diff --git a/docs/INSTALL.md b/docs/INSTALL.md index bbe9b61a..c99af043 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -306,10 +306,12 @@ Github](https://github.com/lightningnetwork/lnd/issues/20). Running `lnd` for the first time will by default generate the `admin.macaroon`, `read_only.macaroon`, and `macaroons.db` files that are used to authenticate -into `lnd`. They will be stored in the default `lnd` data directory. Note that -if you specified an alternative data directory (via the `--datadir` argument), -you will have to additionally pass the updated location of the `admin.macaroon` -file into `lncli` using the `--macaroonpath` argument. +into `lnd`. They will be stored in the network directory (default: +`lnddir/data/chain/bitcoin/mainnet`) so that it's possible to use a distinct +password for mainnet, testnet, simnet, etc. Note that if you specified an +alternative data directory (via the `--datadir` argument), you will have to +additionally pass the updated location of the `admin.macaroon` file into `lncli` +using the `--macaroonpath` argument. To disable macaroons for testing, pass the `--no-macaroons` flag into *both* `lnd` and `lncli`. diff --git a/docs/grpc/java.md b/docs/grpc/java.md index fbaf09fe..83ab7025 100644 --- a/docs/grpc/java.md +++ b/docs/grpc/java.md @@ -158,7 +158,7 @@ public class Main { } private static final String CERT_PATH = "/Users/user/Library/Application Support/Lnd/tls.cert"; - private static final String MACAROON_PATH = "/Users/user/Library/Application Support/Lnd/admin.macaroon"; + private static final String MACAROON_PATH = "/Users/user/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon"; private static final String HOST = "localhost"; private static final int PORT = 10009; diff --git a/docs/grpc/javascript.md b/docs/grpc/javascript.md index 6a37d8dd..9df9323b 100644 --- a/docs/grpc/javascript.md +++ b/docs/grpc/javascript.md @@ -174,9 +174,9 @@ var grpc = require('grpc'); process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA' -// Lnd admin macaroon is at ~/.lnd/admin.macaroon on Linux and -// ~/Library/Application Support/Lnd/admin.macaroon on Mac -var m = fs.readFileSync('~/.lnd/admin.macaroon'); +// Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and +// ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac +var m = fs.readFileSync('~/.lnd/data/chain/bitcoin/simnet/admin.macaroon'); var macaroon = m.toString('hex'); var meta = new grpc.Metadata().add('macaroon', macaroon); @@ -195,9 +195,9 @@ var grpc = require('grpc'); process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA' -// Lnd admin macaroon is at ~/.lnd/admin.macaroon on Linux and -// ~/Library/Application Support/Lnd/admin.macaroon on Mac -var m = fs.readFileSync('~/.lnd/admin.macaroon'); +// Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and +// ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac +var m = fs.readFileSync('~/.lnd/data/chain/bitcoin/simnet/admin.macaroon'); var macaroon = m.toString('hex'); // build meta data credentials diff --git a/docs/grpc/python.md b/docs/grpc/python.md index 593d7645..14d87701 100644 --- a/docs/grpc/python.md +++ b/docs/grpc/python.md @@ -140,9 +140,9 @@ To authenticate using macaroons you need to include the macaroon in the metadata ```python import codecs -# Lnd admin macaroon is at ~/.lnd/admin.macaroon on Linux and -# ~/Library/Application Support/Lnd/admin.macaroon on Mac -with open(os.path.expanduser('~/.lnd/admin.macaroon'), 'rb') as f: +# Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and +# ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac +with open(os.path.expanduser('~/.lnd/data/chain/bitcoin/simnet/admin.macaroon'), 'rb') as f: macaroon_bytes = f.read() macaroon = codecs.encode(macaroon_bytes, 'hex') ``` diff --git a/docs/grpc/ruby.md b/docs/grpc/ruby.md index 5c3db5fe..5fcd8f56 100644 --- a/docs/grpc/ruby.md +++ b/docs/grpc/ruby.md @@ -119,9 +119,9 @@ You should now see the details of the settled invoice appear. To authenticate using macaroons you need to include the macaroon in the metadata of the request. ```ruby -# Lnd admin macaroon is at ~/.lnd/admin.macaroon on Linux and -# ~/Library/Application Support/Lnd/admin.macaroon on Mac -macaroon_binary = File.read(File.expand_path("~/.lnd/admin.macaroon")) +# Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and +# ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac +macaroon_binary = File.read(File.expand_path("~/.lnd/data/chain/bitcoin/simnet/admin.macaroon")) macaroon = macaroon_binary.each_byte.map { |b| b.to_s(16).rjust(2,'0') }.join ``` @@ -154,7 +154,7 @@ And then we would include it when we create our stub like so. ```ruby certificate = File.read(File.expand_path("~/.lnd/tls.cert")) credentials = GRPC::Core::ChannelCredentials.new(certificate) -macaroon_binary = File.read(File.expand_path("~/.lnd/admin.macaroon")) +macaroon_binary = File.read(File.expand_path("~/.lnd/data/chain/bitcoin/simnet/admin.macaroon")) macaroon = macaroon_binary.each_byte.map { |b| b.to_s(16).rjust(2,'0') }.join stub = Lnrpc::Lightning::Stub.new( diff --git a/docs/macaroons.md b/docs/macaroons.md index 8b83b81b..7386f7d5 100644 --- a/docs/macaroons.md +++ b/docs/macaroons.md @@ -86,11 +86,12 @@ it won't be checked for validity. Since `lnd` requires macaroons by default in order to call RPC methods, `lncli` now reads a macaroon and provides it in the RPC call. Unless the path is changed by the `--macaroonpath` option, `lncli` tries to read the macaroon from -`~/.lnd/admin.macaroon` by default and will error if that file doesn't exist -unless provided the `--no-macaroons` option. Keep this in mind when running -`lnd` with `--no-macaroons`, as `lncli` will error out unless called the same -way **or** `lnd` has generated a macaroon on a previous run without this -option. +the network directory of `lnd`'s currently active network (e.g. for simnet +`lnddir/data/chain/bitcoin/simnet/admin.macaroon`) by default and will error if +that file doesn't exist unless provided the `--no-macaroons` option. Keep this +in mind when running `lnd` with `--no-macaroons`, as `lncli` will error out +unless called the same way **or** `lnd` has generated a macaroon on a previous +run without this option. `lncli` also adds a caveat which makes it valid for only 60 seconds by default to help prevent replay in case the macaroon is somehow intercepted in @@ -114,7 +115,7 @@ Where `` is the hex encoded binary data from the macaroon file itself. A very simple example using `curl` may look something like this: - curl --insecure --header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 $HOME/.lnd/admin.macaroon)" https://localhost:8080/v1/getinfo + curl --insecure --header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 $HOME/.lnd/data/chain/bitcoin/simnet/admin.macaroon)" https://localhost:8080/v1/getinfo Have a look at the [Java GRPC example](/docs/grpc/java.md) for programmatic usage details. diff --git a/sample-lnd.conf b/sample-lnd.conf index c1611b32..c082a545 100644 --- a/sample-lnd.conf +++ b/sample-lnd.conf @@ -39,15 +39,23 @@ ; Path to write the admin macaroon for lnd's RPC and REST services if it ; doesn't exist. This can be set if one wishes to store the admin macaroon in a -; distinct location. By default, it is stored within lnd's main home directory. -; Applications that are able to read this file, gains admin macaroon access -; adminmacaroonpath=~/.lnd/admin.macaroon +; distinct location. By default, it is stored within lnd's network directory. +; Applications that are able to read this file, gain admin macaroon access. +; adminmacaroonpath=~/.lnd/data/chain/bitcoin/simnet/admin.macaroon ; Path to write the read-only macaroon for lnd's RPC and REST services if it ; doesn't exist. This can be set if one wishes to store the read-only macaroon ; in a distinct location. The read only macaroon allows users which can read -; the file to access RPCs which don't modify the state of the daemon. -; readonlymacaroonpath=~/.lnd/readonly.macaroon +; the file to access RPCs which don't modify the state of the daemon. By +; default, it is stored within lnd's network directory. +; readonlymacaroonpath=~/.lnd/data/chain/bitcoin/simnet/readonly.macaroon + +; Path to write the invoice macaroon for lnd's RPC and REST services if it +; doesn't exist. This can be set if one wishes to store the invoice macaroon in +; a distinct location. By default, it is stored within lnd's network directory. +; The invoice macaroon allows users which can read the file to gain read and +; write access to all invoice related RPCs. +; invoicemacaroonpath=~/.lnd/data/chain/bitcoin/simnet/invoice.macaroon ; Specify the interfaces to listen on for p2p connections. One listen