feat: change master password

[sangaman]

This adds the ability to change the master password of an existing xud node. Changing the password re-encrypts the node key on disk and queues password changes for all lnd wallets.

Lnd does not currently offer the ability to change the password of an unlocked, running instance. Instead lnd can only change its password right after being started while it is still locked. Xud therefore saves the old password for each lnd wallet to the xud database and encrypts the old password using the new passwords. On subsequent unlocks of xud, when we go to unlock lnd wallets we first check whether we have any old passwords in the database corresponding to any lnd wallets. If we do, we decrypt the old password and change the password for lnd, which in turn will unlock lnd.

Closes #1981.

Note that this also introduces a framework for tracking a database's version and migrating from one version to the next when the database schema needs to be modified. The migrations consist of an array of methods that each are responsible for upgrading from a particular version, and they are run in sequence when we detect that the current database version is lower than the latest version.

The xucli command is changepass.

[raladev]

• Enter a password: change to Enter new password:
• add sentence after password changing lnd restart is required to Apply change to lnd.
• it would be good to support conception of password changing -> Enter old password -> Enter new password -> Re-enter new password. I dont like the idea that anyone can change password without any additional data if node is unlocked (even if anyone can withdraw all crypto if node is unlocked :) ).
• suggestion: make wrapper on xud-docker side for changepass call that will restart lnds automatically;
• got err when tried to unlock the node after password changing + my lnd were not unlocked on xud unlock (I unlocked it manually using old password)

Steps:

1. bash xud.sh -b pwd
2. create wallet, wait for channels (if u have no, i used old env)
3. changepass ->set new pass
4. down (stop and remove all containers)
5. bash xud.sh -b pwd - start env again -> create new containers

utils output:

Enter master xud password: 
Error: 2 UNKNOWN: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length

Enter master xud password: 
xud is running and unlocked, try checking its status with 'xucli getinfo'

Enter master xud password: 
Ctr+C
simnet > status
┌─────────┬──────────────────────────────────────────────────┐
│ SERVICE │ STATUS                                           │
├─────────┼──────────────────────────────────────────────────┤
│ lndbtc  │ Wallet locked. Unlock with xucli unlock.         │
├─────────┼──────────────────────────────────────────────────┤
│ lndltc  │ Wallet locked. Unlock with xucli unlock.         │
├─────────┼──────────────────────────────────────────────────┤
│ connext │ Starting...                                      │
├─────────┼──────────────────────────────────────────────────┤
│ xud     │ Waiting for lndbtc, lndltc, connext              │
└─────────┴──────────────────────────────────────────────────┘
simnet > 

xud logs

26/11/2020 12:32:51.422 [RPC] error: call /xudrpc.Xud/GetInfo errored with code 12: xud is locked
26/11/2020 12:32:52.143 [RPC] error: call /xudrpc.Xud/GetInfo errored with code 12: xud is locked
26/11/2020 12:33:10.284 [RPC] error: call /xudrpc.XudInit/UnlockNode errored with code 3: password is incorrect
26/11/2020 12:33:14.296 [GLOBAL] info: Local nodePubKey is 0343722e976e24e2115199822316d99773e2d12b68c2d152e6b298490274fcee9a
26/11/2020 12:33:14.309 [RPC] error: call /xudrpc.XudInit/UnlockNode errored with code 2: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length
26/11/2020 12:33:14.313 [P2P] info: Connecting to simnet XU network
26/11/2020 12:33:14.317 [P2P] info: p2p server listening on 0.0.0.0:28885
26/11/2020 12:33:14.318 [P2P] debug: Verifying reachability of advertised address: zd7v22z76zqemn3w6krjb6rb34chtrhbvqquabwixkhsubfwutciy4id.onion:28885
26/11/2020 12:33:14.336 [P2P] info: Connecting to known / previously connected peers
26/11/2020 12:33:14.337 [P2P] debug: creating new outbound socket connection to xud1.simnet.exchangeunion.com:28885
26/11/2020 12:33:14.339 [P2P] debug: creating new outbound socket connection to xud.kilrau.com:28885

lndbtc logs:

2020-11-26 12:32:48.111 [DBG] BTCN: Received headers (num 0) from 35.231.222.142:38555 (outbound)
2020-11-26 12:32:48.513 [DBG] BTCN: Received cfheaders (stop_hash=05060bf2ecd36d91fa5c6725083f0e2ebe22185218d5a860fdeac8002fd23373, num_filter_hashes=5) from 35.231.222.142:38555 (outbound)
2020-11-26 12:32:48.513 [DBG] BTCN: Writing filter headers up to height=219523, hash=05060bf2ecd36d91fa5c6725083f0e2ebe22185218d5a860fdeac8002fd23373, new_tip=9780b3ecd08b43c849b988f65a0dbb9ebfcd028a5c6f634a4d4bc20801f8d7eb
2020-11-26 12:33:23.851 [DBG] BTCN: Received inv (block 5168825a08e70a11da7298205c0214f94fb1483c46404d9c97c3860ce7f4e326) from 35.231.222.142:38555 (outbound)
2020-11-26 12:33:23.851 [DBG] BTCN: Sending getheaders (locator 05060bf2ecd36d91fa5c6725083f0e2ebe22185218d5a860fdeac8002fd23373, stop 5168825a08e70a11da7298205c0214f94fb1483c46404d9c97c3860ce7f4e326) to 35.231.222.142:38555 (outbound)
2020-11-26 12:33:24.066 [DBG] BTCN: Received headers (num 1) from 35.231.222.142:38555 (outbound)
2020-11-26 12:33:24.066 [INF] BTCN: Processed 6 blocks in the last 38.09s (height 219524, 2020-11-26 12:33:23 +0000 UTC)
2020-11-26 12:33:24.072 [DBG] BTCN: Sending getheaders (locator 5168825a08e70a11da7298205c0214f94fb1483c46404d9c97c3860ce7f4e326, stop 0000000000000000000000000000000000000000000000000000000000000000) to 35.231.222.142:38555 (outbound)

lnd unlocking:

simnet > lndbtc-lncli unlock
Input wallet password: (new xud password)
[lncli] rpc error: code = Unknown desc = invalid passphrase for master public key
simnet > lndbtc-lncli unlock
Input wallet password: (old xud password)

lnd successfully unlocked!
simnet > 

[kilrau]

add sentence after password changing lnd restart is required to Apply change to lnd.

Not needed since lnd is in unlocked state in this moment and continues to be fully functioning. Next time the environment/lnd restarts, the new password is active, I don't see any reason to trigger a restart / ask the user to restart lnd (and this is probably also the reason why the lightning labs team decided not to do that on lnd).

it would be good to support conception of password changing -> Enter old password -> Enter new password -> Re-enter new password. I dont like the idea that anyone can change password without any additional data if node is unlocked (even if anyone can withdraw all crypto if node is unlocked :) ).

Yep, agree (and lnd requires current password first too, it's convention):

lncli changepassword
Input current wallet password: 
Input new wallet password: 
Confirm new wallet password: 

suggestion: make wrapper on xud-docker side for changepass call that will restart lnds automatically;

As i said above, don't think that's needed.

got err when tried to unlock the node after password changing + my lnd were not unlocked on xud unlock (I unlocked it manually using old password)

Just to be clear what happened @sangaman : Roman used changepass of a running xud-docker env, which seemingly succeeded, then downed the env, borught it up again and unlocked with the new password. xud unlocked with new password, lnd didn't. Manually unlocking lnd with the OLD password worked. So somehow that password change for lnd covertly failed - that is the major bug to be fixed.

[sangaman]

add sentence after password changing lnd restart is required to Apply change to lnd.

Not needed since lnd is in unlocked state in this moment and continues to be fully functioning. Next time the environment/lnd restarts, the new password is active, I don't see any reason to trigger a restart / ask the user to restart lnd (and this is probably also the reason why the lightning labs team decided not to do that on lnd).

This was more or less what I thought, since we're not expecting the user to be unlocking lnd manually I didn't think a message was necessary. I did think about possibly adding a message like "lnd passwords will be changed next time xud is unlocked" maybe, thoughts?

it would be good to support conception of password changing -> Enter old password -> Enter new password -> Re-enter new password. I dont like the idea that anyone can change password without any additional data if node is unlocked (even if anyone can withdraw all crypto if node is unlocked :) ).

I skipped this step because the original password is already needed to unlock xud before changing the password is allowed, but I can add it in since both you and kilrau thought this.

I'm looking into why the lnd passwords weren't changed now.

[kilrau]

I did think about possibly adding a message like "lnd passwords will be changed next time xud is unlocked" maybe, thoughts?

👍

I skipped this step because the original password is already needed to unlock xud before changing the password is allowed, but I can add it in since both you and kilrau thought this.

Yes, for the sake of being in line with lnd and others

[sangaman]

Feedback applied and the bug with changing lnd password was fixed, apparently taking the encrypted bytes and converting them to utf8, then back to bytes before decrypting doesn't work. But using base64 does work. I'm storing the old password in the database as encrypted text, so now it's base64 text instead of utf8. Tested in my docker setup and lnd passwords change successfully.

Changing the password now requires the old password as well and a message of passwords for lnd wallets will be changed the next time xud is restarted and unlocked is printed in the cli after a successful password change,

[raladev]

• i did not get new string - passwords for lnd wallets will be changed the next time xud is restarted and unlocked

simnet > changepass
You are changing the master password for xud and underlying wallets.
Enter old password: 
Enter new password: 
Re-enter password: 

success

• now, after password changing and restart my lnds have such status (use steps from previous comment, also u can use pwd2 branch of xud-docker to try - bash xud.sh -b pwd2)

 2 UNKNOWN: verification failed: signature mismatch after caveat verification

xud logs:

27/11/2020 12:33:16.285 [LND-BTC] info: new status: Unlocked
27/11/2020 12:33:16.285 [LND-BTC] info: password changed & wallet unlocked
27/11/2020 12:33:16.318 [LND-LTC] info: new status: Unlocked
27/11/2020 12:33:16.318 [LND-LTC] info: password changed & wallet unlocked
27/11/2020 12:33:18.018 [CONNEXT] info: trying to verify connection to connext
27/11/2020 12:33:18.392 [CONNEXT] error: connext server error 500: Internal Server Error
27/11/2020 12:33:18.394 [CONNEXT] error: could not verify connection to connext, retrying in 5000 ms: 8.5 - connext server error 500: Internal Server Error
27/11/2020 12:33:18.840 [P2P] debug: Connected pre-handshake to 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268@ntnfdfyugluvt5eh2yhuftpuobfmkzhtnye7akhu32ahnophi3ddzsad.onion:28885
27/11/2020 12:33:19.021 [P2P] debug: Peer 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268@ntnfdfyugluvt5eh2yhuftpuobfmkzhtnye7akhu32ahnophi3ddzsad.onion:28885 session in-encryption enabled
27/11/2020 12:33:19.069 [P2P] debug: Peer 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268 (MessageNaive) session out-encryption enabled
27/11/2020 12:33:19.070 [P2P] verbose: opened connection to 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268 (MessageNaive) at ntnfdfyugluvt5eh2yhuftpuobfmkzhtnye7akhu32ahnophi3ddzsad.onion:28885
27/11/2020 12:33:19.383 [P2P] verbose: received 3 nodes (0 new) from 0364c3631630feb6def6a89f7c14ba76bc755572e4680e1518d5ff3819f3ee9268 (MessageNaive)
27/11/2020 12:33:20.088 [P2P] debug: received order bb5155b0-30ac-11eb-ac6b-c10519dd9b23 for deactivated trading pair
27/11/2020 12:33:20.089 [P2P] debug: received order bb51a3d0-30ac-11eb-ac6b-c10519dd9b23 for deactivated trading pair
27/11/2020 12:33:20.660 [LND-LTC] info: trying to verify connection to lnd at lndltc:10009
27/11/2020 12:33:20.660 [LND-BTC] info: trying to verify connection to lnd at lndbtc:10009
27/11/2020 12:33:20.666 [LND-BTC] error: could not verify connection at lndbtc:10009, error: {"code":2,"metadata":{"_internal_repr":{},"flags":0},"details":"verification failed: signature mismatch after caveat verification"}, retrying in 5000 ms
27/11/2020 12:33:20.669 [LND-LTC] error: could not verify connection at lndltc:10009, error: {"code":2,"metadata":{"_internal_repr":{},"flags":0},"details":"verification failed: signature mismatch after caveat verification"}, retrying in 5000 ms
Nov 27 12:33:22.000 [notice] Closed 1 streams for service [scrubbed].onion for reason resolve failed. Fetch status: No more HSDir available to query.
27/11/2020 12:33:22.525 [P2P] warn: could not open connection to outbound peer (025b2b4bfc5fef0bb164a60d29355828bffd4bf33378d88fbf5613f9397e3c5fea@u3bpgzigngvf4h37jk6ie2rv6ixvpsyppq57fwvs2zg6cagwzvuobxad.onion:28885): could not connect to peer at u3bpgzigngvf4h37jk6ie2rv6ixvpsyppq57fwvs2zg6cagwzvuobxad.onion:28885: Socks5 proxy rejected connection - HostUnreachable
27/11/2020 12:33:22.526 [P2P] debug: creating new outbound socket connection to u3bpgzigngvf4h37jk6ie2rv6ixvpsyppq57fwvs2zg6cagwzvuobxad.onion:28885
27/11/2020 12:33:23.289 [LND-BTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification
    at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15)
    at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28)
    at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42)
    at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8)
    at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24)
27/11/2020 12:33:23.290 [LND-LTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification
    at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15)
    at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28)
    at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42)
    at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8)
    at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24)
27/11/2020 12:33:23.294 [CONNEXT] error: connext server error 500: Internal Server Error
27/11/2020 12:33:23.357 [LND-BTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification
    at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15)
    at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28)
    at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42)
    at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8)
    at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24)
27/11/2020 12:33:23.357 [LND-LTC] error: getinfo error: Error: 2 UNKNOWN: verification failed: signature mismatch after caveat verification
    at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15)
    at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1209:28)
    at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42)
    at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8)
    at callback (/app/node_modules/grpc/src/client_interceptors.js:847:24)
27/11/2020 12:33:23.360 [CONNEXT] error: connext server error 500: Internal Server Error

lndbtc logs (found nothing in it):

2020-11-27 12:33:16.338 [INF] LTND: Primary chain is set to: bitcoin
2020-11-27 12:33:17.012 [INF] LNWL: Opened wallet
2020-11-27 12:33:17.668 [INF] LNWL: The wallet has been unlocked without a time limit
2020-11-27 12:33:17.668 [INF] LTND: LightningWallet opened
2020-11-27 12:33:17.668 [DBG] LNWL: Birthday block has already been verified: height=215521, hash=0a8cb167f7ff20651ca82fba3348e1619cc92393bc9bce3fe9af39e8203ed339
2020-11-27 12:33:17.668 [DBG] LNWL: Waiting for chain backend to sync to tip
2020-11-27 12:33:17.671 [INF] SRVR: Proxying all network traffic via Tor (stream_isolation=true)! NOTE: Ensure the backend node is proxying over Tor as well
2020-11-27 12:33:17.672 [INF] HSWC: Restoring in-memory circuit state from disk
2020-11-27 12:33:17.672 [INF] HSWC: Payment circuits loaded: num_pending=0, num_open=0
2020-11-27 12:33:17.672 [INF] HSWC: Trimming open circuits for chan_id=219599:1:0, start_htlc_id=0
2020-11-27 12:33:17.675 [DBG] CRTR: Instantiating mission control with config: PenaltyHalfLife=1h0m0s, AprioriHopProbability=0.6, AprioriWeight=0.5
2020-11-27 12:33:17.675 [DBG] CRTR: Mission control state reconstruction started
2020-11-27 12:33:17.675 [DBG] CRTR: Mission control state reconstruction finished: n=0, time=4.853µs
2020-11-27 12:33:17.675 [DBG] SRVR: Instantiating payment session source with config: PaymentAttemptPenalty=100, MinRouteProbability=0.01
2020-11-27 12:33:17.687 [DBG] CHBU: Crafting backup for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0)
2020-11-27 12:33:17.687 [INF] LTND: Channel backup proxy channel notifier starting
2020-11-27 12:33:17.687 [INF] ATPL: Instantiating autopilot with active=false, max_channels=5, allocation=0.600000, min_chan_size=20000, max_chan_size=16777215, private=false, min_confs=1, conf_target=3
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: SignRPC
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: WalletKitRPC
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: AutopilotRPC
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: ChainRPC
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: InvoicesRPC
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: RouterRPC
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: WatchtowerRPC
2020-11-27 12:33:17.687 [DBG] LTND: Populating dependencies for sub RPC server: WatchtowerClientRPC
2020-11-27 12:33:17.687 [DBG] SGNR: Signer RPC server successfully register with root gRPC server
2020-11-27 12:33:17.687 [DBG] ARPC: Autopilot RPC server successfully register with root gRPC server
2020-11-27 12:33:17.687 [DBG] RPCS: WatchtowerClient RPC server successfully registered with  root gRPC server
2020-11-27 12:33:17.687 [DBG] RRPC: Router RPC server successfully register with root gRPC server
2020-11-27 12:33:17.687 [DBG] NTFR: ChainNotifier RPC server successfully register with root gRPC server
2020-11-27 12:33:17.687 [DBG] IRPC: Invoices RPC server successfully registered with root gRPC server
2020-11-27 12:33:17.687 [DBG] VRPC: Versioner RPC server successfully registered with root gRPC server
2020-11-27 12:33:17.687 [DBG] WLKT: WalletKit RPC server successfully registered with root gRPC server
2020-11-27 12:33:17.687 [DBG] RPCS: Starting sub RPC server: SignRPC
2020-11-27 12:33:17.687 [DBG] RPCS: Starting sub RPC server: AutopilotRPC
2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: WatchtowerRPC
2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: WatchtowerClientRPC
2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: RouterRPC
2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: ChainRPC
2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: InvoicesRPC
2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: VersionRPC
2020-11-27 12:33:17.688 [DBG] RPCS: Starting sub RPC server: WalletKitRPC
2020-11-27 12:33:17.688 [INF] RPCS: RPC server listening on 0.0.0.0:10009
2020-11-27 12:33:17.688 [DBG] SGNR: Signer REST server successfully registered with root REST server
2020-11-27 12:33:17.688 [DBG] ARPC: Autopilot REST server successfully registered with root REST server
2020-11-27 12:33:17.688 [DBG] RRPC: Router REST server successfully registered with root REST server
2020-11-27 12:33:17.688 [DBG] NTFR: ChainNotifier REST server successfully registered with root REST server
2020-11-27 12:33:17.688 [DBG] IRPC: Invoices REST server successfully registered with root REST server
2020-11-27 12:33:17.688 [DBG] VRPC: Versioner REST server successfully registered with root REST server
2020-11-27 12:33:17.688 [DBG] WLKT: WalletKit REST server successfully registered with root REST server
2020-11-27 12:33:17.688 [INF] LTND: Waiting for chain backend to finish sync, start_height=220956
2020-11-27 12:33:17.688 [INF] RPCS: gRPC proxy started at 0.0.0.0:8080
2020-11-27 12:33:18.669 [DBG] LNWL: Chain backend synced to tip!
2020-11-27 12:33:18.714 [DBG] BTCN: Starting rescan from known block 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca)
2020-11-27 12:33:18.715 [INF] BTCN: Registering block subscription: id=2
2020-11-27 12:33:18.715 [DBG] BTCN: Delivering backlog of block notifications: id=2, start_height=220956, end_height=220956
2020-11-27 12:33:18.715 [DBG] BTCN: Rescan became current at 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca), subscribing to block notifications
2020-11-27 12:33:18.722 [INF] LNWL: Started rescan from block 1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f (height 220953) for 0 addresses
2020-11-27 12:33:18.722 [INF] BTCN: Canceling block subscription: id=2
2020-11-27 12:33:18.722 [DBG] BTCN: Starting rescan from known block 220953 (1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f)
2020-11-27 12:33:18.722 [INF] LNWL: Catching up block hashes to height 220954, this might take a while
2020-11-27 12:33:18.722 [INF] BTCN: Registering block subscription: id=3
2020-11-27 12:33:18.722 [DBG] BTCN: Delivering backlog of block notifications: id=3, start_height=220956, end_height=220956
2020-11-27 12:33:18.722 [DBG] BTCN: Rescan became current at 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca), subscribing to block notifications
2020-11-27 12:33:18.723 [INF] LNWL: Done catching up block hashes
2020-11-27 12:33:18.723 [INF] LNWL: Rescanned through block 1488167ea6eb3ba2c467a4140527f7687f9bcf31fc9c9ceb7776cc6f53301d6c (height 220954)
2020-11-27 12:33:18.725 [INF] LNWL: Catching up block hashes to height 220956, this might take a while
2020-11-27 12:33:18.726 [INF] LNWL: Done catching up block hashes
2020-11-27 12:33:18.726 [INF] LNWL: Finished rescan for 0 addresses (synced to block 4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca, height 220956)
2020-11-27 12:33:19.689 [INF] LTND: Chain backend is fully synced (end_height=220956)!
2020-11-27 12:33:19.689 [WRN] HLCK: check: chain backend configured with 0 attempts, skipping it
2020-11-27 12:33:19.689 [WRN] HLCK: check: disk space configured with 0 attempts, skipping it
2020-11-27 12:33:19.690 [INF] PRNF: PeerNotifier starting
2020-11-27 12:33:19.690 [DBG] BTCN: Starting rescan from known block 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca)
2020-11-27 12:33:19.690 [INF] BTCN: Registering block subscription: id=4
2020-11-27 12:33:19.690 [DBG] BTCN: Delivering backlog of block notifications: id=4, start_height=220956, end_height=220956
2020-11-27 12:33:19.690 [DBG] BTCN: Rescan became current at 220956 (4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca), subscribing to block notifications
2020-11-27 12:33:19.693 [INF] HSWC: Starting HTLC Switch
2020-11-27 12:33:19.693 [INF] NTFN: New block epoch subscription
2020-11-27 12:33:19.693 [INF] NTFN: New block epoch subscription
2020-11-27 12:33:19.696 [INF] NTFN: New block epoch subscription
2020-11-27 12:33:19.696 [INF] NTFN: New block epoch subscription
2020-11-27 12:33:19.698 [INF] CNCT: Creating ChannelArbitrators for 1 active channels
2020-11-27 12:33:19.698 [DBG] CNCT: New ChainEventSubscription(id=0) for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0)
2020-11-27 12:33:19.698 [INF] NTFN: New block epoch subscription
2020-11-27 12:33:19.698 [DBG] CNCT: Starting chain watcher for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0)
2020-11-27 12:33:19.698 [DBG] NTFN: Using height hint 220953 retrieved from cache for outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81 instead of 219599
2020-11-27 12:33:19.698 [INF] NTFN: New spend subscription: spend_id=1, outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81, height_hint=220953
2020-11-27 12:33:19.699 [INF] NTFN: Dispatching historical spend rescan for outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81, start=220953, end=220956
2020-11-27 12:33:19.699 [DBG] BTCN: Enqueuing request for 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0 with birth height 220953
2020-11-27 12:33:19.699 [INF] CNCT: Close observer for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) active
2020-11-27 12:33:19.699 [DBG] CNCT: Starting ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0), htlc_set=(map[contractcourt.HtlcSetKey]contractcourt.htlcSet) (len=2) {
 (contractcourt.HtlcSetKey) LocalHtlcSet: (contractcourt.htlcSet) {
  incomingHTLCs: (map[uint64]channeldb.HTLC) {
  },
  outgoingHTLCs: (map[uint64]channeldb.HTLC) {
  }
 },
 (contractcourt.HtlcSetKey) RemoteHtlcSet: (contractcourt.htlcSet) {
  incomingHTLCs: (map[uint64]channeldb.HTLC) {
  },
  outgoingHTLCs: (map[uint64]channeldb.HTLC) {
  }
 }
}

2020-11-27 12:33:19.699 [DBG] BTCN: Fetching block height=220953 hash=1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f
2020-11-27 12:33:19.699 [INF] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): starting state=StateDefault, trigger=chainTrigger, triggerHeight=220956
2020-11-27 12:33:19.700 [DBG] BTCN: Sending getdata (witness block 1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f) to 35.231.222.142:38555 (outbound)
2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): new block (height=220956) examining active HTLC's
2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): checking commit chain actions at height=220956, in_htlc_count=0, out_htlc_count=0
2020-11-27 12:33:19.700 [INF] DISC: Authenticated Gossiper is starting
2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): new block (height=220956) examining active HTLC's
2020-11-27 12:33:19.700 [INF] BRAR: Starting contract observer, watching for breaches.
2020-11-27 12:33:19.700 [DBG] DISC: Requesting online notification for peer=0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf
2020-11-27 12:33:19.700 [DBG] CNCT: ChannelArbitrator(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): checking commit chain actions at height=220956, in_htlc_count=0, out_htlc_count=0
2020-11-27 12:33:19.700 [INF] NTFN: New block epoch subscription
2020-11-27 12:33:19.700 [INF] CRTR: Examining channel graph for zombie channels
2020-11-27 12:33:19.701 [DBG] DISC: New block: height=220956, hash=4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca
2020-11-27 12:33:19.702 [DBG] CHDB: ChanUpdatesInHorizon hit percentage: 0.000000 (0/11)
2020-11-27 12:33:19.702 [INF] CRTR: Pruning 0 zombie channels
2020-11-27 12:33:19.705 [DBG] INVC: Adding 0 pending invoices to the expiry watcher
2020-11-27 12:33:19.709 [INF] CHFT: Adding 1 channels to event store
2020-11-27 12:33:19.709 [INF] CHBU: Starting chanbackup.SubSwapper
2020-11-27 12:33:19.710 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): starting local commitment: (*lnwallet.commitment)(0xc0006fa240)({
 height: (uint64) 0,
 isOurs: (bool) true,
 ourMessageIndex: (uint64) 0,
 theirMessageIndex: (uint64) 0,
 ourHtlcIndex: (uint64) 0,
 theirHtlcIndex: (uint64) 0,
 txn: (*wire.MsgTx)(0xc000732f00)({
  Version: (int32) 2,
  TxIn: ([]*wire.TxIn) (len=1 cap=1) {
   (*wire.TxIn)(0xc000739e00)({
    PreviousOutPoint: (wire.OutPoint) 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0,
    SignatureScript: ([]uint8) {
    },
    Witness: (wire.TxWitness) <nil>,
    Sequence: (uint32) 2149753635
   })
  },
  TxOut: ([]*wire.TxOut) (len=2 cap=2) {
   (*wire.TxOut)(0xc000732f40)({
    Value: (int64) 249990950,
    PkScript: ([]uint8) (len=22 cap=22) {
     00000000  00 14 f2 f3 55 5c 8e 84  54 23 18 d1 60 8c 1c 16  |....U\..T#..`...|
     00000010  e4 2d ea 0d 45 96                                 |.-..E.|
    }
   }),
   (*wire.TxOut)(0xc000732f60)({
    Value: (int64) 250000000,
    PkScript: ([]uint8) (len=34 cap=34) {
     00000000  00 20 d7 e9 3d 9c f5 cc  9c 8b c9 1b 5d ab e3 85  |. ..=.......]...|
     00000010  c9 24 cd 5c e2 f4 4c ab  4a 2b 60 cb 97 4b 4c a3  |.$.\..L.J+`..KL.|
     00000020  b0 c0                                             |..|
    }
   })
  },
  LockTime: (uint32) 540672159
 }),
 sig: ([]uint8) (len=71 cap=71) {
  00000000  30 45 02 21 00 c4 ac 0c  e0 d7 01 a3 12 55 7a f2  |0E.!.........Uz.|
  00000010  33 f6 20 4f 9e d8 93 42  2a 0a 9c c8 38 c7 9b 0a  |3. O...B*...8...|
  00000020  15 41 43 4c 76 02 20 58  9d 87 91 84 52 10 b9 59  |.ACLv. X....R..Y|
  00000030  11 e7 f0 2b 16 b8 57 d1  4a 9e 10 7d e4 d6 f5 fe  |...+..W.J..}....|
  00000040  1c 99 c3 27 de fe 1b                              |...'...|
 },
 ourBalance: (lnwire.MilliSatoshi) 250000000000 mSAT,
 theirBalance: (lnwire.MilliSatoshi) 249990950000 mSAT,
 fee: (btcutil.Amount) 0.0000905 BTC,
 feePerKw: (chainfee.SatPerKWeight) 12500 sat/kw,
 dustLimit: (btcutil.Amount) 0.00000573 BTC,
 outgoingHTLCs: ([]lnwallet.PaymentDescriptor) <nil>,
 incomingHTLCs: ([]lnwallet.PaymentDescriptor) <nil>,
 outgoingHTLCIndex: (map[int32]*lnwallet.PaymentDescriptor) <nil>,
 incomingHTLCIndex: (map[int32]*lnwallet.PaymentDescriptor) <nil>
})

2020-11-27 12:33:19.714 [WRN] CHBU: Replacing disk backup for ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) w/ newer version
2020-11-27 12:33:19.716 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): starting remote commitment: (*lnwallet.commitment)(0xc000ef2000)({
 height: (uint64) 0,
 isOurs: (bool) false,
 ourMessageIndex: (uint64) 0,
 theirMessageIndex: (uint64) 0,
 ourHtlcIndex: (uint64) 0,
 theirHtlcIndex: (uint64) 0,
 txn: (*wire.MsgTx)(0xc000732f80)({
  Version: (int32) 2,
  TxIn: ([]*wire.TxIn) (len=1 cap=1) {
   (*wire.TxIn)(0xc000739e60)({
    PreviousOutPoint: (wire.OutPoint) 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0,
    SignatureScript: ([]uint8) {
    },
    Witness: (wire.TxWitness) <nil>,
    Sequence: (uint32) 2149753635
   })
  },
  TxOut: ([]*wire.TxOut) (len=2 cap=2) {
   (*wire.TxOut)(0xc000732fc0)({
    Value: (int64) 249990950,
    PkScript: ([]uint8) (len=34 cap=34) {
     00000000  00 20 b5 fc 24 81 8a 4d  dd 97 e9 0f 22 0a 39 ef  |. ..$..M....".9.|
     00000010  40 61 41 27 d4 55 bc d3  f1 af 4d 17 d6 e9 58 0b  |@aA'.U....M...X.|
     00000020  ca 2f                                             |./|
    }
   }),
   (*wire.TxOut)(0xc000732fe0)({
    Value: (int64) 250000000,
    PkScript: ([]uint8) (len=22 cap=22) {
     00000000  00 14 16 b7 2b 22 f7 0a  a2 d2 22 43 1f 62 e2 09  |....+"...."C.b..|
     00000010  2c ac 40 24 16 fe                                 |,.@$..|
    }
   })
  },
  LockTime: (uint32) 540672159
 }),
 sig: ([]uint8) {
 },
 ourBalance: (lnwire.MilliSatoshi) 250000000000 mSAT,
 theirBalance: (lnwire.MilliSatoshi) 249990950000 mSAT,
 fee: (btcutil.Amount) 0.0000905 BTC,
 feePerKw: (chainfee.SatPerKWeight) 12500 sat/kw,
 dustLimit: (btcutil.Amount) 0.00000573 BTC,
 outgoingHTLCs: ([]lnwallet.PaymentDescriptor) <nil>,
 incomingHTLCs: ([]lnwallet.PaymentDescriptor) <nil>,
 outgoingHTLCIndex: (map[int32]*lnwallet.PaymentDescriptor) <nil>,
 incomingHTLCIndex: (map[int32]*lnwallet.PaymentDescriptor) <nil>
})

2020-11-27 12:33:19.717 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): Restoring 0 dangling remote updates
2020-11-27 12:33:19.718 [DBG] LNWL: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0): Restoring 0 local updates that the peer should sign
2020-11-27 12:33:19.718 [DBG] FNDG: ChannelPoint(9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0) with chan_id=4989142fe6acff1db9f91de130376a488ce5e7e42152bf473f02f05d62bf379c not found in opening database, assuming already announced to the network
2020-11-27 12:33:19.717 [INF] CHBU: Updating backup file at /root/.lnd/data/chain/bitcoin/simnet/channel.backup
2020-11-27 12:33:19.720 [INF] CHBU: Swapping old multi backup file from /root/.lnd/data/chain/bitcoin/simnet/temp-dont-use.backup to /root/.lnd/data/chain/bitcoin/simnet/channel.backup
2020-11-27 12:33:19.721 [INF] BTCN: Server listening on [::]:29735
2020-11-27 12:33:19.721 [DBG] CHBU: SubSwapper's backupUpdater is active!
2020-11-27 12:33:19.724 [DBG] SRVR: Attempting persistent connection to channel peer 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@b3y7xoflerllrmzharns7xqvke6w752nhe6dofvspsoxzay7pfa3ehyd.onion:29735
2020-11-27 12:33:19.724 [DBG] SRVR: Attempting persistent connection to channel peer 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868
2020-11-27 12:33:19.724 [INF] SRVR: Auto peer bootstrapping is disabled
2020-11-27 12:33:19.725 [DBG] BTCN: Attempting to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2)
2020-11-27 12:33:19.725 [DBG] BTCN: Attempting to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@b3y7xoflerllrmzharns7xqvke6w752nhe6dofvspsoxzay7pfa3ehyd.onion:29735 (reqid 1)
2020-11-27 12:33:19.727 [DBG] BTCN: Failed to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2): socks connect tcp 127.0.0.1:9050->127.0.0.1:45868: unknown error general SOCKS server failure
2020-11-27 12:33:19.727 [DBG] BTCN: Retrying connection to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2) in 5s
2020-11-27 12:33:20.143 [DBG] BTCN: Received block (hash 1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f, ver 536870912, 1 tx, 2020-11-27 12:29:33 +0000 UTC) from 35.231.222.142:38555 (outbound)
2020-11-27 12:33:20.143 [DBG] BTCN: Processing block height=220953 hash=1f68da5b61412fb799f8292f95555d112a4705b26094ab5851cdb6df8029d14f
2020-11-27 12:33:20.143 [DBG] BTCN: Adding outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0 height=220953 to watchlist
2020-11-27 12:33:20.143 [DBG] BTCN: Outpoint 9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0 not found in block 220953 
2020-11-27 12:33:20.144 [DBG] BTCN: Fetching filters for heights=[220954, 220956], stophash=4366fee0ae567f769662fdf63c0ca3f8cd3640a9a0ab8b464f1aaf8f3c2468ca
2020-11-27 12:33:20.144 [DBG] BTCN: Sending getcfilters to 35.231.222.142:38555 (outbound)
2020-11-27 12:33:20.353 [DBG] BTCN: Received cfilter from 35.231.222.142:38555 (outbound)
2020-11-27 12:33:20.353 [DBG] BTCN: Received cfilter from 35.231.222.142:38555 (outbound)
2020-11-27 12:33:20.353 [DBG] BTCN: Received cfilter from 35.231.222.142:38555 (outbound)
2020-11-27 12:33:20.353 [DBG] BTCN: Finished batch, 1 unspent outpoints
2020-11-27 12:33:20.366 [DBG] NTFN: Updated spend hint to height=220956 for unconfirmed spend request outpoint=9c37bf625df0023f47bf5221e4e7e58c486a3730e11df9b91dfface62f148949:0, script=0 017be331b496be8428f67fc908bfd801b6682e6b44ad1cc3527dadab87cb1f81
2020-11-27 12:33:24.728 [DBG] BTCN: Attempting to connect to 0252f366111259996a101c5a82c880e9c95c8278d7e668c40163c0db656161cbbf@127.0.0.1:45868 (reqid 2)

[raladev]

Above

[raladev]

Steps:

1. bash xud.sh -b pwd2
2. create wallet, wait for channels (if u have no, i used old env)
3. changepass ->set new pass
4. down (stop and remove all containers)
5. bash xud.sh -b pwd2 - start env again -> create new containers

Actual result:

The following wallets could not be unlocked: BTC, LTC (but it was unlocked, i checked it directly. Just xud cant detect lnd, maybe because of macaroon update)

Note:
Only after additional xud restart, status of lnd becomes to normal

[sangaman]

OK this should be good to go now, it passes my tests using the pwd2 docker branch and repeating the steps listed above. There were two more hurdles I had to overcome.

1. lnd recreates the macaroons after the password is changed. Xud therefore needs to reload the macaroons from disk after changing the password.

2. lnd does not immediately recreate the macaroons after responding to the CreatePassword call, so I had to create a file watch to wait for the admin.macaroon file to change before reloading them.

With the above concerns addressed, changing the master password plays nice with xud without needing any extra restarts.

[raladev]

checked, works fine

With the above concerns addressed, changing the master password plays nice with xud without needing any extra restarts.

does it mean that we need to remove Passwords for lnd wallets will be changed the next time xud is restarted and unlocked. row? @sangaman

[ghost]

Should we display a different error message when xud and lnd are running in noencrypt mode?

➜  xud git:(change-pass) ✗ ./bin/xucli changepass
You are changing the master password for xud and underlying wallets.
Enter old password:
Enter new password:
Re-enter password:

Error: 3 INVALID_ARGUMENT: old password is incorrect

[kilrau]

Good catch - yes we should

[ghost]

LGTM, just minor nit: #2007 (comment)

[sangaman]

I added a better error message when xud is in noencrypt mode, and I left the message in the cli about when the lnd passwords will change per our discussion earlier today. Just needs an approval and we can merge.