Skip to content

Releases: lightninglabs/taproot-assets

v0.5.0-alpha

20 Dec 08:25
v0.5.0
0f68226
Compare
Choose a tag to compare

Database Migrations

tapd v0.5.0 contains non-revertible database migrations. After running tapd v0.5.0, these database migrations prevent downgrading tapd to a previous release. Create backups of tapd database state, before upgrading to tapd v0.5.0. Please report any database migration issues.

Breaking changes

Downstream Projects - litd

litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality. See upgrade instructions below if you opened Asset channels with such an experimental version.

tapd v0.5.0 changes

Oracle RPC:
The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint to achieve better precision.
The rationale for the change and the new math behind it are described in the new RFQ document.
Code examples for a Price Oracle server are available here.

Configuration changes:
The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

⚠️ CRITICAL INSTRUCTIONS ⚠️:

Required-upgrade path for existing litd installations:

To avoid loss of channel funds: Any litd node which ran Taproot Asset channels using any litd v0.13.9xx-experimental versions MUST FOLLOW all of the following procedures:
litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality.
If one channel peer is running litd version <= v0.13.9xx-experimental channel operations are are NOT forwards compatible with litd v0.14.0-alpha versions.

  • All Taproot-Asset Lightning channels created using litd version <=, v0.13.9xx-experimental must be cooperatively closed before upgrading to v0.14.0-alpha.
    • Channel Closure instructions
    • Monitor status of lncli pendingchannels: Ensure pending_htlcs response is empty before progressing
      Example: lncli listchannels | jq '.channels[] | select(.pending_htlcs != [])'
  • Avoid force closing the channels. If there are pending/in-flight HTLCs, wait for HTLCs to be resolved.
  • Once all channels are fully closed (e.g. lncli pendingchannels is empty), both nodes must be upgraded to the new v0.14.0-alpha version before new channels can be opened. Please coordinate the upgrade with your peer if you're not operating both nodes.
  • Daemon installations which exclusively contain Taproot Assets on-chain outputs that are not contained within lightning channels, are not required to follow this upgrade path. Anything mentioned above only relates to assets in channels. Normal on-chain assets are not affected.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.5.0.sig and manifest-v0.5.0.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.5.0.sig manifest-v0.5.0.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

In addition to time-stamping the git tag with OpenTimestamps, we also timestamp the manifest file along with its signature. Two files are included in our release artifacts: manifest-roasbeef-v0.5.0.sig.ots and manifest-v0.5.0.txt.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.5.0.sig.ots -f manifest-roasbeef-v0.5.0.sig
ots verify manifest-v0.5.0.txt.ots -f manifest-v0.5.0.txt

Alternatively, the OpenTimestamps website can be used to verify these timestamps if one doesn't have a bitcoind instance accessible locally.

Assuming you are using the OpenTimestamps ots-git-gpg-wrapper you can verify the timestamp of the git tag by verifying the tag as explained in Verifying the Release Binaries.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.6, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.5.0
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.5.0 /verify-install.sh v0.5.0
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.5.0.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.5.0.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

  • Pass 'pkg' argument to flake-unit-race Makefile target by @gijswijs in #1044
  • makefile+scripts: specify Go version for building release binaries by @ffranr in #1051
  • Store transfer output proof delivery status by @ffranr in #1035
  • tapchannel: check for feature bits before opening chans by @Roasbeef in #1041
  • tapchannel: fix proof courier initialization by @guggero in #1058
  • tapchannel: use new context for call to unlockLeases by @Roasbeef in #1063
  • Reattempt proof delivery on node restart by @ffranr in #1055
  • [custom channels]: add new RPC methods for asset channel specific calls by @guggero in #1048
  • CI: push coverage file for unit tests by @jharveyb in #1069
  • Exp...
Read more

v0.5.0-alpha RC2

11 Dec 16:04
v0.5.0-rc2
06fbd06
Compare
Choose a tag to compare
v0.5.0-alpha RC2 Pre-release
Pre-release

Database Migrations

tapd v0.5.0 contains non-revertible database migrations. After running tapd v0.5.0, these database migrations prevent downgrading tapd to a previous release. Create backups of tapd database state, before upgrading to tapd v0.5.0. Please report any database migration issues.

Breaking changes

Downstream Projects - litd

litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality. See upgrade instructions below if you opened Asset channels with such an experimental version.

tapd v0.5.0 changes

Oracle RPC:
The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint to achieve better precision.
The rationale for the change and the new math behind it are described in the new RFQ document.
Code examples for a Price Oracle server are available here.

Configuration changes:
The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

⚠️ CRITICAL INSTRUCTIONS ⚠️: Required-upgrade path for existing litd installations:

To avoid loss of channel funds: Any litd node which ran Taproot Asset channels using any litd v0.13.9xx-experimental versions MUST FOLLOW all of the following procedures:
litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality.
If one channel peer is running litd version <= v0.13.9xx-experimental channel operations are are NOT forwards compatible with litd v0.14.0-alpha versions.

  • All Taproot-Asset Lightning channels created using litd version <=, v0.13.9xx-experimental must be cooperatively closed before upgrading to v0.14.0-alpha.
    • Channel Closure instructions
    • Monitor status of lncli pendingchannels: Ensure pending_htlcs response is empty before progressing
      Example: lncli listchannels | jq '.channels[] | select(.pending_htlcs != [])'
  • Avoid force closing the channels. If there are pending/in-flight HTLCs, wait for HTLCs to be resolved.
  • Once all channels are fully closed (e.g. lncli pendingchannels is empty), both nodes must be upgraded to the new v0.14.0-alpha version before new channels can be opened. Please coordinate the upgrade with your peer if you're not operating both nodes.
  • Daemon installations which exclusively contain Taproot Assets on-chain outputs that are not contained within lightning channels, are not required to follow this upgrade path. Anything mentioned above only relates to assets in channels. Normal on-chain assets are not affected.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.5.0-rc2.sig and manifest-v0.5.0-rc2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.5.0-rc2.sig manifest-v0.5.0-rc2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

In addition to time-stamping the git tag with OpenTimestamps, we also timestamp the manifest file along with its signature. Two files are included in our release artifacts: manifest-roasbeef-v0.5.0-rc2.sig.ots and manifest-v0.5.0-rc2.txt.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.5.0-rc2.sig.ots -f manifest-roasbeef-v0.5.0-rc2.sig
ots verify manifest-v0.5.0-rc2.txt.ots -f manifest-v0.5.0-rc2.txt

Alternatively, the OpenTimestamps website can be used to verify these timestamps if one doesn't have a bitcoind instance accessible locally.

Assuming you are using the OpenTimestamps ots-git-gpg-wrapper you can verify the timestamp of the git tag by verifying the tag as explained in Verifying the Release Binaries.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.6, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.5.0-rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.5.0-rc2 /verify-install.sh v0.5.0-rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.5.0-rc2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.5.0-rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

  • Pass 'pkg' argument to flake-unit-race Makefile target by @gijswijs in #1044
  • makefile+scripts: specify Go version for building release binaries by @ffranr in #1051
  • Store transfer output proof delivery status by @ffranr in #1035
  • tapchannel: check for feature bits before opening chans by @Roasbeef in #1041
  • tapchannel: fix proof courier initialization by @guggero in #1058
  • tapchannel: use new context for call to unlockLeases by @Roasbeef in #1063
  • Reattempt proof delivery on node restart by @ffranr in #1055
  • [custom channels]: add new RPC methods for asset channel specific calls by @guggero in #1048
  • CI: push coverage file for unit tests by @jharveyb in ht...
Read more

v0.5.0-alpha RC1

27 Nov 21:30
v0.5.0-rc1
4205556
Compare
Choose a tag to compare
v0.5.0-alpha RC1 Pre-release
Pre-release

Database Migrations

tapd v0.5.0 contains non-revertible database migrations. After running tapd v0.5.0, these database migrations prevent downgrading tapd to a previous release. Create backups of tapd database state, before upgrading to tapd v0.5.0. Please report any database migration issues.

Breaking changes

Downstream Projects - litd

litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality. See upgrade instructions below if you opened Asset channels with such an experimental version.

tapd v0.5.0 changes

Oracle RPC:
The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint to achieve better precision.
The rationale for the change and the new math behind it are described in the new RFQ document.
Code examples for a Price Oracle server are available here.

Configuration changes:
The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

⚠️ CRITICAL INSTRUCTIONS ⚠️: Required-upgrade path for existing litd installations:

To avoid loss of channel funds: Any litd node which ran Taproot Asset channels using any litd v0.13.9xx-experimental versions MUST FOLLOW all of the following procedures:
litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality.
If one channel peer is running litd version <= v0.13.9xx-experimental channel operations are are NOT forwards compatible with litd v0.14.0-alpha versions.

  • All Taproot-Asset Lightning channels created using litd version <=, v0.13.9xx-experimental must be cooperatively closed before upgrading to v0.14.0-alpha.
    • Channel Closure instructions
    • Monitor status of lncli pendingchannels: Ensure pending_htlcs response is empty before progressing
      Example: lncli listchannels | jq '.channels[] | select(.pending_htlcs != [])'
  • Avoid force closing the channels. If there are pending/in-flight HTLCs, wait for HTLCs to be resolved.
  • Once all channels are fully closed (e.g. lncli pendingchannels is empty), both nodes must be upgraded to the new v0.14.0-alpha version before new channels can be opened. Please coordinate the upgrade with your peer if you're not operating both nodes.
  • Daemon installations which exclusively contain Taproot Assets on-chain outputs that are not contained within lightning channels, are not required to follow this upgrade path. Anything mentioned above only relates to assets in channels. Normal on-chain assets are not affected.

Verifying the Release

In order to verify the release, first, verify and install gpg or gpg2. If your gpg keychain hasn’t previously imported the public keys for release signers, import these public keys:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.5.0-rc1.sig and manifest-v0.5.0-rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.5.0-rc1.sig manifest-v0.5.0-rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.5.0-rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.5.0-rc1.sig.ots -f manifest-roasbeef-v0.5.0-rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.6, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.5.0-rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.5.0-rc1 /verify-install.sh v0.5.0-rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.5.0-rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.5.0-rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.0-rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

Read more

v0.4.1-alpha

25 Jul 16:09
v0.4.1
0dfdb12
Compare
Choose a tag to compare

This version is a hot fix for an issue with an incorrectly created proof.

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Breaking changes

The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.1.sig and manifest-v0.4.1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.1.sig manifest-v0.4.1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.1.sig.ots -f manifest-roasbeef-v0.4.1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.1 /verify-install.sh v0.4.1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

  • build: add bhandras to signers by @bhandras in #1043
  • tapgarden: improve fault injection in unit tests by @jharveyb in #1031
  • tapcli: add --show_leased flag to assets list subcommand by @guggero in #1039
  • GitHub: fix release script by updating GH action by @guggero in #1046
  • taprpc: marshal with metareveal of issuance proof by @jharveyb in #1050

Full Changelog: v0.4.0...v0.4.1

v0.4.0-alpha

23 Jul 14:44
7d618f1
Compare
Choose a tag to compare

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Breaking changes

The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0.sig and manifest-v0.4.0.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.0.sig manifest-v0.4.0.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.0.sig.ots -f manifest-roasbeef-v0.4.0.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.0
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0 /verify-install.sh v0.4.0
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.0.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

  • itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
  • Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
  • tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
  • gitignore: add non-debug binaries to ignore by @guggero in #724
  • tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
  • rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
  • misc: group key testing by @jharveyb in #717
  • Update test vectors by @ffranr in #733
  • Add asset group burn itest, logging, and missing error handling by @ffranr in #732
  • Refactor fed envy event handling by @ffranr in #731
  • multiverse: add overlay points for universe trees by @guggero in #624
  • Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
  • rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
  • Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
  • Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
  • multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
  • muti: fix typos by @AtomicInnovation321 in #748
  • proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
  • chore: fix typos by @GoodDaisy in #752
  • multi: anchor fee test coverage by @jharveyb in #605
  • Refactor and cleanup custodian events cache handling by @ffranr in #756
  • itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
  • Fix typos by @cristiantroy in #764
  • [1/2] custodian: look up proofs in local universe as well by @guggero in #726
  • taprpc+tapdb: ListTransfers RPC optionally filters on anchor tx hash by @ffranr in #761
  • Increase group witness test coverage by @jharveyb in #549
  • tapdb: add support for logging migrations by @Roasbeef in #772
  • [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
  • makefile: add command to generate git release tags by @ffranr in #720
  • [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
  • tapdb: fix migration 15 by @guggero in #784
  • itest: use configurable timeout for load test by @guggero in #795
  • itest: universe server harness uses a dedicated LND node by @ffranr in #800
  • tools: exclude non-project files from go vers...
Read more

v0.4.0-alpha.rc4

12 Jul 16:24
v0.4.0-rc4
1d9c445
Compare
Choose a tag to compare
v0.4.0-alpha.rc4 Pre-release
Pre-release

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Breaking changes

The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-rc4.sig and manifest-v0.4.0-rc4.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.0-rc4.sig manifest-v0.4.0-rc4.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-rc4.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.0-rc4.sig.ots -f manifest-roasbeef-v0.4.0-rc4.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.0-rc4
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-rc4 /verify-install.sh v0.4.0-rc4
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.0-rc4.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-rc4.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc4" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc4" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

What's Changed

  • itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
  • Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
  • tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
  • gitignore: add non-debug binaries to ignore by @guggero in #724
  • tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
  • rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
  • misc: group key testing by @jharveyb in #717
  • Update test vectors by @ffranr in #733
  • Add asset group burn itest, logging, and missing error handling by @ffranr in #732
  • Refactor fed envy event handling by @ffranr in #731
  • multiverse: add overlay points for universe trees by @guggero in #624
  • Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
  • rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
  • Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
  • Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
  • multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
  • muti: fix typos by @AtomicInnovation321 in #748
  • proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
  • chore: fix typos by @GoodDaisy in #752
  • multi: anchor fee test coverage by @jharveyb in #605
  • Refactor and cleanup custodian events cache handling by @ffranr in #756
  • itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
  • Fix typos by @cristiantroy in #764
  • [1/2] custodian: look up proofs in local universe as well by @guggero in #726
  • taprpc+tapdb: ListTransfers RPC optionally filters on anchor tx hash by @ffranr in #761
  • Increase group witness test coverage by @jharveyb in #549
  • tapdb: add support for logging migrations by @Roasbeef in #772
  • [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
  • makefile: add command to generate git release tags by @ffranr in #720
  • [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
  • tapdb: fix migration 15 by @guggero in #784
  • itest: use configurable timeout for load test by @guggero in #795
  • itest: universe server harness uses a dedicated LND node by @ffranr in #800
  • tools:...
Read more

v0.4.0-alpha.rc3

10 Jul 16:19
Compare
Choose a tag to compare
v0.4.0-alpha.rc3 Pre-release
Pre-release

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Breaking changes

The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-alpha.rc3.sig and manifest-v0.4.0-alpha.rc3.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.0-alpha.rc3.sig manifest-v0.4.0-alpha.rc3.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-alpha.rc3.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.0-alpha.rc3.sig.ots -f manifest-roasbeef-v0.4.0-alpha.rc3.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.0-alpha.rc3
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-alpha.rc3 /verify-install.sh v0.4.0-alpha.rc3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.0-alpha.rc3.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-alpha.rc3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc3" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

What's Changed

  • itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
  • Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
  • tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
  • gitignore: add non-debug binaries to ignore by @guggero in #724
  • tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
  • rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
  • misc: group key testing by @jharveyb in #717
  • Update test vectors by @ffranr in #733
  • Add asset group burn itest, logging, and missing error handling by @ffranr in #732
  • Refactor fed envy event handling by @ffranr in #731
  • multiverse: add overlay points for universe trees by @guggero in #624
  • Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
  • rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
  • Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
  • Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
  • multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
  • muti: fix typos by @AtomicInnovation321 in #748
  • proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
  • chore: fix typos by @GoodDaisy in #752
  • multi: anchor fee test coverage by @jharveyb in #605
  • Refactor and cleanup custodian events cache handling by @ffranr in #756
  • itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
  • Fix typos by @cristiantroy in #764
  • [1/2] custodian: look up proofs in local universe as well by @guggero in #726
  • taprpc+tapdb: ListTransfers RPC optionally filters on anchor tx hash by @ffranr in #761
  • Increase group witness test coverage by @jharveyb in #549
  • tapdb: add support for logging migrations by @Roasbeef in #772
  • [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
  • makefile: add command to generate git release tags by @ffranr in #720
  • [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
  • tapdb: fix migration 15 by @guggero in #784
  • itest: use configurable timeout for load test by @guggero in #795
  • itest: universe server harness uses a dedicated LND n...
Read more

v0.4.0-alpha.rc2

08 Jul 22:52
1e020b9
Compare
Choose a tag to compare
v0.4.0-alpha.rc2 Pre-release
Pre-release

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-alpha.rc2.sig and manifest-v0.4.0-alpha.rc2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.0-alpha.rc2.sig manifest-v0.4.0-alpha.rc2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-alpha.rc2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.0-alpha.rc2.sig.ots -f manifest-roasbeef-v0.4.0-alpha.rc2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.0-alpha.rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-alpha.rc2 /verify-install.sh v0.4.0-alpha.rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.0-alpha.rc2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-alpha.rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

What's Changed

  • itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
  • Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
  • tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
  • gitignore: add non-debug binaries to ignore by @guggero in #724
  • tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
  • rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
  • misc: group key testing by @jharveyb in #717
  • Update test vectors by @ffranr in #733
  • Add asset group burn itest, logging, and missing error handling by @ffranr in #732
  • Refactor fed envy event handling by @ffranr in #731
  • multiverse: add overlay points for universe trees by @guggero in #624
  • Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
  • rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
  • Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
  • Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
  • multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
  • muti: fix typos by @AtomicInnovation321 in #748
  • proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
  • chore: fix typos by @GoodDaisy in #752
  • multi: anchor fee test coverage by @jharveyb in #605
  • Refactor and cleanup custodian events cache handling by @ffranr in #756
  • itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
  • Fix typos by @cristiantroy in #764
  • [1/2] custodian: look up proofs in local universe as well by @guggero in #726
  • taprpc+tapdb: ListTransfers RPC optionally filters on anchor tx hash by @ffranr in #761
  • Increase group witness test coverage by @jharveyb in #549
  • tapdb: add support for logging migrations by @Roasbeef in #772
  • [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
  • makefile: add command to generate git release tags by @ffranr in #720
  • [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
  • tapdb: fix migration 15 by @guggero in #784
  • itest: use configurable timeout for load test by @guggero in #795
  • itest: universe server harness uses a dedicated LND node by @ffranr in #800
  • tools: exclude non-project files from go version consistency lint check by @ffranr in #775
  • vPSBT: add sighash support (no version bump) by @GeorgeTsagk in #779
  • multi: introduce new meta type for json strings by @Roasbeef in #794
  • [preparation 1/2]: refactor to simplify send logic, prepare for new RPCs by @guggero in https://github.com/lightninglabs/taproot-assets/pul...
Read more

v0.4.0-alpha RC1

08 Jul 22:51
v0.4.0-rc1
2547cc6
Compare
Choose a tag to compare
v0.4.0-alpha RC1 Pre-release
Pre-release

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-rc1.sig and manifest-v0.4.0-rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.0-rc1.sig manifest-v0.4.0-rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.0-rc1.sig.ots -f manifest-roasbeef-v0.4.0-rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.0-rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-rc1 /verify-install.sh v0.4.0-rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.0-rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Full Changelog: v0.3.3...v0.4.0-rc1

What's Changed

  • itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
  • Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
  • tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
  • gitignore: add non-debug binaries to ignore by @guggero in #724
  • tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
  • rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
  • misc: group key testing by @jharveyb in #717
  • Update test vectors by @ffranr in #733
  • Add asset group burn itest, logging, and missing error handling by @ffranr in #732
  • Refactor fed envy event handling by @ffranr in #731
  • multiverse: add overlay points for universe trees by @guggero in #624
  • Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
  • rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
  • Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
  • Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
  • multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
  • muti: fix typos by @AtomicInnovation321 in #748
  • proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
  • chore: fix typos by @GoodDaisy in #752
  • multi: anchor fee test coverage by @jharveyb in #605
  • Refactor and cleanup custodian events cache handling by @ffranr in #756
  • itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
  • Fix typos by @cristiantroy in #764
  • [1/2] custodian: look up proofs in local universe as well by @guggero in #726
  • taprpc+tapdb: ListTransfers RPC optionally filters on anchor tx hash by @ffranr in #761
  • Increase group witness test coverage by @jharveyb in #549
  • tapdb: add support for logging migrations by @Roasbeef in #772
  • [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
  • makefile: add command to generate git release tags by @ffranr in #720
  • [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
  • tapdb: fix migration 15 by @guggero in #784
  • itest: use configurable timeout for load test by @guggero in #795
  • itest: universe server harness uses a dedicated LND node by @ffranr in #800
  • tools: exclude non-project files from go version consistency lint check by @ffranr in #775
  • vPSBT: add sighash support (no version bump) by @GeorgeTsagk in #779
  • multi: introduce new meta type for json strings by @Roasbeef in #794
  • [preparation 1/2]: refactor to simplify send logic, prepare for new RPCs by @guggero in https://github.com/lightninglabs/tapro...
Read more

v0.3.3-alpha

08 Feb 20:32
Compare
Choose a tag to compare

This is a minor release that includes a series of bug fixes and enhancements. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust. In addition, the resource requirements for running a public Universe server have been reduced.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3.sig and manifest-v0.3.3.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3.sig manifest-v0.3.3.txt

You should see the following if the verification was successful:

gpg: Signature made Thu Feb  8 12:29:49 2024 PST
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3.sig.ots -f manifest-roasbeef-v0.3.3.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3
gpg: Signature made Wed 07 Feb 2024 10:58:03 PM UTC using RSA key ID 9B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>"

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3 /verify-install.sh v0.3.3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Full Changelog: v0.3.2...v0.3.3

What's Changed

  • A resource lease affecting active TCPs connections for Universe servers has been resolved: #719
  • tapd is now able to export additional Prometheus metrics: #716
  • A retry loop has been added to the process of exporting new proofs to Universe servers: #698
  • The proof courier will now more robustly attempt to obtain proofs to complete receives after a restart: #734
  • The integration tests system now covers all possible proof courier types: #712
  • tapd will now log any executed database migrations during start up: #772
  • Users can now side load proofs using the Universe RPC calls to complete a receive flow: #726
  • An edge case related to re-used script keys has been resolved, and the receive process now properly consults the local proof archive to short circuit logic. In addition, proofs stored on disk now contain an outpoint prefix to avoid over writing proofs: #730