Add lnd v0.12.0-beta compatibility, allow single macaroon #172
Conversation
|
Your latest rebase includes an updated |
|
The new RPC compile check prevents us from using an old version. Perhaps we need a way to override that. The check will fail until we reference the final version of lnd anyway since it tries to download it from an URL without the rc tag. |
|
I agree that the RPC compile check will fail, but the build is also failing on the "typescript compile" step because the frontend code is not updated for v0.12 protos. This also breaks my local docker build because the frontend won't build successfully. Can you either remove the proto update or update the |
|
I fixed the |
| @@ -304,6 +304,7 @@ func (g *LightningTerminal) startSubservers() error { | |||
| MacaroonDir: macDir, | |||
| TLSPath: tlsPath, | |||
| BlockUntilChainSynced: true, | |||
| BlockUntilUnlocked: true, | |||
There was a problem hiding this comment.
🎉
One question here in the context of lit. Since we just log that we are waiting for lnd to be unlocked, I imagine there won't be any feedback indicating that the user needs to unlock? Still an improvement over crashing (which was the previous behaviour I think?), just wondering about it longer term.
There was a problem hiding this comment.
Yeah, you'd only see this in the log at the moment. This will be fully solved by implementing the unlock in the UI itself.
| // all of lnd's macaroons. The specified macaroon MUST have all | ||
| // permissions that all the subservers use, otherwise permission errors | ||
| // will occur. | ||
| MacaroonPath string `long:"macaroonpath" description:"The full path to the single macaroon to use, either the admin.macaroon or a custom baked one. Cannot be specified at the same time as macaroondir. A custom macaroon must contain ALL permissions required for all subservers to work, otherwise permission errors will occur."` |
There was a problem hiding this comment.
Are we going to add the bake command in the readme for a custom macaroon? I remember we discussed this a while back but don't remember exactly what we came up with. Could be nice to point people there if that's the plan.
There was a problem hiding this comment.
Yes, we'll probably do that eventually. But because things with macaroons will probably change again to support the "stateless remote mode", we'll probably look at it in that context again.
With the new lndclient version we can specify a single, custom macaroon. We use the admin macaroon as the custom macaroon in the remote connection case which removes the need to copy all subserver macaroons to the host where LiT is running. Users baking custom non-admin macaroons can also specify that directly with a new configuration option.
Depends on lightninglabs/pool#202 and the final release of
lnd v0.12.0-beta.Adds compile time and run time compatibility with
lnd v0.12.0-beta.Also pulls in the latest version of
lndclientwhich allows us to cleanly block on startup untillndis unlocked.We can also use a single macaroon now instead of needing to specify all subserver macaroons. Either the
admin.macaroonis used if--remote.lnd.macaroondiris specified. Or a custom one (must contain all required permissions!) can be specified with--remote.lnd.custommacaroonpath.Fixes #155.