Releases: lightninglabs/taproot-assets
v0.5.0-alpha
Database Migrations
tapd
v0.5.0
contains non-revertible database migrations. After running tapd
v0.5.0
, these database migrations prevent downgrading tapd
to a previous release. Create backups of tapd
database state, before upgrading to tapd
v0.5.0
. Please report any database migration issues.
Breaking changes
Downstream Projects - litd
litd
v0.14.0-alpha
enhancements require both channel peers to upgrade to a litd
version >= v0.14.0-alpha
to continue Lightning Channel functionality. See upgrade instructions below if you opened Asset channels with such an experimental version.
tapd
v0.5.0
changes
Oracle RPC:
The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint
to achieve better precision.
The rationale for the change and the new math behind it are described in the new RFQ document.
Code examples for a Price Oracle server are available here.
Configuration changes:
The configuration value (universe.public-access
) and command line flag (--universe.public-access
) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r
) or written to (value w
) or both (value rw
).
So existing nodes with the configuration file value universe.public-access=true
need to change the value to universe.public-access=rw
. Users specifying the command line flag --universe.public-access
just need to append a value, for example --universe.public-access=rw
.
⚠️ CRITICAL INSTRUCTIONS ⚠️ :
Required-upgrade path for existing litd
installations:
To avoid loss of channel funds: Any litd
node which ran Taproot Asset channels using any litd
v0.13.9xx-experimental
versions MUST FOLLOW all of the following procedures:
litd
v0.14.0-alpha
enhancements require both channel peers to upgrade to a litd
version >= v0.14.0-alpha
to continue Lightning Channel functionality.
If one channel peer is running litd
version <= v0.13.9xx-experimental
channel operations are are NOT forwards compatible with litd v0.14.0-alpha
versions.
- All Taproot-Asset Lightning channels created using
litd
version <=,v0.13.9xx-experimental
must be cooperatively closed before upgrading tov0.14.0-alpha
.- Channel Closure instructions
- Monitor status of
lncli pendingchannels
: Ensure pending_htlcs response is empty before progressing
Example:lncli listchannels | jq '.channels[] | select(.pending_htlcs != [])'
- Avoid force closing the channels. If there are pending/in-flight HTLCs, wait for HTLCs to be resolved.
- Once all channels are fully closed (e.g.
lncli pendingchannels
is empty), both nodes must be upgraded to the newv0.14.0-alpha
version before new channels can be opened. Please coordinate the upgrade with your peer if you're not operating both nodes. - Daemon installations which exclusively contain Taproot Assets on-chain outputs that are not contained within lightning channels, are not required to follow this upgrade path. Anything mentioned above only relates to assets in channels. Normal on-chain assets are not affected.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.5.0.sig
and manifest-v0.5.0.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.5.0.sig manifest-v0.5.0.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
In addition to time-stamping the git tag with OpenTimestamps, we also timestamp the manifest file along with its signature. Two files are included in our release artifacts: manifest-roasbeef-v0.5.0.sig.ots
and manifest-v0.5.0.txt.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.5.0.sig.ots -f manifest-roasbeef-v0.5.0.sig
ots verify manifest-v0.5.0.txt.ots -f manifest-v0.5.0.txt
Alternatively, the OpenTimestamps website can be used to verify these timestamps if one doesn't have a bitcoind
instance accessible locally.
Assuming you are using the OpenTimestamps ots-git-gpg-wrapper
you can verify the timestamp of the git tag by verifying the tag as explained in Verifying the Release Binaries.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.6
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.5.0
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.5.0 /verify-install.sh v0.5.0
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.5.0.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.5.0.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes (auto generated)
What's Changed
- Pass 'pkg' argument to
flake-unit-race
Makefile target by @gijswijs in #1044 - makefile+scripts: specify Go version for building release binaries by @ffranr in #1051
- Store transfer output proof delivery status by @ffranr in #1035
- tapchannel: check for feature bits before opening chans by @Roasbeef in #1041
- tapchannel: fix proof courier initialization by @guggero in #1058
- tapchannel: use new context for call to unlockLeases by @Roasbeef in #1063
- Reattempt proof delivery on node restart by @ffranr in #1055
- [custom channels]: add new RPC methods for asset channel specific calls by @guggero in #1048
- CI: push coverage file for unit tests by @jharveyb in #1069
- Exp...
v0.5.0-alpha RC2
Database Migrations
tapd
v0.5.0
contains non-revertible database migrations. After running tapd
v0.5.0
, these database migrations prevent downgrading tapd
to a previous release. Create backups of tapd
database state, before upgrading to tapd
v0.5.0
. Please report any database migration issues.
Breaking changes
Downstream Projects - litd
litd
v0.14.0-alpha
enhancements require both channel peers to upgrade to a litd
version >= v0.14.0-alpha
to continue Lightning Channel functionality. See upgrade instructions below if you opened Asset channels with such an experimental version.
tapd
v0.5.0
changes
Oracle RPC:
The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint
to achieve better precision.
The rationale for the change and the new math behind it are described in the new RFQ document.
Code examples for a Price Oracle server are available here.
Configuration changes:
The configuration value (universe.public-access
) and command line flag (--universe.public-access
) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r
) or written to (value w
) or both (value rw
).
So existing nodes with the configuration file value universe.public-access=true
need to change the value to universe.public-access=rw
. Users specifying the command line flag --universe.public-access
just need to append a value, for example --universe.public-access=rw
.
⚠️ CRITICAL INSTRUCTIONS ⚠️ : Required-upgrade path for existing litd
installations:
To avoid loss of channel funds: Any litd
node which ran Taproot Asset channels using any litd
v0.13.9xx-experimental
versions MUST FOLLOW all of the following procedures:
litd
v0.14.0-alpha
enhancements require both channel peers to upgrade to a litd
version >= v0.14.0-alpha
to continue Lightning Channel functionality.
If one channel peer is running litd
version <= v0.13.9xx-experimental
channel operations are are NOT forwards compatible with litd v0.14.0-alpha
versions.
- All Taproot-Asset Lightning channels created using
litd
version <=,v0.13.9xx-experimental
must be cooperatively closed before upgrading tov0.14.0-alpha
.- Channel Closure instructions
- Monitor status of
lncli pendingchannels
: Ensure pending_htlcs response is empty before progressing
Example:lncli listchannels | jq '.channels[] | select(.pending_htlcs != [])'
- Avoid force closing the channels. If there are pending/in-flight HTLCs, wait for HTLCs to be resolved.
- Once all channels are fully closed (e.g.
lncli pendingchannels
is empty), both nodes must be upgraded to the newv0.14.0-alpha
version before new channels can be opened. Please coordinate the upgrade with your peer if you're not operating both nodes. - Daemon installations which exclusively contain Taproot Assets on-chain outputs that are not contained within lightning channels, are not required to follow this upgrade path. Anything mentioned above only relates to assets in channels. Normal on-chain assets are not affected.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.5.0-rc2.sig
and manifest-v0.5.0-rc2.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.5.0-rc2.sig manifest-v0.5.0-rc2.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
In addition to time-stamping the git tag with OpenTimestamps, we also timestamp the manifest file along with its signature. Two files are included in our release artifacts: manifest-roasbeef-v0.5.0-rc2.sig.ots
and manifest-v0.5.0-rc2.txt.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.5.0-rc2.sig.ots -f manifest-roasbeef-v0.5.0-rc2.sig
ots verify manifest-v0.5.0-rc2.txt.ots -f manifest-v0.5.0-rc2.txt
Alternatively, the OpenTimestamps website can be used to verify these timestamps if one doesn't have a bitcoind
instance accessible locally.
Assuming you are using the OpenTimestamps ots-git-gpg-wrapper
you can verify the timestamp of the git tag by verifying the tag as explained in Verifying the Release Binaries.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.6
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.5.0-rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.5.0-rc2 /verify-install.sh v0.5.0-rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.5.0-rc2.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.5.0-rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc2" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes (auto generated)
What's Changed
- Pass 'pkg' argument to
flake-unit-race
Makefile target by @gijswijs in #1044 - makefile+scripts: specify Go version for building release binaries by @ffranr in #1051
- Store transfer output proof delivery status by @ffranr in #1035
- tapchannel: check for feature bits before opening chans by @Roasbeef in #1041
- tapchannel: fix proof courier initialization by @guggero in #1058
- tapchannel: use new context for call to unlockLeases by @Roasbeef in #1063
- Reattempt proof delivery on node restart by @ffranr in #1055
- [custom channels]: add new RPC methods for asset channel specific calls by @guggero in #1048
- CI: push coverage file for unit tests by @jharveyb in ht...
v0.5.0-alpha RC1
Database Migrations
tapd
v0.5.0
contains non-revertible database migrations. After running tapd
v0.5.0
, these database migrations prevent downgrading tapd
to a previous release. Create backups of tapd
database state, before upgrading to tapd
v0.5.0
. Please report any database migration issues.
Breaking changes
Downstream Projects - litd
litd
v0.14.0-alpha
enhancements require both channel peers to upgrade to a litd
version >= v0.14.0-alpha
to continue Lightning Channel functionality. See upgrade instructions below if you opened Asset channels with such an experimental version.
tapd
v0.5.0
changes
Oracle RPC:
The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint
to achieve better precision.
The rationale for the change and the new math behind it are described in the new RFQ document.
Code examples for a Price Oracle server are available here.
Configuration changes:
The configuration value (universe.public-access
) and command line flag (--universe.public-access
) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r
) or written to (value w
) or both (value rw
).
So existing nodes with the configuration file value universe.public-access=true
need to change the value to universe.public-access=rw
. Users specifying the command line flag --universe.public-access
just need to append a value, for example --universe.public-access=rw
.
⚠️ CRITICAL INSTRUCTIONS ⚠️ : Required-upgrade path for existing litd
installations:
To avoid loss of channel funds: Any litd
node which ran Taproot Asset channels using any litd
v0.13.9xx-experimental
versions MUST FOLLOW all of the following procedures:
litd
v0.14.0-alpha
enhancements require both channel peers to upgrade to a litd
version >= v0.14.0-alpha
to continue Lightning Channel functionality.
If one channel peer is running litd
version <= v0.13.9xx-experimental
channel operations are are NOT forwards compatible with litd v0.14.0-alpha
versions.
- All Taproot-Asset Lightning channels created using
litd
version <=,v0.13.9xx-experimental
must be cooperatively closed before upgrading tov0.14.0-alpha
.- Channel Closure instructions
- Monitor status of
lncli pendingchannels
: Ensure pending_htlcs response is empty before progressing
Example:lncli listchannels | jq '.channels[] | select(.pending_htlcs != [])'
- Avoid force closing the channels. If there are pending/in-flight HTLCs, wait for HTLCs to be resolved.
- Once all channels are fully closed (e.g.
lncli pendingchannels
is empty), both nodes must be upgraded to the newv0.14.0-alpha
version before new channels can be opened. Please coordinate the upgrade with your peer if you're not operating both nodes. - Daemon installations which exclusively contain Taproot Assets on-chain outputs that are not contained within lightning channels, are not required to follow this upgrade path. Anything mentioned above only relates to assets in channels. Normal on-chain assets are not affected.
Verifying the Release
In order to verify the release, first, verify and install gpg
or gpg2
. If your gpg keychain hasn’t previously imported the public keys for release signers, import these public keys:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.5.0-rc1.sig
and manifest-v0.5.0-rc1.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.5.0-rc1.sig manifest-v0.5.0-rc1.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.5.0-rc1.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.5.0-rc1.sig.ots -f manifest-roasbeef-v0.5.0-rc1.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.6
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.5.0-rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.5.0-rc1 /verify-install.sh v0.5.0-rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.5.0-rc1.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.5.0-rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc1" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes (auto generated)
What's Changed
- Pass 'pkg' argument to
flake-unit-race
Makefile target by @gijswijs in #1044 - makefile+scripts: specify Go version for building release binaries by @ffranr in #1051
- Store transfer output proof delivery status by @ffranr in #1035
- tapchannel: check for feature bits before opening chans by @Roasbeef in #1041
- tapchannel: fix proof courier initialization by @guggero in #1058
- tapchannel: use new context for call to unlockLeases by @Roasbeef in #1063
- Reattempt proof delivery on node restart by @ffranr in #1055
- [custom channels]: add new RPC methods for asset channel specific calls by @guggero in #1048
- CI: push coverage file for unit tests by @jharveyb in #1069
- Expand VerifyOwnershipProof by @sputn1ck in #1075
- chore: fix some function names by @murongshaozong in #1079
- rfq: actually set subject asset in QueryRateTick by @guggero in https://github.com/lightninglabs/taproot-assets/pull...
v0.4.1-alpha
This version is a hot fix for an issue with an incorrectly created proof.
Database Migrations
There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.
Breaking changes
The configuration value (universe.public-access
) and command line flag (--universe.public-access
) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r
) or written to (value w
) or both (value rw
).
So existing nodes with the configuration file value universe.public-access=true
need to change the value to universe.public-access=rw
. Users specifying the command line flag --universe.public-access
just need to append a value, for example --universe.public-access=rw
.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.1.sig
and manifest-v0.4.1.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.4.1.sig manifest-v0.4.1.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.1.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.4.1.sig.ots -f manifest-roasbeef-v0.4.1.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.4.1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.1 /verify-install.sh v0.4.1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.4.1.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.1" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes (auto generated)
What's Changed
- build: add bhandras to signers by @bhandras in #1043
- tapgarden: improve fault injection in unit tests by @jharveyb in #1031
- tapcli: add --show_leased flag to assets list subcommand by @guggero in #1039
- GitHub: fix release script by updating GH action by @guggero in #1046
- taprpc: marshal with metareveal of issuance proof by @jharveyb in #1050
Full Changelog: v0.4.0...v0.4.1
v0.4.0-alpha
Database Migrations
There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.
Breaking changes
The configuration value (universe.public-access
) and command line flag (--universe.public-access
) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r
) or written to (value w
) or both (value rw
).
So existing nodes with the configuration file value universe.public-access=true
need to change the value to universe.public-access=rw
. Users specifying the command line flag --universe.public-access
just need to append a value, for example --universe.public-access=rw
.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0.sig
and manifest-v0.4.0.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.4.0.sig manifest-v0.4.0.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.4.0.sig.ots -f manifest-roasbeef-v0.4.0.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.4.0
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0 /verify-install.sh v0.4.0
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.4.0.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes (auto generated)
What's Changed
- itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
- Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
- tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
- gitignore: add non-debug binaries to ignore by @guggero in #724
- tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
- rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
- misc: group key testing by @jharveyb in #717
- Update test vectors by @ffranr in #733
- Add asset group burn itest, logging, and missing error handling by @ffranr in #732
- Refactor fed envy event handling by @ffranr in #731
- multiverse: add overlay points for universe trees by @guggero in #624
- Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
- rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
- Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
- Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
- multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
- muti: fix typos by @AtomicInnovation321 in #748
- proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
- chore: fix typos by @GoodDaisy in #752
- multi: anchor fee test coverage by @jharveyb in #605
- Refactor and cleanup custodian events cache handling by @ffranr in #756
- itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
- Fix typos by @cristiantroy in #764
- [1/2] custodian: look up proofs in local universe as well by @guggero in #726
- taprpc+tapdb:
ListTransfers
RPC optionally filters on anchor tx hash by @ffranr in #761 - Increase group witness test coverage by @jharveyb in #549
- tapdb: add support for logging migrations by @Roasbeef in #772
- [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
- makefile: add command to generate git release tags by @ffranr in #720
- [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
- tapdb: fix migration 15 by @guggero in #784
- itest: use configurable timeout for load test by @guggero in #795
- itest: universe server harness uses a dedicated LND node by @ffranr in #800
- tools: exclude non-project files from go vers...
v0.4.0-alpha.rc4
Database Migrations
There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.
Breaking changes
The configuration value (universe.public-access
) and command line flag (--universe.public-access
) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r
) or written to (value w
) or both (value rw
).
So existing nodes with the configuration file value universe.public-access=true
need to change the value to universe.public-access=rw
. Users specifying the command line flag --universe.public-access
just need to append a value, for example --universe.public-access=rw
.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-rc4.sig
and manifest-v0.4.0-rc4.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.4.0-rc4.sig manifest-v0.4.0-rc4.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-rc4.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.4.0-rc4.sig.ots -f manifest-roasbeef-v0.4.0-rc4.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.4.0-rc4
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-rc4 /verify-install.sh v0.4.0-rc4
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.4.0-rc4.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-rc4.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc4" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc4" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
What's Changed
- itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
- Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
- tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
- gitignore: add non-debug binaries to ignore by @guggero in #724
- tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
- rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
- misc: group key testing by @jharveyb in #717
- Update test vectors by @ffranr in #733
- Add asset group burn itest, logging, and missing error handling by @ffranr in #732
- Refactor fed envy event handling by @ffranr in #731
- multiverse: add overlay points for universe trees by @guggero in #624
- Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
- rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
- Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
- Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
- multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
- muti: fix typos by @AtomicInnovation321 in #748
- proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
- chore: fix typos by @GoodDaisy in #752
- multi: anchor fee test coverage by @jharveyb in #605
- Refactor and cleanup custodian events cache handling by @ffranr in #756
- itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
- Fix typos by @cristiantroy in #764
- [1/2] custodian: look up proofs in local universe as well by @guggero in #726
- taprpc+tapdb:
ListTransfers
RPC optionally filters on anchor tx hash by @ffranr in #761 - Increase group witness test coverage by @jharveyb in #549
- tapdb: add support for logging migrations by @Roasbeef in #772
- [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
- makefile: add command to generate git release tags by @ffranr in #720
- [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
- tapdb: fix migration 15 by @guggero in #784
- itest: use configurable timeout for load test by @guggero in #795
- itest: universe server harness uses a dedicated LND node by @ffranr in #800
- tools:...
v0.4.0-alpha.rc3
Database Migrations
There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.
Breaking changes
The configuration value (universe.public-access
) and command line flag (--universe.public-access
) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r
) or written to (value w
) or both (value rw
).
So existing nodes with the configuration file value universe.public-access=true
need to change the value to universe.public-access=rw
. Users specifying the command line flag --universe.public-access
just need to append a value, for example --universe.public-access=rw
.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-alpha.rc3.sig
and manifest-v0.4.0-alpha.rc3.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.4.0-alpha.rc3.sig manifest-v0.4.0-alpha.rc3.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-alpha.rc3.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.4.0-alpha.rc3.sig.ots -f manifest-roasbeef-v0.4.0-alpha.rc3.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.4.0-alpha.rc3
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-alpha.rc3 /verify-install.sh v0.4.0-alpha.rc3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.4.0-alpha.rc3.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-alpha.rc3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc3" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
What's Changed
- itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
- Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
- tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
- gitignore: add non-debug binaries to ignore by @guggero in #724
- tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
- rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
- misc: group key testing by @jharveyb in #717
- Update test vectors by @ffranr in #733
- Add asset group burn itest, logging, and missing error handling by @ffranr in #732
- Refactor fed envy event handling by @ffranr in #731
- multiverse: add overlay points for universe trees by @guggero in #624
- Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
- rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
- Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
- Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
- multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
- muti: fix typos by @AtomicInnovation321 in #748
- proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
- chore: fix typos by @GoodDaisy in #752
- multi: anchor fee test coverage by @jharveyb in #605
- Refactor and cleanup custodian events cache handling by @ffranr in #756
- itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
- Fix typos by @cristiantroy in #764
- [1/2] custodian: look up proofs in local universe as well by @guggero in #726
- taprpc+tapdb:
ListTransfers
RPC optionally filters on anchor tx hash by @ffranr in #761 - Increase group witness test coverage by @jharveyb in #549
- tapdb: add support for logging migrations by @Roasbeef in #772
- [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
- makefile: add command to generate git release tags by @ffranr in #720
- [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
- tapdb: fix migration 15 by @guggero in #784
- itest: use configurable timeout for load test by @guggero in #795
- itest: universe server harness uses a dedicated LND n...
v0.4.0-alpha.rc2
Database Migrations
There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-alpha.rc2.sig
and manifest-v0.4.0-alpha.rc2.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.4.0-alpha.rc2.sig manifest-v0.4.0-alpha.rc2.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-alpha.rc2.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.4.0-alpha.rc2.sig.ots -f manifest-roasbeef-v0.4.0-alpha.rc2.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.4.0-alpha.rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-alpha.rc2 /verify-install.sh v0.4.0-alpha.rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.4.0-alpha.rc2.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-alpha.rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc2" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
What's Changed
- itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
- Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
- tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
- gitignore: add non-debug binaries to ignore by @guggero in #724
- tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
- rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
- misc: group key testing by @jharveyb in #717
- Update test vectors by @ffranr in #733
- Add asset group burn itest, logging, and missing error handling by @ffranr in #732
- Refactor fed envy event handling by @ffranr in #731
- multiverse: add overlay points for universe trees by @guggero in #624
- Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
- rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
- Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
- Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
- multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
- muti: fix typos by @AtomicInnovation321 in #748
- proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
- chore: fix typos by @GoodDaisy in #752
- multi: anchor fee test coverage by @jharveyb in #605
- Refactor and cleanup custodian events cache handling by @ffranr in #756
- itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
- Fix typos by @cristiantroy in #764
- [1/2] custodian: look up proofs in local universe as well by @guggero in #726
- taprpc+tapdb:
ListTransfers
RPC optionally filters on anchor tx hash by @ffranr in #761 - Increase group witness test coverage by @jharveyb in #549
- tapdb: add support for logging migrations by @Roasbeef in #772
- [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
- makefile: add command to generate git release tags by @ffranr in #720
- [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
- tapdb: fix migration 15 by @guggero in #784
- itest: use configurable timeout for load test by @guggero in #795
- itest: universe server harness uses a dedicated LND node by @ffranr in #800
- tools: exclude non-project files from go version consistency lint check by @ffranr in #775
- vPSBT: add sighash support (no version bump) by @GeorgeTsagk in #779
- multi: introduce new meta type for json strings by @Roasbeef in #794
- [preparation 1/2]: refactor to simplify send logic, prepare for new RPCs by @guggero in https://github.com/lightninglabs/taproot-assets/pul...
v0.4.0-alpha RC1
Database Migrations
There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-rc1.sig
and manifest-v0.4.0-rc1.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.4.0-rc1.sig manifest-v0.4.0-rc1.txt
You should see the following if the verification was successful:
gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-rc1.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.4.0-rc1.sig.ots -f manifest-roasbeef-v0.4.0-rc1.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.4.0-rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-rc1 /verify-install.sh v0.4.0-rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.4.0-rc1.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc1" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
Full Changelog: v0.3.3...v0.4.0-rc1
What's Changed
- itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
- Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
- tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
- gitignore: add non-debug binaries to ignore by @guggero in #724
- tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
- rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
- misc: group key testing by @jharveyb in #717
- Update test vectors by @ffranr in #733
- Add asset group burn itest, logging, and missing error handling by @ffranr in #732
- Refactor fed envy event handling by @ffranr in #731
- multiverse: add overlay points for universe trees by @guggero in #624
- Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
- rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
- Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
- Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
- multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
- muti: fix typos by @AtomicInnovation321 in #748
- proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
- chore: fix typos by @GoodDaisy in #752
- multi: anchor fee test coverage by @jharveyb in #605
- Refactor and cleanup custodian events cache handling by @ffranr in #756
- itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
- Fix typos by @cristiantroy in #764
- [1/2] custodian: look up proofs in local universe as well by @guggero in #726
- taprpc+tapdb:
ListTransfers
RPC optionally filters on anchor tx hash by @ffranr in #761 - Increase group witness test coverage by @jharveyb in #549
- tapdb: add support for logging migrations by @Roasbeef in #772
- [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
- makefile: add command to generate git release tags by @ffranr in #720
- [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
- tapdb: fix migration 15 by @guggero in #784
- itest: use configurable timeout for load test by @guggero in #795
- itest: universe server harness uses a dedicated LND node by @ffranr in #800
- tools: exclude non-project files from go version consistency lint check by @ffranr in #775
- vPSBT: add sighash support (no version bump) by @GeorgeTsagk in #779
- multi: introduce new meta type for json strings by @Roasbeef in #794
- [preparation 1/2]: refactor to simplify send logic, prepare for new RPCs by @guggero in https://github.com/lightninglabs/tapro...
v0.3.3-alpha
This is a minor release that includes a series of bug fixes and enhancements. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust. In addition, the resource requirements for running a public Universe server have been reduced.
Database Migrations
This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import
Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3.sig
and manifest-v0.3.3.txt
are in the current directory) with:
gpg --verify manifest-roasbeef-v0.3.3.sig manifest-v0.3.3.txt
You should see the following if the verification was successful:
gpg: Signature made Thu Feb 8 12:29:49 2024 PST
gpg: using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]
That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256
hash of the archive with shasum -a 256 <filename>
, compare it with the corresponding one in the manifest file, and ensure they match exactly.
Verifying the Release Timestamp
From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3.txt.asc.ots
.
Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:
ots verify manifest-roasbeef-v0.3.3.sig.ots -f manifest-roasbeef-v0.3.3.sig
Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind
instance accessible locally.
These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.
Verifying the Release Binaries
Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4
, which is required by verifiers to arrive at the same ones.
The make release
command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag>
can be used.
Finally, you can also verify the tag itself with the following command:
$ git verify-tag v0.3.3
gpg: Signature made Wed 07 Feb 2024 10:58:03 PM UTC using RSA key ID 9B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>"
Verifying the Docker Images
To verify the tapd
and tapcli
binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3 /verify-install.sh v0.3.3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]
Building the Contained Release
Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz
and tapd-source-v0.3.3.tar.gz
are in the current directory, follow these steps:
tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapcli
The -mod=vendor
flag tells the go build
command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.
Additionally, it's now possible to use the enclosed release.sh
script to bundle a release for a specific system like so:
make release sys="linux-arm64 darwin-amd64"
⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️
Release Notes
Full Changelog: v0.3.2...v0.3.3
What's Changed
- A resource lease affecting active TCPs connections for Universe servers has been resolved: #719
tapd
is now able to export additional Prometheus metrics: #716- A retry loop has been added to the process of exporting new proofs to Universe servers: #698
- The proof courier will now more robustly attempt to obtain proofs to complete receives after a restart: #734
- The integration tests system now covers all possible proof courier types: #712
tapd
will now log any executed database migrations during start up: #772- Users can now side load proofs using the Universe RPC calls to complete a receive flow: #726
- An edge case related to re-used script keys has been resolved, and the receive process now properly consults the local proof archive to short circuit logic. In addition, proofs stored on disk now contain an outpoint prefix to avoid over writing proofs: #730