diff --git a/loopd/config.go b/loopd/config.go index 4237bbf..4b2ed38 100644 --- a/loopd/config.go +++ b/loopd/config.go @@ -5,6 +5,7 @@ import ( "crypto/x509" "fmt" "os" + "path" "path/filepath" "time" @@ -46,6 +47,10 @@ var ( defaultSelfSignedOrganization = "loop autogenerated cert" + // defaultLndMacaroon is the default macaroon file we use if the old, + // deprecated --lnd.macaroondir config option is used. + defaultLndMacaroon = "admin.macaroon" + // DefaultTLSCertPath is the default full path of the autogenerated TLS // certificate. DefaultTLSCertPath = filepath.Join( @@ -70,9 +75,20 @@ var ( ) type lndConfig struct { - Host string `long:"host" description:"lnd instance rpc address"` - MacaroonDir string `long:"macaroondir" description:"Path to the directory containing all the required lnd macaroons"` - TLSPath string `long:"tlspath" description:"Path to lnd tls certificate"` + Host string `long:"host" description:"lnd instance rpc address"` + + // MacaroonDir is the directory that contains all the macaroon files + // required for the remote connection. + MacaroonDir string `long:"macaroondir" description:"DEPRECATED: Use macaroonpath."` + + // MacaroonPath is the path to the single macaroon that should be used + // instead of needing to specify the macaroon directory that contains + // all of lnd's macaroons. The specified macaroon MUST have all + // permissions that all the subservers use, otherwise permission errors + // will occur. + MacaroonPath string `long:"macaroonpath" description:"The full path to the single macaroon to use, either the admin.macaroon or a custom baked one. Cannot be specified at the same time as macaroondir. A custom macaroon must contain ALL permissions required for all subservers to work, otherwise permission errors will occur."` + + TLSPath string `long:"tlspath" description:"Path to lnd tls certificate"` } type loopServerConfig struct { @@ -235,6 +251,30 @@ func Validate(cfg *Config) error { return err } + // Make sure only one of the macaroon options is used. + switch { + case cfg.Lnd.MacaroonPath != "" && cfg.Lnd.MacaroonDir != "": + return fmt.Errorf("use --lnd.macaroonpath only") + + case cfg.Lnd.MacaroonDir != "": + // With the new version of lndclient we can only specify a + // single macaroon instead of all of them. If the old + // macaroondir is used, we use the admin macaroon located in + // that directory. + cfg.Lnd.MacaroonPath = path.Join( + lncfg.CleanAndExpandPath(cfg.Lnd.MacaroonDir), + defaultLndMacaroon, + ) + + case cfg.Lnd.MacaroonPath != "": + cfg.Lnd.MacaroonPath = lncfg.CleanAndExpandPath( + cfg.Lnd.MacaroonPath, + ) + + default: + return fmt.Errorf("must specify --lnd.macaroonpath") + } + return nil } diff --git a/loopd/run.go b/loopd/run.go index 1503632..599e796 100644 --- a/loopd/run.go +++ b/loopd/run.go @@ -90,7 +90,7 @@ func newListenerCfg(config *Config, rpcCfg RPCConfig) *listenerCfg { svcCfg := &lndclient.LndServicesConfig{ LndAddress: cfg.Host, Network: network, - MacaroonDir: cfg.MacaroonDir, + CustomMacaroonPath: cfg.MacaroonPath, TLSPath: cfg.TLSPath, CheckVersion: LoopMinRequiredLndVersion, BlockUntilChainSynced: true, diff --git a/release_notes.md b/release_notes.md index a6c8805..c5ee3dd 100644 --- a/release_notes.md +++ b/release_notes.md @@ -17,7 +17,13 @@ This file tracks release notes for the loop client. #### New Features * If lnd is locked when the loop client starts up, it will wait for lnd to be - unlocked. Previous versions would exit with an error. + unlocked. Previous versions would exit with an error. +* Loop will no longer need all `lnd` subserver macaroons to be present in the + `--lnd.macaroondir`. Instead the new `--lnd.macaroonpath` option can be + pointed to a single macaroon, for example the `admin.macaroon` or a custom + baked one with the exact permissions needed for Loop. If the now deprecated + flag/option `--lnd.macaroondir` is used, it will fall back to use only the + `admin.macaroon` from that directory. #### Breaking Changes * The `AutoOut`, `AutoOutBudgetSat` and `AutoOutBudgetStartSec` fields in the