Weekly Edition for Thursday, Jul 9

Newsletters

Releases

project release date
ledger-live-common v13.1.0
  • inverse Native Segwit and Segwit account ordering in Add Accounts
  • #773 filtering mcus to flash based on the provider to avoid flashing unreleased mcus (QA impact: a firmware update should still work, booting your device in Bootloader Mode and doing a "Repair" will NOT flash an unreleased mcu)
  • #763 add firmwareUnsupported function in lib/manager.
2020-07-06
ledger-live-desktop v2.8.0

🔵 Manager update badge

Added a blue notification badge indicating that firmware or app updates are available in the Manager.

2020-07-06
lnd v0.10.3-beta

This is the 3rd minor release in the v0.10.0-beta-series. Unlike v0.10.2-beta which only includes bug-fixes, this release also includes some refactoring to the main lnd package that allows lnd to more easily be embedded as a normal struct (by importing the package) on other Go projects.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-v0.10.3-beta.txt and manifest-v0.10.3-beta.txt.sig are in the current directory) with:

gpg --verify manifest-v0.10.3-beta.txt.sig

You should see the following if the verification was successful:

gpg: assuming signed data in 'manifest-v0.10.3-beta.txt'
gpg: Signature made Mon Jul  6 12:59:00 2020 PDT
gpg:                using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465
gpg: Good signature from &#34;Olaoluwa Osuntokun <laolu32@gmail.com>&#34; [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.13.12, which is required by verifiers to arrive at the same ones. They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<os-arch> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.10.3-beta

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and lnd-source-v0.10.3-beta.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.10.3-beta.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags &#34;-X github.com/lightningnetwork/lnd/build.Commit=v0.10.3-beta&#34; ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags &#34;-X github.com/lightningnetwork/lnd/build.Commit=v0.10.3-beta&#34; ./cmd/lncli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys=&#34;linux-arm64 darwin-amd64&#34;

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

lnd Package Refactoring

In prior releases, we've started to refactor the way lnd is initialized and started to make it easier to emebdd lnd in other Go applications. The primary consumer of these APIs so far has been our mobile bindings for lnd. In this release we continue the process to further abstract the lnd package with a series of PRs that remove a number of global variables, allow external sub-server registration, and external logging hooks.

The full list of changes since v0.10.2-beta can be found here:

Contributors (Alphabetical Order)

Oliver Gugger /laolu32@gmail.com

2020-07-06
lnd v0.10.2-beta

This marks the second minor release in the v0.10.0 series! This release allows lnd to be compatible with bitcoind 0.20, resolves some peer connection instability issues, fixes an issue that can cause payments to hang ina state until a connection is cycled, and fixes an important bug related to an on disk Static Channel Backups (SCB).

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-v0.10.2-beta.txt and manifest-v0.10.2-beta.txt.sig are in the current directory) with:

gpg --verify manifest-v0.10.2-beta.txt.sig

You should see the following if the verification was successful:

gpg: assuming signed data in &#39;manifest-v0.10.2-beta.txt&#39;
gpg: Signature made Mon Jul  6 12:33:41 2020 PDT
gpg:                using RSA key 4AB7F8DA6FAEBB3B70B1F903BC13F65E2DC84465
gpg: Good signature from &#34;Olaoluwa Osuntokun <laolu32@gmail.com>&#34; [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.14.4, which is required by verifiers to arrive at the same ones. They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<os-arch> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.10.2-beta

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and lnd-source-v0.10.2-beta.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.10.2-beta.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags &#34;-X github.com/lightningnetwork/lnd/build.Commit=v0.10.2-beta&#34; ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags &#34;-X github.com/lightningnetwork/lnd/build.Commit=v0.10.2-beta&#34; ./cmd/lncli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys=&#34;linux-arm64 darwin-amd64&#34;

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Network Gossip Channel Announcement Feature Bit Encoding

This release fixes an existing bug that would cause us to not carry over the ChannelUpdate level feature bits when sending a channel announcement suit to a connected node. Some nodes have started to use this space to communicate that they support "wumbo" channels. Before this change, if lnd was instructed to send the channel announcement for a wumbo channel, it would omit this feature bit information, causing the requesting node to reject the announcement as the signature would fail. This may have cause some peer connection instability since these wumbo channels have started to be more widely propagated across the network.

This release modifies the way a new payment is sent to the first outgoing channel it needs to traverse before being sent off to the network. Before this commit, the router would hand the payment off to the switch in an asynchronous manner. Recently, it was brought to our attention that this behavior could at times cause a payment to unnecessarily fail later if the target link wasn't online, or not fully available. In this new release, this process is now synchronous. End users should observe that they see less internal payment failures due to out of date bandwidth hints, as is now able to full see through the addition of a new HTLC.

bitcoind Compatibility

With this new release, lnd can now be used with bitcoind 0.20 as it's full-node chain backend.

SCB Bug Fix

This release includes an important bug fix for static channel backups. Before this release, if a new lnd node was started with a data directory that contained an existing SCB file, then that existing file would be completely overridden by whatever channel state the new lnd node started with.

With this new release, of lnd, we'll fail to start if we're unable to read an existing SCB file on disk. Additionally, we'll always combine the contents of the SCB file with our in-memory channel state.

The full list of changes since v0.10.1-beta can be found here:

Contributors (Alphabetical Order)

Andras Banki-Horvath Olaoluwa Osuntokun Oliver Gugger Joost Jager Wilmer Paulino /laolu32@gmail.com

2020-07-06

RFC

type rfc # title date status
bip bip-0339 BIP 339: WTXID-based transaction relay 2020-07-08 Merged
bolt X What is the threshold for to_self_delay to be unreasonably large? 2020-07-07 Closed
bolt X Move founds before closing channel 2020-07-07 Closed
bolt X No way (according to LND dev wpaulino) to identify the network of a connection request. 2020-07-07 Closed
bolt X Problem with only the funder being able to control the fee rate 2020-07-07 Closed
bolt peer protocol BOLT 2: Clarifying requirements for multiple TLV record occurrences of the same type 2020-07-07 Closed
bolt X Lightning Specification Meeting 2020/06/22 2020-07-07 Closed
bolt transactions BOLT 3: fix definition of flip(B) in P. 2020-07-07 Merged
bolt X clarification: when does max_accepted_htlcs apply? 2020-07-05 Update
slip slip-0044 Slip-0044 add YOU(#1010) 2020-07-07 Merged
slip slip-0044 slip-0044: add GHOST 2020-07-06 Merged
slip X Add SUSHI to coin types 2020-07-06 Closed
slip X add HST 2020-07-06 Merged
slip slip-0077 Typo in Slip77 2020-07-04 Merged