Skip to content

Add Outbound Remote Signer implementation #8754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ViktorT-11 wants to merge 39 commits into
base: master
Choose a base branch
from
Open

Add Outbound Remote Signer implementation #8754

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
6346773
lnd+lncfg: Refactor `RemoteSigner` Config
ViktorT-11 Dec 9, 2024
c20f7ec
multi: correct `DefaultRemoteSignerRPCTimeout` docs
ViktorT-11 May 20, 2024
b1c241d
lnd: add new `remotesigner` macaroon entity
ViktorT-11 Aug 23, 2024
51097d8
walletrpc: add `SignCoordinatorStreams` RPC
ViktorT-11 May 14, 2024
ec09ade
rpcwallet: add `RemoteSignerConnection` interface
ViktorT-11 May 14, 2024
ad8b054
rpcwallet: add `OutboundConnection` implementation
ViktorT-11 May 14, 2024
8c1f6f2
rpcwallet: add `RemoteSignerConnectionBuilder`
ViktorT-11 May 14, 2024
4a3b89d
rpcwallet: use `RemoteSignerConnection` in RPCKeyRing
ViktorT-11 May 14, 2024
d85a40f
lnd: refactor `createLivenessMonitor` signature
ViktorT-11 Dec 17, 2024
714921b
multi: use `RemoteSignerConnection` for health check
ViktorT-11 May 14, 2024
066041b
multi: Add `watchonlynode` Namespace to `Config`
ViktorT-11 Dec 6, 2024
a8cb836
rpcwallet: add `RemoteSignerClient` struct
ViktorT-11 May 14, 2024
4933147
f - rpcwallet: use GoroutineManager in remote signer signer client
ViktorT-11 Oct 31, 2024
f74deca
rpcwallet: Add `RemoteSignerClientBuilder`
ViktorT-11 Sep 1, 2024
6bacf16
lnd: add `RemoteSignerClient` instance on startup
ViktorT-11 May 14, 2024
24de630
lncfg: allow `watchonlynode.enable`
ViktorT-11 Dec 6, 2024
fb2915a
conf: add `remotesigner.allowinboundconnection`
ViktorT-11 Dec 6, 2024
945d17f
rpcwallet: add `SignCoordinator` struct
ViktorT-11 May 14, 2024
e0c4df7
rpcwallet: add `InboundConnection` implementation
ViktorT-11 Dec 6, 2024
5d040b9
lnrpc: add `AllowRemoteSigner` `WalletState` proto
ViktorT-11 May 14, 2024
2c3a95a
rpcperms: allow some RPCs before `rpcActive` state
ViktorT-11 May 14, 2024
f53ca65
rpcperms: fix `SetServerActive` function docs typo
ViktorT-11 May 14, 2024
97d35f7
multi: enable `RpcServer` before dependencies exist
ViktorT-11 May 14, 2024
de1153c
multi: add `RemoteSignerConnection` to walletrpc conf
ViktorT-11 May 14, 2024
19f3572
walletrpc: implement `SignCoordinatorStreams` RPC
ViktorT-11 May 14, 2024
02b897d
multi: populate `RemoteSignerConnection` ref early
ViktorT-11 May 28, 2024
602c640
f - multi: populate `RemoteSignerConnection` ref early
ViktorT-11 Dec 5, 2024
9682594
multi: add `ReadySignal` to `WalletController`
ViktorT-11 May 14, 2024
9040572
lnd: await remote signer connection on startup
ViktorT-11 May 28, 2024
02d53ed
multi: allow `remotesigner.allowinboundconnection`
ViktorT-11 Dec 6, 2024
4230067
docs: add outbound signer to remote signing docs
ViktorT-11 May 13, 2024
a9a9273
docs: update release notes
ViktorT-11 Oct 31, 2024
000bb31
lntest: separate creation/start of watch-only node
ViktorT-11 May 14, 2024
10d3c2e
itest: fix testRemoteSignerRandomSeedOutbound typo
ViktorT-11 Mar 21, 2025
4ea791d
itest: add outbound remote signer itests
ViktorT-11 May 14, 2024
f25f2e2
itest: add testOutboundRSMacaroonEnforcement itest
ViktorT-11 Aug 28, 2024
f19cd50
itest: wrap deriveCustomScopeAccounts at 80 chars
ViktorT-11 May 17, 2024
8098afb
rpcwallet: allow remote signer to reconnect
ViktorT-11 Mar 21, 2025
2d1981d
multi: allow 0 `startuptimeout` value
ViktorT-11 Feb 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 19 additions & 4 deletions config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -497,8 +497,15 @@ type Config struct {

RPCMiddleware *lncfg.RPCMiddleware `group:"rpcmiddleware" namespace:"rpcmiddleware"`

// RemoteSigner defines how to connect to a remote signer node. If this
// is enabled, the node acts as a watch-only node in a remote signer
// setup.
RemoteSigner *lncfg.RemoteSigner `group:"remotesigner" namespace:"remotesigner"`

// WatchOnlyNode defines how to connect to a watch-only node. If this is
// enabled, the node acts as a remote signer in a remote signer setup.
WatchOnlyNode *lncfg.WatchOnlyNode `group:"watchonlynode" namespace:"watchonlynode"`

Sweeper *lncfg.Sweeper `group:"sweeper" namespace:"sweeper"`

Htlcswitch *lncfg.Htlcswitch `group:"htlcswitch" namespace:"htlcswitch"`
Expand Down Expand Up @@ -757,10 +764,9 @@ func DefaultConfig() Config {
ChannelCommitBatchSize: defaultChannelCommitBatchSize,
CoinSelectionStrategy: defaultCoinSelectionStrategy,
KeepFailedPaymentAttempts: defaultKeepFailedPaymentAttempts,
RemoteSigner: &lncfg.RemoteSigner{
Timeout: lncfg.DefaultRemoteSignerRPCTimeout,
},
Sweeper: lncfg.DefaultSweeperConfig(),
RemoteSigner: lncfg.DefaultRemoteSignerCfg(),
WatchOnlyNode: lncfg.DefaultWatchOnlyNodeCfg(),
Sweeper: lncfg.DefaultSweeperConfig(),
Htlcswitch: &lncfg.Htlcswitch{
MailboxDeliveryTimeout: htlcswitch.DefaultMailboxDeliveryTimeout,
QuiescenceTimeout: lncfg.DefaultQuiescenceTimeout,
Expand Down Expand Up @@ -1790,6 +1796,14 @@ func ValidateConfig(cfg Config, interceptor signal.Interceptor, fileParser,
)
}

// Validate that the node isn't configured as both a remote signer and a
// watch-only node.
if cfg.RemoteSigner.Enable && cfg.WatchOnlyNode.Enable {
return nil, fmt.Errorf("cannot be configured as both a " +
"watchonly node and a remote signer node " +
"simultaneously")
}

// Validate the subconfigs for workers, caches, and the tower client.
err = lncfg.Validate(
cfg.Workers,
Expand All @@ -1800,6 +1814,7 @@ func ValidateConfig(cfg Config, interceptor signal.Interceptor, fileParser,
cfg.HealthChecks,
cfg.RPCMiddleware,
cfg.RemoteSigner,
cfg.WatchOnlyNode,
cfg.Sweeper,
cfg.Htlcswitch,
cfg.Invoices,
Expand Down
42 changes: 37 additions & 5 deletions config_builder.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -867,28 +867,57 @@ func (d *RPCSignerWalletImpl) BuildChainControl(
partialChainControl *chainreg.PartialChainControl,
walletConfig *btcwallet.Config) (*chainreg.ChainControl, func(), error) {

// Keeps track of both the remote signer and the chain control clean up
// functions.
var (
cleanUpTasks []func()
cleanUp = func() {
for i := len(cleanUpTasks) - 1; i >= 0; i-- {
cleanUpTasks[i]()
}
}
)

walletController, err := btcwallet.New(
*walletConfig, partialChainControl.Cfg.BlockCache,
)
if err != nil {
err := fmt.Errorf("unable to create wallet controller: %w", err)
d.logger.Error(err)
return nil, nil, err
return nil, cleanUp, err
}

remoteSignerConnBuilder := rpcwallet.NewRemoteSignerConnectionBuilder(
d.DefaultWalletImpl.cfg.RemoteSigner,
)

// Create the remote signer connection instance.
remoteSignerConn, err := remoteSignerConnBuilder.Build(
context.Background(),
)
if err != nil {
err := fmt.Errorf("unable to set up remote signer: %w", err)
d.logger.Error(err)

return nil, cleanUp, err
}

cleanUpTasks = append(cleanUpTasks, remoteSignerConn.Stop)

baseKeyRing := keychain.NewBtcWalletKeyRing(
walletController.InternalWallet(), walletConfig.CoinType,
)

rpcKeyRing, err := rpcwallet.NewRPCKeyRing(
baseKeyRing, walletController,
d.DefaultWalletImpl.cfg.RemoteSigner, walletConfig.NetParams,
remoteSignerConn, walletConfig.NetParams,
)
if err != nil {
err := fmt.Errorf("unable to create RPC remote signing wallet "+
"%v", err)
d.logger.Error(err)
return nil, nil, err

return nil, cleanUp, err
}

// Create, and start the lnwallet, which handles the core payment
Expand All @@ -907,15 +936,18 @@ func (d *RPCSignerWalletImpl) BuildChainControl(

// We've created the wallet configuration now, so we can finish
// initializing the main chain control.
activeChainControl, cleanUp, err := chainreg.NewChainControl(
activeChainControl, ccCleanUp, err := chainreg.NewChainControl(
lnWalletConfig, rpcKeyRing, partialChainControl,
)
if err != nil {
err := fmt.Errorf("unable to create chain control: %w", err)
d.logger.Error(err)
return nil, nil, err

return nil, cleanUp, err
}

cleanUpTasks = append(cleanUpTasks, ccCleanUp)

return activeChainControl, cleanUp, nil
}

Expand Down
11 changes: 11 additions & 0 deletions docs/release-notes/release-notes-0.21.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,10 @@
specify a list of inputs to use as transaction inputs via the new
`inputs` field in `EstimateFeeRequest`.

* [SignCoordinatorStreams](https://github.com/lightningnetwork/lnd/pull/8754)
allows a remote signer to connect to the lnd node, if the
`remotesigner.allowinboundconnection` cfg value has been set to `true`.

## lncli Additions

* The `estimatefee` command now supports the `--utxos` flag to specify explicit
Expand All @@ -107,9 +111,16 @@
This applies to both funders and fundees, with the ability to override the
value during channel opening or acceptance.

<<<<<<< HEAD
* Rename [experimental endorsement signal](https://github.com/lightning/blips/blob/a833e7b49f224e1240b5d669e78fa950160f5a06/blip-0004.md)
to [accountable](https://github.com/lightningnetwork/lnd/pull/10367) to match
the latest [proposal](https://github.com/lightning/blips/pull/67).
=======
* [Added](https://github.com/lightningnetwork/lnd/pull/8754) support for a new
remote signer type `outbound`, which makes an outbound connection to the
watch-only node, instead of requiring on an inbound connection from the
watch-only node.
>>>>>>> 39f496b44 (docs: update release notes)

## RPC Updates

Expand Down
Loading
Loading