Releases: lightninglabs/faraday
v0.2.13-alpha
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.2.13-alpha.txt
and manifest-v0.2.13-alpha.sig
are in the current directory) with:
gpg --verify manifest-v0.2.13-alpha.sig manifest-v0.2.13-alpha.txt
You should see the following if the verification was successful:
gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg: using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.13-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.13-alpha
Release Notes (since v0.2.11-alpha, auto generated)
What's Changed
- Upgrade go to 1.19 in Dockerfile by @andrei-21 in #167
- build(deps): bump google.golang.org/grpc from 1.41.0 to 1.53.0 by @dependabot in #168
- mod+cmd/frcli: bump lnd version to v0.17.0-beta by @guggero in #171
- build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 by @dependabot in #172
- build(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 by @dependabot in #173
- build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.25.0 to 0.46.0 by @dependabot in #174
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #179
- accounting: increase client gRPC max receive size, bump lndclient to fix large message issue by @guggero in #178
- Record fees for self initiated sweeps to self (utxo management) by @mrfelton in #180
- faraday: bump LND dependecy to v0.17.4-beta by @bhandras in #183
- Include outgoing payment description in audit memo by @mrfelton in #182
- config: allow tls cert validity duration to be configured by @mrfelton in #185
- version: bump to v0.2.13-alpha by @guggero in #186
New Contributors
- @andrei-21 made their first contribution in #167
- @mrfelton made their first contribution in #180
- @bhandras made their first contribution in #183
Full Changelog: v0.2.11-alpha...v0.2.13-alpha
v0.2.11-alpha
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.2.11-alpha.txt
and manifest-v0.2.11-alpha.sig
are in the current directory) with:
gpg --verify manifest-v0.2.11-alpha.sig manifest-v0.2.11-alpha.txt
You should see the following if the verification was successful:
gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg: using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.11-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.11-alpha
Release Notes (since v0.2.11-alpha, auto generated)
What's Changed
- frdrpc: add POST bindings for more complex calls by @guggero in #164
- Document scoped lnd macaroon for Faraday by @guggero in #166
- version: bump version to v0.2.11-alpha by @guggero in #165
Full Changelog: v0.2.10-alpha...v0.2.11-alpha
v0.2.10-alpha
NOTE: The tagged version v0.2.9-alpha
didn't contain any user relevant changes and was skipped as a release.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.2.10-alpha.txt
and manifest-v0.2.10-alpha.sig
are in the current directory) with:
gpg --verify manifest-v0.2.10-alpha.sig manifest-v0.2.10-alpha.txt
You should see the following if the verification was successful:
gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg: using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.10-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.10-alpha
Release Notes (since v0.2.10-alpha, auto generated)
What's Changed
- frdrpcserver: also create macaroon service in subserver mode by @guggero in #148
- frdrpc/gen_protos.sh: remove js build tag by @kaloudis in #150
- Bump Golang and lnd versions by @guggero in #152
- version: bump to version v0.2.9-alpha by @guggero in #154
- fiat: add support fo multiple granularities to coingecko by @positiveblue in #155
- tools: fix linter issue with Golang 1.19 by @guggero in #159
- build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1 by @dependabot in #158
- build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 by @dependabot in #160
- multi: bump lnd+lndclient compile time dependency by @guggero in #157
- build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 by @dependabot in #161
- mod: bump lnd to v0.16.0-beta by @guggero in #162
New Contributors
- @kaloudis made their first contribution in #150
- @positiveblue made their first contribution in #155
- @dependabot made their first contribution in #158
Full Changelog: v0.2.8-alpha...v0.2.10-alpha
v0.2.8-alpha
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720
Once you have his PGP key you can verify the release (assuming manifest-v0.2.8-alpha.txt
and manifest-v0.2.8-alpha.sig
are in the current directory) with:
gpg --verify manifest-v0.2.8-alpha.sig manifest-v0.2.8-alpha.txt
You should see the following if the verification was successful:
gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg: using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF C20A 8E42 5659 3F17 7720
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.8-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.8-alpha
Release Notes (auto generated)
What's Changed
- docs: fix broken harmony link by @alexbosworth in #139
- config: clean and expand lnd tls cert path by @guggero in #142
- multi: bump btcec/v2 and btcutil to new versions by @guggero in #144
- frdrpc: add JSON/WASM client stubs for LNC, move server code into own package by @guggero in #145
- frdrpcserver: move RequiredPermissions to dedicated dir by @ellemouton in #146
- docs: fix harmony link to point at standard by @alexbosworth in #143
- Use GitHub auto-generated release notes for next release, bump version to v0.2.8-alpha by @guggero in #147
- multi: use lndclient MacaroonService by @ellemouton in #140
New Contributors
- @alexbosworth made their first contribution in #139
Full Changelog: v0.2.7-alpha...v0.2.8-alpha
v0.2.5-alpha
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen
's key from keybase:
curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import
Once you have his PGP key you can verify the release (assumingmanifest-v0.2.5-alpha.txt
and manifest-v0.2.5-alpha.txt.sig
are in the current directory) with:
gpg --verify manifest-carlakirkcohen-v0.2.5-alpha.sig manifest-v0.2.5-alpha.txt
You should see the following if the verification was successful:
gpg: Signature made Wed May 19 09:10:39 2021 SAST
gpg: using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <[email protected]>" [ultimate]
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.5-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.5-alpha
Contributors (Alphabetical Order)
Carla Kirk-Cohen
Elle Mouton
Release Notes
- The options for the fiat API used by the
audit
and `` endpoints have been expanded to include Coindesk's API.
v0.2.4-alpha
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen
's key from keybase:
curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import
Once you have his PGP key you can verify the release (assumingmanifest-v0.2.1-alpha.txt
and manifest-v0.2.3-alpha.txt.sig
are in the current directory) with:
gpg --verify manifest-carlakirkcohen-v0.2.4-alpha.sig manifest-v0.2.4-alpha.txt
You should see the following if the verification was successful:
gpg: Signature made Wed May 19 09:10:39 2021 SAST
gpg: using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <[email protected]>" [ultimate]
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.4-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.4-alpha
Contributors (Alphabetical Order)
Carla Kirk-Cohen
Justin O'Brien
Oliver Guggero
Release Notes
Breaking Changes
- Bumped the minimum required version of
lnd
tov0.11.1-beta
.
Bug Fixes
- Fixes a bug in how TLS connections were initialized which lead to the
missing selected ALPN property
error in node.js and #c clients. - A bug where the rpc server would panic on rpc calls to the outlier and
threshold recommendation api has been fixed.
v0.2.3-alpha
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen
's key from keybase:
curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import
Once you have his PGP key you can verify the release (assumingmanifest-v0.2.1-alpha.txt
and manifest-v0.2.3-alpha.txt.sig
are in the current directory) with:
gpg --verify manifest-v0.2.3-alpha.txt.sig
You should see the following if the verification was successful:
gpg: assuming signed data in 'manifest-v0.2.3-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg: using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <[email protected]>" [ultimate]
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.3-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.3-alpha
Contributors (Alphabetical Order)
Carla Kirk-Cohen
Carsten Otto
Oliver Guggero
Release Notes
- Fixed compile time compatibility with
lnd v0.12.0-beta
. - The output of the
audit
rpc is now sorted by ascending timestamp. - A pre-set custom category for Lightning Pool has been added to the
audit
cli, and can be used to separate all pool-related transactions into their own category calledpool
usingaudit --pool-category
.
Bug Fixes
- A bug in the
audit
custom categories functionality which switched on-chain and off-chain categories has been fixed.
v0.2.2-alpha
Release Notes
Custom Accounting Cateogories
This minor release contains the addition of custom reporting categories in the audit
endpoint. These categories can be used to identify custom groups of transactions within your accounting report. The labels on lnd
's on-chain
transactions and invoices are used to match transactions against a set of regexes which identify a transaction as belonging in a custom group. At present, there is no labeling for off-chain payments and forwards, so they cannot be included in these categories.
When using the cli, categories should be specified as a json array:
./frcli audit --categories='[
{
"name": "test",
"on_chain": true,
"off_chain": false,
"label_patterns": ["test[0-9]*", "example(1|2)"]
},
{
...
},
]'
A default category for transactions involved in Lightning Loop swaps is included in the cli, and can be included in reports by using the --loop-category
flag.
Bug Fixes
- A bug in the
exchangerates
api that would panic if no timestamps were provided was fixed.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen
's key from keybase:
curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import
Once you have his PGP key you can verify the release (assumingmanifest-v0.2.2-alpha.txt
and manifest-v0.2.2-alpha.txt.sig
are in the current directory) with:
gpg --verify manifest-v0.2.2-alpha.txt.sig
You should see the following if the verification was successful:
gpg: assuming signed data in 'manifest-v0.2.2-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg: using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <[email protected]>" [ultimate]
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.2-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.2-alpha
Contributors (Alphabetical Order)
André Neves
Carla Kirk-Cohen
Oliver Gugger
v0.2.1-alpha
Release Notes
Accounting Reports
This Faraday release contains full accounting reports for on-chain and off-chain transactions produced by lnd. This much-requested feature provides node operators and business building on Lightning to produce a full report of their node’s activity, and better account for their operational expenses and movement of funds. The report is specifically lightning focused, separating transactions such as circular rebalances and on channel transactions into their own categories. The Harmony reporting standard is used for these reports, and they can be conveniently exported to a csv file using frcli audit --csvdir={location}
. Please see our full accounting documentation for details.
Authentication and Transport Security
Faraday’s grpc and REST endpoints are now encrypted with TLS and secured with macaroon authentication, as is the case for lnd. A single macaroon, faraday.macaroon
, and the TLS cert/key pair are stored in ~/.faraday/<network>/faraday.macaroon
(or /Users/<username>/Library/ApplicationSupport/Faraday/<network>
on mac) by default. Note that the macaroon and cert pair are separate to those used by lnd.
The --faradaydir
flag can be used to set a different location for the macaroon and cert pair, or they can be individually set using --tlscertpath
, --tlskeypath
and --macaroondir
. If you are running on mainnet, frcli
will automatically look for the cert and macaroon in the default path. However, if you are running on regtest or testnet, the --network
flag is required to point Faraday to the correct directory.
Bug Fixes
A bug in the pagination used by insights
endpoint to query lnd for forwarding events which was triggered for nodes with > 2000 forwards has been fixed.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen
's key from keybase:
curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import
Once you have his PGP key you can verify the release (assumingmanifest-v0.2.1-alpha.txt
and manifest-v0.2.1-alpha.txt.sig
are in the current directory) with:
gpg --verify manifest-v0.2.1-alpha.txt.sig
You should see the following if the verification was successful:
gpg: assuming signed data in 'manifest-v0.2.1-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg: using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <[email protected]>" [ultimate]
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes:
cat manifest-v0.2.1-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.2.1-alpha
Contributors (Alphabetical Order)
Carla Kirk-Cohen
Joost Jager
Oliver Gugger
saubyk
v0.1.0-alpha
Release Notes
This is the first major release of Faraday! With this release, and the releases to follow, we aim to improve the quality of the Lightning Network graph by providing node operators with tools to maintain a healthy routing node. Our blog post contains details of the features that are contained in this release.
Verifying the Release
In order to verify the release, you'll need to have gpg
or gpg2
installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen
's key from keybase:
curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import
Once you have his PGP key you can verify the release (assumingmanifest-v0.1.0-alpha.txt
and manifest-v0.1.0-alpha.txt.sig
are in the current directory) with:
gpg --verify manifest-v0.1.0-alpha.txt.sig`
You should see the following if the verification was successful:
gpg: assuming signed data in 'manifest-v0.1.0-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg: using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <[email protected]>" [ultimate]
That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256
sum of the binary, and compare that with the following hashes (which are
cat manifest-v0.1.0-alpha.txt
One can use the shasum -a 256 <file name here>
tool in order to re-compute the sha256
hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.
Finally, you can also verify the tag itself with the following command:
git verify-tag v0.1.0-alpha
Contributors (Alphabetical Order)
Carla Kirk-Cohen
Oliver Gugger