v0.2.13-alpha

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720

Once you have his PGP key you can verify the release (assuming manifest-v0.2.13-alpha.txt and manifest-v0.2.13-alpha.sig are in the current directory) with:

gpg --verify manifest-v0.2.13-alpha.sig manifest-v0.2.13-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg:                using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <gugger@gmail.com>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF  C20A 8E42 5659 3F17 7720

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.13-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.13-alpha

Release Notes (since v0.2.11-alpha, auto generated)

What's Changed

• Upgrade go to 1.19 in Dockerfile by @andrei-21 in #167
• build(deps): bump google.golang.org/grpc from 1.41.0 to 1.53.0 by @dependabot in #168
• mod+cmd/frcli: bump lnd version to v0.17.0-beta by @guggero in #171
• build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 by @dependabot in #172
• build(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3 by @dependabot in #173
• build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.25.0 to 0.46.0 by @dependabot in #174
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #179
• accounting: increase client gRPC max receive size, bump lndclient to fix large message issue by @guggero in #178
• Record fees for self initiated sweeps to self (utxo management) by @mrfelton in #180
• faraday: bump LND dependecy to v0.17.4-beta by @bhandras in #183
• Include outgoing payment description in audit memo by @mrfelton in #182
• config: allow tls cert validity duration to be configured by @mrfelton in #185
• version: bump to v0.2.13-alpha by @guggero in #186

New Contributors

• @andrei-21 made their first contribution in #167
• @mrfelton made their first contribution in #180
• @bhandras made their first contribution in #183

Full Changelog: v0.2.11-alpha...v0.2.13-alpha

v0.2.11-alpha

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720

Once you have his PGP key you can verify the release (assuming manifest-v0.2.11-alpha.txt and manifest-v0.2.11-alpha.sig are in the current directory) with:

gpg --verify manifest-v0.2.11-alpha.sig manifest-v0.2.11-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg:                using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <gugger@gmail.com>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF  C20A 8E42 5659 3F17 7720

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.11-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.11-alpha

Release Notes (since v0.2.11-alpha, auto generated)

What's Changed

• frdrpc: add POST bindings for more complex calls by @guggero in #164
• Document scoped lnd macaroon for Faraday by @guggero in #166
• version: bump version to v0.2.11-alpha by @guggero in #165

Full Changelog: v0.2.10-alpha...v0.2.11-alpha

v0.2.10-alpha

NOTE: The tagged version v0.2.9-alpha didn't contain any user relevant changes and was skipped as a release.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720

Once you have his PGP key you can verify the release (assuming manifest-v0.2.10-alpha.txt and manifest-v0.2.10-alpha.sig are in the current directory) with:

gpg --verify manifest-v0.2.10-alpha.sig manifest-v0.2.10-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg:                using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <gugger@gmail.com>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF  C20A 8E42 5659 3F17 7720

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.10-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.10-alpha

Release Notes (since v0.2.10-alpha, auto generated)

What's Changed

• frdrpcserver: also create macaroon service in subserver mode by @guggero in #148
• frdrpc/gen_protos.sh: remove js build tag by @kaloudis in #150
• Bump Golang and lnd versions by @guggero in #152
• version: bump to version v0.2.9-alpha by @guggero in #154
• fiat: add support fo multiple granularities to coingecko by @positiveblue in #155
• tools: fix linter issue with Golang 1.19 by @guggero in #159
• build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1 by @dependabot in #158
• build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 by @dependabot in #160
• multi: bump lnd+lndclient compile time dependency by @guggero in #157
• build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 by @dependabot in #161
• mod: bump lnd to v0.16.0-beta by @guggero in #162

New Contributors

• @kaloudis made their first contribution in #150
• @positiveblue made their first contribution in #155
• @dependabot made their first contribution in #158

Full Changelog: v0.2.8-alpha...v0.2.10-alpha

v0.2.8-alpha

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720

Once you have his PGP key you can verify the release (assuming manifest-v0.2.8-alpha.txt and manifest-v0.2.8-alpha.sig are in the current directory) with:

gpg --verify manifest-v0.2.8-alpha.sig manifest-v0.2.8-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Do 25 Nov 2021 10:41:18 CET
gpg:                using RSA key F4FC70F07310028424EFC20A8E4256593F177720
gpg: Good signature from "Oliver Gugger <gugger@gmail.com>" [ultimate]
Primary key fingerprint: F4FC 70F0 7310 0284 24EF  C20A 8E42 5659 3F17 7720

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.8-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.8-alpha

Release Notes (auto generated)

What's Changed

• docs: fix broken harmony link by @alexbosworth in #139
• config: clean and expand lnd tls cert path by @guggero in #142
• multi: bump btcec/v2 and btcutil to new versions by @guggero in #144
• frdrpc: add JSON/WASM client stubs for LNC, move server code into own package by @guggero in #145
• frdrpcserver: move RequiredPermissions to dedicated dir by @ellemouton in #146
• docs: fix harmony link to point at standard by @alexbosworth in #143
• Use GitHub auto-generated release notes for next release, bump version to v0.2.8-alpha by @guggero in #147
• multi: use lndclient MacaroonService by @ellemouton in #140

New Contributors

• @alexbosworth made their first contribution in #139

Full Changelog: v0.2.7-alpha...v0.2.8-alpha

v0.2.5-alpha

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen's key from keybase:

curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assumingmanifest-v0.2.5-alpha.txt and manifest-v0.2.5-alpha.txt.sig are in the current directory) with:

gpg --verify manifest-carlakirkcohen-v0.2.5-alpha.sig manifest-v0.2.5-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Wed May 19 09:10:39 2021 SAST
gpg:                using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <kirkcohenc@gmail.com>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.5-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.5-alpha

Contributors (Alphabetical Order)

Carla Kirk-Cohen
Elle Mouton

Release Notes

• The options for the fiat API used by the audit and `` endpoints have been expanded to include Coindesk's API.

v0.2.4-alpha

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen's key from keybase:

curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assumingmanifest-v0.2.1-alpha.txt and manifest-v0.2.3-alpha.txt.sig are in the current directory) with:

gpg --verify manifest-carlakirkcohen-v0.2.4-alpha.sig manifest-v0.2.4-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Wed May 19 09:10:39 2021 SAST
gpg:                using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <kirkcohenc@gmail.com>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.4-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.4-alpha

Contributors (Alphabetical Order)

Carla Kirk-Cohen
Justin O'Brien
Oliver Guggero

Release Notes

Breaking Changes

• Bumped the minimum required version of lnd to v0.11.1-beta.

Bug Fixes

• Fixes a bug in how TLS connections were initialized which lead to the
  missing selected ALPN property error in node.js and #c clients.
• A bug where the rpc server would panic on rpc calls to the outlier and
  threshold recommendation api has been fixed.

v0.2.3-alpha

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen's key from keybase:

curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assumingmanifest-v0.2.1-alpha.txt and manifest-v0.2.3-alpha.txt.sig are in the current directory) with:

gpg --verify manifest-v0.2.3-alpha.txt.sig

You should see the following if the verification was successful:

gpg: assuming signed data in 'manifest-v0.2.3-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg:                using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <kirkcohenc@gmail.com>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.3-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.3-alpha

Contributors (Alphabetical Order)

Carla Kirk-Cohen
Carsten Otto
Oliver Guggero

Release Notes

• Fixed compile time compatibility with lnd v0.12.0-beta.
• The output of the audit rpc is now sorted by ascending timestamp.
• A pre-set custom category for Lightning Pool has been added to the audit cli, and can be used to separate all pool-related transactions into their own category called pool using audit --pool-category.

Bug Fixes

• A bug in the audit custom categories functionality which switched on-chain and off-chain categories has been fixed.

v0.2.2-alpha

Release Notes

Custom Accounting Cateogories

This minor release contains the addition of custom reporting categories in the audit endpoint. These categories can be used to identify custom groups of transactions within your accounting report. The labels on lnd's on-chain transactions and invoices are used to match transactions against a set of regexes which identify a transaction as belonging in a custom group. At present, there is no labeling for off-chain payments and forwards, so they cannot be included in these categories.

When using the cli, categories should be specified as a json array:

./frcli audit --categories='[
		{ 
			"name": "test", 
			"on_chain": true, 
			"off_chain": false, 
			"label_patterns": ["test[0-9]*", "example(1|2)"] 
		},
		{
			...
		},
	]'

A default category for transactions involved in Lightning Loop swaps is included in the cli, and can be included in reports by using the --loop-category flag.

Bug Fixes

• A bug in the exchangerates api that would panic if no timestamps were provided was fixed.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen's key from keybase:

curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assumingmanifest-v0.2.2-alpha.txt and manifest-v0.2.2-alpha.txt.sig are in the current directory) with:

gpg --verify manifest-v0.2.2-alpha.txt.sig

You should see the following if the verification was successful:

gpg: assuming signed data in 'manifest-v0.2.2-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg:                using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <kirkcohenc@gmail.com>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.2-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.2-alpha

Contributors (Alphabetical Order)

André Neves
Carla Kirk-Cohen
Oliver Gugger

v0.2.1-alpha

Release Notes

Accounting Reports

This Faraday release contains full accounting reports for on-chain and off-chain transactions produced by lnd. This much-requested feature provides node operators and business building on Lightning to produce a full report of their node’s activity, and better account for their operational expenses and movement of funds. The report is specifically lightning focused, separating transactions such as circular rebalances and on channel transactions into their own categories. The Harmony reporting standard is used for these reports, and they can be conveniently exported to a csv file using frcli audit --csvdir={location}. Please see our full accounting documentation for details.

Authentication and Transport Security

Faraday’s grpc and REST endpoints are now encrypted with TLS and secured with macaroon authentication, as is the case for lnd. A single macaroon, faraday.macaroon, and the TLS cert/key pair are stored in ~/.faraday/<network>/faraday.macaroon (or /Users/<username>/Library/ApplicationSupport/Faraday/<network> on mac) by default. Note that the macaroon and cert pair are separate to those used by lnd.

The --faradaydir flag can be used to set a different location for the macaroon and cert pair, or they can be individually set using --tlscertpath, --tlskeypath and --macaroondir. If you are running on mainnet, frcli will automatically look for the cert and macaroon in the default path. However, if you are running on regtest or testnet, the --network flag is required to point Faraday to the correct directory.

Bug Fixes

A bug in the pagination used by insights endpoint to query lnd for forwarding events which was triggered for nodes with > 2000 forwards has been fixed.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen's key from keybase:

curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assumingmanifest-v0.2.1-alpha.txt and manifest-v0.2.1-alpha.txt.sig are in the current directory) with:

gpg --verify manifest-v0.2.1-alpha.txt.sig

You should see the following if the verification was successful:

gpg: assuming signed data in 'manifest-v0.2.1-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg:                using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <kirkcohenc@gmail.com>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.1-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.1-alpha

Contributors (Alphabetical Order)

Carla Kirk-Cohen
Joost Jager
Oliver Gugger
saubyk

v0.1.0-alpha

Release Notes

This is the first major release of Faraday! With this release, and the releases to follow, we aim to improve the quality of the Lightning Network graph by providing node operators with tools to maintain a healthy routing node. Our blog post contains details of the features that are contained in this release.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import carlakirkcohen's key from keybase:

curl https://keybase.io/carlakirkcohen/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assumingmanifest-v0.1.0-alpha.txt and manifest-v0.1.0-alpha.txt.sig are in the current directory) with:

gpg --verify manifest-v0.1.0-alpha.txt.sig`

You should see the following if the verification was successful:

gpg: assuming signed data in 'manifest-v0.1.0-alpha.txt'
gpg: Signature made Thu Mar 19 09:19:19 2020 SAST
gpg:                using RSA key 15E7ECF257098A4EF91655EB4CA7FE54A6213C91
gpg: Good signature from "Carla Kirk-Cohen <kirkcohenc@gmail.com>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes (which are

cat manifest-v0.1.0-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.1.0-alpha

Contributors (Alphabetical Order)

Carla Kirk-Cohen
Oliver Gugger