Weekly Edition for Thursday, Feb 4

bulletin

Releases

project release date
ledger-live-common v18.3.3
  • revert some changes in libcore logic that was creating false positive sync that was emptying accounts on BTC & alts (recent regression, not in production)
2021-02-01
ledger-live-common v18.3.2
  • fixes a recent regression: Use correct unit for swap rate errors
  • feat(Polkadot): improve fees cache by using tx bytesize - COIN-1249
  • feat(Polkadot): cache sidecar fetchConstants - COIN-1248
2021-02-01
ledger-live-desktop v2.21.3

🚀 Features

  • Various improvements in user experience.
  • Added Cosmos alert about upcoming blockchain maintenance.

🐛 Fixes

  • Fixed fiat value for many tokens including UNI.
  • Issue with new Ethereum accounts due to API is now fixed.
  • Fixed swap status, tooltips and icons.
2021-02-04
BTC Pay Server v1.0.6.8
This release is trying some improvement to decrease the chances of being falsy flagged by Google Safe Browsing.

  • Remove Tor URL from login page (useless now thanks to the url bar link) @dennisreimann
  • Remove allowtransparency from checkout overlay @dennisreimann
  • Remove clipboard code from the login page (was used to copy the tor url) @dennisreimann
  • Rename some pages from PascalCase to lowercase. (Register => register, Login => login) @dennisreimann
2021-01-29
lnd v0.12.1-beta.rc1

Database Migrations

There are no database migrations in v0.12.1-beta.rc1.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-bitconner-v0.12.1-beta.rc1.txt.asc is in the current directory) with:

gpg --verify manifest-bitconner-v0.12.1-beta.rc1.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Wed Feb  3 22:51:31 2021 PST
gpg:                using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7
gpg: Good signature from &#34;Conner Fromknecht <conner@lightning.engineering>&#34; [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.12.1-beta.rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.12.1-beta.rc1.txt.asc.ots -f manifest-roasbeef-v0.12.1-beta.rc1.txt.asc

Alternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved. The release binaries are compiled with go1.15.7, which is required by verifiers to arrive at the same ones. They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, and watchtowerrpc. Note that these are already included in the release script, so they do not need to be provided.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<os-arch> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.12.1-beta.rc1
gpg: Signature made Wed Feb  3 22:09:02 2021 PST
gpg:                using RSA key 9C8D61868A7C492003B2744EE7D737B67FA592C7
gpg: Good signature from &#34;Conner Fromknecht <conner@lightning.engineering>&#34; [ultimate]

Verifying the Docker Images

To verify the lnd and lncli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker pull lightninglabs/lnd:v0.12.1-beta.rc1
$ docker run --rm --entrypoint=&#34;&#34; lightninglabs/lnd:v0.12.1-beta.rc1 /verify-install.sh
$ OK=$?
$ if [ &#34;$OK&#34; -ne &#34;0&#34; ]; then echo &#34;Verification failed!&#34;; exit 1; done
$ docker run lightninglabs/lnd [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming that vendor.tar.gz and lnd-source-v0.12.1-beta.rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf lnd-source-v0.12.1-beta.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags &#34;-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta.rc1&#34; ./cmd/lnd
GO111MODULE=on go install -v -mod=vendor -ldflags &#34;-X github.com/lightningnetwork/lnd/build.Commit=v0.12.1-beta.rc1&#34; ./cmd/lncli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys=&#34;linux-arm64 darwin-amd64&#34;

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Spec Compatibility

Pinned Gossip Syncers

Typically lnd performs this historical channel reconciliation periodically, rotating between the set of all active peers, and attempting to keep numgraphsyncpeers (defaults to 3) in a state where they are receiving new gossip messages. Due to the eventually consistent properties of this algorithm (and the gossip protocol in general), there are some cases that lead to long delays in a node receiving newer updates. Notably, if a node has many peers, then it may be a while before the sync rotation algorithm queries a given peer for newer updates.

To provide more control, a new configuration option has been added allowing users to pin their nodes into an ActiveSync with particular nodes. Each time a connection is established with a pinned syncer, lnd will first perform a historical channel reconciliation, followed by a request for the pinned syncer to forward all new gossip messages. Doing so allows users to keep their routing table tightly synchronized with nodes in their list of configured, pinned syncers. Users can add one or more pinned syncers via:

gossip.pinned-syncers=<pubkey1>
gossip.pinned-syncers=<pubkey2>

This can be especially useful for services that run multiple, well-connected lnd nodes, and want their own nodes to maintain similar views of the channel graph.

RPC Changes

  • lnd 0.12.1-beta.rc1 now exposes the HTLC attempt_id on response from TrackPayment. Internally, lnd uses attempt_id as a unique identifier for each HTLC it sends out, and to provide a total ordering on all HTLC sent by the daemon. This identifier can be used by developers to better reflect progress of a payment, making it easier to extract per-HTLC state deltas rather than displaying the full payment state every time.

Build / verification

Bug Fixes

Full Changelog

  • #4958 - netann: ignore unknown channel update on startup
  • #4962 - scripts: add halseth key to verify script
  • #4938 - docker: add an extra listener for localhost
  • #4944 - docs: Add clang-format instructions for mac
  • #4956 - lnrpc: add htlc attempt id
  • #4952 - Github: use vendored actions for steps with sensitive info
  • #4963 - scripts: don't fail signature verification on missing public key
  • #2162 - Makefile: define make imports
  • #4911 - lnrpc/mobile: use docker to compile/format protos
  • #4974 - Fix typo in restorechanbackup command description
  • #4902 - lntest/channels: introduce subpackage to deduplicate structs
  • #4978 - invoices+rpc: add missing channel graph to the AddInvoiceConfig
  • #4934 - discovery: pinned syncers
  • #4924 - routerrpc,routing: limit max parts if the invoice doesn't declare MPP support
  • #4961 - build: update CI builds to use go 1.15.7
  • #4979 - routing: add new TestPaymentAddrOnlyNoSplit test case
  • #4915 - multi: store bool to determine retransmission ordering

Contributors (Alphabetical Order)

András Bánki-Horváth Conner Fromknecht eugene Jake Sylvestre Johan T. Halseth Joost Jager Juan Pablo Civile Olaoluwa Osuntokun Oliver Gugger Umar Bolatov Vlad Stan/conner@lightning.engineering/conner@lightning.engineering

2021-02-04

RFC

type rfc # title date status
bip bip-0350 Add BIP 350 (bech32m) 2021-02-03 Merged
bip bip-0174 BIP 174: require creator to initialize empty output fields 2021-02-03 Merged
bip bip-0141 bip-0141: clarify the sigop count calculation for CHECKMULTISIG 2021-02-03 Merged
bip bip-0078 update Joinmarket BIP78 status 2021-02-03 Update
bip bip-0039 Adding Polish wordlist to BIP39 2021-02-03 Update
bip bip-0002 README: Link BIP 2 for submissions 2021-02-03 Merged
bip bip-0079 Update bip-0079.mediawiki 2021-02-03 Merged
bip bip-0085 BIP-0085: fix typo 2021-02-03 Merged
bip X Mention that public nonce is ''R'' and private nonce is ''s'' 2021-02-03 Merged
bip bip-0039 Annasadra/bip-0039/"Ethereum"/"word":"riffle" 2021-02-03 Closed
bip bip-0078 BIP-0078: fix typo 2021-02-03 Update
bip bip-0322 BIP-322: minor clarification 2021-02-03 Merged
bip bip-0032 BIP32: Modified test vectors for hardened derivation with leading zeros 2021-02-03 Update
bip bip-0085 BIP 0085: Add link to JavaScript library implementation 2021-02-03 Merged
bip X Avoid public keys starting with `02`, `03` and `04` bytes 2021-02-03 Closed
bip bip-0008 BIP8: Make signalling during LOCKED_IN recommended rather than mandatory 2021-02-02 Merged
bip bip-0322 BIP-322 major fixes (verification, etc) 2021-02-02 Merged
bip bip-0008 BIP8: allow some MUST_SIGNAL blocks to not signal 2021-02-04 Merged
bip X Reject 150 (expired) 2021-02-04 Update
bip bip-0173 BIP173: segwit address witness version is one 5-bit char not one byte 2021-02-04 Update
bip bip-0175 Reject BIP175 2021-02-04 Merged
bip X fixed typos 2021-02-04 Merged
bip bip-0034 BIP34 encoding clarification 2021-02-04 Merged
bip bip-0322 bip322: (another) significant overhaul 2021-02-04 Merged
bolt transactions BOLT3: Add internal links to section 9 (anchor outputs) 2021-02-02 Merged
bolt X Lightning Specification Meeting 2021/01/18 2021-02-02 Closed
bolt payment encoding Use TLV in Bolt 11 invoices 2021-02-01 Update
bolt routing gossip BOLT 7: Add note for 'htlc_minimum_msat' being static 2021-01-31 Closed
slip slip-0044 Update slip-0044.md: add SKT (Sukhavati Network) 2021-02-03 Merged
slip X Add Joy 2021-02-04 Update