v0.3.3-alpha

This is a minor release that includes a series of bug fixes and enhancements. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust. In addition, the resource requirements for running a public Universe server have been reduced.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3.sig and manifest-v0.3.3.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3.sig manifest-v0.3.3.txt

You should see the following if the verification was successful:

gpg: Signature made Thu Feb  8 12:29:49 2024 PST
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3.sig.ots -f manifest-roasbeef-v0.3.3.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3
gpg: Signature made Wed 07 Feb 2024 10:58:03 PM UTC using RSA key ID 9B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>"

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3 /verify-install.sh v0.3.3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Full Changelog: v0.3.2...v0.3.3

What's Changed

• A resource lease affecting active TCPs connections for Universe servers has been resolved: #719
• tapd is now able to export additional Prometheus metrics: #716
• A retry loop has been added to the process of exporting new proofs to Universe servers: #698
• The proof courier will now more robustly attempt to obtain proofs to complete receives after a restart: #734
• The integration tests system now covers all possible proof courier types: #712
• tapd will now log any executed database migrations during start up: #772
• Users can now side load proofs using the Universe RPC calls to complete a receive flow: #726
• An edge case related to re-used script keys has been resolved, and the receive process now properly consults the local proof archive to short circuit logic. In addition, proofs stored on disk now contain an outpoint prefix to avoid over writing proofs: #730

v0.3.3-alpha.rc3

This is a minor release that includes a series of bug fixes and enchants. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3-alpha.rc3.sig and manifest-v0.3.3-alpha.rc3.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3-alpha.rc3.sig manifest-v0.3.3-alpha.rc3.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3-alpha.rc3.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3-alpha.rc3.sig.ots -f manifest-roasbeef-v0.3.3-alpha.rc3.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3-alpha.rc3
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3-alpha.rc3 /verify-install.sh v0.3.3-alpha.rc3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3-alpha.rc3.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3-alpha.rc3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc3" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

What's Changed

Full Changelog: v0.3.2...v0.3.3-alpha.rc3

v0.3.3-alpha.rc2

This is a minor release that includes a series of bug fixes and enchants. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3-alpha.rc2.sig and manifest-v0.3.3-alpha.rc2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3-alpha.rc2.sig manifest-v0.3.3-alpha.rc2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3-alpha.rc2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3-alpha.rc2.sig.ots -f manifest-roasbeef-v0.3.3-alpha.rc2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3-alpha.rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3-alpha.rc2 /verify-install.sh v0.3.3-alpha.rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3-alpha.rc2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3-alpha.rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

What's Changed

Full Changelog: v0.3.2...v0.3.3-alpha.rc2

v0.3.3-alpha.rc1

This is a minor release that includes a series of bug fixes and enchants. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3-alpha.rc1.sig and manifest-v0.3.3-alpha.rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3-alpha.rc1.sig manifest-v0.3.3-alpha.rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3-alpha.rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3-alpha.rc1.sig.ots -f manifest-roasbeef-v0.3.3-alpha.rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3-alpha.rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3-alpha.rc1 /verify-install.sh v0.3.3-alpha.rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3-alpha.rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3-alpha.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

What's Changed

Full Changelog: v0.3.2...v0.3.3-alpha.rc1

v0.3.2-alpha

Database Migrations

There is a database migration in this version, therefore downgrading to a previous version after installing v0.3.2-alpha is not supported.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2.sig and manifest-v0.3.2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2.sig manifest-v0.3.2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2.sig.ots -f manifest-roasbeef-v0.3.2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2 /verify-install.sh v0.3.2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

• Add GitHub CD release build workflow by @ffranr in #661
• Expose anchor point in AssetStats by @GeorgeTsagk in #667
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.28.0 to 0.46.0 by @dependabot in #676
• taprpc: change getinfo REST endpoint from POST to GET by @ffranr in #669
• chain_bridge: fetch block headers over blocks when verifying proofs by @jharveyb in #660
• universe: fix log entry when sync fails by @Roasbeef in #682
• Check for existing asset in db before attempting to insert a new asset. by @ffranr in #687
• split enableEmission into newGroupedAsset and groupedAsset by @jharveyb in #681
• build: bump version to v0.3.2-alpha.rc1 by @Roasbeef in #688
• chore: fix typos by @xiaolou86 in #686
• build: fix github actions to ensure release artefacts are uploaded by @Roasbeef in #695
• rpc+rpcserver: fix batch state typo by @GeorgeTsagk in #692
• Drop and re-create genesis_info_view by @GeorgeTsagk in #689
• Custodian emits a new asset-receive-complete event to notification subscribers by @ffranr in #659
• build: bump Go version to Go 1.21.4 by @Roasbeef in #696
• build: bump version to v0.3.2-alpha.rc2 by @ffranr in #702
• taprpc: add missing cli autogen docs by @jharveyb in #703
• workflows: fix release name by @ffranr in #708
• build: bump version to v0.3.2-alpha by @Roasbeef in #718

New Contributors

• @dependabot made their first contribution in #676
• @xiaolou86 made their first contribution in #686

Full Changelog: v0.3.1...v0.3.2

v0.3.2-rc2

Database Migrations

There is a database migration in this version, therefore downgrading to a previous version after installing v0.3.2-alpha.rc2 is not supported.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2-rc2.sig and manifest-v0.3.2-rc2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2-rc2.sig manifest-v0.3.2-rc2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2-rc2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2-rc2.sig.ots -f manifest-roasbeef-v0.3.2-rc2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2-rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2-rc2 /verify-install.sh v0.3.2-rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2-rc2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2-rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-rc2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

• Add GitHub CD release build workflow by @ffranr in #661
• Expose anchor point in AssetStats by @GeorgeTsagk in #667
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.28.0 to 0.46.0 by @dependabot in #676
• taprpc: change getinfo REST endpoint from POST to GET by @ffranr in #669
• chain_bridge: fetch block headers over blocks when verifying proofs by @jharveyb in #660
• universe: fix log entry when sync fails by @Roasbeef in #682
• Check for existing asset in db before attempting to insert a new asset. by @ffranr in #687
• split enableEmission into newGroupedAsset and groupedAsset by @jharveyb in #681
• build: bump version to v0.3.2-alpha.rc1 by @Roasbeef in #688
• chore: fix typos by @xiaolou86 in #686
• build: fix github actions to ensure release artefacts are uploaded by @Roasbeef in #695
• rpc+rpcserver: fix batch state typo by @GeorgeTsagk in #692
• Drop and re-create genesis_info_view by @GeorgeTsagk in #689
• Custodian emits a new asset-receive-complete event to notification subscribers by @ffranr in #659
• build: bump Go version to Go 1.21.4 by @Roasbeef in #696
• build: bump version to v0.3.2-alpha.rc2 by @ffranr in #702
• taprpc: add missing cli autogen docs by @jharveyb in #703

New Contributors

• @dependabot made their first contribution in #676
• @xiaolou86 made their first contribution in #686

Full Changelog: v0.3.1...v0.3.2-rc2

v0.3.2-beta.rc1

This release includes a number of bug fixes to: balance computation, sending+receiving, and the way grouped assets are created.

Database Migrations

A non-materialized view has been modified, but otherwise, there are no database migrations in this release.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2-beta.rc1.sig and manifest-v0.3.2-beta.rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2-beta.rc1.sig manifest-v0.3.2-beta.rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2-beta.rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2-beta.rc1.sig.ots -f manifest-roasbeef-v0.3.2-beta.rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.0, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2-beta.rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2-beta.rc1 /verify-install.sh v0.3.2-beta.rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2-beta.rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2-beta.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

This release contains a number of bug fixes related to: sending and receiving, and also proof verification.

Database Migrations

This release contains a modification to an existing view, but otherwise the data on risk remains unchanged.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2-beta.rc1.sig and manifest-v0.3.2-beta.rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2-beta.rc1.sig manifest-v0.3.2-beta.rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2-beta.rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2-beta.rc1.sig.ots -f manifest-roasbeef-v0.3.2-beta.rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.0, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2-beta.rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2-beta.rc1 /verify-install.sh v0.3.2-beta.rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2-beta.rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2-beta.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, a...

v0.3.1-alpha

EDIT: Note that the binaries and archive files for this release were updated on 2023-11-20. The previous binaries and archive files were produced from commit cdd6707702788cccfe615be3b06fe34a96ce31c6. However, tag v0.3.1 is at commit fec4a4025db21d2e47994ad4bff29aa5d31d02e9. The new binaries and archive files have been produced from the correct staging environment (commit fec4a4).

What's Changed

Daemon Config Enhancements

Users can now configure postgres database config settings such as the total amount of active database connections on the command line:

• tapd: allow configuring all connection params for Postgres by @guggero in #622

RPC Enhancements

The txid of the batch is now returned along with the MintingBatch for tapcli assets mint finalize

• multi: add txid of batch when returning the MintingBatch by @Roasbeef in #603

Users can now specify a custom proof courier on the CLI. In addition, the gRPC max message size has been increased to ensure all data can properly be fetched with teh current set of RPC calls:

• multi: add proof courier addr to CLI, fix gRPC max message size, fix linter by @guggero in #609

All Universe related RPC calls now have proper pagination support:

• Add pagination to universerpc calls by @GeorgeTsagk in #634

The number of assets has been removed from the main Info call to ensure the server dedup logic always succeeds:

• rpc: remove num assets from universe Info call by @Roasbeef in #647

The asset type has been moved into the asset_genesis struct:

• taprpc: Move asset type to genesis info by @GeorgeTsagk in #657

A redundant field has been removed from the anchor info RPC:

• RPC: Remove anchor_txid from AnchorInfo by @GeorgeTsagk in #663

Universe Sync Improvements

The default Universe sync algorithm has moved to an "on demand" approach. Before this release, clients would connect to a Universe an attempt to sync all assets ever created. This was very wasteful, as most of the time a new client likely only cares about a handful of assets. With this new model, by default no assets are synced until either: a user creates a new address with an unknown asset ID (JIT Universe Sync), or a user manually adds a specific asset config and syncs an asset via the assets universe sync call

• universe: stop syncer from syncing all known universes by default by @ffranr in #631
• address: optimistic asset sync by @jharveyb in #633

A series of new caches have been added to all Universe related RPC calls, to greatly improve the performance of the server under concurrent load:

• multi: add new caches for universe proofs, roots, keys, and config by @Roasbeef in #626

The call to fetch all the universe roots has been optimized by making some of the more expensive joins (that return additional information) optional:

• universe: make additional details optional to speed up query by @guggero in #612

Less Debug Logging

The Universe sync process generally has less debug logging, which should make it easier to keep up with log activity:

• universe: use debug logging when no sync needed by @Roasbeef in #604

Bug Fixes

A bug has been fixed where the daemon would fail to retry fetching a proof to complete a receive/send:

• Add backoff procedure to universe RPC proof courier by @ffranr in #617
• Add backoff procedure to the proof courier receive procedure by @ffranr in #637
• Ensure receiver node backoff retries finally succeed in asset send via universe proof courier by @ffranr in #644

A bug has been fixed that would cause the asset stats to factor in transfers, instead of issuance (the default intention):

• universe stats: only select issuance roots for asset related stats by @guggero in #628

Misc

• github: use the same issue templates as those found in LND repository by @ffranr in #614
• Rename universe functionality to accomodate transfer proofs. by @ffranr in #610
• mod: bump grpc and net libraries by @guggero in #630
• multi: rename RPC AssetLeaf proof field to account for transfer proofs by @ffranr in #640
• tapdb: ensure universe asset stats ticker is stopped before refresh by @Roasbeef in #658

New Contributors

• @GeorgeTsagk made their first contribution in #634

Full Changelog: v0.3.0...v0.3.1

v0.3.1-alpha.rc1

What's Changed

• universe: use debug logging when no sync needed by @Roasbeef in #604
• multi: add txid of batch when returning the MintingBatch by @Roasbeef in #603
• multi: add proof courier addr to CLI, fix gRPC max message size, fix linter by @guggero in #609
• universe: make additional details optional to speed up query by @guggero in #612
• tapd: allow configuring all connection params for Postgres by @guggero in #622
• github: use the same issue templates as those found in LND repository by @ffranr in #614
• Rename universe functionality to accomodate transfer proofs. by @ffranr in #610
• mod: bump grpc and net libraries by @guggero in #630
• universe: stop syncer from syncing all known universes by default by @ffranr in #631
• Add backoff procedure to universe RPC proof courier by @ffranr in #617
• universe stats: only select issuance roots for asset related stats by @guggero in #628
• address: optimistic asset sync by @jharveyb in #633
• Add backoff procedure to the proof courier receive procedure by @ffranr in #637
• Add pagination to universerpc calls by @GeorgeTsagk in #634
• Ensure receiver node backoff retries finally succeed in asset send via universe proof courier by @ffranr in #644
• multi: rename RPC AssetLeaf proof field to account for transfer proofs by @ffranr in #640
• rpc: remove num assets from universe Info call by @Roasbeef in #647
• multi: add new caches for universe proofs, roots, keys, and config by @Roasbeef in #626
• build: bump version to v0.3.1-alpha.rc1 by @Roasbeef in #653

New Contributors

• @GeorgeTsagk made their first contribution in #634

Full Changelog: v0.3.0...v0.3.1-alpha.rc1

v0.3.0-alpha

What’s new

• Automatically generated test vectors for all TLV encodings and MS-SMT tree and virtual machine logic
• Chain re-organization protection and automatic proof re-generation
• Add ability to burn assets
• Asset-level coin locking/leasing
• Fully implemented Multiverse tree structure to support syncing both issuance and transfer proofs
• New type of proof courier: Universe RPC courier, transfers proofs from sender to recipient via any public or private universe server
• Proof courier type and server address can now be specified
• Prometheus metrics export support
• Added load test utility for generating asset mints and transfers on regtest
• Improved universe sync speed by batching database calls
• Easy distinguishability between proof files and individual proofs with magic byte prefixes
• Future proof all data structures by adding version fields
• Tapscript support for group keys to enable richer reissuance workflows
• Enable mainnet as a supported Bitcoin network for tapd
• Many many bugs fixed and a lot of code cleaned up

RPC changes

• Support for exporting and importing proofs for individual transfers to/from Universes
• The DecodeProof RPC now supports both proof files and individual proofs
• Support for custom asset metadata types
• Metadata is limited to 1 MiB
• Statistics on the total number of issuances and asset groups for Universe servers
• Better information in the Universe individual asset statistics RPC responses
• Added more information on the minting RPC calls, can now see assets in batch and correct batch state
• Runtime configuration of universe sync settings
• Asset related RPCs now have the asset’s version as a new field
• Proof related Universe RPC calls now expect a proof type alongside the ID to distinguish between issuance and transfer proofs

Migration from previous versions

• There is no migration path, you HAVE to start with a fresh data directory by completely deleting the ~/.tapd directory.
• The public Lightning Labs Universe server was reset as well, all assets minted before v0.3.0-alpha cannot be used anymore
• This is the last breaking version, all assets minted with v0.3.0-alpha and later will be working in all future versions
• The ImportProof RPC call is now only available in development mode, since transferring proofs over private Universe servers is now possible and should be used
• Issuance proofs now have two new fields, one for the genesis reveal and one for the group key reveal

Notes on mainnet

Starting with the release of version v0.3.0 the daemon does support the Bitcoin mainnet.

IMPORTANT NOTE: To avoid loss of funds, it's imperative that you read the Operational Safety Guidelines before using tapd on mainnet!

The daemon is still in alpha state, which means there can still be bugs and not all desired data safety and backup mechanisms have been implemented yet.
Releasing on mainnet mainly signals that there will be no breaking changes in the future and that assets minted with v0.3.0 will be compatible with later versions.

What's Changed

• taprpc: fix api docs generator hint by @guggero in #411
• cmd/tapcli: add universe info sub command by @guggero in #413
• Preliminary refactor in preparation for adding multiverse support by @ffranr in #346
• multi: add test vectors for asset/address/proof/PSBT TLV encoding and VM/MS-SMT validation by @guggero in #326
• Move importproof RPC endpoint into new tapdev RPC server by @ffranr in #420
• multi: use filepath instead of path to support Windows by @guggero in #422
• GitHub: add automated docker build on tag push by @guggero in #425
• tappsbt: fix incorrect test vectors by @guggero in #429
• re-org safety: preparatory commits by @guggero in #424
• Multiverse fetch/register issuance by @ffranr in #416
• Fix REST parameter issue in GET call by @guggero in #445
• Rename universe forest instances to multiverse by @ffranr in #447
• wallet: add asset coin locking by @guggero in #431
• re-org safety: watch asset transactions and re-create proofs when necessary by @guggero in #419
• Update README.md by @Liongrass in #454
• address: add and populate proof courier addr field in Tap address by @ffranr in #450
• monitoring: add prometheus metrics collector by @positiveblue in #452
• Cleanup proof courier addr by @ffranr in #463
• GitHub: use maintained version of docker layer cache action by @guggero in #471
• itest: abstract the mint batch stress test by @positiveblue in #457
• Chain porter proof courier service initialised using configurable address by @ffranr in #459
• Fix regeneration of static proof files by @guggero in #481
• Small fixes in freighter and wallet by @guggero in #482
• Fix proof courier in integration test by @guggero in #484
• tapdb: allow batch inserting proofs when syncing universe, remove write lock for RegisterIssuance by @guggero in #449
• build: update to Go 1.21.0 by @Roasbeef in #474
• rpcserver: validate rpc requests by @positiveblue in #489
• Fix docker build by @guggero in #491
• Rename aperture courier type to hashmail courier type by @ffranr in #493
• proof: add magic bytes to individual proofs and proof files by @guggero in #488
• tapfreighter: validate proof courier address before commencing send by @ffranr in #497
• Implement sorting functionality and add total_supply for Universe Ass… by @ben2077 in #485
• CLI: Improve minting user experience by @guggero in #492
• Add version field to Tap address by @ffranr in #501
• mssmt: fuzz test for CompressedProof by @Crypt-iQ in #505
• Provable asset burning by @guggero in #477
• Add multiverse RPC proof courier by @ffranr in #473
• multi: add address version to database by @guggero in #509
• proof: fuzz test for File and Proof by @Crypt-iQ in #504
• multi: add CLI flag to enable public access to uni proof courier RPCs by @ffranr in #499
• proof: fix unnecessary trailing newline by @ffranr in #519
• tapgarden: pre proof retrieval delay respects context done signal by @ffranr in #516
• tapgarden: enhance Seedling.validateFields() doc and remove TODO by @ffranr in #521
• Generalise multiverse method names to support all proofs. by @ffranr in #496
• Sanitise asset name by @ffranr in #518
• universe: update pushProofToFederation to make sure all servers are tried by @Roasbeef in #528
• Backoff procedure erroneously resumed between two different send events by @ffranr in #529
• build: update sqlite+sqlc versions by @Roasbeef in #531
• tapdb: fix time zone issue with timestamps by @guggero in #532
• itest: add perf testing binary by @positiveblue in #487
• Generalise universe structs/methods/variables to support transfer proofs in addition to issuance proofs by @ffranr in #534
• Group key witness support by @jharveyb in #490
• multi: merge staging branch into main by @Roasbeef in #542
• tapgarden: use lru.Cache for various new group caches by @Roasbeef in #543
• build: update to lnd 0.17.0 by @Roasbeef in https://github.com/lightninglabs/tapr...