Merge branch 'master' into add-testnet4-support

.github/workflows/release.yml

@@ -0,0 +1,189 @@
+---
+# https://docs.corelightning.org/docs/release-checklist
+name: "Release 🚀"
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+'
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+      - 'v[0-9]+.[0-9]+[0-9a-z]+'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version'
+        required: true
+      create_release:
+        description: Create a draft release
+        default: no
+        type: choice
+        options:
+          - yes
+          - no
+
+jobs:
+  check:
+    name: Check
+    outputs:
+      version: ${{ steps.capture.outputs.version }}
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+
+      - name: Determine version
+        run: |
+          if [[ "${{ github.event.inputs.version }}" != "" ]]; then
+            VERSION="${{ github.event.inputs.version }}"
+          elif [ "${{ github.ref_type }}" == "tag" ]; then
+            VERSION="${{ github.ref_name }}"
+          else
+            echo "No release version provided and no tag found."
+            exit 1
+          fi
+          echo "VERSION=$VERSION" >> "$GITHUB_ENV"
+          echo "Determined version: $VERSION"
+
+      - name: Validate release
+        run: tools/check-release.sh --version=${VERSION}
+
+      - name: Catpure version output
+        id: capture
+        run: echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+
+  releases:
+    name: Releases
+    needs: check
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false    # Let each build finish.
+      matrix:
+        target:
+          - 'bin-Fedora-28-amd64'
+          - 'bin-Ubuntu-focal'
+          - 'bin-Ubuntu-jammy'
+          - 'bin-Ubuntu-noble'
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+
+      # tools/build-release.sh requires lowdown
+      - name: Prepare base environment
+        run: |
+          sudo apt-get install -y lowdown
+          ./configure
+
+      - name: Build environment setup
+        run: |
+          distribution=$(echo ${{ matrix.target }} | cut -d'-' -f3)
+          echo "Building base image for ${distribution}"
+          sudo docker run --rm -v $(pwd):/build ubuntu:${distribution} bash -c "\
+              apt-get update && \
+              apt-get install -y debootstrap && \
+              debootstrap ${distribution} /build/${distribution}"
+          sudo tar -C ${distribution} -c . | docker import - ${distribution}
+
+          # Build Docker image
+          docker build -t cl-repro-${distribution} - < contrib/reprobuild/Dockerfile.${distribution}
+        if: contains(matrix.target, 'Ubuntu')
+
+      - name: Build release
+        run: tools/build-release.sh ${{ matrix.target }}
+
+      - name: Upload target artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          path: release/
+          name: ${{ matrix.target }}
+          if-no-files-found: error
+
+  artifact:
+    name: Construct release artifact
+    needs:
+      - check
+      - releases
+    env:
+      version: ${{ needs.check.outputs.version }}
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Merge artifacts
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: c-lightning-${{ env.version }}
+          pattern: bin-*
+          delete-merged: true
+
+  release:
+    name: Sign and prepare release draft
+    needs:
+      - check
+      - artifact
+    env:
+      version: ${{ needs.check.outputs.version }}
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: c-lightning-${{ env.version }}
+          path: release/
+
+      - name: Import GPG keys
+        id: gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          trust_level: 5
+
+      - name: Set default GPG key
+        run: echo "default-key ${{ steps.gpg.outputs.keyid }}" >> ~/.gnupg/gpg.conf
+
+      - name: Sign release
+        run: |
+          sudo apt-get install -y lowdown
+          ./configure
+          tools/build-release.sh --without-zip sign
+          mv release/SHA256SUMS.asc${{ steps.gpg.outputs.keyid  }} release/SHA256SUMS.asc
+
+      - name: Upload signed artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: c-lightning-${{ env.version }}
+          overwrite: true
+          path: release/
+
+      - name: Determine release data
+        id: release_data
+        run: |
+          VERSION=${{ env.version }}
+          CHANGELOG_VERSION=${VERSION#v}
+          echo "CHANGELOG_VERSION=$CHANGELOG_VERSION"
+          echo "changelog_version=$CHANGELOG_VERSION" >> "$GITHUB_OUTPUT"
+
+          CHANGELOG_TITLE=$(grep "## \[${CHANGELOG_VERSION}\]" CHANGELOG.md)
+          echo "CHANGELOG_TITLE=$CHANGELOG_TITLE"
+          echo "changelog_title=$CHANGELOG_TITLE" >> "$GITHUB_OUTPUT"
+
+          RELEASE_TITLE=$(echo $CHANGELOG_TITLE | cut -d'"' -f2)
+          echo "RELEASE_TITLE=$RELEASE_TITLE"
+          echo "release_title=$RELEASE_TITLE" >> "$GITHUB_OUTPUT"
+
+      - name: Prepare release draft
+        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.create_release == 'yes')
+        uses: softprops/action-gh-release@v2
+        with:
+          name: "${{ env.version }} ${{ steps.release_data.outputs.release_title }}"
+          tag_name: ${{ env.version }}
+          draft: true
+          prerelease: contains(env.version, "-rc")
+          files: release/*
+          fail_on_unmatched_files: true

.version

@@ -1 +1 @@
-24.11rc1
+24.11rc4

CHANGELOG.md

@@ -3,35 +3,7 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## v24.11rc1 - 2024-11-26
-
-This release named by Dusty Daemon.
-
-### Added
-
- - Documentation: Test script generates all RPC documentation examples now (so they should now stay accurate and complete). ([#7756])
- - JSON-RPC: `listaddresses` to list issued addresses from the node. ([#7800])
- - Config: `autoconnect-seeker-peers`, allowing seeker to reach out to new nodes for additional gossip (default: 10). ([#7798])
- - Protocol: `option_quiesce` enabled by default. ([#7586])
- - JSON-RPC: `fetchinvoice` allows setting invreq_metadata via `payer_metadata` parameter. ([#7786])
- - hsmtool: generatehsm can run non-interactive, taking options on the cmdline. ([#7102])
- - Plugins: `pay` now has tracing support for various payment steps. ([#7803])
- - JSON-RPC: `exposesecret` command for encouraging hsm_secret backups. ([#7647])
- - JSON-RPC: `listpays` has `index`, `start` and `limit` parameters for listing control. ([#7385])
- - Plugins: bookkeeper has a new RPC `bkpr-editdescriptionbypaymentid` which will update the description for any event with matching payment_id ([#7604])
- - Config: `grpc-host` option for grpc plugin ([#7479])
- - JSON-RPC: A new magic `dev-splice` command is added that can take a ‘splice script’ or json payload and perform any complex splice across multiple channels merging the result into a single transaction. Some features are disabled and will be added in time. ([#6980])
- - JSON-RPC: low-level RPC command `addpsbtinput` to fund PSBTs directly and help with complex splices & dual-opens. ([#6980])
- - JSON-RPC: `stfu_channels` and `abort_channels` are added for bulk multi-channel splice commands. These allow the user to pause (and resume) multiple channels in place. ([#6980])
- - JSON-RPC: `injectpaymentonion` for initiating an HTLC like a peer would do. ([#7749])
- - Documentation: Example documentation on generating custom gRPC ([#7731])
- - Installation: Nix users can now install CLN from the new flake. ([#7656])
- - JSON-RPC: `decode` now used modern BOLT 4 language for blinded paths, `first_path_key`. ([#7586])
- - Plugins: `onion_message_recv` and `onion_message_recv_secret` hooks now used modern BOLT 4 language for blinded paths, `first_path_key`. ([#7586])
- - JSON-RPC: keysend `maxfee` parameter for consistency with pay. ([#7227]) ([#7653])
- - `hsmtool`: `getnodeid` command derives the node id from the hsm_secret, to verify it's the correct secret. ([#7644])
-
-## v24.11rc1 - 2024-11-26
+## [24.11rc4] - 2024-12-02: "The lightning-dev Mailing List"
 
 This release named by Dusty Daemon.
 
@@ -43,6 +15,7 @@ This release named by Dusty Daemon.
  - JSON-RPC: `fetchinvoice` allows setting invreq_metadata via `payer_metadata` parameter. ([#7786])
  - hsmtool: generatehsm can run non-interactive, taking options on the cmdline. ([#7102])
  - Plugins: `pay` now has tracing support for various payment steps. ([#7803])
+ - Plugins: new notification `onionmessage_forward_fail`.
  - JSON-RPC: `exposesecret` command for encouraging hsm_secret backups. ([#7647])
  - JSON-RPC: `listpays` has `index`, `start` and `limit` parameters for listing control. ([#7385])
  - Plugins: bookkeeper has a new RPC `bkpr-editdescriptionbypaymentid` which will update the description for any event with matching payment_id ([#7604])
@@ -64,12 +37,16 @@ This release named by Dusty Daemon.
  - Plugins: grpc now starts on port 9736 by default (localhost, see `grpc-host`) ([#7479])
  - Config: bolt12 now enabled by default (finally!) ([#7833])
  - Protocol: we now connect to additional nodes for improved gossip (see `autoconnect-seeker-peers`) ([#7798])
+ - Protocol: Own-channel gossip is broadcast to more peers (up to 50, not 5). ([#7873])
+ - Build: Added architecture identifier to Ubuntu release ([#7797])
+ - Logging: connectd now logs unknown messages as "UNKNOWN" not "INVALID" to avoid freaking people out. ([#7892])
  - Protocol: we now create a low-priority (2016 down to 12 blocks fee target) anchor for low-fee unilateral closes even if there's no urgency. ([#7832])
  - Protocol: splicing moved from test numbers to spec numbers. ([#7719])
  - Protocol: Support added for peers that wish to rotate their funding pubkey during a splice. ([#7719])
  - Startup: reconnecting to peers at startup should be significantly faster (dependent on machine speed). ([#7630])
  - Protocol: we remember the last successful address we connected to for important peers. ([#7630])
  - Protocol: Gossipd requests a full sync from a random peer every hour. ([#7768])
+ - JSON-RPC: `injectonionmessage` API simplified and documented.
  - JSON-RPC: Improved error messaging for splice commands. ([#7719])
  - JSON-RPC: built-in plugins can now be stopped using "plugin stop". ([#7799])
  - Wallet: Taproot addresses are used for unilateral-close change addresses. ([#7800])
@@ -94,6 +71,7 @@ Note: You should always set `allow-deprecated-apis=false` to test for changes.
 
 ### Fixed
 
+ - JSON-RPC: `decode` refused to decode expired bolt12 invoices. ([#7890])
  - JSON-RPC: `listforwards` `received-time` is always present (it could be missing for ancient nodes, now it will be 0) ([#7744])
  - Plugins: `cln-grpc` now understands channel type `anchors/even` ([#7628])
  - Plugins: `cln-grpc` no longer logs a warning if a notification does not have a handler ([#7867])
@@ -123,6 +101,7 @@ Note: You should always set `allow-deprecated-apis=false` to test for changes.
  - lightningd: no longer crash if a plugin dies during lightningd startup. ([#7673])
  - cln-plugin: Change default log level filter back to INFO ([#7668])
  - Logging: removed bogus "**BROKEN** plugin-topology: DEPRECATED API USED: listchannels.include_private" message. ([#7663])
+ - Logging: When DEBUG printing first tx depth, we printed the wrong value ([#7910])
  - Documentation: schemas: Make description in `Wait(any)invoiceResponse` optional to handle BOLT12 ([#7667])
  - Fixed intermittant bug where hsmd (particularly, but also lightningd) could use 100% CPU. ([#7661])
  - Docker image created via github actions correctly reads the tag available on the HEAD. ([#7625])
@@ -196,7 +175,12 @@ Note: You should always set `allow-deprecated-apis=false` to test for changes.
 [#7740]: https://github.com/ElementsProject/lightning/pull/7740
 [#7704]: https://github.com/ElementsProject/lightning/pull/7704
 [#7756]: https://github.com/ElementsProject/lightning/pull/7756
-[24.11rc1]: https://github.com/ElementsProject/lightning/releases/tag/v24.11rc1
+[#7873]: https://github.com/ElementsProject/lightning/pull/7873
+[#7890]: https://github.com/ElementsProject/lightning/pull/7890
+[#7797]: https://github.com/ElementsProject/lightning/pull/7797
+[#7892]: https://github.com/ElementsProject/lightning/pull/7892
+[#7910]: https://github.com/ElementsProject/lightning/pull/7910
+[24.11rc4]: https://github.com/ElementsProject/lightning/releases/tag/v24.11rc4
 
 
 ## [24.08.2] - 2024-10-18: "Steel Backed-up Channels"

channeld/full_channel.c

@@ -1658,13 +1658,13 @@ bool channel_force_htlcs(struct channel *channel,
 
 const char *channel_add_err_name(enum channel_add_err e)
 {
-	static char invalidbuf[sizeof("INVALID ") + STR_MAX_CHARS(e)];
+	static char invalidbuf[sizeof("UNKNOWN ") + STR_MAX_CHARS(e)];
 
 	for (size_t i = 0; enum_channel_add_err_names[i].name; i++) {
 		if (enum_channel_add_err_names[i].v == e)
 			return enum_channel_add_err_names[i].name;
 	}
-	snprintf(invalidbuf, sizeof(invalidbuf), "INVALID %i", e);
+	snprintf(invalidbuf, sizeof(invalidbuf), "UNKNOWN %i", e);
 	return invalidbuf;
 }
 

common/bolt12.c

@@ -489,7 +489,6 @@ struct tlv_invoice *invoice_decode(const tal_t *ctx,
 				   char **fail)
 {
 	struct tlv_invoice *invoice;
-	u64 expiry, now;
 
 	invoice = invoice_decode_minimal(ctx, b12, b12len, our_features,
 					 must_be_chain, fail);
@@ -527,27 +526,6 @@ struct tlv_invoice *invoice_decode(const tal_t *ctx,
 		return tal_free(invoice);
 	}
 
-	/* BOLT-offers #12:
-	 * - if `invoice_relative_expiry` is present:
-	 *   - MUST reject the invoice if the current time since 1970-01-01 UTC
-	 *     is greater than `invoice_created_at` plus `seconds_from_creation`.
-	 * - otherwise:
-	 *   - MUST reject the invoice if the current time since 1970-01-01 UTC
-	 *     is greater than `invoice_created_at` plus 7200.
-	 */
-	if (invoice->invoice_relative_expiry)
-		expiry = *invoice->invoice_relative_expiry;
-	else
-		expiry = 7200;
-	now = time_now().ts.tv_sec;
-	/* If it overflows, it's forever */
-	if (!add_overflows_u64(*invoice->invoice_created_at, expiry)
-	    && now > *invoice->invoice_created_at + expiry) {
-		*fail = tal_fmt(ctx, "expired %"PRIu64" seconds ago",
-				now - (*invoice->invoice_created_at + expiry));
-		return tal_free(invoice);
-	}
-
 	/* BOLT-offers #12:
 	 * - MUST reject the invoice if `invoice_paths` is not present or is
 	 *   empty. */
@@ -583,6 +561,30 @@ struct tlv_invoice *invoice_decode(const tal_t *ctx,
 	return invoice;
 }
 
+u64 invoice_expiry(const struct tlv_invoice *invoice)
+{
+	u64 expiry;
+
+	/* BOLT-offers #12:
+	 * - if `invoice_relative_expiry` is present:
+	 *   - MUST reject the invoice if the current time since 1970-01-01 UTC
+	 *     is greater than `invoice_created_at` plus `seconds_from_creation`.
+	 * - otherwise:
+	 *   - MUST reject the invoice if the current time since 1970-01-01 UTC
+	 *     is greater than `invoice_created_at` plus 7200.
+	 */
+	if (invoice->invoice_relative_expiry)
+		expiry = *invoice->invoice_relative_expiry;
+	else
+		expiry = 7200;
+
+	/* If it overflows, it's forever */
+	if (add_overflows_u64(*invoice->invoice_created_at, expiry))
+		return UINT64_MAX;
+
+	return *invoice->invoice_created_at + expiry;
+}
+
 static bool bolt12_has_invoice_prefix(const char *str)
 {
 	return strstarts(str, "lni1") || strstarts(str, "LNI1");

common/bolt12.h

@@ -75,13 +75,17 @@ char *invoice_encode(const tal_t *ctx, const struct tlv_invoice *bolt12_tlv);
  * is not expired).  It also checks signature.
  *
  * Note: blinded path features need to be checked by the caller before use!
+ * Note: expiration must be check by caller before use!
  */
 struct tlv_invoice *invoice_decode(const tal_t *ctx,
 				   const char *b12, size_t b12len,
 				   const struct feature_set *our_features,
 				   const struct chainparams *must_be_chain,
 				   char **fail);
 
+/* UINT64_MAX if no expiry. */
+u64 invoice_expiry(const struct tlv_invoice *invoice);
+
 /* This one only checks it decides, and optionally is correct chain/features */
 struct tlv_invoice *invoice_decode_minimal(const tal_t *ctx,
 					   const char *b12, size_t b12len,