Adding BtcPayServer related files and resources

rockstardev · rockstardev · commit ae4bb33c6a3d · 2024-10-15T17:56:11.000-05:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,107 @@
+version: 2
+jobs:
+  # publish jobs require $DOCKERHUB_REPO, $DOCKERHUB_USER, $DOCKERHUB_PASS defined
+  amd64:
+    machine:
+      enabled: true
+    steps:
+      - checkout
+      - run:
+          command: |
+            LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
+            #
+            sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-amd64 -f linuxamd64.Dockerfile .
+            sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
+            sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-amd64
+
+  arm32:
+    machine:
+      enabled: true
+    steps:
+      - checkout
+      - run:
+          command: |
+            LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
+            #
+            # Make sure the builder is copy the arm emulator
+            sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset
+            sudo apt update
+            sudo apt install -y qemu qemu-user-static qemu-user binfmt-support
+
+            sudo cp /usr/bin/qemu-arm-static "qemu-arm-static"
+            sed -i -e 's/#EnableQEMU //g' "linuxarm32v7.Dockerfile"
+            sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 -f linuxarm32v7.Dockerfile .
+            sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
+            sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-arm32v7
+
+  arm64:
+    machine:
+      enabled: true
+    steps:
+      - checkout
+      - run:
+          command: |
+            LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
+            #
+            # Make sure the builder is copy the arm emulator
+            sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset
+            sudo apt update
+            sudo apt install -y qemu qemu-user-static qemu-user binfmt-support
+
+            sudo cp /usr/bin/qemu-aarch64-static "qemu-aarch64-static"
+            sed -i -e 's/#EnableQEMU //g' "linuxarm64v8.Dockerfile"
+            sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-arm64v8 -f linuxarm64v8.Dockerfile .
+            sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
+            sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-arm64v8
+
+  multiarch:
+    machine:
+      enabled: true
+      image: default
+    steps:
+      - run:
+          command: |
+            #
+            sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
+            #
+            LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
+            sudo docker manifest create --amend $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-amd64 $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 $DOCKERHUB_REPO:$LATEST_TAG-arm64v8
+            sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-amd64 --os linux --arch amd64
+            sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 --os linux --arch arm --variant v7
+            sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-arm64v8 --os linux --arch arm64 --variant v8
+            sudo docker manifest push $DOCKERHUB_REPO:$LATEST_TAG -p
+
+workflows:
+  version: 2
+  publish:
+    jobs:
+      - amd64:
+          filters:
+            # ignore any commit on any branch by default
+            branches:
+              ignore: /.*/
+            # only act on version tags
+            tags:
+              only: /basedon-.+/
+      - arm32:
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /basedon-.+/
+      - arm64:
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /basedon-.+/
+      - multiarch:
+          requires:
+            - amd64
+            - arm32
+            - arm64
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /basedon-.+/
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,4 @@
+Dockerfile
+linuxamd64.Dockerfile
+linuxarm32v7.Dockerfile
+.circleci/
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,4 @@
+# Declare files that will always have CRLF line endings on checkout.
+*.sh text eol=lf
+*.go text eol=lf
+Makefile text eol=lf
diff --git a/Makefile b/Makefile
@@ -23,6 +23,9 @@ ANDROID_BUILD := $(ANDROID_BUILD_DIR)/Lndmobile.aar
 
 COMMIT := $(shell git describe --tags --dirty)
 
+COMMIT := $(subst -dirty,-fresh-btcpay,$(COMMIT))
+LDFLAGS := -ldflags "-X $(PKG)/build.Commit=$(COMMIT)"
+
 # Determine the minor version of the active Go installation.
 ACTIVE_GO_VERSION := $(shell go version | sed -nre 's/^[^0-9]*(([0-9]+\.)*[0-9]+).*/\1/p')
 ACTIVE_GO_VERSION_MINOR := $(shell echo $(ACTIVE_GO_VERSION) | cut -d. -f2)
@@ -32,6 +35,11 @@ ifeq ($(shell expr $(ACTIVE_GO_VERSION_MINOR) \>= 21), 1)
 	LOOPVARFIX := GOEXPERIMENT=loopvar
 endif
 
+LOOPVARFIX :=
+ifeq ($(shell expr $(GO_VERSION_MINOR) \>= 21), 1)
+	LOOPVARFIX := GOEXPERIMENT=loopvar
+endif
+
 # GO_VERSION is the Go version used for the release build, docker files, and
 # GitHub Actions. This is the reference version for the project. All other Go
 # versions are checked against this version.
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -0,0 +1,100 @@
+#!/bin/bash
+set -e
+
+if [[ "$1" == "lnd" || "$1" == "lncli" ]]; then
+	mkdir -p "$LND_DATA"
+
+    # removing noseedbackup=1 flag, adding it below if needed for legacy
+    LND_EXTRA_ARGS=${LND_EXTRA_ARGS/noseedbackup=1/}
+    
+	cat <<-EOF > "$LND_DATA/lnd.conf"
+	${LND_EXTRA_ARGS}
+    listen=0.0.0.0:${LND_PORT}
+	EOF
+
+    if [[ "${LND_EXTERNALIP}" ]]; then
+        echo "externalip=$LND_EXTERNALIP:${LND_PORT}" >> "$LND_DATA/lnd.conf"
+    fi
+
+    if [[ "${LND_ALIAS}" ]]; then
+        # This allow to strip this parameter if LND_ALIAS is empty or null, and truncate it
+        LND_ALIAS="$(echo "$LND_ALIAS" | cut -c -32)"
+        echo "alias=$LND_ALIAS" >> "$LND_DATA/lnd.conf"
+        echo "alias=$LND_ALIAS added to $LND_DATA/lnd.conf"
+    fi
+
+    if [[ $LND_CHAIN && $LND_ENVIRONMENT ]]; then
+        echo "LND_CHAIN=$LND_CHAIN"
+        echo "LND_ENVIRONMENT=$LND_ENVIRONMENT"
+
+        NETWORK=""
+
+        shopt -s nocasematch
+        if [[ $LND_CHAIN == "btc" ]]; then
+            NETWORK="bitcoin"
+        elif [[ $LND_CHAIN == "ltc" ]]; then
+            NETWORK="litecoin"
+        else
+            echo "Unknown value for LND_CHAIN, expected btc or ltc"
+        fi
+
+        ENV=""
+        # Make sure we use correct casing for LND_Environment
+        if [[ $LND_ENVIRONMENT == "mainnet" ]]; then
+            ENV="mainnet"
+        elif [[ $LND_ENVIRONMENT == "testnet" ]]; then
+            ENV="testnet"
+        elif [[ $LND_ENVIRONMENT == "signet" ]]; then
+            ENV="signet"
+        elif [[ $LND_ENVIRONMENT == "regtest" ]]; then
+            ENV="regtest"
+        else
+            echo "Unknown value for LND_ENVIRONMENT, expected mainnet, testnet, signet or regtest"
+        fi
+        shopt -u nocasematch
+
+        if [[ $ENV && $NETWORK ]]; then
+            echo "
+            $NETWORK.active=1
+            $NETWORK.$ENV=1
+            " >> "$LND_DATA/lnd.conf"
+            echo "Added $NETWORK.active and $NETWORK.$ENV to config file $LND_DATA/lnd.conf"
+        else
+            echo "LND_CHAIN or LND_ENVIRONMENT is not set correctly"
+        fi
+    fi
+
+    if [[ "${LND_READY_FILE}" ]]; then
+        echo "Waiting $LND_READY_FILE to be created..."
+        while [ ! -f "$LND_READY_FILE" ]; do sleep 1; done
+        echo "The chain is fully synched"
+    fi
+
+    if [[ "${LND_HIDDENSERVICE_HOSTNAME_FILE}" ]]; then
+        echo "Waiting $LND_HIDDENSERVICE_HOSTNAME_FILE to be created by tor..."
+        while [ ! -f "$LND_HIDDENSERVICE_HOSTNAME_FILE" ]; do sleep 1; done
+        HIDDENSERVICE_ONION="$(head -n 1 "$LND_HIDDENSERVICE_HOSTNAME_FILE"):${LND_PORT}"
+        echo "externalip=$HIDDENSERVICE_ONION" >> "$LND_DATA/lnd.conf"
+        echo "externalip=$HIDDENSERVICE_ONION added to $LND_DATA/lnd.conf"
+    fi
+
+    # if it is legacy installation, then trigger warning and add noseedbackup=1 to config if needed
+    WALLET_FILE="$LND_DATA/data/chain/$NETWORK/$ENV/wallet.db"
+    LNDUNLOCK_FILE=${WALLET_FILE/wallet.db/walletunlock.json}
+    if [ -f "$WALLET_FILE" -a  ! -f "$LNDUNLOCK_FILE" ]; then
+        echo "[lnd_unlock_entrypoint] WARNING: UNLOCK FILE DOESN'T EXIST! MIGRATE LEGACY INSTALLATION TO NEW VERSION ASAP"
+        echo "noseedbackup=1" >> "$LND_DATA/lnd.conf"
+    fi
+
+    # hit up the auto initializer and unlocker on separate process to do it's work
+    ./docker-initunlocklnd.sh $NETWORK $ENV &
+
+    ln -sfn "$LND_DATA" /root/.lnd
+    ln -sfn "$LND_BITCOIND" /root/.bitcoin
+    ln -sfn "$LND_LITECOIND" /root/.litecoin
+    ln -sfn "$LND_BTCD" /root/.btcd
+
+    exec "$@"
+else
+	exec "$@"
+fi
diff --git a/docker-initunlocklnd.sh b/docker-initunlocklnd.sh
@@ -0,0 +1,130 @@
+#!/bin/bash
+set -e
+
+echo "[initunlocklnd] Waiting 2 seconds for lnd..."
+sleep 2
+
+# ensure that lnd is up and running before proceeding
+while
+    CA_CERT="$LND_DATA/tls.cert"
+    LND_WALLET_DIR="$LND_DATA/data/chain/$1/$2/"
+    MACAROON_FILE="$LND_DATA/admin.macaroon"
+    MACAROON_HEADER="r0ckstar:dev"
+    if [ -f "$MACAROON_FILE" ]; then
+        MACAROON_HEADER="Grpc-Metadata-macaroon:$(xxd -p -c 10000 "$MACAROON_FILE" | tr -d ' ')"
+    fi
+
+    STATUS_CODE=$(curl -s --cacert "$CA_CERT" -H $MACAROON_HEADER -o /dev/null -w "%{http_code}" $LND_REST_LISTEN_HOST/v1/getinfo)
+    # if lnd is running it'll either return 200 if unlocked (noseedbackup=1) or 404 if it needs initialization/unlock 
+    if [ "$STATUS_CODE" == "200" ] || [ "$STATUS_CODE" == "404" ] ; then
+        break
+    # or 500 from version 0.13.1 onwards because it breaks with `wallet not created, create one to enable full RPC access` error
+    elif [ "$STATUS_CODE" == "500" ] ; then
+        STATUS_CODE=$(curl -s --cacert "$CA_CERT" -H $MACAROON_HEADER $LND_REST_LISTEN_HOST/v1/state)
+        if [ "$STATUS_CODE" == "{\"state\":\"NON_EXISTING\"}" ] || [ "$STATUS_CODE" == "{\"state\":\"LOCKED\"}" ] ; then
+            break # wallet ready to be either created or unlocked
+        fi
+        # for {\"state\":\"UNLOCKED\"}" we will depend on that previous condition with STATUS_CODE 200 or 404
+        # because even though wallet is unlocked, /v1/getinfo will still keep returning 500 until it's ready
+
+        echo "[initunlocklnd] Still waiting on LND, got response for wallet status: $STATUS_CODE ... waiting another 2 seconds..."
+        sleep 2
+    else
+        echo "[initunlocklnd] LND still didn't start, got $STATUS_CODE status code back... waiting another 2 seconds..."
+        sleep 2
+    fi
+do true; done
+
+# read variables after we ensured that lnd is up
+CA_CERT="$LND_DATA/tls.cert"
+LND_WALLET_DIR="$LND_DATA/data/chain/$1/$2/"
+MACAROON_FILE="$LND_DATA/admin.macaroon"
+MACAROON_HEADER="r0ckstar:dev"
+if [ -f "$MACAROON_FILE" ]; then
+    MACAROON_HEADER="Grpc-Metadata-macaroon:$(xxd -p -c 10000 "$MACAROON_FILE" | tr -d ' ')"
+fi
+
+WALLET_FILE="$LND_WALLET_DIR/wallet.db"
+LNDUNLOCK_FILE=${WALLET_FILE/wallet.db/walletunlock.json}
+if [ -f "$WALLET_FILE" ]; then
+    if [ ! -f "$LNDUNLOCK_FILE" ]; then
+        echo "[initunlocklnd] WARNING: UNLOCK FILE DOESN'T EXIST! MIGRATE LEGACY INSTALLATION TO NEW VERSION ASAP"
+    else
+        echo "[initunlocklnd] Wallet and Unlock files are present... parsing wallet password and unlocking lnd"
+
+        # parse wallet password from unlock file
+        WALLETPASS=$(jq -c -r '.wallet_password' $LNDUNLOCK_FILE)
+        # Nicolas deleted default password in some wallet unlock files, so we initializing default if password is empty
+        [ "$WALLETPASS" == "" ] && WALLETPASS="hellorockstar"
+        # Corrected password (removing newlines before encoding).
+        # previous versions will have a default wallet password including a line feed at the end "hellorockstar\n"
+        # line feed hex code 0x0A. So we first try the password without the line feed if it fails we try it with
+        # the older version.
+        WALLETPASS_BASE64=$(echo $WALLETPASS | tr -d '\n\r' | base64)
+
+        response=$(curl -s --cacert "$CA_CERT" -X POST -H "$MACAROON_HEADER" \
+            -d '{ "wallet_password":"'$WALLETPASS_BASE64'" }' $LND_REST_LISTEN_HOST/v1/unlockwallet)
+
+        # Check for failure (e.g., incorrect password)
+        if [[ "$response" == *"invalid"* ]]; then
+            # If it fails, try the original password with linefeed
+            WALLETPASS_BASE64_CURRENT=$(echo $WALLETPASS | base64)
+
+            # Now we change the password so that the line feed is removed.
+            # The correct password is already written to the unlock file so we don't need
+            # to change that. Moreover the changepassword call will change + unlock the wallet
+            # there is no need to call unlockwallet after this call.
+            change_password_response=$(curl -s --cacert "$CA_CERT" -X POST -H "$MACAROON_HEADER" \
+                -d '{ "current_password":"'$WALLETPASS_BASE64_CURRENT'", "new_password":"'$WALLETPASS_BASE64'" }' \
+                $LND_REST_LISTEN_HOST/v1/changepassword)
+
+            # make sure the log end with a newline.
+            echo $change_password_response
+
+            echo -n "[initunlocklnd] Changed wallet password removing the \"line feed\" character at the end. "
+            echo "The password can be found in $LNDUNLOCK_FILE"
+        else
+            echo "[initunlocklnd] Wallet unlocking failed, lnd returned: $response"
+            exit 1
+        fi
+    fi
+else
+    echo "[initunlocklnd] Wallet file doesn't exist. Initializing LND instance with new autogenerated password and seed"
+
+    # generate seed mnemonic
+    GENSEED_RESP=$(curl -s --cacert "$CA_CERT" -X GET -H $MACAROON_HEADER $LND_REST_LISTEN_HOST/v1/genseed)
+    CIPHER_ARRAY_EXTRACTED=$(echo $GENSEED_RESP | jq -c -r '.cipher_seed_mnemonic')
+
+    # using static default password per feedback, randomly generated password would still be stored in cleartext
+    WALLETPASS="hellorockstar"
+
+    # save all the the data to unlock file we'll use for future unlocks
+    RESULTJSON='{"wallet_password":"'$WALLETPASS'", "cipher_seed_mnemonic":'$CIPHER_ARRAY_EXTRACTED'}'
+    mkdir -p $LND_WALLET_DIR
+    echo $RESULTJSON > $LNDUNLOCK_FILE
+
+    # previous versions will have a default wallet password including a line feed at the end "hellorockstar\n"
+    # line feed hex code 0x0A.
+    WALLETPASS_BASE64=$(echo $WALLETPASS | tr -d '\n\r' | base64)
+    INITWALLET_REQ='{"wallet_password":"'$WALLETPASS_BASE64'", "cipher_seed_mnemonic":'$CIPHER_ARRAY_EXTRACTED'}'
+
+    # execute initwallet call
+    curl -s --cacert "$CA_CERT" -X POST -H "$MACAROON_HEADER" -d "$INITWALLET_REQ" $LND_REST_LISTEN_HOST/v1/initwallet
+fi
+
+# LND unlocked, now run Loop
+
+if [ ! -z "$LND_HOST_FOR_LOOP" ]; then
+    echo "[initunlocklnd] Preparing to start Loop"
+
+    if [ $LND_ENVIRONMENT == "regtest" ] || [ $LND_ENVIRONMENT == "signet" ]; then
+        echo "[initunlocklnd] Loop can't be started for regtest and signet"
+    elif [ -f "$MACAROON_FILE" ]; then
+        sleep 10
+
+        echo "[initunlocklnd] Starting Loop"
+        ./bin/loopd --network=$2 --lnd.macaroonpath=$MACAROON_FILE --lnd.host=$LND_HOST_FOR_LOOP --restlisten=0.0.0.0:8081 &
+    else
+        echo "[initunlocklnd] Loop can't be started without MACAROON"
+    fi
+fi
diff --git a/linuxamd64.Dockerfile b/linuxamd64.Dockerfile
diff --git a/linuxarm32v7.Dockerfile b/linuxarm32v7.Dockerfile
diff --git a/linuxarm64v8.Dockerfile b/linuxarm64v8.Dockerfile
