podman compatibility

docs: first chain sync

See merge request lightning-signer/vls-container!32

.dockerignore

@@ -1,11 +1,9 @@
-**/.dockerignore
-**/.env
-**/.git
-**/.gitignore
+.git
+.gitignore
 **/docker-compose*
 **/Dockerfile*
-**/*.Dockerfile
+.dockerignore
 LICENSE
 README.md
-scripts/
+scripts
 .gitlab-ci.yml

.env

@@ -0,0 +1,21 @@
+# bitcoin version 26.0
+BITCOIN_VERSION=26.0
+BITCOIN_SHA256SUMS_HASH=63487c308a6655f939efd700bfca8e0285fa2f869283aaa7192bdd4b8799a747
+# core lightning version v24.05
+CORE_LIGHTNING_REPO=https://github.com/ElementsProject/lightning.git
+CORE_LIGHTNING_GIT_HASH=11586abf79cad33727c03dfa810ae8bcdd3762bf
+# clboss version v0.14.0-rc1
+CLBOSS_REPO=https://github.com/vincenzopalazzo/clboss
+CLBOSS_GIT_HASH=37d493cdf8360c83621d20ac54543b045ae0ef21
+# cln plugins (2024-07-27)
+CLN_PLUGINS_REPO=https://github.com/lightningd/plugins.git
+CLN_PLUGINS_GIT_HASH=5e449468bd57db7d0f33178fe0dc867e0da94133
+# txoo version 0.8.1
+TXOO_REPO=https://gitlab.com/lightning-signer/txoo.git
+TXOO_GIT_HASH=d2f698c1434a91d5d53be4fd96ff01d3c5dfa22a
+# vls version v0.12.0
+VLS_REPO=https://gitlab.com/lightning-signer/validating-lightning-signer.git
+VLS_GIT_HASH=c17067773b0bc57b27a6a0c7127c48867563e280
+# lss version v0.1.0
+LSS_REPO=https://gitlab.com/lightning-signer/validating-lightning-signer.git
+LSS_GIT_HASH=d2590ba34a388a016bb91307864e993fb3cc3d84

.gitignore

@@ -1 +0,0 @@
-.env

.gitlab-ci.yml

@@ -3,13 +3,13 @@ stages:
   - test
 
 default:
-  image: docker:24.0.7
+  image: docker:26.0.1
   services:
-    - docker:24.0.7-dind
+    - docker:26.0.1-dind
   before_script:
-  - docker version
-  - docker compose version
-  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - docker version
+    - docker compose version
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
 
 variables:
   VLS_CONTAINER_REGISTRY: $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME
@@ -18,40 +18,42 @@ variables:
   IMAGE_TAG: $CI_COMMIT_SHA
 
 build_bitcoin:
-  tags: [ saas-linux-large-amd64 ]
+  tags: [saas-linux-large-amd64]
   stage: build
   script:
     - ./scripts/build_image_cache.sh bitcoind
 build_core_lightning:
-  tags: [ saas-linux-large-amd64 ]
+  tags: [saas-linux-large-amd64]
   stage: build
   script:
     - ./scripts/build_image_cache.sh lightningd
 build_txoo:
-  tags: [ saas-linux-medium-amd64 ]
+  tags: [saas-linux-medium-amd64]
   stage: build
   script:
     - ./scripts/build_image_cache.sh txood
-build_vls:
+build_lss:
   tags: [ saas-linux-large-amd64 ]
   stage: build
+  script:
+    - ./scripts/build_image_cache.sh lss
+build_vls:
+  tags: [saas-linux-large-amd64]
+  stage: build
   script:
     - ./scripts/build_image_cache.sh vlsd
 compose:
-  tags: [ saas-linux-medium-amd64 ]
+  tags: [saas-linux-medium-amd64]
   stage: test
   variables:
     BUILDER: compose_builder
   before_script:
-    - docker volume create bitcoin_data
-    - docker volume create lightning_data
-    - docker volume create txoo_data
-    - docker volume create vls_data
     - docker buildx create --name=$BUILDER --use
   script:
-    - echo "IMAGE_TAG=${IMAGE_TAG}" > .env
+    - export IMAGE_TAG=${IMAGE_TAG}
     - ./scripts/build_from_cache.sh bitcoind
     - ./scripts/build_from_cache.sh lightningd
     - ./scripts/build_from_cache.sh txood
     - ./scripts/build_from_cache.sh vlsd
     - docker compose --profile vls -f docker-compose.yml -f docker-compose.regtest.yml up -d --wait --wait-timeout 120 --build
+    - docker exec vlsd-regtest vls-cli --rpc-user rpcuser --rpc-password VLSsigner2 info | grep -q 101

README.md

@@ -9,26 +9,7 @@ Docker Engine is available on a variety of Linux distros, macOS, and Windows 10
 - [Ubuntu](https://docs.docker.com/engine/install/ubuntu/)
 - [Fedora](https://docs.docker.com/engine/install/fedora/)
 
-### Distro Packages
-
-Debian/Ubuntu:
-```
-sudo apt install docker.io docker-doc docker-compose containerd runc
-sudo systemctl enable --now docker
-```
-
-Fedora/RHEL:
-```
-sudo dnf install docker docker-compose containerd runc
-sudo systemctl enable --now docker
-```
-
-### Docker v1/v2 Compatibility
-
-- Currently available `docker-compose` packages in different linux distributions (debian, ubuntu, fedora, etc) are not up to date, they are still at version `1` which has been deprecated by `docker` with release of version `2`.
-- `docker-compose` version `2` is available through official docker repositories not the distribution ones.
-- Docker Compose files in this repository work with version 2 and are also __backward compatible__ with version 1.
-- If you are using the distribution installation the `docker compose` command used below has to be changed to `docker-compose` instead.
+**Note**: The compose files present within this repository make use of docker compose v2 the minimum supported version is `v2.26.0`.
 
 ## VLS standalone Setup
 
@@ -65,18 +46,28 @@ Required command arguments:
 
 For information on all possible arguments to `vlsd` see [documentation](https://gitlab.com/lightning-signer/validating-lightning-signer/-/blob/main/vls-proxy/src/config.rs?ref_type=heads).
 
+### Build Arguments
+
+For building the container its required to provide following build arguments:
+- `VLS_REPO` url for git repo to use for building binaries.
+- `VLS_GIT_HASH` commit sha/tag/branch to use from git repo.
+- `TXOO_PUBLIC_KEY` public key for trusted TXOO.
+
 ### Running container
 
 There is a `docker-compose.yml` in the `vlsd` folder which can be used to run a standalone `vlsd` service with `network_mode` set to host.
 
 ```bash
 cd vlsd
+export VLS_REPO=$VLS_REPO
+export VLS_GIT_HASH=$VLS_GIT_HASH
+export TXOO_PUBLIC_KEY=$TXOO_PUBLIC_KEY
 docker compose up
 ```
 
-**_Note_**: Make sure to set `BITCOIND_RPC_URL` and `CLN_RMEOTE_HSMD_URL` as either environment variables or in the `docker-compose.yml` file before running the above command.
+**_Note_**: Make sure to set `BITCOIND_RPC_URL` and `CLN_REMOTE_HSMD_URL` as either environment variables or in the `docker-compose.yml` file before running the above command.
 
-If you wish to run it as a standalone container without using `docker-compose` you can use the following command:
+If you wish to run it as a standalone container without using `docker compose` you can use the following command:
 
 ```bash
 docker run \
@@ -84,6 +75,9 @@ docker run \
   --rm \
   --name vlsd \
   --network host \
+  --build_arg VLS_GIT_HASH=$VLS_GIT_HASH
+  --build_arg VLS_REPO=$VLS_REPO
+  --build_arg TXOO_PUBLIC_KEY=$TXOO_PUBLIC_KEY
   -e VLS_NETWORK=testnet \
   -e BITCOIND_RPC_URL=$BITCOIND_RPC_URL \
   --mount 'type=volume,src=vls_data,dst=/home/vls/.lightning-signer' \
@@ -136,22 +130,42 @@ __Note__: Even while using `testnet` running using the override is recommended a
 To run a single node without `vls` service we can use the same `docker-compose.yml` file in the main directory by just removing the `profile` flag `vls` from all commands.
 
 ```bash
-docker compose up --build
+docker compose -f docker-compose.yml -f $DOCKER_COMPOSE_OVERRIDE up --build
 ```
 
 Above command will run `bitcoind`, `lightningd` and `txood` services on a single node.
 
-### Additional Regtest Commands
+### First Time Chain Sync
 
-We have to run these commands after bitcoind is up and running.
-
-Create wallet and make it load automatically:
+It's quite possible that while syncing for the first time `bitcoind` would be unresponsive to rpc calls made by `core-lightning`, `vls`, etc. To remedy such scenario where other containers would fail to start we can instead start with just `bitcoind` and `txood`
 ```bash
-docker container exec bitcoind-regtest bitcoin-cli createwallet default
-docker container exec bitcoind-regtest bitcoin-cli unloadwallet default
-docker container exec bitcoind-regtest bitcoin-cli loadwallet default true
+docker compose --profile vls stop
+docker compose -f docker-compose.yml -f docker-compose.testnet.yml up bitcoin-core txoo -d
 ```
 
+Let the chain sync you can check its progress using `bitcoin-cli` or by checking status of docker container's health
+```bash
+docker container exec bitcoind-test bitcoin-cli getblockchaininfo
+docker ps
+```
+
+Also, given there is a dependency of `core-lightning` on `txoo` it is a good idea to wait sometime so that all attestations are available for it to retrieve and `txoo` is healthy. `txoo` container health can be checked using `docker`
+```bash
+docker ps
+```
+
+After the chain sync has completed we can stop the containers and restart the whole system again
+```bash
+docker compose --profile vls stop
+docker compose --profile vls -f docker-compose.yml -f docker-compose.testnet.yml up -d
+```
+
+## Interacting with Containers
+
+We can use the `docker container exec <CONTAINER_NAME> <COMMAND>` command to interact with containers and interact with setup using command line tools like `bitcoin-cli`, `lightning-cli`, `vls-cli`, etc.
+
+### Regtest Commands
+
 Generate Address for node:
 ```bash
 docker container exec bitcoind-regtest bitcoin-cli getnewaddress
@@ -182,6 +196,67 @@ docker container exec lightningd-test lightning-cli --testnet clboss-status | le
 docker container exec lightningd-test lightning-cli --testnet summary
 ```
 
+## Debugging Containers
+
+Checking running status and health of containers
+```bash
+docker ps
+```
+
+Getting logs from container
+```bash
+# CONTAINER_NAME=lightningd-test
+docker container logs $CONTAINER_NAME > $CONTAINER_NAME.log
+```
+
+Restarting containers
+```bash
+cd vls-container
+docker compose --profile vls stop
+# to start testnet
+docker compose --profile vls up
+```
+
+Generating Backtrace from CLN core dump
+```bash
+# attach to the lightningd container
+docker container exec -u root -it lightningd-test sh
+
+# install gdb
+apk add gdb
+gdb /usr/libexec/c-lightning/plugins/pay /home/lightning/.lightning/testnet/core
+
+# get backtrace
+bt
+```
+
+Delete containers
+```bash
+cd vls-container
+docker compose --profile vls down
+```
+
+**NOTE**: If you want to start fresh make sure to delete the created docker volumes as well.
+
+## Choosing Versions
+
+The currently set default versions for services is as follows in the [.env](.env) file:
+- **Bitcoin Core**: v26.0
+- **Core Lightning**: v24.02.2
+- **TXOO**: v0.8.1
+- **VLS**: v0.12.0
+
+You just can switch to a particular version/commit for a service by updating the git hash and then rebuilding the service:
+```bash
+cd vls-container
+# update bitcoin core version
+sed -i 's/23.0/23.2/g' .env
+# build images again
+docker compose --profile vls build
+```
+
+Note: For `bitcoind` its also important to update the `BITCOIN_SHA256SUMS_HASH`. It is the *SHA256 HASH* of `SHA256SUMS` file.
+
 ## Future Work
 
 - [x] standalone dockerfile for vlsd
@@ -193,7 +268,7 @@ docker container exec lightningd-test lightning-cli --testnet summary
 - [x] Profile configuration to run `vls`
 - [x] Healthcheck for `txoo`
 - [x] Healthcheck for `vls`
-- [ ] Lightning Storage Server Dockerfile and Compose Service
+- [x] Lightning Storage Server Dockerfile and Compose Service
 - [ ] Postgres Service for Lightning Storage Server
 
 ## References

bitcoind/Dockerfile

@@ -25,47 +25,44 @@ RUN mkdir $GNUPGHOME && set -ex \
     152812300785C96444D3334D17565732E08E5E41 \
     0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 \
     590B7292695AFFA5B672CBB2E13FC145CD3F4304 \
-    28F5900B1BB5D1A4B6B6D1A9ED357015286A333D \
-    637DB1E23370F84AFF88CCE03152347D07DA627C \
     CFB16E21C950F67FA95E558F2EEB9F5CC09526C1 \
     F4FC70F07310028424EFC20A8E4256593F177720 \
     D1DBF2C4B96F2DEBF4C16654410108112E7EA81F \
     287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 \
-    F9A8737BF4FF5C89C903DF31DD78544CF91B1514 \
     9DEAE0DC7063249FB05474681E4AED62986CD25D \
-    E463A93F5F3117EEDE6C7316BD02942421F4889F \
-    9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C \
-    4DAF18FE948E7A965B30F9457E296D555E7F63A7 \
+    3EB0DEE6004A13BE5A0CC758BF2978B068054311 \
+    ED9BDF7AD6A55E232E84524257FF9BDBCC301009 \
     28E72909F1717FE9607754F8A7BEB2621678D37D \
-    74E2DEF5D77260B98BC19438099BAD163C70FBFA \
   ; do \
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
     gpg --batch --keyserver keys.openpgp.org --recv-keys "$key" || \
+    gpg --batch --keyserver pgp.mit.edu --recv-keys "$key" || \
     gpg --batch --keyserver keyserver.pgp.com --recv-keys "$key" || \
     gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" || \
     gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" ; \
-  done && \
-  wget -O- https://raw.githubusercontent.com/Kvaciral/kvaciral/main/kvaciral.asc | gpg --import
-
+  done
+RUN gpg --keyserver hkps://keys.openpgp.org --refresh-keys
 RUN gpg -kv
 
-ARG BITCOIN_VERSION=23.0
-ARG BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION}
-ARG SHA256SUMS_HASH=aaff81ea001f499e8f6f3221387d7db960d71a3b7a4a2b1aaf2c8060bc94a391
+COPY verify.sh verify.sh
 
+ARG BITCOIN_VERSION
+ARG BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION}
+ARG BITCOIN_SHA256SUMS_HASH
+RUN echo "Building bitcoin core version $BITCOIN_VERSION"
 RUN wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS && \
     wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS.asc && \
     wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/bitcoin-${BITCOIN_VERSION}.tar.gz && \
-    gpg --batch --verify SHA256SUMS.asc SHA256SUMS && \
-    echo "${SHA256SUMS_HASH} SHA256SUMS" | sha256sum -c - && \
+    ./verify.sh && \
+    echo "${BITCOIN_SHA256SUMS_HASH} SHA256SUMS" | sha256sum -c - && \
     grep " bitcoin-${BITCOIN_VERSION}.tar.gz\$" SHA256SUMS | sha256sum -c - && \
     tar -xzf *.tar.gz
 
 WORKDIR /bitcoin-${BITCOIN_VERSION}
 
-RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' src/univalue/configure.ac && \
+RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' configure.ac && \
     sed -i '/AX_PROG_CC_FOR_BUILD/a\AR_FLAGS=cr' src/secp256k1/configure.ac && \
-    sed -i s:sys/fcntl.h:fcntl.h: src/compat.h && \
+    sed -i s:sys/fcntl.h:fcntl.h: src/compat/compat.h && \
     ./autogen.sh && \
     ./configure LDFLAGS=-L`ls -d /opt/db*`/lib/ CPPFLAGS=-I`ls -d /opt/db*`/include/ \
     --prefix=${BITCOIN_PREFIX} \
@@ -106,11 +103,13 @@ RUN apk --no-cache add \
   boost-thread \
   sqlite-dev \
   libevent \
-  libzmq
+  libzmq \
+  tini
+
+ARG BITCOIN_VERSION
+ARG BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION}
 
 ENV BITCOIN_DATA=/home/bitcoin/.bitcoin
-ARG BITCOIN_VERSION=23.0
-ARG BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION}
 
 COPY --from=bitcoin-core ${BITCOIN_PREFIX}/bin/bitcoin-cli /usr/bin/bitcoin-cli
 COPY --from=bitcoin-core ${BITCOIN_PREFIX}/bin/bitcoin-tx /usr/bin/bitcoin-tx
@@ -131,7 +130,7 @@ VOLUME ["${BITCOIN_DATA}"]
 
 USER bitcoin
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
 
 RUN bitcoind -version | grep "Bitcoin Core version v${BITCOIN_VERSION}"
 

bitcoind/verify.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# verify SHA256SUMS
+gpg --batch --verify SHA256SUMS.asc SHA256SUMS
+ret_val=$?
+
+# allow 2 as well in case of untrusted keys
+if [ $ret_val -eq 0 ] || [ $ret_val -eq 2 ]; then
+  exit 0
+else
+  exit $ret_val
+fi

docker-compose.regtest.yml

@@ -31,6 +31,8 @@ services:
 
   txoo:
     container_name: txood-regtest
+    command:
+      - --no-checkpoint
     volumes:
       - txoo_regtest:/root/.txoo/
       - bitcoin_regtest:/root/.bitcoin/
@@ -38,6 +40,15 @@ services:
       - BITCOIN_NETWORK=regtest
       - BITCOIND_RPC_URL=http://rpcuser:VLSsigner1@bitcoind:38332
 
+  txoo-server:
+    container_name: txoo-server-regtest
+    volumes:
+      - type: volume
+        source: txoo_regtest
+        target: /usr/share/nginx/html
+        volume:
+          subpath: regtest/public
+
   vls:
     container_name: vlsd-regtest
     volumes:
@@ -46,8 +57,14 @@ services:
       - VLS_NETWORK=regtest
       - BITCOIND_RPC_URL=http://rpcuser:VLSsigner1@bitcoind:38332
 
+  lss:
+    container_name: lss-regtest
+    volumes:
+      - lss_regtest:/home/lss/.lss
+
 volumes:
   bitcoin_regtest:
   lightning_regtest:
   txoo_regtest:
   vls_regtest:
+  lss_regtest:

docker-compose.yml

@@ -3,6 +3,9 @@ services:
   bitcoin-core:
     build:
       context: ./bitcoind
+      args:
+        - BITCOIN_VERSION=$BITCOIN_VERSION
+        - BITCOIN_SHA256SUMS_HASH=$BITCOIN_SHA256SUMS_HASH
     image: bitcoind:${IMAGE_TAG:-latest}
     container_name: bitcoind-test
     volumes:
@@ -19,6 +22,15 @@ services:
   core-lightning:
     build:
       context: ./lightningd
+      args:
+        - CORE_LIGHTNING_REPO=$CORE_LIGHTNING_REPO
+        - CORE_LIGHTNING_GIT_HASH=$CORE_LIGHTNING_GIT_HASH
+        - CLBOSS_REPO=$CLBOSS_REPO
+        - CLBOSS_GIT_HASH=$CLBOSS_GIT_HASH
+        - CLN_PLUGINS_REPO=$CLN_PLUGINS_REPO
+        - CLN_PLUGINS_GIT_HASH=$CLN_PLUGINS_GIT_HASH
+        - VLS_REPO=$VLS_REPO
+        - VLS_GIT_HASH=$VLS_GIT_HASH
     image: lightningd:${IMAGE_TAG:-latest}
     container_name: lightningd-test
     command:
@@ -31,13 +43,20 @@ services:
     expose:
       - 19735
       - 7701
+    ports:
+      - 3010:3010
     networks:
       - lightning
     depends_on:
       bitcoin-core:
         condition: service_healthy
+      txoo-server:
+        condition: service_started
+      txoo:
+        condition: service_healthy
     environment:
       - BITCOIND_RPC_URL=http://rpcuser:VLSsigner1@bitcoind:18332
+      - TXOO_SOURCE_URL=http://txoo-server:80
       - RUST_LOG=info
       - VLS_NETWORK=testnet
       - VLS_BIND=0.0.0.0
@@ -46,6 +65,9 @@ services:
   txoo:
     build:
       context: ./txood
+      args:
+        - TXOO_REPO=$TXOO_REPO
+        - TXOO_GIT_HASH=$TXOO_GIT_HASH
     image: txood:${IMAGE_TAG:-latest}
     container_name: txood-test
     restart: unless-stopped
@@ -61,21 +83,77 @@ services:
       - BITCOIN_NETWORK=testnet
       - BITCOIND_RPC_URL=http://rpcuser:VLSsigner1@bitcoind:18332
 
+  txoo-server:
+    image: nginx:1.27-alpine3.20
+    container_name: txoo-server-test
+    networks:
+      - lightning
+    depends_on:
+      txoo:
+        condition: service_started
+    volumes:
+      - type: volume
+        source: txoo_data
+        target: /usr/share/nginx/html
+        volume:
+          subpath: testnet/public
+    ports:
+      - "8080:80"
+
+  lss:
+    build:
+      context: ./lss
+      args:
+        - LSS_REPO=$LSS_REPO
+        - LSS_GIT_HASH=$LSS_GIT_HASH
+    image: lss:${IMAGE_TAG:-latest}
+    container_name: lss-test
+    ports:
+      - 55551:55551
+    expose:
+      - 55551
+    profiles:
+      - lss
+    networks:
+      - lightning
+    volumes:
+      - lss_data:/home/lss/.lss
+    environment:
+      - LSS_DATABASE=${LSS_DATABASE:-sled}
+      - PG_HOST=$PG_HOST
+      - PG_USER=$PG_USER
+      - PG_PASS=$PG_PASS
+      - PG_DB=$PG_DB
+
   vls:
     build:
       context: ./vlsd
+      args:
+        - VLS_REPO=$VLS_REPO
+        - VLS_GIT_HASH=$VLS_GIT_HASH
+        - TXOO_PUBLIC_KEY=$TXOO_PUBLIC_KEY
     image: vlsd:${IMAGE_TAG:-latest}
     container_name: vlsd-test
     profiles:
       - vls
     command:
-      - --log-level=info
-      - --connect=http://core-lightning:7701
+      --log-level=info
+      --connect=http://core-lightning:7701
+      ${LSS_REMOTE_URL:+--lss=$LSS_REMOTE_URL}
     networks:
       - lightning
     volumes:
       - vls_data:/home/vls/.lightning-signer
+    depends_on:
+      txoo-server:
+        condition: service_started
+      lss:
+        condition: service_started
+        required: false
+      txoo:
+        condition: service_healthy
     environment:
+      - LSS_REMOTE_URL
       - VLS_NETWORK=testnet
       - VLS_PERMISSIVE=1
       - RUST_LOG=info
@@ -91,6 +169,9 @@ volumes:
   txoo_data:
     name: txoo_data
     external: true
+  lss_data:
+    name: lss_data
+    external: true
   vls_data:
     name: vls_data
     external: true

lightningd/Dockerfile

@@ -15,33 +15,43 @@ RUN apk update && \
       gettext \
       git \
       gmp-dev \
+      jq \
       libsodium \
       libtool \
       net-tools \
       postgresql-dev \
       py3-mako \
+      py3-pip \
       python3 \
       python3-dev \
       sqlite-dev \
       sqlite-static \
       zlib-dev \
-      zlib-static
+      zlib-static \
+      linux-headers
 
-ARG CORE_LIGHTNING_GIT_HASH=76cd32387a400a2aee607edaf1e0a06e92e1402f \
-    CORE_LIGHTNING_REPO=https://github.com/ElementsProject/lightning.git
+RUN pip3 install grpcio-tools
+
+ARG CORE_LIGHTNING_GIT_HASH \
+    CORE_LIGHTNING_REPO
 RUN git clone --recursive $CORE_LIGHTNING_REPO core-lightning
 RUN cd core-lightning && \
     git checkout $CORE_LIGHTNING_GIT_HASH && \
     ./configure --enable-static --prefix=/usr && \
-    make -j $(nproc) && \
     make -j $(nproc) install && \
     make clean
 
-ARG PLUGINS_GIT_HASH=cf96eb63c1687644042ea85acfd3785527fd98d4 \
-    PLUGINS_REPO=https://github.com/lightningd/plugins.git
-RUN git clone $PLUGINS_REPO
+ARG CLN_PLUGINS_GIT_HASH \
+    CLN_PLUGINS_REPO
+RUN git clone $CLN_PLUGINS_REPO
 RUN cd plugins && \
-    git checkout $PLUGINS_GIT_HASH
+    git checkout $CLN_PLUGINS_GIT_HASH && \
+    git submodule update --init --recursive
+
+# Build summars plugin
+RUN cd plugins/summars && \
+    cargo install --locked --path . --bin summars --profile release --root /usr/local/ && \
+    cargo clean
 
 FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.18 as clboss_builder
 
@@ -60,8 +70,8 @@ RUN apk update && \
     pkgconf \
     sqlite-dev
 
-ARG CLBOSS_GIT_HASH=0673c50e7374ea8f5cb7e302f72b7978c6bd1794 \
-    CLBOSS_REPO=https://github.com/ZmnSCPxj/clboss.git
+ARG CLBOSS_GIT_HASH \
+    CLBOSS_REPO
 RUN git clone --recurse-submodules $CLBOSS_REPO clboss
 RUN cd clboss && \
     git checkout $CLBOSS_GIT_HASH && \
@@ -85,9 +95,9 @@ RUN apk update && \
     protobuf-dev \
     rust
 
-ARG VLS_GIT_HASH=5712eb74b672ffd8b691b9e772e05a827d03e7df \
-    VLS_REPO=https://gitlab.com/lightning-signer/validating-lightning-signer.git
-RUN echo building remote_hsmd_socket from hash: $VLS_GIT_HASH
+ARG VLS_GIT_HASH \
+    VLS_REPO
+RUN echo "building remote_hsmd_socket from hash: $VLS_GIT_HASH"
 RUN git clone $VLS_REPO vls
 RUN cd vls && \
     git checkout $VLS_GIT_HASH && \
@@ -111,7 +121,10 @@ RUN apk update && \
       bind-tools \
       libev-dev \
       curl-dev \
-      sqlite-dev
+      sqlite-dev \
+      tini \
+      python3-dev \
+      libffi-dev
 
 ARG LIGHTNINGD_UID=101 \
     LIGHTNINGD_USER=lightning
@@ -128,12 +141,14 @@ COPY --from=builder /usr/libexec/c-lightning /usr/libexec/c-lightning
 COPY --from=builder /usr/share/man/man8 /usr/share/man/man8
 COPY --from=builder /usr/share/doc/c-lightning /usr/share/doc/c-lightning
 COPY --from=clboss_builder /usr/bin/clboss /usr/bin/clboss
-COPY --from=builder /build/plugins/summary /usr/local/src/plugins/summary
+COPY --from=builder /build/plugins/monitor/monitor.py /usr/local/src/plugins/monitor.py
+COPY --from=builder /usr/local/bin/summars /usr/local/src/plugins/summars
 COPY --from=vls_builder /usr/local/bin/remote_hsmd_socket /usr/libexec/c-lightning/remote_hsmd_socket
+COPY --from=builder /build/core-lightning/plugins/clnrest/requirements.txt /usr/local/src/plugins/clnrest_requirements.txt
 
-RUN addgroup -S lightning && adduser -S lightning -G lightning && \
+RUN addgroup -S ${LIGHTNINGD_USER} && adduser -S ${LIGHTNINGD_USER} -G ${LIGHTNINGD_USER} && \
     mkdir -p ${LIGHTNINGD_DATA} && \
-    chown -R lightning:lightning ${LIGHTNINGD_DATA}
+    chown -R ${LIGHTNINGD_USER}:${LIGHTNINGD_USER} ${LIGHTNINGD_DATA}
 
 COPY bitcoin.conf ${BITCOIND_HOME}/bitcoin.conf
 
@@ -146,21 +161,23 @@ RUN chmod +x /healthcheck.sh
 VOLUME ["${LIGHTNINGD_DATA}"]
 
 RUN mkdir -p ${BITCOIND_HOME} && \
-    chown -R lightning:lightning ${BITCOIND_HOME}
+    chown -R ${LIGHTNINGD_USER}:${LIGHTNINGD_USER} ${BITCOIND_HOME}
 
 COPY bitcoin.conf ${BITCOIND_HOME}/bitcoin.conf
 COPY testnet-config /testnet-config
 COPY regtest-config /regtest-config
 
-USER lightning
+USER ${LIGHTNINGD_USER}
 
 RUN pip3 install \
       pyln-client \
       requests \
       packaging
 
+RUN pip3 install -r /usr/local/src/plugins/clnrest_requirements.txt
+
 HEALTHCHECK --interval=5s --timeout=10s --start-period=5s \
     CMD ["/healthcheck.sh"]
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
 CMD ["lightningd"]

lightningd/entrypoint.sh

@@ -4,7 +4,9 @@ set -e
 cp -u /testnet-config ${LIGHTNINGD_DATA}/testnet-config
 cp -u /regtest-config ${LIGHTNINGD_DATA}/regtest-config
 
+# this is kept for backward compatibility purposes
 export GREENLIGHT_VERSION=$(lightningd --version)
+export VLS_CLN_VERSION=$(lightningd --version)
 
 if [ $(echo "$1" | cut -c1) = "-" ]; then
   echo "$0: assuming arguments for lightningd"

lightningd/healthcheck.sh

@@ -2,4 +2,4 @@
 
 set -ex
 
-lightning-cli --network $VLS_NETWORK summary
+lightning-cli --network $VLS_NETWORK getinfo

lightningd/regtest-config

@@ -3,10 +3,11 @@ bitcoin-rpcuser=rpcuser
 bitcoin-rpcpassword=VLSsigner1
 bitcoin-rpcport=38332
 log-level=info
-max-locktime-blocks=288
 important-plugin=/usr/bin/clboss
 clboss-auto-close=true
 bind-addr=0.0.0.0:19846
-plugin=/usr/local/src/plugins/summary/summary.py
+plugin=/usr/local/src/plugins/summars
+plugin=/usr/local/src/plugins/monitor.py
 subdaemon=hsmd:remote_hsmd_socket
-experimental-anchors
+experimental-anchors
+clnrest-port=3010

lightningd/testnet-config

@@ -3,10 +3,11 @@ bitcoin-rpcuser=rpcuser
 bitcoin-rpcpassword=VLSsigner1
 bitcoin-rpcport=18332
 log-level=info
-max-locktime-blocks=288
 important-plugin=/usr/bin/clboss
 clboss-auto-close=true
 bind-addr=0.0.0.0:19735
-plugin=/usr/local/src/plugins/summary/summary.py
+plugin=/usr/local/src/plugins/summars
+plugin=/usr/local/src/plugins/monitor.py
 subdaemon=hsmd:remote_hsmd_socket
-experimental-anchors
+experimental-anchors
+clnrest-port=3010

lss/Dockerfile

@@ -0,0 +1,62 @@
+# build lss
+FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.18 as builder
+
+WORKDIR /build
+
+RUN apk update && \
+    apk add \
+    build-base \
+    cargo \
+    git \
+    grpc \
+    protobuf \
+    protobuf-dev \
+    rust
+
+ARG LSS_GIT_HASH \
+    LSS_REPO 
+RUN echo "building lss from hash: $LSS_GIT_HASH"
+RUN git clone $LSS_REPO lss
+
+RUN cd lss && \
+    git checkout $LSS_GIT_HASH && \
+    cargo install --locked --path ./lightning-storage-server --bin lssd --profile release --root /usr/local/ && \
+    cargo clean
+
+# lss runner
+FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.18 as runner
+
+ARG LSS_DATA=/root/.lssd
+
+RUN apk update && \
+  apk add \
+  build-base \
+  curl-dev \
+  protobuf \
+  bind-tools \
+  tini
+
+COPY --from=builder /usr/local/bin/lssd /usr/local/bin/lssd
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+VOLUME ["${LSS_DATA}"]
+
+
+
+# Environment variables with default fallbacks
+ENV LSS_PORT=${LSS_PORT:-55551}
+ENV LSS_INTERFACE=${LSS_INTERFACE:-0.0.0.0}
+ENV LSS_CLEARDB=${LSS_CLEARDB:-false}
+ENV LSS_DATADIR=${LSS_DATADIR:-datadir}
+ENV LSS_DATABASE=${LSS_DATABASE:-sled}
+ENV PG_HOST=${PG_HOST:-}
+ENV PG_USER=${PG_USER:-dev}
+ENV PG_PASSWORD=${PG_PASSWORD:-}
+ENV PG_DB=${PG_DB:-dev}
+
+# Expose LSS port
+EXPOSE ${LSS_PORT}
+
+# Run lssd with the build arguments passed at runtime
+ENTRYPOINT ["/entrypoint.sh"]

lss/README.md

@@ -0,0 +1,24 @@
+# LSS Setup
+
+## Building the docker image
+
+### Ubuntu/Linux
+```bash
+sudo docker build \
+  --build-arg LSS_REPO=https://gitlab.com/lightning-signer/validating-lightning-signer.git \
+  --build-arg LSS_GIT_HASH=d2590ba34a388a016bb91307864e993fb3cc3d84 \
+  -t lss .
+```
+
+### Windows
+```bash
+docker build --build-arg LSS_REPO=https://gitlab.com/lightning-signer/validating-lightning-signer.git --build-arg LSS_GIT_HASH=d2590ba34a388a016bb91307864e993fb3cc3d84 -t lss .
+```
+
+## Running the container
+```bash
+docker compose --profile lss -f docker-compose.yml up lss
+```
+
+## Postgres Setup
+To use LSS with postgres, change the environment variable LSS_DATABASE to postgres, you also need to supply the arguments PG_HOST, PG_USER, PG_PASS, PG_DB to a real postgres database

lss/docker-compose.yml

@@ -0,0 +1,58 @@
+version: "3.8"
+services:
+  lss:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        - LSS_REPO
+        - LSS_GIT_HASH
+    image: lss:${IMAGE_TAG:-latest}
+    container_name: lss-test
+    ports:
+      - 55551:55551
+    expose:
+      - 55551
+    networks:
+      - lightning
+    volumes:
+      - lss_data:/home/lss/.lss
+    environment:
+      - LSS_DATABASE=${LSS_DATABASE:-sled}
+      - PG_HOST
+      - PG_USER
+      - PG_PASS
+      - PG_DB
+  vls:
+    build:
+      context: ../vlsd
+      dockerfile: Dockerfile
+      args:
+        - VLS_GIT_HASH
+    image: vlsd
+    container_name: vlsd-standalone
+    command: 
+      --connect=http://core-lightning:7701
+      --lss=http://lss:55551
+    networks:
+      - lightning
+    volumes:
+      - vls_data:/home/vls/.lightning-signer
+    environment:
+      - BITCOIND_RPC_URL=$BITCOIND_RPC_URL
+      - VLS_NETWORK=testnet
+    depends_on:
+      lss:
+        condition: service_healthy
+        required: false
+
+networks:
+  lightning:
+
+volumes:
+  vls_data:
+    name: vls_data
+    external: true
+  lss_data:
+    name: lss_data
+    external: true

lss/entrypoint.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/local/bin/lssd --port "$LSS_PORT" --interface "$LSS_INTERFACE" --database "$LSS_DATABASE"

scripts/build_from_cache.sh

@@ -5,4 +5,5 @@ set -ex
 SERVICE=$1
 
 cd $SERVICE
-docker build --load --builder $BUILDER --cache-from $CACHE/$SERVICE:$CACHE_TAG -t $SERVICE:$IMAGE_TAG .
+
+docker build --load --builder $BUILDER --cache-from $CACHE/$SERVICE:$CACHE_TAG -t $SERVICE:$IMAGE_TAG $(grep -v '^#' ../.env | sed 's/^/--build-arg /' | tr '\n' ' ') .

scripts/build_image_cache.sh

@@ -7,4 +7,4 @@ SERVICE=$1
 docker buildx create --name=$SERVICE --use
 cd $SERVICE
 
-docker build --load --builder=$SERVICE --cache-to type=registry,ref=$CACHE/$SERVICE:$CACHE_TAG --cache-from $CACHE/$SERVICE:$CACHE_TAG -t $SERVICE:$IMAGE_TAG .
+docker build --load --builder=$SERVICE --cache-to type=registry,ref=$CACHE/$SERVICE:$CACHE_TAG --cache-from $CACHE/$SERVICE:$CACHE_TAG -t $SERVICE:$IMAGE_TAG $(grep -v '^#' ../.env | sed 's/^/--build-arg /' | tr '\n' ' ') .

scripts/cleanup_regtest.sh

@@ -7,3 +7,4 @@ docker volume rm vls-container_bitcoin_regtest
 docker volume rm vls-container_lightning_regtest
 docker volume rm vls-container_vls_regtest
 docker volume rm vls-container_txoo_regtest
+docker volume ls | grep -q "vls-container_lss_regtest" && docker volume rm vls-container_lss_regtest

txood/Dockerfile

@@ -1,5 +1,5 @@
 # build txoo
-FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.18 as builder
+FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.20 as builder
 
 WORKDIR /build
 
@@ -9,8 +9,8 @@ RUN apk update && \
     rust \
     cargo
 
-ARG TXOO_GIT_HASH=1cfeecf5f806a04a12c97ca17c39566a1a24e732
-ARG TXOO_REPO=https://gitlab.com/lightning-signer/txoo.git
+ARG TXOO_GIT_HASH \
+    TXOO_REPO
 RUN git clone --recurse-submodules $TXOO_REPO
 RUN cd txoo && \
     git checkout $TXOO_GIT_HASH && \
@@ -18,7 +18,7 @@ RUN cd txoo && \
     cargo clean
 
 # txoo runner
-FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.18 as runner
+FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.20 as runner
 
 LABEL maintainer.0="Lakshya Singh (@king-11)" \
   maintainer.1="Dev Random (@devrandom01)"
@@ -32,7 +32,8 @@ RUN apk update && \
       libev-dev \
       curl-dev \
       curl \
-      jq
+      jq \
+      tini
 
 COPY --from=builder /usr/local/bin/txood /usr/bin/txood
 
@@ -47,5 +48,5 @@ VOLUME ["${TXOO_DATA}"]
 HEALTHCHECK --interval=5s --timeout=10s --start-period=5s \
     CMD ["/healthcheck.sh"]
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
 CMD ["txood"]

vlsd/Dockerfile

@@ -12,9 +12,10 @@ RUN apk update && \
     protobuf-dev \
     rust
 
-ARG VLS_GIT_HASH=5712eb74b672ffd8b691b9e772e05a827d03e7df
-RUN echo building vlsd from hash: $VLS_GIT_HASH
-RUN git clone https://gitlab.com/lightning-signer/validating-lightning-signer.git vls
+ARG VLS_GIT_HASH \
+    VLS_REPO
+RUN echo "building vlsd from hash: $VLS_GIT_HASH"
+RUN git clone $VLS_REPO vls
 RUN cd vls && \
     git checkout $VLS_GIT_HASH && \
     cargo install --locked --path ./vls-proxy --bin vlsd2 --profile release --root /usr/local/ && \
@@ -23,21 +24,27 @@ RUN cd vls && \
 
 FROM --platform=${TARGETPLATFORM:-${BUILDPLATFORM:-linux/amd64}} alpine:3.18 as runner
 
-ARG UID=100
-ARG GID=101
+ARG VLSD_UID=100 \
+    VLSD_GID=101 \
+    VLSD_USER=vls
+ARG VLSD_HOME=/home/${VLSD_USER}
+ARG TXOO_PUBLIC_KEY
+ENV TXOO_PUBLIC_KEY=${TXOO_PUBLIC_KEY}
 
 LABEL maintainer.0="Lakshya Singh (@king-11)" \
   maintainer.1="Dev Random (@devrandom01)"
 
-RUN addgroup vls --gid ${GID} --system
-RUN adduser --uid ${UID} --system vls --ingroup vls
+RUN addgroup ${VLSD_USER} --gid ${VLSD_GID} --system
+RUN adduser --uid ${VLSD_UID} --system ${VLSD_USER} --ingroup ${VLSD_USER}
 
 RUN apk update && \
   apk add \
   build-base \
   curl-dev \
+  curl \
   protobuf \
-  bind-tools
+  bind-tools \
+  tini
 
 COPY --from=builder /usr/local/bin/vlsd2 /usr/local/bin/vlsd2
 COPY --from=builder /usr/local/bin/vls-cli /usr/local/bin/vls-cli
@@ -50,21 +57,23 @@ RUN chmod +x /healthcheck.sh
 
 COPY vlsd2.toml /vlsd2.toml
 
-ENV VLS_DATA=/home/vls/.lightning-signer
-RUN mkdir ${VLS_DATA}
-RUN chown vls:vls ${VLS_DATA}
+ENV VLSD_DATA=/home/vls/.lightning-signer
+RUN mkdir -p ${VLSD_DATA} && \
+    chown ${VLSD_USER}:${VLSD_USER} ${VLSD_DATA}
 
-ENV REMOTE_SIGNER_ALLOWLIST=${VLS_DATA}/ALLOWLIST
+RUN mkdir -p ${VLSD_HOME}/.txoo
+
+ENV REMOTE_SIGNER_ALLOWLIST=${VLSD_DATA}/ALLOWLIST
 RUN touch ${REMOTE_SIGNER_ALLOWLIST}
 
-VOLUME ["${VLS_DATA}"]
+VOLUME ["${VLSD_DATA}"]
 
-USER vls
+USER ${VLSD_USER}
 
 HEALTHCHECK --interval=10s --timeout=10s --start-period=10s \
     CMD ["/healthcheck.sh"]
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
 
 RUN vlsd2 --git-desc
 

vlsd/docker-compose.yml

@@ -4,6 +4,10 @@ services:
     build:
       context: .
       dockerfile: Dockerfile
+      args:
+        - VLS_REPO
+        - VLS_GIT_HASH
+        - TXOO_PUBLIC_KEY
     image: vlsd
     container_name: vlsd-standalone
     command:

vlsd/entrypoint.sh

@@ -1,8 +1,12 @@
 #!/bin/sh
 set -e
 
-cp /vlsd2.toml $VLS_DATA/
-sed -i "1s/^/network = \"$VLS_NETWORK\"\n/" $VLS_DATA/vlsd2.toml
+cp /vlsd2.toml $VLSD_DATA/
+sed -i "1s/^/network = \"$VLS_NETWORK\"\n/" $VLSD_DATA/vlsd2.toml
+
+TXOO_PUBLIC_KEY=${TXOO_PUBLIC_KEY:=$(curl -s --retry 5 --retry-all-errors --fail http://txoo-server:80/config | grep public_key | cut -d ' ' -f 2)}
+
+test -n "$TXOO_PUBLIC_KEY" || (echo "TXOO_PUBLIC_KEY build arg not set" && false)
 
 if [ $(echo "$1" | cut -c1) = "-" ]; then
   echo "$0: assuming arguments for vlsd2"
@@ -11,9 +15,10 @@ if [ $(echo "$1" | cut -c1) = "-" ]; then
 fi
 
 if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "vlsd2" ]; then
-  echo "$0: setting config to $VLS_DATA/vlsd2.toml"
+  echo "$0: setting config to $VLSD_DATA/vlsd2.toml"
 
-  set -- "$@" --config=$VLS_DATA/vlsd2.toml
+  echo "$0: using $TXOO_PUBLIC_KEY as trusted oracle pubkey"
+  set -- "$@" --config=$VLSD_DATA/vlsd2.toml -t=$TXOO_PUBLIC_KEY
 fi
 
 echo

vlsd/healthcheck.sh

@@ -2,4 +2,4 @@
 
 set -ex
 
-vls-cli info
+vls-cli --rpc-user rpcuser --rpc-password VLSsigner2 info

vlsd/vlsd2.toml

@@ -1 +1,3 @@
 datadir = "/home/vls/.lightning-signer"
+rpc-user = "rpcuser"
+rpc-pass = "VLSsigner2"