From f0dca80cd7bfce653f53692737f7547903ebdb60 Mon Sep 17 00:00:00 2001
From: Bui Quang Minh <minh.bui@skymavis.com>
Date: Wed, 19 Apr 2023 15:22:24 +0700
Subject: [PATCH 1/2] fix: don't create account automatically

Currently, we automatically create account when no private key is provided and
there is not account in keystore. This behavior may lead to mistakes when
setting up node, so we remove this behavior in this commit.
---
 docker/chainnode/entrypoint.sh | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/docker/chainnode/entrypoint.sh b/docker/chainnode/entrypoint.sh
index b27dfce8d0..4be9e75e5b 100755
--- a/docker/chainnode/entrypoint.sh
+++ b/docker/chainnode/entrypoint.sh
@@ -91,16 +91,17 @@ if [[ $accountsCount -le 0 ]]; then
       --keystore $KEYSTORE_DIR \
       --password $PASSWORD_FILE
     rm ./private_key
-  else
-    echo "Creating new account"
-    ronin account new \
-      --datadir $datadir \
-      --keystore $KEYSTORE_DIR \
-      --password $PASSWORD_FILE
+    unset PRIVATE_KEY
   fi
 fi
 
-if [[ ! -z $KEYSTORE_DIR ]]; then
+accountsCount=$(
+  ronin account list --datadir $datadir  --keystore $KEYSTORE_DIR \
+  2> /dev/null \
+  | wc -l
+)
+
+if [[ $accountsCount -gt 0 ]]; then
   account=$(
     ronin account list --datadir $datadir  --keystore $KEYSTORE_DIR \
     2> /dev/null \

From ef5e94950b4ff535144936caecc5d8e32ed0dbda Mon Sep 17 00:00:00 2001
From: Bui Quang Minh <minh.bui@skymavis.com>
Date: Wed, 19 Apr 2023 16:33:59 +0700
Subject: [PATCH 2/2] fix: abort if the private key is different from existed
 account

This commit creates a subcommand check in account command of Ronin to check if
the corresponding account of provided private key exist in the imported account.
When starting Ronin from entrypoint.sh, if the provided private key is different
from imported account, the process is aborted.
---
 cmd/ronin/accountcmd.go        | 55 +++++++++++++++++++++++++++++-----
 docker/chainnode/entrypoint.sh | 25 ++++++++++++----
 2 files changed, 67 insertions(+), 13 deletions(-)

diff --git a/cmd/ronin/accountcmd.go b/cmd/ronin/accountcmd.go
index e33b9eb0fb..648f254bdf 100644
--- a/cmd/ronin/accountcmd.go
+++ b/cmd/ronin/accountcmd.go
@@ -35,7 +35,7 @@ var (
 		ArgsUsage: "",
 		Category:  "ACCOUNT COMMANDS",
 		Description: `
-    geth wallet import /path/to/my/presale.wallet
+    ronin wallet import /path/to/my/presale.wallet
 
 will prompt for your password and imports your ether presale account.
 It can be used non-interactively with the --password option taking a
@@ -55,7 +55,7 @@ passwordfile as argument containing the wallet password in plaintext.`,
 					utils.LightKDFFlag,
 				},
 				Description: `
-	geth wallet [options] /path/to/my/presale.wallet
+	ronin wallet [options] /path/to/my/presale.wallet
 
 will prompt for your password and imports your ether presale account.
 It can be used non-interactively with the --password option taking a
@@ -111,7 +111,7 @@ Print a short summary of all accounts`,
 					utils.LightKDFFlag,
 				},
 				Description: `
-    geth account new
+    ronin account new
 
 Creates a new account and prints the address.
 
@@ -136,7 +136,7 @@ password to file or expose in any other way.
 					utils.LightKDFFlag,
 				},
 				Description: `
-    geth account update <address>
+    ronin account update <address>
 
 Update an existing account.
 
@@ -148,7 +148,7 @@ format to the newest format or change the password for an account.
 
 For non-interactive use the password can be specified with the --password flag:
 
-    geth account update [options] <address>
+    ronin account update [options] <address>
 
 Since only one password can be given, only format update can be performed,
 changing your password is only possible interactively.
@@ -166,7 +166,7 @@ changing your password is only possible interactively.
 				},
 				ArgsUsage: "<keyFile>",
 				Description: `
-    geth account import <keyfile>
+    ronin account import <keyfile>
 
 Imports an unencrypted private key from <keyfile> and creates a new account.
 Prints the address.
@@ -179,12 +179,29 @@ You must remember this password to unlock your account in the future.
 
 For non-interactive use the password can be specified with the -password flag:
 
-    geth account import [options] <keyfile>
+    ronin account import [options] <keyfile>
 
 Note:
 As you can directly copy your encrypted accounts to another ethereum instance,
 this import mechanism is not needed when you transfer an account between
 nodes.
+`,
+			},
+			{
+				Name:   "check",
+				Usage:  "Check if the account corresponding to private key exists",
+				Action: utils.MigrateFlags(accountCheck),
+				Flags: []cli.Flag{
+					utils.DataDirFlag,
+					utils.KeyStoreDirFlag,
+				},
+				ArgsUsage: "<keyFile>",
+				Description: `
+    ronin account check <keyfile>
+
+Check if the account corresponding to the private key exists in keystore.
+
+The keyfile is assumed to contain an unencrypted private key in hexadecimal format.
 `,
 			},
 		},
@@ -357,3 +374,27 @@ func accountImport(ctx *cli.Context) error {
 	fmt.Printf("Address: {%x}\n", acct.Address)
 	return nil
 }
+
+func accountCheck(ctx *cli.Context) error {
+	keyfile := ctx.Args().First()
+	if len(keyfile) == 0 {
+		utils.Fatalf("keyfile must be given as argument")
+	}
+	key, err := crypto.LoadECDSA(keyfile)
+	if err != nil {
+		utils.Fatalf("Failed to load the private key: %v", err)
+	}
+	address := crypto.PubkeyToAddress(key.PublicKey)
+
+	stack, _ := makeConfigNode(ctx)
+	for _, wallet := range stack.AccountManager().Wallets() {
+		for _, account := range wallet.Accounts() {
+			if account.Address == address {
+				fmt.Printf("Found account %x\n", address)
+				return nil
+			}
+		}
+	}
+	utils.Fatalf("Account %x not found", address)
+	return nil
+}
diff --git a/docker/chainnode/entrypoint.sh b/docker/chainnode/entrypoint.sh
index 4be9e75e5b..dc3578fc45 100755
--- a/docker/chainnode/entrypoint.sh
+++ b/docker/chainnode/entrypoint.sh
@@ -81,18 +81,31 @@ accountsCount=$(
 )
 
 # private key
-if [[ $accountsCount -le 0 ]]; then
-  echo "No accounts found"
-  if [[ ! -z $PRIVATE_KEY ]]; then
+if [[ ! -z $PRIVATE_KEY ]]; then
+  echo "$PRIVATE_KEY" > ./private_key
+  if [[ $accountsCount -le 0 ]]; then
+    echo "No accounts found"
     echo "Creating account from private key"
-    echo "$PRIVATE_KEY" > ./private_key
     ronin account import ./private_key \
       --datadir $datadir \
       --keystore $KEYSTORE_DIR \
       --password $PASSWORD_FILE
-    rm ./private_key
-    unset PRIVATE_KEY
+  else
+    set +e
+    ronin account check ./private_key \
+      --datadir $datadir \
+      --keystore $KEYSTORE_DIR 2> /dev/null
+    exitCode=$?
+    if [[ $exitCode -ne 0 ]]; then
+      echo "An account with different address already exists in $KEYSTORE_DIR"
+      echo "Please consider remove account in keystore" \
+        "or unset PRIVATE_KEY environment variable"
+      exit 1
+    fi
+    set -e
   fi
+  rm ./private_key
+  unset PRIVATE_KEY
 fi
 
 accountsCount=$(