. */
+extern struct privkey *dev_force_privkey;
+/* If they specify --dev-force-bip32-seed it ends up in here. */
+extern struct secret *dev_force_bip32_seed;
+
 #endif /* LIGHTNING_HSMD_LIBHSMD_H */