Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lnd: fix missing RPC permissions when bitcoind is pruned #563

Merged
merged 3 commits into from
Oct 28, 2022
Merged

lnd: fix missing RPC permissions when bitcoind is pruned #563

merged 3 commits into from
Oct 28, 2022

Conversation

erikarvstedt
Copy link
Collaborator

@erikarvstedt erikarvstedt commented Oct 25, 2022
edited
Loading

This branch includes some required commits from #559.

I've confirmed that lnd requires extra bitcoin RPC commands (via pruned_block_dispatcher.go) when bitcoind is pruned. This PR fixes the missing RPC permissions.

@ekimber, does this PR fix #562 for you?

@ekimber
Copy link

ekimber commented Oct 26, 2022

This branch includes some required commits from #559.

I've confirmed that lnd requires extra bitcoin RPC commands (via pruned_block_dispatcher.go) when bitcoind is pruned. This PR fixes the missing RPC permissions.

@ekimber, does this PR fix #562 for you?

Nice, this is working for me

@erikarvstedt erikarvstedt marked this pull request as ready for review October 26, 2022 13:58
@jonasnick
Copy link
Member

Pinging @seberm, could you have a look at the commits affecting shellcheck?

@erikarvstedt
Copy link
Collaborator Author

erikarvstedt commented Oct 27, 2022
edited
Loading

The shellcheck-services commits fix code that I had originally added. They are technically unrelated to shellcheck and only deal with the NixOS module system.

  • test/shellcheck-services: simplify accessing service definitions is a refactor with zero behavior changes (except for the performance boost).
  • test/shellcheck-services: fix error by excluding unavailable services fixes an error with service detection.
    Previously, unavailable services defined via systemd.service.foo = mkIf false ...; (like clightning-rest-migrate-datadir) were not ignored, which caused an error when accessing their config.

jonasnick
jonasnick reviewed Oct 27, 2022
View reviewed changes
Copy link
Member

@jonasnick jonasnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The lnd commit looks good to me.

modules/lnd.nix
Comment on lines +314 to +328
(mkIf isPruned {
services.bitcoind.rpc.users.lnd = {
passwordHMACFromFile = true;
rpcwhitelist = bitcoind.rpc.users.public.rpcwhitelist ++ [
"getpeerinfo"
"getnodeaddresses"
];
};
nix-bitcoin.secrets = {
bitcoin-rpcpassword-lnd.user = cfg.user;
bitcoin-HMAC-lnd.user = bitcoind.user;
};
nix-bitcoin.generateSecretsCmds.lndBitcoinRPC = ''
makeBitcoinRPCPassword lnd
'';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder at what point it would make sense to abstract this. "privileged", "joinmarket-ob-watcher", "btcpayserver" all set the same options modulo user and rpcwhitelist.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I have a branch from 2021 which implements such an abstraction (by adding options passwordFile.{user,group} to bitcoind.rpc.users.<name>).
I guess I deemed that its benefits didn't warrant the increase in implicitness and the extra review burden. But if you're open to it, I'll dust it off and publish it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah well if you already came to that conclusion no need to dust it off now.

@seberm
Copy link
Contributor

seberm commented Oct 27, 2022

Pinging @seberm, could you have a look at the commits affecting shellcheck?

Hello @jonasnick, the code seems fine to me.

I also rechecked the shellcheck still works as expected (made shellcheck erros into preStart scripts of nix-bitcoin services):

...
X="my test"
touch $X
cat $X

As you can see, it's working fine when running:

./run-tests.sh -s default
...
/nix/store/fx7d1yzp7370adpdw2wxi5kh6mh66nzy-unit-script-lnd-pre-start/bin/lnd-pre-start

In /nix/store/fx7d1yzp7370adpdw2wxi5kh6mh66nzy-unit-script-lnd-pre-start/bin/lnd-pre-start line 11:
touch $X
      ^-- SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
touch "$X"


In /nix/store/fx7d1yzp7370adpdw2wxi5kh6mh66nzy-unit-script-lnd-pre-start/bin/lnd-pre-start line 12:
cat $X
    ^-- SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cat "$X"

But the test is not failing, when I add a vm argument:

./run-tests.sh -s default vm

Is this expected behavior?

Thanks.

@erikarvstedt
Copy link
Collaborator Author

Is this expected behavior?

Yes, service shellcheck is only run for the VM test that's run as a Nix build.
The other test methods are for debugging runtime behavior and should build as quickly as possible.

jonasnick
jonasnick approved these changes Oct 28, 2022
View reviewed changes
Copy link
Member

@jonasnick jonasnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 67949a0

Thanks @seberm

@jonasnick jonasnick merged commit 7c16fc5 into fort-nix:master Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonasnick jonasnick jonasnick approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

lnd daemon requires the getpeerinfo bitcoind rpc method
4 participants
@erikarvstedt @ekimber @jonasnick @seberm