github lightninglabs/taproot-assets v0.5.1-rc1
v0.5.1-alpha RC
on GitHub

pre-release19 hours ago

Database Migrations

tapd v0.5.1 contains non-revertible database migrations. After running tapd v0.5.1, these database migrations prevent downgrading tapd to a previous release. Create backups of tapd database state, before upgrading to tapd v0.5.1. Please report any database migration issues.

Breaking changes between 0.4.x and 0.5.x

Downstream Projects - litd

litd v0.14.x-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality. See upgrade instructions below if you opened Asset channels with such an experimental version.

tapd v0.5.x changes

Oracle RPC:
The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint to achieve better precision.
The rationale for the change and the new math behind it are described in the new RFQ document.
Code examples for a Price Oracle server are available here.

Configuration changes:
The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean. The value now controls whether the node's universe database can be accessed over RPC and either read (value r) or written to (value w) or both (value rw).
So existing nodes with the configuration file value universe.public-access=true need to change the value to universe.public-access=rw. Users specifying the command line flag --universe.public-access just need to append a value, for example --universe.public-access=rw.

⚠️ CRITICAL INSTRUCTIONS ⚠️:

Required-upgrade path for existing litd installations:

To avoid loss of channel funds: Any litd node which ran Taproot Asset channels using any litd v0.13.9xx-experimental versions MUST FOLLOW all of the following procedures:
litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality.
If one channel peer is running litd version <= v0.13.9xx-experimental channel operations are are NOT forwards compatible with litd v0.14.x-alpha versions.

  • All Taproot-Asset Lightning channels created using litd version <=, v0.13.9xx-experimental must be cooperatively closed before upgrading to v0.14.x-alpha.
    • Channel Closure instructions
    • Monitor status of lncli pendingchannels: Ensure pending_htlcs response is empty before progressing
      Example: lncli listchannels | jq '.channels[] | select(.pending_htlcs != [])'
  • Avoid force closing the channels. If there are pending/in-flight HTLCs, wait for HTLCs to be resolved.
  • Once all channels are fully closed (e.g. lncli pendingchannels is empty), both nodes must be upgraded to the new v0.14.0-alpha version before new channels can be opened. Please coordinate the upgrade with your peer if you're not operating both nodes.
  • Daemon installations which exclusively contain Taproot Assets on-chain outputs that are not contained within lightning channels, are not required to follow this upgrade path. Anything mentioned above only relates to assets in channels. Normal on-chain assets are not affected.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already: 

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.5.1-rc1.sig and manifest-v0.5.1-rc1.txt are in the current directory) with: 

gpg --verify manifest-roasbeef-v0.5.1-rc1.sig manifest-v0.5.1-rc1.txt

You should see the following if the verification was successful: 

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

In addition to time-stamping the git tag with OpenTimestamps, we also timestamp the manifest file along with its signature. Two files are included in our release artifacts: manifest-roasbeef-v0.5.1-rc1.sig.ots and manifest-v0.5.1-rc1.txt.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands: 

ots verify manifest-roasbeef-v0.5.1-rc1.sig.ots -f manifest-roasbeef-v0.5.1-rc1.sig
ots verify manifest-v0.5.1-rc1.txt.ots -f manifest-v0.5.1-rc1.txt

Alternatively, the OpenTimestamps website can be used to verify these timestamps if one doesn't have a bitcoind instance accessible locally.

Assuming you are using the OpenTimestamps ots-git-gpg-wrapper you can verify the timestamp of the git tag by verifying the tag as explained in Verifying the Release Binaries.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.6, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command: 

$ git verify-tag v0.5.1-rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example): 

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.5.1-rc1 /verify-install.sh v0.5.1-rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.5.1-rc1.tar.gz are in the current directory, follow these steps: 

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.5.1-rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.1-rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.5.1-rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so: 

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

  • Improve logging by @ffranr in #1269
  • refactor: using slices.Contains to simplify the code by @zhoufanjin in #1283
  • GitHub: update tapd's CI litd branch to testing target by @dstadulis in #1291
  • tapdb: thread through enabled flag correctly by @guggero in #1296
  • build(deps): bump the go_modules group across 2 directories with 1 update by @dependabot in #1292
  • universe: improve logging for single asset sync attempt by @guggero in #1294
  • tapcfg: read multiverse cache from cfg instead of using default by @Roasbeef in #1297
  • chore: fix some function names in comment by @crystalstall in #1273
  • Part 1: Asset Minting with V1 Asset Group Key and Chantools Cold Storage Support by @ffranr in #1272
  • Add unit test for method ExternalKey.PubKey by @ffranr in #1284
  • multi: add new v2 version of GKR based on Pedersen commitments by @Roasbeef in #1290
  • github-ci: bump upload-artifact@v3 to @v4 by @GeorgeTsagk in #1303
  • Remove .fail files and update .gitignore by @ffranr in #1307
  • Add Logging to Diagnose Flaky CI PostgreSQL Integration Test by @ffranr in #1308
  • SealBatch RPC endpoint accepts signed group PSBT by @ffranr in #1295
  • Support minting on Ledger signing device by @guggero in #1301
  • tapdb: fix performance of aggregate stats by @guggero in #1310
  • monitoring: export collector timeout as prometheus config by @GeorgeTsagk in #1300
  • Aggregate Universe Stats: always store result of querySyncStats by @GeorgeTsagk in #1302
  • version: bump version to v0.5.1-alpha.rc1 by @guggero in #1314

New Contributors

Full Changelog: v0.5.0...v0.5.1-rc1

Check out latest releases or
releases around lightninglabs/taproot-assets v0.5.1-rc1

Don't miss a new taproot-assets release

NewReleases is sending notifications on new releases.

Get notifications