Commit Graph

12123 Commits

Author SHA1 Message Date
Conner Fromknecht
fc4a16b672
scripts/verify-install.sh: pass expected version as argument
This removes a vulnerability brought up by @Kixunil where both the lnd
and lncli binaries are executed to obtain their version before they have
been verified against the release. A malicious binary could have already
compromised the user's system before any of the checks had been
performed.

This commit it split out from the doc changes so that it can easily be
cherry-picked to master/0.13.0.
2021-09-27 15:48:19 +02:00
Oliver Gugger
4c8bf9c28d
scripts: extract functions
As a preparation to make the script easier to understand, we extract
some of the sub tasks into functions.
2021-09-27 15:48:19 +02:00
Oliver Gugger
23d7065655
Merge pull request #5790 from arshbot/add-arshbot-verify
scripts: add arshbot key to verify script
2021-09-27 12:28:58 +02:00
Harsha Goli
5d1bcaeb61
scripts: add arshbot key to verify script 2021-09-26 21:57:04 -04:00
Olaoluwa Osuntokun
3800cd9433
build: update kvdb to kvdb/v1.1.0 [skip ci]
Updates to the latest version that adds a tag after the recent postgres
support.
2021-09-24 16:12:05 -07:00
Olaoluwa Osuntokun
fbb1d159e0
Merge pull request #4364 from yyforyongyu/clean-forward-states
multi: clean up forwarding state from closed channels
2021-09-24 15:52:46 -07:00
Olaoluwa Osuntokun
e62bd65c7a
Merge pull request #5785 from guggero/deprecated-ssh-terminal
mod+lncli: remove deprecated package [skip ci]
2021-09-24 15:32:17 -07:00
Olaoluwa Osuntokun
9094fcddfa
Merge pull request #5784 from benthecarman/patch-1
Fix incorrect link in java gRPC docs
2021-09-24 15:31:38 -07:00
benthecarman
7a5467d6fe
Fix incorrect link in java gRPC docs [skip ci] 2021-09-24 02:38:52 -05:00
Oliver Gugger
765d043cc0
mod+lncli: remove deprecated package [skip ci]
The use of golang.org/x/crypto/ssh/terminal was marked as deprecated
since that code was moved to its own repo golang.org/x/term.
With this commit we use the new package name directly, which was already
pulled in under its new name anyway.
2021-09-24 09:22:47 +02:00
Oliver Gugger
e686a70b96
Merge pull request #5765 from sime/patch-1
docs: Remove pruned node warning.
2021-09-23 09:17:50 +02:00
yyforyongyu
198dc73f4e
docs: add release notes for fwding pkg gc 2021-09-23 13:24:15 +08:00
yyforyongyu
995b9a711f
trivial: typo fix 2021-09-23 13:24:15 +08:00
yyforyongyu
3942c7ca02
htlcswitch: clean circuits and keystones for closed channels
In this commit, a new method `cleanClosedChannels` is added and called
when a circuit map is created. This method will delete the payment
circuits and keystones for closed channels.
2021-09-23 13:24:15 +08:00
yyforyongyu
1274e31dfb
htlcswitch: remove unused function in switch 2021-09-23 13:24:14 +08:00
yyforyongyu
22848df07a
htlcswitch: fix docs on LookupCircuit 2021-09-23 13:24:14 +08:00
yyforyongyu
c525c3d34e
itest: test wipe forwarind packages 2021-09-23 13:24:11 +08:00
yyforyongyu
16f97e6f41
rpcserver: return total num of fwdPkgs in PendingChannels
This commit adds a new field, NumForwardingPackages, in the
PendingChannels RPC response to specify how many forwarding packages the
channel has.
2021-09-23 13:23:13 +08:00
yyforyongyu
556b038398
channeldb: attach DB to channel in FetchHistoricalChannel 2021-09-23 13:22:34 +08:00
yyforyongyu
e513057eae
htlcswitch: add docs for circuit bucket hierarchy 2021-09-23 13:22:34 +08:00
yyforyongyu
c74c1d0f51
channeldb/migration: remove old forwarding packages 2021-09-23 13:22:34 +08:00
yyforyongyu
d8c48fa3a5
channeldb: wipe all forwarding pkgs when close channel 2021-09-23 13:22:34 +08:00
yyforyongyu
91b75f8375
contractcourt: add docs for state transition paths 2021-09-23 13:22:34 +08:00
yyforyongyu
3d50edf9f8
channeldb: add method to wipe all forwarding packages
This commit adds a method, Wipe, to remove all forwarding packages on
disk for a given channel.
2021-09-23 13:22:33 +08:00
yyforyongyu
0fff613f61
channeldb: add docs for fwd pkg bucket 2021-09-23 13:22:33 +08:00
Simon Males
a39e6105e4 docs: Remove pruned node warning. [skip ci] 2021-09-22 09:21:17 +02:00
Olaoluwa Osuntokun
7970ffcc2a
Merge pull request #5366 from bottlepay/postgres
kvdb: add postgres
2021-09-21 13:58:10 -07:00
Oliver Gugger
8d8db52723
Merge pull request #5772 from guggero/use-kvdb-1.0.3
mod: update kvdb to kvdb/v1.0.3 [skip ci]
2021-09-21 15:25:04 +02:00
Oliver Gugger
1ca332c611
mod: update kvdb to kvdb/v1.0.3 [skip ci] 2021-09-21 12:27:42 +02:00
Joost Jager
daeb96fe0a
postgres: add itest 2021-09-21 10:44:23 +02:00
Joost Jager
ae6cf72b46
lncfg: add postgres 2021-09-21 10:44:20 +02:00
Joost Jager
3eb80cac97
kvdb: add postgres 2021-09-21 10:44:18 +02:00
Olaoluwa Osuntokun
9264185f5b
Merge pull request #5101 from guggero/macaroon-interceptor
Add macaroon based RPC middleware interceptor
2021-09-20 19:15:04 -07:00
Olaoluwa Osuntokun
ac5f88bae8
Merge pull request #5618 from Crypt-iQ/coop_switch_sync_08092021
multi: optimistically shutdown link during coop close
2021-09-20 18:09:07 -07:00
Olaoluwa Osuntokun
5e6532594c
Merge pull request #5683 from guggero/websocket-write-deadline
lnrpc: Fix WebSocket write deadline not being extended
2021-09-20 17:07:41 -07:00
Oliver Gugger
3f7909b48f
doc: add release notes 2021-09-20 17:04:39 +02:00
Oliver Gugger
4b43e977b2
lntest: add RPC middleware itests 2021-09-20 17:04:39 +02:00
Oliver Gugger
0cc260bfc7
itest: add _test suffix to test file 2021-09-20 17:04:38 +02:00
Oliver Gugger
efe5f6ae90
multi: add RPC middleware interception
With the middleware handler in place, we now need to add a new gRPC
interceptor to the interceptor chain that will send messages to the
registered middlewares for each event that could be of interest to them.
2021-09-20 17:04:29 +02:00
Oliver Gugger
75ca574790
lnrpc+rpcperms: add middleware handler
With this commit we introduce the concept of RPC middleware: A mechanism
similar to the existing channel or HTLC interceptors but this time for
gRPC messages themselves.
An RPC middleware can register itself to the main RPC server to get
notified each time a new gRPC request comes in, a gRPC response is sent
back or a streaming RPC is connected. The middleware can
validate/inspect incoming requests and modify/overwrite outgoing
responses.

Since this also opens the door for malicious software to interfere with
lnd in a negative way, we bind everything to macaroons with custom
caveat conditions: A middleware declares upon registration which custom
caveat name it can handle. Only client requests that send a macaroon
with that custom caveat will then be given to the middleware for
inspection. The only exception is if the middleware instead registers
to use the read-only mode. In that mode it will be able to intercept
all requests/responses, even those not made with a special encumbered
macaroon. But the middleware won't be able to alter responses in the
read-only mode. Therefore requests with the default, unencumbered macaroons
can never be modified by any middleware.
2021-09-20 13:12:49 +02:00
Oliver Gugger
918e021177
config+sample-lnd.conf+lncfg: add RPC middleware config 2021-09-20 13:05:47 +02:00
Oliver Gugger
8509d92070
log+rpcperms: add custom RPCP logger to rpcperms package
The custom RPC middleware logic that we are going to add in the next
commits will need to log under their own sub logger so we add one with a
new subsystem name.
2021-09-20 13:05:47 +02:00
Oliver Gugger
7b822f41df
lncli: add custom caveats to bakemacaroon
With the new condition and checker in place, we can give the end user
the ability to add such a custom caveat to a baked macaroon.
There won't be an RPC counterpart for this operation since all first party
caveats currently are only added on the client side.
2021-09-20 13:05:47 +02:00
Oliver Gugger
045765111a
multi: use safe copy for macaroons
Fixes #4383 by adding a new SafeCopyMacaroon function that correctly
clones all caveats and prevents modifications on the copy from affecting
the original.
2021-09-20 13:05:46 +02:00
Oliver Gugger
538175f487
macaroons: add custom caveat contraint and checker
The way the macaroon bakery library lnd uses works is that one has to
register a Checker method for each caveat name that should be supported.
Since we want to allow fully customizable custom caveats we add another
layer of naming to the caveat by splitting the condition of the "outer"
caveat into two pieces, the custom caveat name and the actual custom
caveat condition.
The custom Checker function only checks that the format is correct and
that there is a handler available for a custom condition. It does not
check the condition itself, however. If the passed in acceptor signals
acceptance of a custom caveat then the bakery accepts the macaroon as a
whole (given its signature, standard caveats and permissions are all
correct) and assumes that another component down the line will make sure
the actual custom condition of a caveat is valid.
2021-09-20 13:05:46 +02:00
Oliver Gugger
96ea4bf05e
rpcserver+macaroons: extract RawMacaroonFromContext
We'll re-use the code for extracting a macaroon from a request context
later on so we extract it into its own exported function.
2021-09-20 13:05:33 +02:00
Oliver Gugger
4b7452a35e
lnrpc+itest: fix write deadline issue with WS ping
Fixes #5680.
To make sure we're always reading from the WebSocket connection, we need
to always have an ongoing (but blocking) conn.ReadMessage() call going
on. To achieve this, we do the read in a separate goroutine and write to
a buffered channel. That way we can always read the next message while
the current one is being forwarded. This allows incoming ping messages
to be received and processed which then leads to the deadlines to be
extended correctly.
2021-09-20 12:21:03 +02:00
Oliver Gugger
5f94ebbd7d
lnrpc: use request context in WebSocket proxy
The request context was not properly used to pass it along to the gRPC
endpoint which caused streaming calls to still be active on the gRPC
side even if the WS side already hung up.
We also issue an explicit close on the forwarding writer to signal when
the WS side was closed.
2021-09-20 12:07:46 +02:00
Oliver Gugger
29a8661517
Merge pull request #5640 from bhandras/kvdb-prefetch
kvdb+channeld: extend `kvdb` with `Prefetch` for prefetching buckets in one go and speed up payment control by prefetching payments on hot paths
2021-09-20 09:42:18 +02:00
Oliver Gugger
d9f0f07142
Merge pull request #5748 from Roasbeef/flake-block-diff
routing: add wait.NoError to TestBlockDifferenceFix assertion [skip ci]
2021-09-20 08:25:27 +02:00