From bac8518e7c91d7fb25bd89ac363b6939332aea1a Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sun, 31 Oct 2021 10:45:06 +0000 Subject: [PATCH] secure-node: stop pruning liquidd There is no security reason why pruning should be enabled and therefore it surprises users. Turning on pruning in the first place was simply a mistake. --- examples/configuration.nix | 2 +- modules/presets/secure-node.nix | 4 +++- modules/versioning.nix | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/examples/configuration.nix b/examples/configuration.nix index dae5a53..c1117bb 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -259,5 +259,5 @@ # The nix-bitcoin release version that your config is compatible with. # When upgrading to a backwards-incompatible release, nix-bitcoin will display an # an error and provide hints for migrating your config to the new release. - nix-bitcoin.configVersion = "0.0.53"; + nix-bitcoin.configVersion = "0.0.57"; } diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix index 81f9057..250034e 100644 --- a/modules/presets/secure-node.nix +++ b/modules/presets/secure-node.nix @@ -44,7 +44,9 @@ in { }; services.liquidd = { - prune = 1000; + # Enable `validatepegin` to verify that a transaction sending BTC into + # Liquid exists on Bitcoin. Without it, a malicious liquid federation can + # make the node accept a sidechain that is not fully backed. validatepegin = true; listen = true; }; diff --git a/modules/versioning.nix b/modules/versioning.nix index 6fd8fa0..fd61035 100644 --- a/modules/versioning.nix +++ b/modules/versioning.nix @@ -169,6 +169,20 @@ let This includes the final database size (0.4) plus some extra storage (0.2). ''; } + { + version = "0.0.57"; + condition = config.nix-bitcoin ? secure-node-preset-enabled && config.services.liquidd.enable; + message = '' + The `secure-node.nix` preset does _not_ set `liquidd.prune = 1000` anymore. + + - If you want to keep the same behavior as before, manually set + `services.liquidd.prune = 1000;` in your configuration.nix. + - Otherwise, if you want to turn off pruning, you must instruct liquidd + to reindex by setting `services.liquidd.extraConfig = "reindex=1";`. + This can be removed after having started liquidd with that option + once. + ''; + } ]; mkOnionServiceChange = service: {