Merge pull request #1843 from cfromknecht/change-noencryptwallet
Start deprecating noencryptwallet
This commit is contained in:
commit
c5ece1e509
@ -1333,7 +1333,7 @@ var unlockCommand = cli.Command{
|
||||
The unlock command is used to decrypt lnd's wallet state in order to
|
||||
start up. This command MUST be run after booting up lnd before it's
|
||||
able to carry out its duties. An exception is if a user is running with
|
||||
--noencryptwallet, then a default passphrase will be used.
|
||||
--noseedbackup, then a default passphrase will be used.
|
||||
`,
|
||||
Flags: []cli.Flag{
|
||||
cli.IntFlag{
|
||||
@ -1401,8 +1401,8 @@ var changePasswordCommand = cli.Command{
|
||||
is successful.
|
||||
|
||||
If one did not specify a password for their wallet (running lnd with
|
||||
--noencryptwallet), one must restart their daemon without
|
||||
--noencryptwallet and use this command. The "current password" field
|
||||
--noseedbackup), one must restart their daemon without
|
||||
--noseedbackup and use this command. The "current password" field
|
||||
should be left empty.
|
||||
`,
|
||||
Action: actionDecorator(changePassword),
|
||||
|
@ -46,7 +46,7 @@ const (
|
||||
defaultPeerPort = 9735
|
||||
defaultRPCHost = "localhost"
|
||||
defaultMaxPendingChannels = 1
|
||||
defaultNoEncryptWallet = false
|
||||
defaultNoSeedBackup = false
|
||||
defaultTrickleDelay = 30 * 1000
|
||||
defaultInactiveChanTimeout = 20 * time.Minute
|
||||
defaultMaxLogFiles = 3
|
||||
@ -223,7 +223,7 @@ type config struct {
|
||||
|
||||
NoNetBootstrap bool `long:"nobootstrap" description:"If true, then automatic network bootstrapping will not be attempted."`
|
||||
|
||||
NoEncryptWallet bool `long:"noencryptwallet" description:"If set, wallet will be encrypted using the default passphrase."`
|
||||
NoSeedBackup bool `long:"noseedbackup" description:"If true, NO SEED WILL BE EXPOSED AND THE WALLET WILL BE ENCRYPTED USING THE DEFAULT PASSPHRASE -- EVER. THIS FLAG IS ONLY FOR TESTING AND IS BEING DEPRECATED."`
|
||||
|
||||
TrickleDelay int `long:"trickledelay" description:"Time in milliseconds between each release of announcements to the network"`
|
||||
InactiveChanTimeout time.Duration `long:"inactivechantimeout" description:"If a channel has been inactive for the set time, send a ChannelUpdate disabling it."`
|
||||
@ -291,7 +291,7 @@ func loadConfig() (*config, error) {
|
||||
RPCHost: defaultRPCHost,
|
||||
},
|
||||
MaxPendingChannels: defaultMaxPendingChannels,
|
||||
NoEncryptWallet: defaultNoEncryptWallet,
|
||||
NoSeedBackup: defaultNoSeedBackup,
|
||||
Autopilot: &autoPilotConfig{
|
||||
MaxChannels: 5,
|
||||
Allocation: 0.6,
|
||||
|
@ -50,7 +50,7 @@ if [[ "$CHAIN" == "litecoin" ]]; then
|
||||
fi
|
||||
|
||||
exec lnd \
|
||||
--noencryptwallet \
|
||||
--noseedbackup \
|
||||
--logdir="/data" \
|
||||
"--$CHAIN.active" \
|
||||
"--$CHAIN.$NETWORK" \
|
||||
|
@ -291,12 +291,6 @@ lnd --bitcoin.active --bitcoin.testnet --debuglevel=debug --bitcoin.node=bitcoin
|
||||
`lnd` plus any application that consumes the RPC could cause `lnd` to miss
|
||||
crucial updates from the backend.
|
||||
|
||||
#### Disabling Wallet Encryption
|
||||
|
||||
To disable encryption of the wallet files, pass the `--noencryptwallet` argument
|
||||
to `lnd`. Obviously beware the security implications of running an unencrypted
|
||||
wallet - this argument must only be used for testing purposes.
|
||||
|
||||
#### Macaroons
|
||||
|
||||
`lnd`'s authentication system is called **macaroons**, which are decentralized
|
||||
|
4
lnd.go
4
lnd.go
@ -210,9 +210,9 @@ func lndMain() error {
|
||||
)
|
||||
|
||||
// We wait until the user provides a password over RPC. In case lnd is
|
||||
// started with the --noencryptwallet flag, we use the default password
|
||||
// started with the --noseedbackup flag, we use the default password
|
||||
// for wallet encryption.
|
||||
if !cfg.NoEncryptWallet {
|
||||
if !cfg.NoSeedBackup {
|
||||
walletInitParams, err := waitForWalletPassword(
|
||||
cfg.RPCListeners, cfg.RESTListeners, serverOpts,
|
||||
proxyOpts, tlsConf,
|
||||
|
@ -169,7 +169,7 @@ func (cfg nodeConfig) genArgs() []string {
|
||||
args = append(args, fmt.Sprintf("--trickledelay=%v", trickleDelay))
|
||||
|
||||
if !cfg.HasSeed {
|
||||
args = append(args, "--noencryptwallet")
|
||||
args = append(args, "--noseedbackup")
|
||||
}
|
||||
|
||||
if cfg.ExtraArgs != nil {
|
||||
|
@ -26,7 +26,7 @@ In this DB the following two key/value pairs are stored:
|
||||
* The root key is symmetrically encrypted with the derived secret key, using
|
||||
the `secretbox` method of the library
|
||||
[btcsuite/golangcrypto](https://github.com/btcsuite/golangcrypto).
|
||||
* If the option `--noencryptwallet` is used, then the default passphrase
|
||||
* If the option `--noseedbackup` is used, then the default passphrase
|
||||
`hello` is used to encrypt the root key.
|
||||
|
||||
## Generated macaroons
|
||||
|
@ -133,11 +133,6 @@
|
||||
; network.
|
||||
; nobootstrap=1
|
||||
|
||||
; If set, your wallet will be encrypted with the default passphrase. This isn't
|
||||
; recommend, as if an attacker gains access to your wallet file, they'll be able
|
||||
; to decrypt it. This value is ONLY to be used in testing environments.
|
||||
; noencryptwallet=1
|
||||
|
||||
; The alias your node will use, which can be up to 32 UTF-8 characters in
|
||||
; length.
|
||||
; alias=My Lightning ☇
|
||||
|
@ -309,7 +309,7 @@ func (u *UnlockerService) ChangePassword(ctx context.Context,
|
||||
privatePw := in.CurrentPassword
|
||||
|
||||
// If the current password is blank, we'll assume the user is coming
|
||||
// from a --noencryptwallet state, so we'll use the default passwords.
|
||||
// from a --noseedbackup state, so we'll use the default passwords.
|
||||
if len(in.CurrentPassword) == 0 {
|
||||
publicPw = lnwallet.DefaultPublicPassphrase
|
||||
privatePw = lnwallet.DefaultPrivatePassphrase
|
||||
|
Loading…
Reference in New Issue
Block a user