Skip to content

Releases: lightninglabs/taproot-assets

v0.4.0-alpha.rc2

08 Jul 22:52
@Roasbeef Roasbeef
v0.4.0-alpha.rc2
1e020b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.4.0-alpha.rc2 Pre-release
Pre-release

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-alpha.rc2.sig and manifest-v0.4.0-alpha.rc2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.0-alpha.rc2.sig manifest-v0.4.0-alpha.rc2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-alpha.rc2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.0-alpha.rc2.sig.ots -f manifest-roasbeef-v0.4.0-alpha.rc2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.0-alpha.rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-alpha.rc2 /verify-install.sh v0.4.0-alpha.rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.0-alpha.rc2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-alpha.rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-alpha.rc2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

What's Changed

  • itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
  • Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
  • tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
  • gitignore: add non-debug binaries to ignore by @guggero in #724
  • tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
  • rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
  • misc: group key testing by @jharveyb in #717
  • Update test vectors by @ffranr in #733
  • Add asset group burn itest, logging, and missing error handling by @ffranr in #732
  • Refactor fed envy event handling by @ffranr in #731
  • multiverse: add overlay points for universe trees by @guggero in #624
  • Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
  • rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
  • Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
  • Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
  • multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
  • muti: fix typos by @AtomicInnovation321 in #748
  • proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
  • chore: fix typos by @GoodDaisy in #752
  • multi: anchor fee test coverage by @jharveyb in #605
  • Refactor and cleanup custodian events cache handling by @ffranr in #756
  • itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
  • Fix typos by @cristiantroy in #764
  • [1/2] custodian: look up proofs in local universe as well by @guggero in #726
  • taprpc+tapdb: ListTransfers RPC optionally filters on anchor tx hash by @ffranr in #761
  • Increase group witness test coverage by @jharveyb in #549
  • tapdb: add support for logging migrations by @Roasbeef in #772
  • [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
  • makefile: add command to generate git release tags by @ffranr in #720
  • [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
  • tapdb: fix migration 15 by @guggero in #784
  • itest: use configurable timeout for load test by @guggero in #795
  • itest: universe server harness uses a dedicated LND node by @ffranr in #800
  • tools: exclude non-project files from go version consistency lint check by @ffranr in #775
  • vPSBT: add sighash support (no version bump) by @GeorgeTsagk in #779
  • multi: introduce new meta type for json strings by @Roasbeef in #794
  • [preparation 1/2]: refactor to simplify send logic, prepare for new RPCs by @guggero in https://github.com/lightninglabs/taproot-assets/pul...
Read more

Contributors

Roasbeef, guggero, and 10 other contributors
Assets 14
Loading

v0.4.0-alpha RC1

08 Jul 22:51
@guggero guggero
v0.4.0-rc1
This tag was signed with the committer’s verified signature.
guggero Oliver Gugger
GPG key ID: 8E4256593F177720
Verified
Learn about vigilant mode.
2547cc6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.4.0-alpha RC1 Pre-release
Pre-release

Database Migrations

There are a number of database migrations in this release. Please be aware that downgrading to a previous version will not be possible once the migrations have been applied. Make sure you create a backup before updating and please report any issues with the database migrations.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.4.0-rc1.sig and manifest-v0.4.0-rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.4.0-rc1.sig manifest-v0.4.0-rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.4.0-rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.4.0-rc1.sig.ots -f manifest-roasbeef-v0.4.0-rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.22.3, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.4.0-rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.4.0-rc1 /verify-install.sh v0.4.0-rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.4.0-rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.4.0-rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.4.0-rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Full Changelog: v0.3.3...v0.4.0-rc1

What's Changed

  • itest: add main universe server harness, turn on proof courier for all test cases by @guggero in #712
  • Federation envoy re-attempts sync push for issuance proofs by @ffranr in #698
  • tapgarden: fix races and deadlocks in caretaker by @jharveyb in #693
  • gitignore: add non-debug binaries to ignore by @guggero in #724
  • tapdb: add minimalistic test framework for testing DB migrations by @guggero in #707
  • rpcserver+tapscript: err shadowing fixes by @jharveyb in #713
  • misc: group key testing by @jharveyb in #717
  • Update test vectors by @ffranr in #733
  • Add asset group burn itest, logging, and missing error handling by @ffranr in #732
  • Refactor fed envy event handling by @ffranr in #731
  • multiverse: add overlay points for universe trees by @guggero in #624
  • Add means to specify sqlite db file path for tapd test harness and db unit tests by @ffranr in #735
  • rpcserver: skip local meta data lookup for genesis proof by @guggero in #744
  • Multi-input PSBT spend for homogeneous input asset ID by @ffranr in #743
  • Add enhanced prometheus metrics for tapd by @GeorgeTsagk in #716
  • multi: attempt to fix issue of high number of TCP connections by explicitly closing connections and implementing an idle timer by @Roasbeef in #719
  • muti: fix typos by @AtomicInnovation321 in #748
  • proof courier: general cleanup and refactor, re-try after restart by @guggero in #734
  • chore: fix typos by @GoodDaisy in #752
  • multi: anchor fee test coverage by @jharveyb in #605
  • Refactor and cleanup custodian events cache handling by @ffranr in #756
  • itest: extend multi-input PSBT spend test to include partial value spend by @ffranr in #747
  • Fix typos by @cristiantroy in #764
  • [1/2] custodian: look up proofs in local universe as well by @guggero in #726
  • taprpc+tapdb: ListTransfers RPC optionally filters on anchor tx hash by @ffranr in #761
  • Increase group witness test coverage by @jharveyb in #549
  • tapdb: add support for logging migrations by @Roasbeef in #772
  • [tap channels preparation 1/?]: Add QueryInternalKey and QueryScriptKey RPCs, pre-fill script key info in vPSBT by @guggero in #765
  • makefile: add command to generate git release tags by @ffranr in #720
  • [2/2] proof: allow proof courier to short cut with local archive by @guggero in #730
  • tapdb: fix migration 15 by @guggero in #784
  • itest: use configurable timeout for load test by @guggero in #795
  • itest: universe server harness uses a dedicated LND node by @ffranr in #800
  • tools: exclude non-project files from go version consistency lint check by @ffranr in #775
  • vPSBT: add sighash support (no version bump) by @GeorgeTsagk in #779
  • multi: introduce new meta type for json strings by @Roasbeef in #794
  • [preparation 1/2]: refactor to simplify send logic, prepare for new RPCs by @guggero in https://github.com/lightninglabs/tapro...
Read more

Contributors

Roasbeef, guggero, and 10 other contributors
Assets 16
Loading

v0.3.3-alpha

08 Feb 20:32
@github-actions github-actions
v0.3.3
aa1f3b1
Compare
Choose a tag to compare
v0.3.3-alpha

This is a minor release that includes a series of bug fixes and enhancements. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust. In addition, the resource requirements for running a public Universe server have been reduced.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3.sig and manifest-v0.3.3.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3.sig manifest-v0.3.3.txt

You should see the following if the verification was successful:

gpg: Signature made Thu Feb  8 12:29:49 2024 PST
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3.sig.ots -f manifest-roasbeef-v0.3.3.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3
gpg: Signature made Wed 07 Feb 2024 10:58:03 PM UTC using RSA key ID 9B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>"

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3 /verify-install.sh v0.3.3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

Full Changelog: v0.3.2...v0.3.3

What's Changed

  • A resource lease affecting active TCPs connections for Universe servers has been resolved: #719
  • tapd is now able to export additional Prometheus metrics: #716
  • A retry loop has been added to the process of exporting new proofs to Universe servers: #698
  • The proof courier will now more robustly attempt to obtain proofs to complete receives after a restart: #734
  • The integration tests system now covers all possible proof courier types: #712
  • tapd will now log any executed database migrations during start up: #772
  • Users can now side load proofs using the Universe RPC calls to complete a receive flow: #726
  • An edge case related to re-used script keys has been resolved, and the receive process now properly consults the local proof archive to short circuit logic. In addition, proofs stored on disk now contain an outpoint prefix to avoid over writing proofs: #730
Assets 17
Loading

v0.3.3-alpha.rc3

07 Feb 12:20
@github-actions github-actions
v0.3.3-alpha.rc3
82a0c51
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.3-alpha.rc3 Pre-release
Pre-release

This is a minor release that includes a series of bug fixes and enchants. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3-alpha.rc3.sig and manifest-v0.3.3-alpha.rc3.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3-alpha.rc3.sig manifest-v0.3.3-alpha.rc3.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3-alpha.rc3.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3-alpha.rc3.sig.ots -f manifest-roasbeef-v0.3.3-alpha.rc3.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3-alpha.rc3
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3-alpha.rc3 /verify-install.sh v0.3.3-alpha.rc3
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3-alpha.rc3.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3-alpha.rc3.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc3" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc3" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

What's Changed

Full Changelog: v0.3.2...v0.3.3-alpha.rc3

Assets 14
Loading

v0.3.3-alpha.rc2

07 Feb 12:19
@github-actions github-actions
v0.3.3-alpha.rc2
86b4039
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.3-alpha.rc2 Pre-release
Pre-release

This is a minor release that includes a series of bug fixes and enchants. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving. And an update to an existing table that fixes a bug with the order of asset witnesses.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3-alpha.rc2.sig and manifest-v0.3.3-alpha.rc2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3-alpha.rc2.sig manifest-v0.3.3-alpha.rc2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3-alpha.rc2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3-alpha.rc2.sig.ots -f manifest-roasbeef-v0.3.3-alpha.rc2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3-alpha.rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3-alpha.rc2 /verify-install.sh v0.3.3-alpha.rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3-alpha.rc2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3-alpha.rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

What's Changed

Full Changelog: v0.3.2...v0.3.3-alpha.rc2

Assets 13
Loading

v0.3.3-alpha.rc1

29 Jan 20:36
@github-actions github-actions
v0.3.3-alpha.rc1
f7c543d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.3-alpha.rc1 Pre-release
Pre-release

This is a minor release that includes a series of bug fixes and enchants. Most notably, the process of sending+receiving proof files when sending+receiving assets is now more robust.

Database Migrations

This contains a migration in the form of a new table to allow for reliable transmission of proof files when sending/receiving.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.3-alpha.rc1.sig and manifest-v0.3.3-alpha.rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.3-alpha.rc1.sig manifest-v0.3.3-alpha.rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.3-alpha.rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.3-alpha.rc1.sig.ots -f manifest-roasbeef-v0.3.3-alpha.rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.3-alpha.rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.3-alpha.rc1 /verify-install.sh v0.3.3-alpha.rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.3-alpha.rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.3-alpha.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.3-alpha.rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

What's Changed

Full Changelog: v0.3.2...v0.3.3-alpha.rc1

Assets 13
Loading

v0.3.2-alpha

06 Dec 10:17
@github-actions github-actions
v0.3.2
564795a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.2-alpha

Database Migrations

There is a database migration in this version, therefore downgrading to a previous version after installing v0.3.2-alpha is not supported.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2.sig and manifest-v0.3.2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2.sig manifest-v0.3.2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2.sig.ots -f manifest-roasbeef-v0.3.2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2 /verify-install.sh v0.3.2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

  • Add GitHub CD release build workflow by @ffranr in #661
  • Expose anchor point in AssetStats by @GeorgeTsagk in #667
  • build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.28.0 to 0.46.0 by @dependabot in #676
  • taprpc: change getinfo REST endpoint from POST to GET by @ffranr in #669
  • chain_bridge: fetch block headers over blocks when verifying proofs by @jharveyb in #660
  • universe: fix log entry when sync fails by @Roasbeef in #682
  • Check for existing asset in db before attempting to insert a new asset. by @ffranr in #687
  • split enableEmission into newGroupedAsset and groupedAsset by @jharveyb in #681
  • build: bump version to v0.3.2-alpha.rc1 by @Roasbeef in #688
  • chore: fix typos by @xiaolou86 in #686
  • build: fix github actions to ensure release artefacts are uploaded by @Roasbeef in #695
  • rpc+rpcserver: fix batch state typo by @GeorgeTsagk in #692
  • Drop and re-create genesis_info_view by @GeorgeTsagk in #689
  • Custodian emits a new asset-receive-complete event to notification subscribers by @ffranr in #659
  • build: bump Go version to Go 1.21.4 by @Roasbeef in #696
  • build: bump version to v0.3.2-alpha.rc2 by @ffranr in #702
  • taprpc: add missing cli autogen docs by @jharveyb in #703
  • workflows: fix release name by @ffranr in #708
  • build: bump version to v0.3.2-alpha by @Roasbeef in #718

New Contributors

Full Changelog: v0.3.1...v0.3.2

Contributors

Roasbeef, ffranr, and 4 other contributors
Assets 16
Loading

v0.3.2-rc2

30 Nov 17:08
@github-actions github-actions
v0.3.2-rc2
This tag was signed with the committer’s verified signature.
guggero Oliver Gugger
GPG key ID: 8E4256593F177720
Verified
Learn about vigilant mode.
5318848
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.2-rc2 Pre-release
Pre-release

Database Migrations

There is a database migration in this version, therefore downgrading to a previous version after installing v0.3.2-alpha.rc2 is not supported.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2-rc2.sig and manifest-v0.3.2-rc2.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2-rc2.sig manifest-v0.3.2-rc2.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2-rc2.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2-rc2.sig.ots -f manifest-roasbeef-v0.3.2-rc2.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.4, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2-rc2
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2-rc2 /verify-install.sh v0.3.2-rc2
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2-rc2.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2-rc2.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-rc2" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-rc2" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes (auto generated)

What's Changed

  • Add GitHub CD release build workflow by @ffranr in #661
  • Expose anchor point in AssetStats by @GeorgeTsagk in #667
  • build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.28.0 to 0.46.0 by @dependabot in #676
  • taprpc: change getinfo REST endpoint from POST to GET by @ffranr in #669
  • chain_bridge: fetch block headers over blocks when verifying proofs by @jharveyb in #660
  • universe: fix log entry when sync fails by @Roasbeef in #682
  • Check for existing asset in db before attempting to insert a new asset. by @ffranr in #687
  • split enableEmission into newGroupedAsset and groupedAsset by @jharveyb in #681
  • build: bump version to v0.3.2-alpha.rc1 by @Roasbeef in #688
  • chore: fix typos by @xiaolou86 in #686
  • build: fix github actions to ensure release artefacts are uploaded by @Roasbeef in #695
  • rpc+rpcserver: fix batch state typo by @GeorgeTsagk in #692
  • Drop and re-create genesis_info_view by @GeorgeTsagk in #689
  • Custodian emits a new asset-receive-complete event to notification subscribers by @ffranr in #659
  • build: bump Go version to Go 1.21.4 by @Roasbeef in #696
  • build: bump version to v0.3.2-alpha.rc2 by @ffranr in #702
  • taprpc: add missing cli autogen docs by @jharveyb in #703

New Contributors

Full Changelog: v0.3.1...v0.3.2-rc2

Contributors

Roasbeef, ffranr, and 4 other contributors
Assets 16
Loading

v0.3.2-beta.rc1

22 Nov 01:11
@github-actions github-actions
v0.3.2-beta.rc1
61eeefb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.2-beta.rc1 Pre-release
Pre-release

This release includes a number of bug fixes to: balance computation, sending+receiving, and the way grouped assets are created.

Database Migrations

A non-materialized view has been modified, but otherwise, there are no database migrations in this release.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2-beta.rc1.sig and manifest-v0.3.2-beta.rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2-beta.rc1.sig manifest-v0.3.2-beta.rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2-beta.rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2-beta.rc1.sig.ots -f manifest-roasbeef-v0.3.2-beta.rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.0, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2-beta.rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2-beta.rc1 /verify-install.sh v0.3.2-beta.rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2-beta.rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2-beta.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, and instead, they're all enclosed in the local vendor directory.

Additionally, it's now possible to use the enclosed release.sh script to bundle a release for a specific system like so:

make release sys="linux-arm64 darwin-amd64"

⚡️⚡️⚡️ OK, now to the rest of the release notes! ⚡️⚡️⚡️

Release Notes

This release contains a number of bug fixes related to: sending and receiving, and also proof verification.

Database Migrations

This release contains a modification to an existing view, but otherwise the data on risk remains unchanged.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightninglabs/taproot-assets/main/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.3.2-beta.rc1.sig and manifest-v0.3.2-beta.rc1.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.3.2-beta.rc1.sig manifest-v0.3.2-beta.rc1.txt

You should see the following if the verification was successful:

gpg: Signature made Wed Sep 30 17:35:20 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

Verifying the Release Timestamp

From this new version onwards, in addition time-stamping the git tag with OpenTimestamps, we'll also now timestamp the manifest file along with its signature. Two new files are now included along with the rest of our release artifacts: manifest-roasbeef-v0.3.2-beta.rc1.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands:

ots verify manifest-roasbeef-v0.3.2-beta.rc1.sig.ots -f manifest-roasbeef-v0.3.2-beta.rc1.sig

Alternatively, the OpenTimestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally.

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Verifying the Release Binaries

Our release binaries are fully reproducible. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). See our reproducible builds guide for how this can be achieved.
The release binaries are compiled with go1.21.0, which is required by verifiers to arrive at the same ones.

The make release command can be used to ensure one rebuilds with all the same flags used for the release. If one wishes to build for only a single platform, then make release sys=<OS-ARCH> tag=<tag> can be used.

Finally, you can also verify the tag itself with the following command:

$ git verify-tag v0.3.2-beta.rc1
gpg: Signature made Tue Sep 15 18:55:00 2020 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

Verifying the Docker Images

To verify the tapd and tapcli binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):

$ docker run --rm --entrypoint="" lightninglabs/taproot-assets:v0.3.2-beta.rc1 /verify-install.sh v0.3.2-beta.rc1
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/taproot-assets [command-line options]

Building the Contained Release

Users are able to rebuild the target release themselves without having to fetch any of the dependencies. In order to do so, assuming
that vendor.tar.gz and tapd-source-v0.3.2-beta.rc1.tar.gz are in the current directory, follow these steps:

tar -xvzf vendor.tar.gz
tar -xvzf tapd-source-v0.3.2-beta.rc1.tar.gz
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapd
GO111MODULE=on go install -v -mod=vendor -ldflags "-X github.com/lightninglabs/taproot-assets/build.Commit=v0.3.2-beta.rc1" ./cmd/tapcli

The -mod=vendor flag tells the go build command that it doesn't need to fetch the dependencies, a...

Read more

Contributors

Roasbeef, ffranr, and 3 other contributors
Assets 2
Loading

v0.3.1-alpha

09 Nov 18:03
@Roasbeef Roasbeef
v0.3.1
fec4a40
Compare
Choose a tag to compare
v0.3.1-alpha

EDIT: Note that the binaries and archive files for this release were updated on 2023-11-20. The previous binaries and archive files were produced from commit cdd6707702788cccfe615be3b06fe34a96ce31c6. However, tag v0.3.1 is at commit fec4a4025db21d2e47994ad4bff29aa5d31d02e9. The new binaries and archive files have been produced from the correct staging environment (commit fec4a4).

What's Changed

Daemon Config Enhancements

Users can now configure postgres database config settings such as the total amount of active database connections on the command line:

  • tapd: allow configuring all connection params for Postgres by @guggero in #622

RPC Enhancements

The txid of the batch is now returned along with the MintingBatch for tapcli assets mint finalize

  • multi: add txid of batch when returning the MintingBatch by @Roasbeef in #603

Users can now specify a custom proof courier on the CLI. In addition, the gRPC max message size has been increased to ensure all data can properly be fetched with teh current set of RPC calls:

  • multi: add proof courier addr to CLI, fix gRPC max message size, fix linter by @guggero in #609

All Universe related RPC calls now have proper pagination support:

The number of assets has been removed from the main Info call to ensure the server dedup logic always succeeds:

  • rpc: remove num assets from universe Info call by @Roasbeef in #647

The asset type has been moved into the asset_genesis struct:

A redundant field has been removed from the anchor info RPC:

Universe Sync Improvements

The default Universe sync algorithm has moved to an "on demand" approach. Before this release, clients would connect to a Universe an attempt to sync all assets ever created. This was very wasteful, as most of the time a new client likely only cares about a handful of assets. With this new model, by default no assets are synced until either: a user creates a new address with an unknown asset ID (JIT Universe Sync), or a user manually adds a specific asset config and syncs an asset via the assets universe sync call

  • universe: stop syncer from syncing all known universes by default by @ffranr in #631
  • address: optimistic asset sync by @jharveyb in #633

A series of new caches have been added to all Universe related RPC calls, to greatly improve the performance of the server under concurrent load:

  • multi: add new caches for universe proofs, roots, keys, and config by @Roasbeef in #626

The call to fetch all the universe roots has been optimized by making some of the more expensive joins (that return additional information) optional:

  • universe: make additional details optional to speed up query by @guggero in #612

Less Debug Logging

The Universe sync process generally has less debug logging, which should make it easier to keep up with log activity:

  • universe: use debug logging when no sync needed by @Roasbeef in #604

Bug Fixes

A bug has been fixed where the daemon would fail to retry fetching a proof to complete a receive/send:

  • Add backoff procedure to universe RPC proof courier by @ffranr in #617
  • Add backoff procedure to the proof courier receive procedure by @ffranr in #637
  • Ensure receiver node backoff retries finally succeed in asset send via universe proof courier by @ffranr in #644

A bug has been fixed that would cause the asset stats to factor in transfers, instead of issuance (the default intention):

  • universe stats: only select issuance roots for asset related stats by @guggero in #628

Misc

  • github: use the same issue templates as those found in LND repository by @ffranr in #614
  • Rename universe functionality to accomodate transfer proofs. by @ffranr in #610
  • mod: bump grpc and net libraries by @guggero in #630
  • multi: rename RPC AssetLeaf proof field to account for transfer proofs by @ffranr in #640
  • tapdb: ensure universe asset stats ticker is stopped before refresh by @Roasbeef in #658

New Contributors

Full Changelog: v0.3.0...v0.3.1

Contributors

Roasbeef, guggero, and 3 other contributors
Assets 13
Loading