mirror of
https://github.com/lightningnetwork/lnd.git
synced 2025-10-09 21:03:33 +02:00
docs: update remote signing doc and release notes
This commit is contained in:
Oliver Gugger
@@ -1,12 +1,22 @@
|
|||||||
# Release Notes
|
# Release Notes
|
||||||
|
|
||||||
|
## Remote signing
|
||||||
|
|
||||||
|
The [remote signing](../remote-signing.md) setup was simplified in that the
|
||||||
|
signing node now [does not need to be hooked up to its own chain
|
||||||
|
backend](https://github.com/lightningnetwork/lnd/pull/6006). A new mock chain
|
||||||
|
backend can be specified with `--bitcoin.node=nochainbackend`. That way a wallet
|
||||||
|
will be created and all signing RPCs work but the node will not look at any
|
||||||
|
chain data. It can therefore be fully offline except for a single incoming gRPC
|
||||||
|
connection from the watch-only node.
|
||||||
|
|
||||||
## Wallet
|
## Wallet
|
||||||
|
|
||||||
* A bug that prevented opening anchor-based channels from external wallets when
|
* A bug that prevented opening anchor-based channels from external wallets when
|
||||||
the internal wallet was empty even though the transaction contained a
|
the internal wallet was empty even though the transaction contained a
|
||||||
sufficiently large output belonging to the internal wallet
|
sufficiently large output belonging to the internal wallet
|
||||||
[was fixed](https://github.com/lightningnetwork/lnd/pull/5539)
|
[was fixed](https://github.com/lightningnetwork/lnd/pull/5539).
|
||||||
In other words, freshly-installed LND can now be initailized with multiple
|
In other words, freshly-installed LND can now be initialized with multiple
|
||||||
channels from an external (e.g. hardware) wallet *in a single transaction*.
|
channels from an external (e.g. hardware) wallet *in a single transaction*.
|
||||||
|
|
||||||
## Build System
|
## Build System
|
||||||
@@ -29,10 +39,11 @@
|
|||||||
* [We now _always_ set a channel type if the other party signals the feature
|
* [We now _always_ set a channel type if the other party signals the feature
|
||||||
bit](https://github.com/lightningnetwork/lnd/pull/6075).
|
bit](https://github.com/lightningnetwork/lnd/pull/6075).
|
||||||
|
|
||||||
* [Add json flag to
|
* [Add `--json` flag to
|
||||||
trackpayment](https://github.com/lightningnetwork/lnd/pull/6060)
|
`trackpayment`](https://github.com/lightningnetwork/lnd/pull/6060).
|
||||||
|
|
||||||
* [Clarify invalid config timeout
|
* [Clarify invalid config timeout
|
||||||
constraints](https://github.com/lightningnetwork/lnd/pull/6073)
|
constraints](https://github.com/lightningnetwork/lnd/pull/6073).
|
||||||
|
|
||||||
* [Fix memory corruption in Mission Control
|
* [Fix memory corruption in Mission Control
|
||||||
Store](https://github.com/lightningnetwork/lnd/pull/6068)
|
Store](https://github.com/lightningnetwork/lnd/pull/6068)
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ the **private** keys.
|
|||||||
|
|
||||||
The advantage of such a setup is that the `lnd` instance containing the private
|
The advantage of such a setup is that the `lnd` instance containing the private
|
||||||
keys (the "signer") can be completely offline except for a single inbound gRPC
|
keys (the "signer") can be completely offline except for a single inbound gRPC
|
||||||
connection and the outbound connection to `bitcoind` (or `btcd` or `neutrino`).
|
connection.
|
||||||
The signer instance can run on a different machine with more tightly locked down
|
The signer instance can run on a different machine with more tightly locked down
|
||||||
network security, optimally only allowing the single gRPC connection from the
|
network security, optimally only allowing the single gRPC connection from the
|
||||||
outside.
|
outside.
|
||||||
@@ -31,40 +31,14 @@ xxx xx
|
|||||||
v | |
|
v | |
|
||||||
+----------------+ gRPC | +----------------+ |
|
+----------------+ gRPC | +----------------+ |
|
||||||
| watch-only lnd +--------------+-->| full seed lnd | |
|
| watch-only lnd +--------------+-->| full seed lnd | |
|
||||||
+-------+--------+ | +------+---------+ |
|
+-------+--------+ | +----------------+ |
|
||||||
| | | |
|
| | |
|
||||||
+-------v--------+ | +------v---------+ |
|
+-------v--------+ +----------------------------------+
|
||||||
| bitcoind/btcd | | | bitcoind/btcd | |
|
| bitcoind/btcd |
|
||||||
+----------------+ | +----------------+ |
|
+----------------+
|
||||||
| |
|
|
||||||
+----------------------------------+
|
|
||||||
```
|
```
|
||||||
|
|
||||||
NOTE: Offline in this context means that `lnd` itself does not need to be
|
|
||||||
reachable from the internet and itself doesn't connect out. If the `bitcoind`
|
|
||||||
or other chain backend is indeed running within this same firewall/offline zone
|
|
||||||
then that component will need at least _outbound_ internet access. But it is
|
|
||||||
also possible to use a chain backend that is running outside this zone.
|
|
||||||
|
|
||||||
## Restrictions / limitations
|
|
||||||
|
|
||||||
The current implementation of the remote signing mode comes with a few
|
|
||||||
restrictions and limitations:
|
|
||||||
|
|
||||||
- Both `lnd` instances need a connection to a chain backend:
|
|
||||||
- The type of chain backend (`bitcoind`, `btcd` or `neutrino`) **must**
|
|
||||||
match.
|
|
||||||
- Both instances can point to the same chain backend node, though limits
|
|
||||||
apply with the number of `lnd` instances that can use the same `bitcoind`
|
|
||||||
node over ZMQ.
|
|
||||||
See ["running multiple lnd nodes" in the safety guide](safety.md#running-multiple-lnd-nodes)
|
|
||||||
.
|
|
||||||
- Using a pruned chain backend is not recommended as that increases the
|
|
||||||
chance of the two wallets falling out of sync with each other.
|
|
||||||
- The wallet of the "signer" instance **must not be used** for anything.
|
|
||||||
Especially generating new addresses manually on the "signer" will lead to the
|
|
||||||
two wallets falling out of sync!
|
|
||||||
|
|
||||||
## Example setup
|
## Example setup
|
||||||
|
|
||||||
In this example we are going to set up two nodes, the "signer" that has the full
|
In this example we are going to set up two nodes, the "signer" that has the full
|
||||||
@@ -80,8 +54,8 @@ opened to this node from the host on which the node "watch-only" is running.
|
|||||||
Recommended entries in `lnd.conf`:
|
Recommended entries in `lnd.conf`:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
# No special configuration required other than basic "hardening" parameters to
|
# We apply some basic "hardening" parameters to make sure no connections to the
|
||||||
# make sure no connections to the internet are opened.
|
# internet are opened.
|
||||||
|
|
||||||
[Application Options]
|
[Application Options]
|
||||||
# Don't listen on the p2p port.
|
# Don't listen on the p2p port.
|
||||||
@@ -93,6 +67,19 @@ nobootstrap=true
|
|||||||
# Just an example, this is the port that needs to be opened in the firewall and
|
# Just an example, this is the port that needs to be opened in the firewall and
|
||||||
# reachable from the node "watch-only".
|
# reachable from the node "watch-only".
|
||||||
rpclisten=10019
|
rpclisten=10019
|
||||||
|
|
||||||
|
# The signer node will not look at the chain at all, it only needs to sign
|
||||||
|
# things with the keys contained in its wallet. So we don't need to hook it up
|
||||||
|
# to any chain backend.
|
||||||
|
[bitcoin]
|
||||||
|
# We still need to signal that we're using the Bitcoin chain.
|
||||||
|
bitcoin.active=true
|
||||||
|
|
||||||
|
# And we're making sure mainnet parameters are used.
|
||||||
|
bitcoin.mainnet=true
|
||||||
|
|
||||||
|
# But we aren't using a "real" chain backed but a mocked one.
|
||||||
|
bitcoin.node=nochainbackend
|
||||||
```
|
```
|
||||||
|
|
||||||
After successfully starting up "signer", the following command can be run to
|
After successfully starting up "signer", the following command can be run to
|
||||||
@@ -151,6 +138,21 @@ Input an optional address look-ahead used to scan for used keys (default 2500):
|
|||||||
Alternatively a script can be used for initializing the watch-only wallet
|
Alternatively a script can be used for initializing the watch-only wallet
|
||||||
through the RPC interface as is described in the next section.
|
through the RPC interface as is described in the next section.
|
||||||
|
|
||||||
|
## Migrating an existing setup to remote signing
|
||||||
|
|
||||||
|
It is possible to migrate a node that is currently a standalone, normal node
|
||||||
|
with all private keys in its wallet to a setup that uses remote signing (with
|
||||||
|
a watch-only and a remote signer node).
|
||||||
|
|
||||||
|
To migrate an existing node, follow these steps:
|
||||||
|
1. Create a new "signer" node using the same seed as the existing node,
|
||||||
|
following the steps [mentioned above](#the-signer-node).
|
||||||
|
2. In the configuration of the existing node, add the configuration entries as
|
||||||
|
[shown above](#the-watch-only-node). But instead of creating a new wallet
|
||||||
|
(since one already exists), instruct `lnd` to migrate the existing wallet to
|
||||||
|
a watch-only one (by purging all private key material from it) by adding the
|
||||||
|
`remotesigner.migrate-wallet-to-watch-only=true` configuration entry.
|
||||||
|
|
||||||
## Example initialization script
|
## Example initialization script
|
||||||
|
|
||||||
This section shows an example script that initializes the watch-only wallet of
|
This section shows an example script that initializes the watch-only wallet of
|
||||||
|
|||||||
Reference in New Issue
Block a user