List channel peers rpc #2

Changelog-None

It's still deprecated: we need the description since 1. This information is useful for any validation we want to do, such as the HSM, or runes. 2. We want this information in listpays so we can tell what we actually paid. 3. In general, we should never sign commitments to things we don't have! I expect to have this information about payments *whatever the frontend* is, which is why we deprecated (and then removed) this unintended use. The spec is pretty clear on this: BOLT ElementsProject#11: ``` A reader: ... - MUST check that the SHA2 256-bit hash in the `h` field exactly matches the hashed description. ``` However, neither BTCPayServer nor lnbits updated despite the long deprecation period, so revert 2afe7a1. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

Added clarification for sums signing, file ownership, and pyln publishing as well as a reminder to update pyln version for the release. Changelog-None

This reintroduce lnprototest after 2 releases, there was a lot of breaking around it and this will patch them (most of them)! However, there are some issue related to channel opening and closing that need some additional love and are disabled for now, but I think it is good to introduce lnprototest now again in the CI, to be able to stress the fix for now and see if there are other problem around. I will take care of it! Changelog-None Signed-off-by: Vincenzo Palazzo <[email protected]>

Makes it easier when we remove support for a version. Signed-off-by: Rusty Russell <[email protected]>

We promised two versions after v0.12, and here we are. Signed-off-by: Rusty Russell <[email protected]>

…quietly. Signed-off-by: Rusty Russell <[email protected]> Changelog-Removed: JSON-RPC: `checkmessage` now always returns an error when the pubkey is not specified and it is unknown in the network graph (deprecated v0.12.0)

Changelog-Removed: JSON-RPC: `listpeers`.`local_msat` and `listpeers`.`remote_msat` (deprecated v0.12.0) Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]> Changelog-Removed: JSON-RPC: all the non-msat-named millisatoshi fields deprecated in v0.12.0.

Signed-off-by: Rusty Russell <[email protected]> Changelog-Removed: JSON-RPC: the "msat" suffix on millisatoshi fields, as deprecated in v0.12.0.

Now there's no compat variant, we can rename this function. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]> Changelog-Removed: JSON-RPC: require the `"jsonrpc": "2.0"` property (requests without this deprecated in v0.10.2).

It seems that bitcoind frequently dies on this test. I assume running the multiple nodes under valgrind with the extra 214 blocks is too memory-hungry? Signed-off-by: Rusty Russell <[email protected]>

When plugins receive a "shutdown" notification, then can call this method which will shutdown `cln_plugin`. Then they can await `plugin.join()` and do any remaining cleanup there. This helps avoid a pain-point where plugin authors need to handle 2 separate plugin shutdown mechanisms ElementsProject#6040

Signed-off-by: Vincenzo Palazzo <[email protected]>

@aaronbarnardsound

While the user trying to fetch an invoice by specifing the quantity we do not work as expected. Running the command ``` lightning-cli fetchinvoice -k offer='lno1qgsqvgnwgcg35z6ee2h3yczraddm72xrfua9uve2rlrm9deu7xyfzrcgqffqszsk2p6hycmgv9ek2grpyphxjcm9ypmkjer8v46pyzmhd9jxwet5wvhxxmmdzsqs593pq0ylsvakdua5h976f4g3eautgjt3udvtyga47eaw7339sjrhpwpwz' quantity=2 ``` and we answer back with ```json { "code": -32602, "message": "quantity parameter required" } ``` This is caused because we forget to bind the `quanity` field from the RPC into the `invrequest`. Reported-by: @aaronbarnardsound Link: ElementsProject#6089 Signed-off-by: Vincenzo Palazzo <[email protected]> Changelog-EXPERIMENTAL: fetchinvoice: fix: do not ignore the `quantity` field into the invreq field.

Changelog-Added: JSON-RPC: `listfunds` now has a `channel_id` field.

This changes connectd to use `status_fail()` on TOR problems during statup instead of `err()`. Using `err()` did not write to the logfile. To find out TOR problems during startup, the user needed to stop the system daemon and call `lightningd` manually in console to see the error. `status_fail()` logs and exits, but also prints a whole stacktrace, which is a bit too much imho on config errors. But currently there is no `status_SOMETHING` method that logs, prints and exists on an error without stacktrace. Changelog-None

This seems to be getting stuck in CI, so make sure we time out if it happens. Signed-off-by: Rusty Russell <[email protected]>

We would sleep for 10msec (default) and try again, spamming the logs every second. But we're waiting for revoke_and_ack, and that handler already sets off the timer, so there's no need to spin at all! Fixes: ElementsProject#6077 Changelog-Fixed: `channeld`: no longer spin and spam logs when waiting for revoke_and_ack. Signed-off-by: Rusty Russell <[email protected]>

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.2.2 to 2.2.3. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.2.2...2.2.3) --- updated-dependencies: - dependency-name: werkzeug dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

We were handing 3 to hsmd (and Ken added that in 7b2c561, so I guess he's OK with that being the minimum supported version!). Signed-off-by: Rusty Russell <[email protected]>

Importantly, adds the version number at the *front* to help future parsing. Signed-off-by: Rusty Russell <[email protected]> Header from folded patch 'fix-hsm-check-pubkey.patch': fixup! hsmd: capability addition: ability to check pubkeys.

Signed-off-by: Rusty Russell <[email protected]>

It's needed as the db and wallet is being set up (db migrations), so it's simpler this way to always use ld->bip32_base for the next patch. Signed-off-by: Rusty Russell <[email protected]>

At the moment only lightingd needs it, and this avoids missing any places where we do bip32 derivation. This uses a hsm capability to mean we're backwards compatible with older hsmds. Signed-off-by: Rusty Russell <[email protected]> Changelog-Added: Protocol: we now always double-check bitcoin addresses are correct (no memory errors!) before issuing them.

`struct lightningd` is not completely initialized, so we added a "migration_context" which only had some of the fields. But we ended up handing in `struct lightningd` anyway, so I don't think this complexity is worthwhile. Signed-off-by: Rusty Russell <[email protected]>

If the fuzzer passes an empty data buffer, the fuzz target currently attempts to read from it. We should short-circuit instead.

The issue is that common_setup() wasn't called by the fuzz target, leaving secp256k1_ctx as NULL. UBSan error: $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" \ ./fuzz-channel_id crash-1575b41ef09e62e4c09c165e6dc037a110b113f2 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1153355603 INFO: Loaded 1 modules (25915 inline 8-bit counters): 25915 [0x563bae7ac3a8, 0x563bae7b28e3), INFO: Loaded 1 PC tables (25915 PCs): 25915 [0x563bae7b28e8,0x563bae817c98), ./fuzz-channel_id: Running 1 inputs 1 time(s) each. Running: crash-1575b41ef09e62e4c09c165e6dc037a110b113f2 bitcoin/pubkey.c:22:33: runtime error: null pointer passed as argument 1, which is declared to never be null external/libwally-core/src/secp256k1/include/secp256k1.h:373:3: note: nonnull attribute specified here #0 0x563bae41e3db in pubkey_from_der bitcoin/pubkey.c:19:7 ElementsProject#1 0x563bae4205e0 in fromwire_pubkey bitcoin/pubkey.c:111:7 ElementsProject#2 0x563bae46437c in run tests/fuzz/fuzz-channel_id.c:42:3 ElementsProject#3 0x563bae2f6016 in LLVMFuzzerTestOneInput tests/fuzz/libfuzz.c:23:2 ElementsProject#4 0x563bae20a450 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) ElementsProject#5 0x563bae1f4c3f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) ElementsProject#6 0x563bae1fa6e6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) ElementsProject#7 0x563bae223052 in main (tests/fuzz/fuzz-channel_id+0x181052) (BuildId: f7f56e14ffc06df54ab732d79ea922e773de1f25) ElementsProject#8 0x7fa7fa113082 in __libc_start_main ElementsProject#9 0x563bae1efbdd in _start SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior bitcoin/pubkey.c:22:33 in

Which gets libwally upset post-update to 0.8.8

Libwally update breaks compatibility, so we do this in one large step. Changelog-Changed: JSON-RPC: elements network PSET now only supports PSETv2. Changelog-Added: JSON-RPC: PSBTv2 supported for fundchannel_complete, openchannel_update, reserveinputs, sendpsbt, signpsbt, withdraw and unreserveinputs parameter psbt, openchannel_init and openchannel_bump parameter initialpsbt, openchannel_signed parameter signed_psbt and utxopsbt parameter utxopsbt

PSBTv2 support is quite low in the ecosystem, so having a call to convert log messages and the like should be useful since they'll often be in v2. Changelog-Added: Added setpsbtversion RPC to aid debugging and compatibility

@theborakompanioni

Also, fix the case where we didn't use --network with EXPOSE_TCP, as reported by @theborakompanioni: ``` I get Wrong network! Our Bitcoin backend is running on 'regtest', but we expect 'main'. with LIGHTNINGD_NETWORK := regtest when param --network is not provided. ``` Signed-off-by: Rusty Russell <[email protected]>

@denis2342

While we are cleaning up the list forwards with the autoclean plugin we are not taking into count the forward's payments with the status set to `local_failed`. In this case, the forwards have no resolved time because it was not resolved by us due to some local error. So, this commit is fixing the auto clean plugin by allowing to delete of the forwards with status set to local_failed by taking into count the received_time, with the assumption that the received_time, in this case, is equal to the resolved time (?) Reported-by: @denis2342 Link: ElementsProject#6058 Signed-off-by: Vincenzo Palazzo <[email protected]> Changelog-Fixed: plugin: autoclean: considerer the forwards with status set to `local_failed`.

@denis2342

Fixes ElementsProject#6064 Reported-by: denis2342 <@denis2342> Changelog-Changed: grpc: The mTLS private keys are no longer group-readable

We should rather hand the annotation through to the user code, and warn there.

We actually have an assertion that there are no channels remaining when we delete peers, so this is confusing! Actually removing the constraint is db-specific and deeply non-trivial. Signed-off-by: Rusty Russell <[email protected]>

This relaxes the assertion that it won't be used, and renames the function to be clear. Signed-off-by: Rusty Russell <[email protected]>

…se channel. Signed-off-by: Rusty Russell <[email protected]>

We used to have a text version, so this was named 'scid'. Fix it now. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

We don't cover three common patterns: 1. Optional integers (db_col_u64 has different form from structs) 2. Optional strings. 3. Optional array fields. But it does neaten and reduce the scope for cut&paste errors in the common "if not-NULL, tal and assign". Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

This doesn't restore every bit of information we have, but it does contain the important ones. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

i.e. recurse properly in SQL generation. This is about to happen. Signed-off-by: Rusty Russell <[email protected]>

We didn't handle the case of an array inside a subobject. But that happens when we add the next commit! Signed-off-by: Rusty Russell <[email protected]>

Changelog-Added: JSON-RPC: `listpeerchannels` now has `channel_type` field. Signed-off-by: Rusty Russell <[email protected]>

Changelog-Added: JSON-RPC: `listclosedchannels` to show old, dead channels we previously had with peers. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]> Changelog-Added: JSON-RPC: `sql` now includes `listclosedchannels`.

We have 3 personas: - Users - Developers - Maintainers The first one basically cover the installation documentation. The latter two are sorted into the "Developer" category, and the reference category serves as a quick lookup for facts on anything CLN related.

Changelog-None

Signed-off-by: Vincenzo Palazzo <[email protected]>

… won't load. Signed-off-by: Rusty Russell <[email protected]>

Should do nothing to normal ones, but fix up old invalids ones. Signed-off-by: Rusty Russell <[email protected]>

In the now-misnamed "last_tx" field. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

In preparation for the listrunes command.

Changelog-Added: Plugins: `commando-listrunes` command to show issued runes.

Does not yet persist the blacklist. Changelog-Added: Plugins: `commando-blacklist` command to disable select runes.

Actually check them when we're going to use a rune.

pubkey_from_hexstr() was failing, which we didn't notice because we weren't checking the return value. The problem was that we were passing it a strlen that was half the actual length. Relevant error: [libsecp256k1] illegal argument: !secp256k1_fe_is_zero(&ge->x) ==417723== ERROR: libFuzzer: deadly signal ElementsProject#7 0x7f5deaacc7fb in abort ElementsProject#8 0x51b0b0 in secp256k1_default_illegal_callback_fn secp256k1.c ElementsProject#9 0x51bd8e in secp256k1_ec_pubkey_serialize ElementsProject#10 0x4e235b in pubkey_to_der bitcoin/pubkey.c:29:7 ElementsProject#11 0x4e2941 in pubkey_cmp bitcoin/pubkey.c:89:2 ElementsProject#12 0x4e333d in bitcoin_redeem_2of2 bitcoin/script.c:144:6 ElementsProject#13 0x4f1396 in run tests/fuzz/fuzz-close_tx.c:78:19

…sanitize=undefined Most importantly, configurator used to use bitshifts on signed integers which -fsanitize=undefined caught. But also, tal played fast and loose with typing and aliases, which was a signficant amount of rework. Signed-off-by: Rusty Russell <[email protected]>

For example, if we use -fsanitize=undefined, we can't do unaligned integer access, but since we didn't test with the sanitizer flags, we didn't know this, and set `HAVE_UNALIGNED_ACCESS=1`. Also, add -fno-sanitize-recover= in developer mode, so we actually fail binaries if something is detected. Signed-off-by: Rusty Russell <[email protected]>

Of course, NULL and length 0 are natural partners, but We Can't Have Nice Things. Signed-off-by: Rusty Russell <[email protected]>

Stupid, stupid C committee. Signed-off-by: Rusty Russell <[email protected]>

With the warning that we were trying to put "inf" into a u64, we can see that this calculation was wrong to use integers! Signed-off-by: Rusty Russell <[email protected]>

It's defined to be nonull: ``` channeld/channeld.c:2381:2: runtime error: null pointer passed as argument 1, which is declared to never be null /usr/include/stdlib.h:856:3: note: nonnull attribute specified here SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior channeld/channeld.c:2381:2 in ``` Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

This method is no longer used in cln nor in the plugins repo. Changelog-None

This can be adapted and used to create test gossip stores. The test is just skipped by design as it would fail on intention.

- moves offset into GossipHeader hdr which is passed to all constuctors - reads .flags as u16 instead of extracting it from the .length, see 0274d88 - adds zombie and ratelimit flag to GossipHeader - bytes_read start at 0 instead of 1 which is more correct, the one byte is then corrected for when setting the offset of new header. - bytes_read is increased in pull_bytes as this is the only place where something is read - use new style for various format-strings

Also caches certain __hash__ and __str__ operations, This way graph operations can be done quicker.

also makes them acessible using bitmask functions

Includes a lot of useful filters and statistical methods. To see a gossip_store summary: ``` s = GossmapStats(g) s.print_stats() ```

Changelog-Added: pyln-client: Improvements on the gossmap implementation

There are cases (difficult to reproduce with a test) where a payment will fail one time and succeed later. As far I understand in this case the groupid field of the payment is the same, and the only thing that change is the status, so our logic inside the delpay is ambiguous where it is not possible to delete a payment as described in ElementsProject#6114 A sequence of commands that explain the problem is ``` $ lc -k listpays payment_hash=H { "pays": [ { "bolt11": "I", "destination": "redacted", "payment_hash": "H", "status": "complete", "created_at": redacted, "completed_at": redacted, "preimage": "P", "amount_msat": "redacted", "amount_sent_msat": "redacted" } ] } $ lc delpay H complete { "code": 211, "message": "Payment with hash H has failed status but it should be complete" } ``` In this case, the delpay is not able to delete a payment because the listpays is returning only the succeeded one, so by running the listsendpays we may see the following result where our delpay logic will be stuck because it works to ensure that all the payments stored in the database has the status specified by the user ``` ➜ VincentSSD clightning --testnet listsendpays -k payment_hash=7fc74bedbb78f2f3330155d919a54e730cf19c11bc73e96c027f5cd4a34e53f4 { "payments": [ { "id": 322, "payment_hash": "7fc74bedbb78f2f3330155d919a54e730cf19c11bc73e96c027f5cd4a34e53f4", "groupid": 1, "partid": 1, "destination": "030b686a163aa2bba03cebb8bab7778fac251536498141df0a436d688352d426f6", "amount_msat": 300, "amount_sent_msat": 1664, "created_at": 1679510203, "completed_at": 1679510205, "status": "failed", "bolt11": "lntb1pjpkj4xsp52trda39rfpe7qtqahx8jjplhnj3tatxy8rh6sc6afgvmdz7n0llspp50lr5hmdm0re0xvcp2hv3nf2wwvx0r8q3h3e7jmqz0awdfg6w206qdp0w3jhxarfdenjqargv5sxgetvwpshjgrzw4njqun9wphhyaqxqyjw5qcqp2rzjqtp28uqy77te96ylt7ek703h4ayldljsf8rnlztgf3p8mg7pd0qzwf8a3yqqpdqqqyqqqqt2qqqqqqgqqc9qxpqysgqgeya2lguaj6sflc4hx2d89jvah8mw9uax4j77d8rzkut3rkm0554x37fc7gy92ws9l76yprdva2lalrs7fqjp9lcx40zuty8gca0g5spme3dup" }, { "id": 323, "payment_hash": "7fc74bedbb78f2f3330155d919a54e730cf19c11bc73e96c027f5cd4a34e53f4", "groupid": 1, "partid": 2, "destination": "030b686a163aa2bba03cebb8bab7778fac251536498141df0a436d688352d426f6", "amount_msat": 300, "amount_sent_msat": 3663, "created_at": 1679510205, "completed_at": 1679510207, "status": "failed" }, { "id": 324, "payment_hash": "7fc74bedbb78f2f3330155d919a54e730cf19c11bc73e96c027f5cd4a34e53f4", "groupid": 1, "partid": 3, "destination": "030b686a163aa2bba03cebb8bab7778fac251536498141df0a436d688352d426f6", "amount_msat": 300, "amount_sent_msat": 3663, "created_at": 1679510207, "completed_at": 1679510209, "status": "failed" }, { "id": 325, "payment_hash": "7fc74bedbb78f2f3330155d919a54e730cf19c11bc73e96c027f5cd4a34e53f4", "groupid": 1, "partid": 4, "destination": "030b686a163aa2bba03cebb8bab7778fac251536498141df0a436d688352d426f6", "amount_msat": 300, "amount_sent_msat": 4663, "created_at": 1679510209, "completed_at": 1679510221, "status": "complete", "payment_preimage": "43f746f2d28d4902489cbde9b3b8f3d04db5db7e973f8a55b7229ce774bf33a7" } ] } ``` This commit solves the problem by forcing the delete query in the database to specify status too, and work around this kind of ambiguous case. Fixes: f52ff07 (lightningd: allow delpay to delete a specific payment.) Reported-by: Antoine Poinsot <[email protected]> Link: ElementsProject#6114 Signed-off-by: Vincenzo Palazzo <[email protected]> Co-Developed-by: Rusty Russell <[email protected]> Changelog-Fixed: delpay be more pedantic about delete logic by allowing delete payments by status directly on the database.

Signed-off-by: Rusty Russell <[email protected]>

[Cleaned up a little to avoid the case where both sides race to reconnect --RR ]

We always call channel_fail_transient() on all channels when a peer connects, to clean up any previous connections. However, when we startup, this channel doesn't have an owner yet, resulting in a fairly weird INFO level message. Reported-by: Michael Schmook @mschmook Signed-off-by: Rusty Russell <[email protected]> Changelog-Fixed: `lightningd`: don't log gratuitous "Peer transient failure" message on first connection after restart.

It was once only called on failure, now it's always called (if set). It was called different things in different places, so unify it. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

We'll use this to do RBF. Signed-off-by: Rusty Russell <[email protected]>

We can add the htable to the memleak detection, and we already do this for the watches. Signed-off-by: Rusty Russell <[email protected]>

Fun story. We're changing onchaind to hand txs to us, and we will construct them and do the broadcast for it. lightningd tells onchaind the witness it used (with flags to indicate which fields were signatures so should be ignored) so onchaind can recognize the tx when/if it is mined. And when onchaind was waiting for a CLTV delay, it wouldn't tell lightningd yet, but wait until the parent was sufficiently deep But this caused bugs! In particular, on replay, onchaind would see transactions which it hasn't sent yet. This was not a problem before, as onchaind had created the tx, even if it hadn't told lightningd to broadcast it, so recognized the variant when it came in. When we're relying on lightningd to tell us what the tx will look like, this doesn't work any more. The cause of this is that we fire off txowatches ("this output was spent!") while we process blocks, and only fire off txwatches ("this tx increased depth") once all the current blocks are processed. Often this didn't matter, since we replay messages to onchaind from the database, *but* we trim the last few blocks on restart (or, if there's a small reorg while we're stopped), and we can hit this misordering. Changing our topology code to only ever process one block at a time would be a solution, but slows down catchup (and tests, where we often mine a run of blocks). So, this seems like a premature optimization, but it's really required! And in future, lightningd can use this knowledge of pending transactions to combine them in more clever ways. Note that if a tx is valid at block N, we broadcast it once we see block N-1, to get it in the mempool for block N. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

…haind. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

We need to actually steal it onto requested context in this case! Signed-off-by: Rusty Russell <[email protected]>

We only do this in one place now, but we're going to add another. Also, make queued messages const. Signed-off-by: Rusty Russell <[email protected]>

Firstly, amount should not be `static`, so use a separate line to declare those (fee is static, as it's cached across calls). Secondly, new_tracked_output doesn't take(), it copies. Signed-off-by: Rusty Russell <[email protected]>

Fixes: ElementsProject#4473 Signed-off-by: Rusty Russell <[email protected]> Changelog-Fixed: wallet: we no longer make txs below minrelaytxfee or mempoolminfee.

This would have caught the missing man page change! Signed-off-by: Rusty Russell <[email protected]>

CI seems to block; Christian suggests the throttler may be to blame somehow? Since trying to fix it made it worse, let's just remove it. Signed-off-by: Rusty Russell <[email protected]>

@rustyrussell

Reported-By: @rustyrussell Changelog-Fixed: Plugins: `bookkeeper` onchain fees calculation was incorrect with PostgresQL.

I couldn't figure out why my new SQL query was returning 0 rows, and it was because we were ignoring errors. Signed-off-by: Rusty Russell <[email protected]>

It calls db_fatal() if it fails anyway, so don't expect anyone to check. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

The patching system allows us to enrich the raw schema with some additional information. In this specific case we want to backfill the `added` and `deprecated` fields for the multiversion support.

This patch annotates the fields with a new `optional` attribute which determines whether the field should be considered an inferred optional due to being added or deprecated.

Changelog-Changed: msggen: The generated interfaces `cln-rpc` anc `cln-grpc` can now work with a range of versions rather than having to match the CLN version

This is a visitor that ensures every new field has at least an `added` field, and that we don't change the `added` or `deprecated` annotation after the fact.

Broken in master, perhaps due to rebase? Signed-off-by: Rusty Russell <[email protected]>

In CI we see crashes in this case: ``` lightningd: lightningd/connect_control.c:734: void connectd_activate(struct lightningd *): Assertion `ret == ld->connectd' failed. ``` Signed-off-by: Rusty Russell <[email protected]>

Importantly, the code in jsonrpc.c which actually does the io_break: ``` /* Once the stop_conn conn is drained, we can shut down. */ if (jcon->ld->stop_conn == conn && jcon->ld->state == LD_STATE_RUNNING) { /* Return us to toplevel lightningd.c */ log_debug(jcon->ld->log, "io_break: %s", __func__); io_break(jcon->ld); ``` By having the state not set until later, we avoid running this. Of course, we need to avoid calling the main loop when we get there, if we've already been told to shutdown. Signed-off-by: Rusty Russell <[email protected]>

We previously used WIRE_HSMD_SIGN_DELAYED_PAYMENT_TO_US, WIRE_HSMD_SIGN_REMOTE_HTLC_TO_US, WIRE_HSMD_SIGN_PENALTY_TO_US and WIRE_HSMD_SIGN_LOCAL_HTLC_TX which allow onchaind to sign txs, but only for its specific channel. We now want lightningd to sign these, but it's not bound to a specific channel. So let's add variants that don't require that. We are also now explicit about *what input* to sign. It's always zero for now, but future combinations may change that. Signed-off-by: Rusty Russell <[email protected]>

We add code for the case of spending a (timelocked) to-us output of an HTLC output, so lightningd can do it (rather than onchaind doing all the work itself). onchaind still needs to know whether we bothered to create the tx (fees might have caused it to evaporate, so it should consider it immediately resolved rather than waiting for it), and what the witnesses were, and which parts of the witnesses were signatures (as these parts might change, with RBF or in future, combining other txs). The inputs (known to onchaind) and the witnesses (told by lightningd) uniquely identify the spend for the purposes of onchaind. In particular, they definitely distinguish HTLC-timeout and HTLC-success cases. Signed-off-by: Rusty Russell <[email protected]>

Since we do both our own internal handling and handing it to lightningd, we add to `proposed_resolution` to handle the lightningd case. Note, in particular, that we fix the blockheight calculation: it's out by one, in that if we see a tx and our CSV lock is 5, we only need to wait 4 more blocks, not 5. This will matter as we start using it, and convert the tests. Signed-off-by: Rusty Russell <[email protected]>

…haind uses lightningd for broadcast. We can no longer grab the tx in one line as we did with wait_for_onchaind_broadcast, we need to track the broadcast from lightningd. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

This follows the same pattern as the "spend htlc tx" in fact. Signed-off-by: Rusty Russell <[email protected]>

We'll use this later to calculate deadlines for spending txs. Signed-off-by: Rusty Russell <[email protected]>

We'll reimplement it once lightningd makes all the onchain txs. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

We'll want this, as lightningd will want to produce htlc txs based on what it's told from onchaind, so we need a lower-level accessor. Signed-off-by: Rusty Russell <[email protected]>

…ons. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

…ons. This breaks tests/test_closing.py::test_onchain_all_dust's accouting checks. That test doesn't really test what it claims to test; sure, onchaind *says* it's going to ignore the output due to high fees, but the tx still gets mined. I cannot figure out what the test is supposed to look like, so I simply disabled the accounting checks :( Signed-off-by: Rusty Russell <[email protected]>

This is when they closed the channel, we can simply make our own tx to expire the HTLC. (The other case is where we closed the channel, and we have a special htlc_timeout tx which we have their signature for). Signed-off-by: Rusty Russell <[email protected]>

…aind_broadcast Using single tuples in Python is ugly, so: 1. Rename wait_for_onchaind_tx to wait_for_onchaind_txs. 2. Make it take tuples explicitly. 3. Make wait_for_onchaind_tx a simpler wrapper/unwrapper. Signed-off-by: Rusty Russell <[email protected]>

We do this for HTLCs which will timeout to them: we watch them in case we want to fulfill them as a preimage comes in, but once they reach depth we can forget about them. We change the message, which causes some more test churn. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

Inside our integration testing we get another timeout, so this commit adds a timeout to the waitpay command to avoid waiting forever. Signed-off-by: Vincenzo Palazzo <[email protected]>

It's in the main bolt, so remove qualifies from the bolt quote so they are checked. Signed-off-by: Rusty Russell <[email protected]>

Too much context, it didn't apply if you try to rebuild from source! Signed-off-by: Rusty Russell <[email protected]>

"BOLT 4: Remove legacy format, make var_onion_optin compulsory." This also renamed the redundant "tlv_payload" to "payload", so we replace "tlv_tlv_payload" with "tlv_payload" everyhere! Signed-off-by: Rusty Russell <[email protected]>

"Allow nodes to overshoot the MPP `total_msat` when paying (ElementsProject#1031)" Signed-off-by: Rusty Russell <[email protected]> Changelog-Changed: Protocol: Allow slight overpaying, even with MPP, as spec now recommends.

"Allow nodes to overshoot final htlc amount and expiry (ElementsProject#1032)" Note that this also renamed `min_final_cltv_expiry` to the more-correct `min_final_cltv_expiry_delta`. Signed-off-by: Rusty Russell <[email protected]>

"BOLT 04: remove associated data from test vector" (We actually use merge point). Signed-off-by: Rusty Russell <[email protected]>

"BOLT 03: fix static-remote same amt and pre-image test vector" Signed-off-by: Rusty Russell <[email protected]>

In particular: - Bolt 4: add route blinding construction - Bolt 4: add blinded payments And this means it's not experimental, so we can turn it on by default! Signed-off-by: Rusty Russell <[email protected]> Changelog-Added: Protocol: blinded payments are now supported by default (not just with `--experimental-onion-messages`)

This is for VLS, which doesn't implement signing for the non-standard recurrence fields. Signed-off-by: Rusty Russell <[email protected]>

They prefer Paths to be explicitly cast as strings

@cdecker

This should have been added earlier as @cdecker suggested, but is needed to enable CI testing. Changelog-Changed: Reckless - added support for networks beyond bitocoin and regtest

This will be used during CI testing in the following commit.

A canned lightningd/plugins is used to test against. This allows faster and more deterministic outcomes. Changelog-None

These corpora were generated with default libFuzzer flags with 30+ hours of CPU time, and then minimized with: ./fuzz-TARGET -merge=1 -shuffle=0 -prefer_small=1 -use_value_profile=1 corpora/fuzz-TARGET UNMINIMIZED_CORPUS

The following arguments were copied from Bitcoin Core's corpus merging script https://github.com/bitcoin/bitcoin/blob/master/test/fuzz/test_runner.py: -shuffle=0 -prefer_small=1 -use_value_profile=1

The script runs each fuzz target on its seed corpus and prints any failures.

The target builds and runs each fuzz target on its seed corpus.

We want to encourage contributions to the seed corpora that improve coverage.

Adding a new field with `added` fails: ``` AssertionError: Field Feerates.perkb.estimates[] does not have an `added` annotation ``` Looks like this assertion is wrong: we should get an added from the field itself or from the .msggen.json file. Signed-off-by: Rusty Russell <[email protected]>

Turns out the two bcli replacements I checked (`sauron` and `trustedcoin`) don't even implement this, and the multiplier makes more sense in lightningd, especially as we move to bcli just providing raw feerate estimates. Signed-off-by: Rusty Russell <[email protected]>

We have tal_arr_remove and tal_arr_append already. Signed-off-by: Rusty Russell <[email protected]>

Since we're messing with feerates, it's good to test this directly upfront. Also, fix documentation! Signed-off-by: Rusty Russell <[email protected]>

We have the FEERATE_FLOOR constant if you don't care, but usually you want to use the current bitcoind lower limit, so call get_feerate_floor() (which is currently the same, but coming!). Signed-off-by: Rusty Russell <[email protected]>

Rather than have specific-purpose levels, have an array of [blockcount, feerate], and rebuild the specific-purpose levels for now on top. We also keep a *separate* smoothed feerate, so you can ask for that explicitly. Since all the plugins used the same formula to derive the different named fee levels, we apply the reverse to return to the underlying estimates: updating the interface comes next. This is ugly for now, but various specific-purpose levels will be going away, as we shift to deadline-driven fees. This temporarily breaks the floor calculation, so that test is disabled. Signed-off-by: Rusty Russell <[email protected]>

Drop try_get_feerate() in favor of explicit feerate_for_deadline() and smoothed_feerate_for_deadline(). This shows us everywhere we deal with old-style feerates by names. `delayed_to_us` and `htlc_resolution` will be moving to dynamic fees, so deprecate those. Note that "penalty" is still used for generating penalty txs for watchtowers, and "unilateral_close" still used until we get zero-fee anchors. Changelog-Added: JSON-RPC: `feerates` `estimates` array shows fee estimates by blockcount from underlying plugin (usually *bcli*). Changelog-Changed: JSON-RPC: `close`, `fundchannel`, `fundpsbt`, `multifundchannel`, `multiwithdraw`, `txprepare`, `upgradewallet`, `withdraw` `feerate` (`feerange` for `close`) value *slow* is now 100 block-estimate, not half of 100-block estimate. Changelog-Deprecated: JSON-RPC: `close`, `fundchannel`, `fundpsbt`, `multifundchannel`, `multiwithdraw`, `txprepare`, `upgradewallet`, `withdraw` `feerate` (`feerange` for `close`) expressed as, "delayed_to_us", "htlc_resolution", "max_acceptable" or "min_acceptable". Use explicit block counts or *slow*/*normal*/*urgent*/*minimum*. Signed-off-by: Rusty Russell <[email protected]>

And consolidate descriptions into lightning-feerates(). Signed-off-by: Rusty Russell <[email protected]> Changelog-Added: JSON-RPC: `close`, `fundchannel`, `fundpsbt`, `multifundchannel`, `multiwithdraw`, `txprepare`, `upgradewallet`, `withdraw` now allow "minimum" and NN"blocks" as `feerate` (`feerange` for `close`).

…meters. Changelog-Added: Plugins: `estimatefees` can return explicit `fee_floor` and `feerates` by block number. Signed-off-by: Rusty Russell <[email protected]>

Fixes: ElementsProject#4473 Changelog-Deprecated: Plugins: `estimatefees` returning feerates by name (e.g. "opening"); use `fee_floor` and `feerates`. Changelog-Fixed: Plugins: `bcli` now tells us the minimal possible feerate, such as with mempool congestion, rather than assuming 1 sat/vbyte.

…will accept Changelog-Added: JSON-RPC: `feerates`: added `floor` field for current minimum feerate bitcoind will accept Signed-off-by: Rusty Russell <[email protected]>

Splitting into onchaind_tx() into onchaind_tx_unsigned() and sign_and_get_witness() makes it easier to reuse for RBF. Adding more information in onchain_signing_info is required too. Signed-off-by: Rusty Russell <[email protected]>

We would only set it the first time, which was OK for how we were using it before. Now we want to also set it for rebroadcast. Signed-off-by: Rusty Russell <[email protected]>

We also do it on every block, but since bitcoind can't always be counted to rebroadcast for us, we might as well be aggressive! Signed-off-by: Rusty Russell <[email protected]>

Now we've set everything up, the replacement code is quite simple. Some tests now have to deal with RBF though, and our rbf tests need work since they look for the old onchaind messages. In particular, when we can't afford the fee we want, we back off to the next blockcount estimate, rather than spending all on fees (necessarily). So test_penalty_rbf_burn no longer applies. Changelog-Changed: Protocol: spending unilateral close transactions now use dynamic fees based on deadlines (and RBF), instead of fixed fees. Signed-off-by: Rusty Russell <[email protected]>

@ShahanaFarooqui

Most of this is piping the flag through so we know it's a websocket! Reported-by: @ShahanaFarooqui Signed-off-by: Rusty Russell <[email protected]>

But not if we're a developer using dev_disconnect, which substitutes the fd. Signed-off-by: Rusty Russell <[email protected]>

We accept that we will fail to listen if we bind both IPv6 and IPv4 to the same socket on a dual-stack machine (e.g. normal Linux), but we weren't closing the fd. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

Commonalizes a small piece of code. Signed-off-by: Rusty Russell <[email protected]>

Happens more than I expected! Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

1. anchor_to_remote_redeem => bitcoin_wscript_to_remote_anchored, which matches other witness script producing functions and makes it clear that it's a to_remote variant. 2. is_anchor_witness_script => is_to_remote_anchored_witness_script makes it clear that it's about a to_remote output (as altered when anchors are enabled) not an anchor output! Signed-off-by: Rusty Russell <[email protected]>

…is too low. Signed-off-by: Rusty Russell <[email protected]>

This was confusing! We reported every second one. Signed-off-by: Rusty Russell <[email protected]>

Signed-off-by: Rusty Russell <[email protected]>

It will append inputs to this PSBT instead of allocating a new one. Signed-off-by: Rusty Russell <[email protected]>

I tested this indeed breaks if we don't accept it, then implemented the code to accept it. Signed-off-by: Rusty Russell <[email protected]> Changelog-Fixed: protocol: We now correctly accept the `option_scid_alias` bit in `open_channel` `channel_type`. Changelog-Deprecated: protocol: Not setting `option_scid_alias` in `option_channel` `channel_type` for unannounced channels.

… really zeroconf. Signed-off-by: Rusty Russell <[email protected]> Changelog-Fixed: Protocol: we will upfront reject channel_open which asks for a zeroconf channel unless we are going to do a zerconf channel.

This was always the intent, but now we have to reconstruct from the disparate fields. This means `option_anchor_outputs` is now redundant. Signed-off-by: Rusty Russell <[email protected]>

…ons. Signed-off-by: Rusty Russell <[email protected]>

Fixes ElementsProject#6143 Changelog-Fixed: clnrs: Fixed an issue converting routehints in keysend

We were debugging a number of issues related to the forwarding logic, when using public scids on private channels, and we noticed that we are very verbose everywhere, except where it counts, i.e., what decisions are being taken. So we add a couple of debug logs, and a final info one that tells the operator which resolution was chosen in the end.

1. Rename get_hsm_secret to get_unencrypted_hsm_secret. 2. Create a common helper for fetching full file contents. 3. Create new routine to decrypt if necessary: get_hsm_secret(). Signed-off-by: Rusty Russell <[email protected]>

This way we always call it (we weren't for some paths!). Signed-off-by: Rusty Russell <[email protected]>

You still need to actually make a rune when lightningd starts, as commando (for safety) won't work unless you actually generate a rune (that it knows of!). Signed-off-by: Rusty Russell <[email protected]> Changelog-Added: hsmtool: `makerune` command to make a master rune for a node.

mempool.info gives sat/vB, which is 1000 too low for us! See-also: ElementsProject#6161 (complains setting feerate to 5 doesn't work) See-also: ElementsProject#6129 Suggested-by: @lightingorb Signed-off-by: Rusty Russell <[email protected]>

…-block. Turns out this was accidentally changed for v0.10.1 in d8e6889 where we made fee levels less aggressive. Oops. I guess we can fix the docs. And we now have "2blocks" if you want it really fast! Closes: ElementsProject#6129 Changelog-Fixed: JSON-RPC: `feerates` document correctly that urgent means 6 blocks (not 2), and give better feerate examples. Signed-off-by: Rusty Russell <[email protected]>

There are several benefits of doing this: - prevent fuzz target bit rot - more test coverage in CI - greater visibility of fuzz tests, encouraging contributions to the seed corpus and tests themselves

@chrisguida

MacOS in particular doesn't like this! Reported-by: @chrisguida Fixes: ElementsProject#6171 Signed-off-by: Rusty Russell <[email protected]>

@chrisguida

Reported-by: @chrisguida Signed-off-by: Rusty Russell <[email protected]>

This finally happened on my test box; tests simply stopped. Turns out we were spinning here, with waitpid returning -1. Since this is during shutdown, that also explains why pytest under CI would hang, since timeouts don't apply during test teardown! Signed-off-by: Rusty Russell <[email protected]>

We need to wait until we're sure bcli has handed results to lightningd: ``` > assert feerates['perkw']['mutual_close'] == 5000 E assert 6250 == 5000 tests/test_misc.py:1617: AssertionError ``` Signed-off-by: Rusty Russell <[email protected]>

This test makes l2 save db, make a payment, then rollback. *Sometimes* under CI (but not here) we don't shutdown fast enough after the payment, so the moves.json from the coin_movements.py records it. Sure enough, the result is the node ends up with a -10000msat balance. Validated by putting a time.sleep(5) between: ``` l2.rpc.pay(inv['bolt11']) import time time.sleep(5) # stop both nodes, roll back l2's database ``` The answer, of course, is to save and rollback *both* the db and moves.json file. Here's the error: ``` def test_penalty_htlc_tx_timeout(node_factory, bitcoind, chainparams): ... assert account_balance(l3, channel_id) == 0 > assert account_balance(l2, channel_id) == 0 tests/test_closing.py:1527: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/utils.py:184: in account_balance m_sum -= Millisatoshi(m['debit_msat']) contrib/pyln-client/pyln/client/lightning.py:197: in __sub__ return Millisatoshi(int(self) - int(other)) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = -10000msat, v = -10000 ... if self.millisatoshis < 0: > raise ValueError("Millisatoshi must be >= 0") E ValueError: Millisatoshi must be >= 0 contrib/pyln-client/pyln/client/lightning.py:82: ValueError ``` Signed-off-by: Rusty Russell <[email protected]>

We were in fact feeding l1 its own gossip, which it doesn't ratelimit (this was a bit fuzzy before, but definitely is the case now!). So make this node actually l3, so we test what we expected to test. Signed-off-by: Rusty Russell <[email protected]>

This was previously the role of connectd, but it's actually more efficient for us to do it: connectd has to sweep through the entire gossip_store, but we have datastructures for this already. Signed-off-by: Rusty Russell <[email protected]>

Probably not required, but nice to have. Signed-off-by: Rusty Russell <[email protected]>

@whitslack

This removes the sweep logic as soon as they connect. This should save connectd a significant number of CPU cycles and make @whitslack finally stop hitting me. Changelog-Changed: `connectd` no longer sweeps gossip_store file when peer connects, saving CPU for large nodes. Signed-off-by: Rusty Russell <[email protected]>

This implements the proposal to simply use timestamp as "all", "none" or "stream". There's also a rough spec draft which I will post soon. This *also* removes the last place where we would sometimes sweep the entire gossip_store looking for their given timestamps. We could also get rid of the actual timestamp filtering logic in gossip_store_next if we want to, as it's now basically unused. Changelog-Changed: Protocol: Simplify gossip_timestamp_filter handling to "all", "none" or "recent" instead of exact timestamp. Signed-off-by: Rusty Russell <[email protected]>

This is now handled by gossipd on initial connection to peer.

The push bit was convenient for connectd to send our own gossip to peers upon connecting by naively traversing the gossip_store and sending anything flagged `push`. This function is now performed by gossipd leaving no use for the push bit. Changelog-Changed: `gossipd`: gossip_store PUSH bit is no longer set.

This was pointed out by Daywalker [1]: we are synchronously processing events from `lightningd` which means that if processing one of the hooks or requests was slow or delayed, we would not get notifications, hooks, or RPC requests, massively impacting the flexbility. This highlights the issue with a failing test (it times out), and in the next commit we will isolate event processing into their own task, so to free the event loop from having to wait for an eventual response. [1] https://community.corelightning.org/c/developers/hold-invoice-plugin#comment_wrapper_16754493

Changelog-Changed: cln-plugin: Hooks, notifications and RPC methods now run asynchronously allowing for re-entrant handlers

Listing things multiple times is error-prone, so use the variable we already have :-)

Changelog-Changed: Update libwally to 0.8.9

Also cleans up verbose logic

This abstracts the installation procedure to allow generic operations such as dependency installation to be performed for languages.

Also removes support for pip editable install using pyproject.toml `pip install -e .` This was a fallback method when a requirements file was not present, but was hacky and often failed anyway. reckless: remove installation via pyproject.toml This method relied on pip install in editable mode (hacky) and often failed to complete anyhow. We should instead encourage a requirements file to be created/used for user installation.

Also adds a timeout when testing a plugin. Previously the behavior of pyln-client was relied upon to exit if not communicating with lightningd, however, this behavior is not universal. Changlelog-Changed: reckless now installs node.js plugins

When enabling or disabling a plugin, the entrypoint is inferred from the user provided name. A canonical name should be used, which the installer entrypoint formats help to determine (this generally strips the file extension if one is provided.)

Adds a test to validate case matching.

Typo correction Updated delpay changelog

Performed using: PYTHONPATH=contrib/msggen python3 contrib/msggen/msggen/__main__.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

List channel peers rpc #2

List channel peers rpc #2

Commits on Mar 10, 2023

Commits on Mar 14, 2023

Commits on Mar 17, 2023

Commits on Mar 18, 2023

Commits on Mar 20, 2023

Commits on Mar 21, 2023

Commits on Mar 22, 2023

Commits on Mar 23, 2023

Commits on Mar 24, 2023

Commits on Mar 25, 2023

Commits on Mar 26, 2023

Commits on Mar 30, 2023

Commits on Apr 1, 2023

Commits on Apr 3, 2023

Commits on Apr 4, 2023

Commits on Apr 5, 2023

Commits on Apr 6, 2023

Commits on Apr 7, 2023

Commits on Apr 9, 2023

Commits on Apr 10, 2023

Commits on Apr 11, 2023

Commits on Apr 12, 2023

Commits on Apr 13, 2023

Commits on Apr 14, 2023

Commits on Apr 15, 2023

Commits on Apr 26, 2023