Releases: lightningnetwork/lnd
lnd v0.13.3-beta
guggero
Oliver Gugger
Security Fixes
This release contains a security fix for CVE-2021-41593 which would allow an attacker to cause loss of funds through a griefing vector related to high accepted dust values. This release addresses the issue by enforcing stricter clamps on accepted dust values during channel funding, and also adds hltcswitch level dust accounting to limit the total dust exposure (triggered by an instantaneous force close) at any moment. The default allotted fully forwarded dust exposure level is set at 500k sats, this value can be tweaked with a new config flag: --dust-threshold=.
If upgrading is not possible to prevent CVE-2021-41593, the dust-tool can intercept bad open_channel parameters and reject them via our ChannelAcceptor. In addition, it can also scan your node's current set of confirmed channels and recommend closing potentially risky ones out.
Alternatively, your node's advertised min_htlc value can be increased to ensure it is well above all the dust limits of its active channels.
Database Migrations
This release does not contain any database migrations.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.13.3-beta.sig and manifest-v0.13.3-beta.txt are in the current directory) with:
gpg --verify manifest-roasbeef-v0.13.3-beta.sig manifest-v0.13.3-beta.txt
You should see the following if the verification was successful:
gpg: Signature made Mon Oct 4 08:20:20 2021 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.13.3-beta.txt.asc.ots.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.13.3-beta.sig.ots -f manifest-roasbeef-v0.13.3-beta.sig
Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.16.3, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, watchtowerrpc and monitoring. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.13.3-beta
gpg: Signature made Mo 04 Okt 2021 16:08:05 CEST
gpg: using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <[email protected]>" [unknown]
Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.13.3-beta /verify-install.sh v0.13.3-beta
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.13.3-beta.tar.gz are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.13.3-beta.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.3-beta" ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.3-beta" ./cmd/lncli
The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md
Contributors (Alphabetical Order)
- Conner Fromknecht
- Eugene Siegel
- Harsha Goli
- Jordi Montes
- Olaoluwa Osuntokun
- Oliver Gugger
lnd v0.13.1-beta
This marks the first minor release of the 0.13.x cycle. This release is primarily a maintenance release including several bug fixes that didn't make it into 0.13.0, a series of fixes for introduced regressions, and a few small optimizations.
Database Migrations
This release does not contain any database migrations.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.13.1-beta.sig and manifest-v0.13.1-beta.txt are in the current directory) with:
gpg --verify manifest-roasbeef-v0.13.1-beta.sig manifest-v0.13.1-beta.txt
You should see the following if the verification was successful:
gpg: Signature made Mon Jul 19 23:41:37 2021 CEST
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun [email protected]" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.13.1-beta.txt.asc.ots.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.13.1-beta.sig.ots -f manifest-roasbeef-v0.13.1-beta.sig
Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.16.3, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, watchtowerrpc and monitoring. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.13.1-beta
gpg: Signature made Mon 19 Jul 2021 06:04:34 PM UTC using RSA key ID 9B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>"
Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker pull lightninglabs/lnd:v0.13.1-beta
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.13.1-beta /verify-install.sh
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.13.1-beta.tar.gz are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.13.1-beta.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.1-beta" ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.1-beta" ./cmd/lncli
The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.1.md
lnd v0.13.1-beta.rc2
This marks the first minor release of the 0.13.x cycle. This release is primarily a maintenance release including several bug fixes that didn't make it into 0.13.0, a series of fixes for introduced regressions, and a few small optimizations.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.13.1-beta.rc2.sig and manifest-v0.13.1-beta.rc2.txt are in the current directory) with:
gpg --verify manifest-roasbeef-v0.13.1-beta.rc2.sig manifest-v0.13.1-beta.rc2.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.13.1-beta.rc2.txt.asc.ots.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.13.1-beta.rc2.sig.ots -f manifest-roasbeef-v0.13.1-beta.rc2.sig
Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.16.3, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, watchtowerrpc and monitoring. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.13.1-beta.rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker pull lightninglabs/lnd:v0.13.1-beta.rc2
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.13.1-beta.rc2 /verify-install.sh
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.13.1-beta.rc2.tar.gz are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.13.1-beta.rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.1-beta.rc2" ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.1-beta.rc2" ./cmd/lncli
The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.1.md
lnd v0.13.1-beta.rc1
This marks the first minor release of the 0.13.x cycle. This release is primarily a maintenance release including several bug fixes that didn't make it into 0.13.0, a series of fixes for introduced regressions, and a few small optimizations.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.13.1-beta.rc1.sig and manifest-v0.13.1-beta.rc1.txt are in the current directory) with:
gpg --verify manifest-roasbeef-v0.13.1-beta.rc1.sig manifest-v0.13.1-beta.rc1.txt
You should see the following if the verification was successful:
gpg: Signature made Mon Jul 5 14:21:06 2021 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.13.1-beta.rc1.txt.asc.ots.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.13.1-beta.rc1.sig.ots -f manifest-roasbeef-v0.13.1-beta.rc1.sig
Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.16.3, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, watchtowerrpc and monitoring. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.13.1-beta.rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker pull lightninglabs/lnd:v0.13.1-beta.rc1
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.13.1-beta.rc1 /verify-install.sh
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.13.1-beta.rc1.tar.gz are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.13.1-beta.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.1-beta.rc1" ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.1-beta.rc1" ./cmd/lncli
The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.1.md
lnd v0.13.0-beta
This release marks the first major release in the 0.13 series, and the second major release of the year! This release includes a number of compelling additions including: first-class pruning support, AMP sending+receiving support, arbitrary pubkey/xpub import w/ PSBT transaction crafting, clustered lnd using etcd failover, and much more!
Database Migrations
The lnd database is migrated to store all wire messages with an additional TLV field. See details below.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
$ curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
$ curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.13.0-beta.sig and manifest-v0.13.0-beta.txt are in the current directory) with:
$ gpg --verify manifest-roasbeef-v0.13.0-beta.sig manifest-v0.13.0-beta.txtYou should see the following if the verification was successful:
gpg: Signature made Thu Jun 17 09:48:09 2021 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onward, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.13.0-beta.txt.asc.ots.
Assuming you have the OpenTimestamps client installed locally, the timestamps can be verified with the following commands:
$ ots verify manifest-roasbeef-v0.13.0-beta.sig.ots -f manifest-roasbeef-v0.13.0-beta.sigAlternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally. These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.16.3, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.13.0-beta
gpg: Signature made Thu 17 Jun 2021 02:25:51 AM UTC using RSA key ID 9B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>"Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker pull lightninglabs/lnd:v0.13.0-beta
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.13.0-beta /verify-install.sh
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.13.0-beta.tar.gz are in the current directory, follow these steps:
$ tar -xvzf vendor.tar.gz
$ tar -xvzf lnd-source-v0.13.0-beta.tar.gz
$ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.0-beta" ./cmd/lnd
$ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.0-beta" ./cmd/lncliThe -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
$ make release sys="linux-arm64 darwin-amd64"⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
Database and wire changes
Wire Message TLV Support
The wire messages sent between LN peers have the ability to carry additional data, using the TLV format. This allows attaching data and protocol extensions to messages in a non-breaking way, paving the way for future feature upgrades to the protocol.
In this release all stored messages in the lnd database are migrated to a format supporting these TLV extensions, and message parsing now always read out these fields and keep them for future handling.
Protocol Updates
Anchor Output Channels
The spec compliant anchor channel format introduced in v0.12 is now the default channel type if both nodes support it when opening a new channel. You can read more about it in the v0.12.0 release notes, and it can be disabled by providing the --protocol.no-anchors flag at startup.
Since a node having channels using this format must keep on-chain funds around in case unilateral fee bumping is needed, we reserve 10k sats per channel for this purpose. In this release we cap this at 100k sats, and in addition avoid reserving this value for private channels.
Finally a change to breach handling has been made, to mitigate a theoretical attack the channel peer can perform by pinning HTLC outputs on a breached commitment transaction. If we suspect such pinning is taking place, lnd will now attempt to sweep the breached commitment outputs separately.
P2P Gossip Handling, Hardening & Optimizations
Ephemeral & Persistent Gossip Reject Caches
Those that run larger lnd instances may have noticed a cyclic nature of gossip traffic that would lead to many announcements being rejected, only to be processed hours later. This burst of traffic typically causes high CPU and memory usage, along with a large batch of blocks fetched from the node backend.
During this release cycle we dug into the issue and found that the culprit was actually a new variant of zombie channel churn: fully closed channels (funding UTXO spent) being continually offered by nodes that aren't (for some reason) pruning their channel graph.
In this release, we'll now add channels that fail full validation irrevocably to the existing zombie index cache. Expanding the usage of this cache means that new lnd nodes will only validate those spent channels once (as they should), then never request them again during the historical sync spot checks that happen periodically.
Related to the above fix, a bug has been fixed that would cause us to continually re-validate a channel announcement that we had already rejected.
Dependent Gossip Processing
ChannelUpdate and NodeAnnouncement gossip messages depend on its ChannelAnnouncement being processed successfully. Throughout our investigative efforts above, we also noticed that lnd would process these messages when their corresponding ChannelAnnouncement's validation failed, which has now been fixed.
Improved Gossip Rate Limiting
lnd v0.12.1-beta featured a new gossip rate limiting heuristic in which keep-alive updates were throttled to allow one per day, while non-keep-alive updates were throttled to allow one per block. The latter heuristic for non-keep-alive updates proved to be inconsistent, especially for our auto enable/disable channel behavior, as blocks are not guaranteed to arrive at a constant rate. To mitigate this, we've moved towards a token bucket based approach to allow by default one update per minute with a maximum burst tolerance of 10 updates. These defaults may change as the structure of the network does, but they can also be changed through two new config options: gossip.channel-update-interval and gossip.max-channel-update-burst.
Routing Optimizations & New Payment Types
Atomic Multi-Path (AMP) Payments
This version of lnd introduces initial support for AMP payments, which is a generalized version of th...
lnd v0.13.0-beta.rc5
This release marks the first major release in the 0.13 series, and the second major release of the year! This release includes a number of compelling additions including: first-class pruning support, AMP sending+receiving support, arbitrary pubkey/xpub import w/ PSBT transaction crafting, clustered lnd using etcd failover, and much more!
Database Migrations
The lnd database is migrated to store all wire messages with an additional TLV field. See details below.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
$ curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
$ curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --importOnce you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.13.0-beta.rc5.sig and manifest-v0.13.0-beta.rc5.txt are in the current directory) with:
$ gpg --verify manifest-roasbeef-v0.13.0-beta.rc5.sig manifest-v0.13.0-beta.rc5.txtYou should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onward, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.13.0-beta.rc5.txt.asc.ots.
Assuming you have the OpenTimestamps client installed locally, the timestamps can be verified with the following commands:
$ ots verify manifest-roasbeef-v0.13.0-beta.rc5.sig.ots -f manifest-roasbeef-v0.13.0-beta.rc5.sigAlternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally. These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.16.3, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.13.0-beta.rc5
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker pull lightninglabs/lnd:v0.13.0-beta.rc5
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.13.0-beta.rc5 /verify-install.sh
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.13.0-beta.rc5.tar.gz are in the current directory, follow these steps:
$ tar -xvzf vendor.tar.gz
$ tar -xvzf lnd-source-v0.13.0-beta.rc5.tar.gz
$ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.0-beta.rc5" ./cmd/lnd
$ GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.13.0-beta.rc5" ./cmd/lncliThe -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
$ make release sys="linux-arm64 darwin-amd64"⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
Database and wire changes
Wire Message TLV Support
The wire messages sent between LN peers have the ability to carry additional data, using the TLV format. This allows attaching data and protocol extensions to messages in a non-breaking way, paving the way for future feature upgrades to the protocol.
In this release all stored messages in the lnd database are migrated to a format supporting these TLV extensions, and message parsing now always read out these fields and keep them for future handling.
Protocol Updates
Anchor Output Channels
The spec compliant anchor channel format introduced in v0.12 is now the default channel type if both nodes support it when opening a new channel. You can read more about it in the v0.12.0 release notes, and it can be disabled by providing the --protocol.no-anchors flag at startup.
Since a node having channels using this format must keep on-chain funds around in case unilateral fee bumping is needed, we reserve 10k sats per channel for this purpose. In this release we cap this at 100k sats, and in addition avoid reserving this value for private channels.
Finally a change to breach handling has been made, to mitigate a theoretical attack the channel peer can perform by pinning HTLC outputs on a breached commitment transaction. If we suspect such pinning is taking place, lnd will now attempt to sweep the breached commitment outputs separately.
P2P Gossip Handling, Hardening & Optimizations
Ephemeral & Persistent Gossip Reject Caches
Those that run larger lnd instances may have noticed a cyclic nature of gossip traffic that would lead to many announcements being rejected, only to be processed hours later. This burst of traffic typically causes high CPU and memory usage, along with a large batch of blocks fetched from the node backend.
During this release cycle we dug into the issue and found that the culprit was actually a new variant of zombie channel churn: fully closed channels (funding UTXO spent) being continually offered by nodes that aren't (for some reason) pruning their channel graph.
In this release, we'll now add channels that fail full validation irrevocably to the existing zombie index cache. Expanding the usage of this cache means that new lnd nodes will only validate those spent channels once (as they should), then never request them again during the historical sync spot checks that happen periodically.
Related to the above fix, a bug has been fixed that would cause us to continually re-validate a channel announcement that we had already rejected.
Dependent Gossip Processing
ChannelUpdate and NodeAnnouncement gossip messages depend on its ChannelAnnouncement being processed successfully. Throughout our investigative efforts above, we also noticed that lnd would process these messages when their corresponding ChannelAnnouncement's validation failed, which has now been fixed.
Improved Gossip Rate Limiting
lnd v0.12.1-beta featured a new gossip rate limiting heuristic in which keep-alive updates were throttled to allow one per day, while non-keep-alive updates were throttled to allow one per block. The latter heuristic for non-keep-alive updates proved to be inconsistent, especially for our auto enable/disable channel behavior, as blocks are not guaranteed to arrive at a constant rate. To mitigate this, we've moved towards a token bucket based approach to allow by default one update per minute with a maximum burst tolerance of 10 updates. These defaults may change as the structure of the network does, but they can also be changed through two new config options: gossip.channel-update-interval and gossip.max-channel-update-burst.
Routing Optimizations & New Payment Types
Atomic Multi-Path (AMP) Payme...
lnd v0.13.0-beta.rc3
lnd v0.13.0-beta.rc3
lnd v0.13.0-beta.rc2
lnd-v0.13.0-beta.rc2
lnd v0.12.1-beta
Database Migrations
There are no database migrations in v0.12.1-beta.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.12.1-beta.sig and manifest-v0.12.1-beta.txt are in the current directory) with:
gpg --verify manifest-roasbeef-v0.12.1-beta.sig manifest-v0.12.1-beta.txt
You should see the following if the verification was successful:
gpg: Signature made Mon Feb 22 19:23:11 2021 PST
gpg: using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7
gpg: Good signature from "Conner Fromknecht <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.12.1-beta.txt.asc.ots.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.12.1-beta.sig.ots
ots verify manifest-v0.12.1-beta.txt.ots
Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.15.7, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.12.1-beta
gpg: Signature made Mon Feb 22 17:11:56 2021 PST
gpg: using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7
gpg: Good signature from "Conner Fromknecht <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.1-beta /verify-install.sh v0.12.1-beta
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.12.1-beta.tar.gz are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.12.1-beta.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta" ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta" ./cmd/lncli
The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
Spec Compatibility
- 0.12.1-beta fixes a recently discovered edge-case in the spec surrounding retransmission of
RevokeAndAckandCommitSigthat can lead to channel force closures if they are not retransmitted in the same order upon reconnection. This version now persists this extra state required to determine the correct transmission order, in accordance with the new spec requirements. This eliminates a potential vector for channel desynchronization on restart once both sides of the channel have updated and a successful state transition is performed. - Prior to this version,
lndmay have incorrectly attempted an MPP payment even if the receiver'sNodeAnnouncementor invoice did not set the MPP feature bit. This was caused by a bug that incorrectly assumed support forpayment_secretsimplied support for MPP. A fix has been applied that limits the maximum number of splits to 1 when the receiver doesn't support MPP.
Gossip Propagation Improvements
This release reverts the removal of the premature channel update cache that was removed in 0.12.0-beta. Absence of the cache was seen to cause issues with channel update propagation, so the change is reverted to restore the pre-0.12.0-beta behavior and stability. The current plan is to reschedule the cache's removal for 0.13 after performing more extensive investigation.
In addition, the gossip throttling adding in v0.12.0 has been refactored to be less aggressive with respect to non-keepalive channel updates, i.e. channel updates that differ in more than just the timestamp. Previously lnd would drop all but the first such update that it received over the course of a block, which has reportedly been too restrictive and resulted in degraded propagation of routine channel updates.
The new throttling logic now employs a directional token bucket rate limiter, the same approach used by lnd to rate-limit gossip requests from sync peers. Each token bucket is configured to drop non-keepalive updates arriving faster that once per minute, yet permitting bursts of up 10 updates. This improves on the previous approach in a few ways:
- Updates are now limited with respect to a consistent time source, i.e. seconds, rather than block height. This makes it easier to reason about when channel updates might get dropped as an average user, and places a deterministic bound on the next time a normal user can reliably update their channel again.
- The rate limits are now applied directionally, so that one end of the channel cannot cause their counterparty's channel updates to be dropped. This has the effect of making the penalization more precise, and better targets individuals that exhibit abusive behavior.
- By factoring in bursts, it provides enough tolerance for cases where policy changes that may occur in quick succession, e.g. disable followed by reenable, or modifying a channel policy immediately after open.
No Gossip Mode
This release includes support for a no-graph sync mode which can be enabled by setting numgraphsyncpeers=0. In prior versions, running lnd in this configuration would still trigger an initial historical sync with the first connected peer on each restart. The behavior was modified under the assumption that users who have already configured lnd to not receive gossip updates probably don't want to sync the graph at all.
This mode is especially helpful to wallet developers that choose to outsource pathfinding via their own service, or purely forwarding nodes that never need to perform pathfinding.
Pinned Gossip Syncers
Typically lnd performs this historical channel reconciliation periodically, rotating between the set of all active peers, and attempting to keep numgraphsyncpeers (defaults to 3) in a state where they are receiving new gossip messages. Due to the eventually consistent properties of this algorithm (and the gossip protocol in general), there are some cases that lead to long delays in a node receiving newer updates. Notably, if a node has many peers, then it may be a while before the sync rotation algorithm queries a given peer for newer updates.
To provide more control, a new configuration option has been added [allowing users to pin their nodes into an ActiveSync with particular nodes](https://github.com/lightningnetwork/lnd...
lnd v0.12.1-beta.rc6
lnd-v0.12.1-beta.rc6