akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1843 from cfromknecht/change-noencryptwallet

Browse Source 
Start deprecating noencryptwallet
This commit is contained in:
Olaoluwa Osuntokun 2018-09-12 21:07:23 -07:00 committed by GitHub
commit c5ece1e509
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 12 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/lncli/commands.go
View File

@ -1333,7 +1333,7 @@ var unlockCommand = cli.Command{
The unlock command is used to decrypt lnd's wallet state in order to The unlock command is used to decrypt lnd's wallet state in order to
start up. This command MUST be run after booting up lnd before it's start up. This command MUST be run after booting up lnd before it's
able to carry out its duties. An exception is if a user is running with able to carry out its duties. An exception is if a user is running with
--noencryptwallet, then a default passphrase will be used. --noseedbackup, then a default passphrase will be used.
`, `,
Flags: []cli.Flag{ Flags: []cli.Flag{
cli.IntFlag{ cli.IntFlag{
@ -1401,8 +1401,8 @@ var changePasswordCommand = cli.Command{
is successful. is successful.
If one did not specify a password for their wallet (running lnd with If one did not specify a password for their wallet (running lnd with
--noencryptwallet), one must restart their daemon without --noseedbackup), one must restart their daemon without
--noencryptwallet and use this command. The "current password" field --noseedbackup and use this command. The "current password" field
should be left empty. should be left empty.
`, `,
Action: actionDecorator(changePassword), Action: actionDecorator(changePassword),

6
config.go
View File

@ -46,7 +46,7 @@ const (
defaultPeerPort = 9735 defaultPeerPort = 9735
defaultRPCHost = "localhost" defaultRPCHost = "localhost"
defaultMaxPendingChannels = 1 defaultMaxPendingChannels = 1
defaultNoEncryptWallet = false defaultNoSeedBackup = false
defaultTrickleDelay = 30 * 1000 defaultTrickleDelay = 30 * 1000
defaultInactiveChanTimeout = 20 * time.Minute defaultInactiveChanTimeout = 20 * time.Minute
defaultMaxLogFiles = 3 defaultMaxLogFiles = 3
@ -223,7 +223,7 @@ type config struct {
NoNetBootstrap bool `long:"nobootstrap" description:"If true, then automatic network bootstrapping will not be attempted."` NoNetBootstrap bool `long:"nobootstrap" description:"If true, then automatic network bootstrapping will not be attempted."`
NoEncryptWallet bool `long:"noencryptwallet" description:"If set, wallet will be encrypted using the default passphrase."` NoSeedBackup bool `long:"noseedbackup" description:"If true, NO SEED WILL BE EXPOSED AND THE WALLET WILL BE ENCRYPTED USING THE DEFAULT PASSPHRASE -- EVER. THIS FLAG IS ONLY FOR TESTING AND IS BEING DEPRECATED."`
TrickleDelay int `long:"trickledelay" description:"Time in milliseconds between each release of announcements to the network"` TrickleDelay int `long:"trickledelay" description:"Time in milliseconds between each release of announcements to the network"`
InactiveChanTimeout time.Duration `long:"inactivechantimeout" description:"If a channel has been inactive for the set time, send a ChannelUpdate disabling it."` InactiveChanTimeout time.Duration `long:"inactivechantimeout" description:"If a channel has been inactive for the set time, send a ChannelUpdate disabling it."`
@ -291,7 +291,7 @@ func loadConfig() (*config, error) {
RPCHost: defaultRPCHost, RPCHost: defaultRPCHost,
}, },
MaxPendingChannels: defaultMaxPendingChannels, MaxPendingChannels: defaultMaxPendingChannels,
NoEncryptWallet: defaultNoEncryptWallet, NoSeedBackup: defaultNoSeedBackup,
Autopilot: &autoPilotConfig{ Autopilot: &autoPilotConfig{
MaxChannels: 5, MaxChannels: 5,
Allocation: 0.6, Allocation: 0.6,

2
docker/lnd/start-lnd.sh
View File

@ -50,7 +50,7 @@ if [[ "$CHAIN" == "litecoin" ]]; then
fi fi
exec lnd \ exec lnd \
--noencryptwallet \ --noseedbackup \
--logdir="/data" \ --logdir="/data" \
"--$CHAIN.active" \ "--$CHAIN.active" \
"--$CHAIN.$NETWORK" \ "--$CHAIN.$NETWORK" \

6
docs/INSTALL.md
View File

@ -291,12 +291,6 @@ lnd --bitcoin.active --bitcoin.testnet --debuglevel=debug --bitcoin.node=bitcoin
`lnd` plus any application that consumes the RPC could cause `lnd` to miss `lnd` plus any application that consumes the RPC could cause `lnd` to miss
crucial updates from the backend. crucial updates from the backend.
#### Disabling Wallet Encryption
To disable encryption of the wallet files, pass the `--noencryptwallet` argument
to `lnd`. Obviously beware the security implications of running an unencrypted
wallet - this argument must only be used for testing purposes.
#### Macaroons #### Macaroons
`lnd`'s authentication system is called **macaroons**, which are decentralized `lnd`'s authentication system is called **macaroons**, which are decentralized

4
lnd.go
View File

@ -210,9 +210,9 @@ func lndMain() error {
) )
// We wait until the user provides a password over RPC. In case lnd is // We wait until the user provides a password over RPC. In case lnd is
// started with the --noencryptwallet flag, we use the default password // started with the --noseedbackup flag, we use the default password
// for wallet encryption. // for wallet encryption.
if !cfg.NoEncryptWallet { if !cfg.NoSeedBackup {
walletInitParams, err := waitForWalletPassword( walletInitParams, err := waitForWalletPassword(
cfg.RPCListeners, cfg.RESTListeners, serverOpts, cfg.RPCListeners, cfg.RESTListeners, serverOpts,
proxyOpts, tlsConf, proxyOpts, tlsConf,

2
lntest/node.go
View File

@ -169,7 +169,7 @@ func (cfg nodeConfig) genArgs() []string {
args = append(args, fmt.Sprintf("--trickledelay=%v", trickleDelay)) args = append(args, fmt.Sprintf("--trickledelay=%v", trickleDelay))
if !cfg.HasSeed { if !cfg.HasSeed {
args = append(args, "--noencryptwallet") args = append(args, "--noseedbackup")
} }
if cfg.ExtraArgs != nil { if cfg.ExtraArgs != nil {

2
macaroons/README.md
View File

@ -26,7 +26,7 @@ In this DB the following two key/value pairs are stored:
* The root key is symmetrically encrypted with the derived secret key, using * The root key is symmetrically encrypted with the derived secret key, using
the `secretbox` method of the library the `secretbox` method of the library
[btcsuite/golangcrypto](https://github.com/btcsuite/golangcrypto). [btcsuite/golangcrypto](https://github.com/btcsuite/golangcrypto).
* If the option `--noencryptwallet` is used, then the default passphrase * If the option `--noseedbackup` is used, then the default passphrase
`hello` is used to encrypt the root key. `hello` is used to encrypt the root key.
## Generated macaroons ## Generated macaroons

5
sample-lnd.conf
View File

@ -133,11 +133,6 @@
; network. ; network.
; nobootstrap=1 ; nobootstrap=1
; If set, your wallet will be encrypted with the default passphrase. This isn't
; recommend, as if an attacker gains access to your wallet file, they'll be able
; to decrypt it. This value is ONLY to be used in testing environments.
; noencryptwallet=1
; The alias your node will use, which can be up to 32 UTF-8 characters in ; The alias your node will use, which can be up to 32 UTF-8 characters in
; length. ; length.
; alias=My Lightning ☇ ; alias=My Lightning ☇

2
walletunlocker/service.go
View File

@ -309,7 +309,7 @@ func (u *UnlockerService) ChangePassword(ctx context.Context,
privatePw := in.CurrentPassword privatePw := in.CurrentPassword
// If the current password is blank, we'll assume the user is coming // If the current password is blank, we'll assume the user is coming
// from a --noencryptwallet state, so we'll use the default passwords. // from a --noseedbackup state, so we'll use the default passwords.
if len(in.CurrentPassword) == 0 { if len(in.CurrentPassword) == 0 {
publicPw = lnwallet.DefaultPublicPassphrase publicPw = lnwallet.DefaultPublicPassphrase
privatePw = lnwallet.DefaultPrivatePassphrase privatePw = lnwallet.DefaultPrivatePassphrase