Database Migrations
There are no database migrations in v0.12.1-beta.rc6.
Verifying the Release
In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.12.1-beta.rc6.sig and manifest-v0.12.1-beta.rc6.txt are in the current directory) with:
gpg --verify manifest-roasbeef-v0.12.1-beta.rc6.sig manifest-v0.12.1-beta.rc6.txt
You should see the following if the verification was successful:
gpg: Signature made Thu Feb 18 18:01:34 2021 PST
gpg: using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7
gpg: Good signature from "Conner Fromknecht <conner@lightning.engineering>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.12.1-beta.rc6.txt.asc.ots.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.12.1-beta.rc6.sig.ots -f manifest-roasbeef-v0.12.1-beta.rc6.sig
Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.15.7, which is required by verifiers to arrive at the same ones.
They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.
The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<os-arch> tag=<tag> can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.12.1-beta.rc6
gpg: Signature made Thu Feb 18 17:04:03 2021 PST
gpg: using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7
gpg: Good signature from "Conner Fromknecht <conner@lightning.engineering>" [ultimate]
Verifying the Docker Images
To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker pull lightninglabs/lnd:v0.12.1-beta.rc6
$ docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.1-beta.rc6 /verify-install.sh
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and lnd-source-v0.12.1-beta.rc6.tar.gz are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.12.1-beta.rc6.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta.rc6" ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta.rc6" ./cmd/lncli
The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
Spec Compatibility
Gossip Propagation Improvements
This release reverts the removal of the premature channel update cache that was removed in 0.12.0-beta. Absence of the cache was seen to cause issues with channel update propagation, so the change is reverted to restore the pre-0.12.0-beta behavior and stability. The current plan is to reschedule the cache's removal for 0.13 after performing more extensive investigation.
In addition, the gossip throttling adding in v0.12.0 has been refactored to be less aggressive with respect to non-keepalive channel updates, i.e. channel updates that differ in more than just the timestamp. Previously lnd would drop all but the first such update that it received over the course of a block, which has reportedly been too restrictive and resulted in degraded propagation of routine channel updates.
The new throttling logic now employs a directional token bucket rate limiter, the same approach used by lnd to rate-limit gossip requests from sync peers. Each token bucket is configured to drop non-keepalive updates arriving faster that once per minute, yet permitting bursts of up 10 updates. This improves on the previous approach in a few ways:
- Updates are now limited with respect to a consistent time source, i.e. seconds, rather than block height. This makes it easier to reason about when channel updates might get dropped as an average user, and places a deterministic bound on the next time a normal user can reliably update their channel again.
- The rate limits are now applied directionally, so that one end of the channel cannot cause their counterparty's channel updates to be dropped. This has the effect of making the penalization more precise, and better targets individuals that exhibit abusive behavior.
- By factoring in bursts, it provides enough tolerance for cases where policy changes that may occur in quick succession, e.g. disable followed by reenable, or modifying a channel policy immediately after open.
No Gossip Mode
This release includes support for a no-graph sync mode which can be enabled by setting numgraphsyncpeers=0. In prior versions, running lnd in this configuration would still trigger an initial historical sync with the first connected peer on each restart. The behavior was modified under the assumption that users who have already configured lnd to not receive gossip updates probably don't want to sync the graph at all.
This mode is especially helpful to wallet developers that choose to outsource pathfinding via their own service, or purely forwarding nodes that never need to perform pathfinding.
Pinned Gossip Syncers
Typically lnd performs this historical channel reconciliation periodically, rotating between the set of all active peers, and attempting to keep numgraphsyncpeers (defaults to 3) in a state where they are receiving new gossip messages. Due to the eventually consistent properties of this algorithm (and the gossip protocol in general), there are some cases that lead to long delays in a node receiving newer updates. Notably, if a node has many peers, then it may be a while before the sync rotation algorithm queries a given peer for newer updates.
To provide more control, a new configuration option has been added allowing users to pin their nodes into an ActiveSync with particular nodes. Each time a connection is established with a pinned syncer, lnd will first perform a historical channel reconciliation, followed by a request for the pinned syncer to forward all new gossip messages. Doing so allows users to keep their routing table tightly synchronized with nodes in their list of configured, pinned syncers. Users can add one or more pinned syncers via:
gossip.pinned-syncers=<pubkey1>
gossip.pinned-syncers=<pubkey2>
This can be especially useful for services that run multiple, well-connected lnd nodes, and want their own nodes to maintain similar views of the channel graph. Users can also use gossip.pinned-syncers in combination with numgraphsyncpeers=0 to only sync from a specific peer.
RPC Changes
lnd 0.12.1-beta.rc6 now exposes the HTLC attempt_id on response from TrackPayment. Internally, lnd uses attempt_id as a unique identifier for each HTLC it sends out, and to provide a total ordering on all HTLC sent by the daemon. This identifier can be used by developers to better reflect progress of a payment, making it easier to extract per-HTLC state deltas rather than displaying the full payment state every time.- Adds a new
MaxShardSizeMsat argument to SendPayment, allowing users to cap the maximum value of any MPP shard sent out by lnd. Users can now set this from lncli via either the max_shard_size_sat or max_shard_size_msat field.
Deterministic Build / Release Verification
Bug Fixes
Full Changelog
Contributors (Alphabetical Order)
Andras Banki-Horvath
Carla Kirk-Cohen
Conner Fromknecht
Eugene Siegel
Jake Sylvestre
Johan T. Halseth
Joost Jager
Juan Pablo Civile
Olaoluwa Osuntokun
Oliver Gugger
rockstardev
Umar Bolatov
Vlad Stan
Wilmer Paulino/conner@lightning.engineering/conner@lightning.engineering