App Submission: Libre Relay (#1815)

libre-relay/docker-compose.yml

@@ -0,0 +1,79 @@
+version: "3.7"
+
+services:
+  app_proxy:
+    environment:
+      APP_HOST: $APP_LIBRE_RELAY_IP
+      APP_PORT: 3005
+  
+  server:
+    image: ghcr.io/petertodd/umbrel-bitcoin-libre-relay:libre-relay-v28.0-2@sha256:3821e11276e595c5a7e61d4efda891564fd9559ac76a8303d0f707c4bc7c7b1d
+    depends_on: [bitcoind]
+    restart: on-failure
+    volumes:
+      - ${APP_DATA_DIR}/data/app:/data # volume to persist advanced settings json
+      - ${APP_LIBRE_RELAY_DATA_DIR}:/bitcoin/.bitcoin # volume to persist umbrel-bitcoin.conf and bitcoin.conf
+    environment:
+      PORT: "3005"
+      BITCOIN_HOST: "${APP_LIBRE_RELAY_NODE_IP}"
+      RPC_PORT: "${APP_LIBRE_RELAY_RPC_PORT}"
+      BITCOIN_RPC_PORT: "${APP_LIBRE_RELAY_RPC_PORT}"
+      RPC_USER: "${APP_LIBRE_RELAY_RPC_USER}"
+      BITCOIN_RPC_USER: "${APP_LIBRE_RELAY_RPC_USER}"
+      RPC_PASSWORD: "${APP_LIBRE_RELAY_RPC_PASS}"
+      BITCOIN_RPC_PASSWORD: "${APP_LIBRE_RELAY_RPC_PASS}"
+      BITCOIN_RPC_HIDDEN_SERVICE: "${APP_LIBRE_RELAY_RPC_HIDDEN_SERVICE}"
+      BITCOIN_P2P_HIDDEN_SERVICE: "${APP_LIBRE_RELAY_P2P_HIDDEN_SERVICE}"
+      BITCOIN_P2P_PORT: "${APP_LIBRE_RELAY_P2P_PORT}"
+      DEVICE_DOMAIN_NAME: "${DEVICE_DOMAIN_NAME}"
+      BITCOIN_DEFAULT_NETWORK: "${BITCOIN_DEFAULT_NETWORK:-mainnet}"
+      BITCOIN_INITIALIZE_WITH_CLEARNET_OVER_TOR: "${BITCOIN_INITIALIZE_WITH_CLEARNET_OVER_TOR:-unset}"
+      BITCOIND_IP: "${APP_LIBRE_RELAY_NODE_IP}"
+      TOR_PROXY_IP: "${APP_LIBRE_RELAY_TOR_PROXY_IP}"
+      TOR_PROXY_PORT: "9050"
+      TOR_PROXY_CONTROL_PORT: "9051"
+      TOR_PROXY_CONTROL_PASSWORD: "moneyprintergobrrr"
+      I2P_DAEMON_IP: "${APP_LIBRE_RELAY_I2P_DAEMON_IP}"
+      I2P_DAEMON_PORT: "7656"
+    networks:
+      default:
+        ipv4_address: $APP_LIBRE_RELAY_IP
+
+  bitcoind:
+    image: ghcr.io/petertodd/bitcoin:libre-relay-v28.0-2@sha256:66432790260ed9e538e76dbdc17f66ce6cf0656c2a58c05868bba4138af0e6a8
+    user: "1000:1000"
+    command: "${APP_LIBRE_RELAY_COMMAND}"
+    restart: unless-stopped
+    stop_grace_period: 15m30s
+    volumes:
+      - "${APP_LIBRE_RELAY_DATA_DIR}:/data/.bitcoin"
+    ports:
+      - "${APP_LIBRE_RELAY_P2P_PORT}:${APP_LIBRE_RELAY_P2P_PORT}"
+      - "${APP_LIBRE_RELAY_RPC_PORT}:${APP_LIBRE_RELAY_RPC_PORT}"
+    networks:
+      default:
+        ipv4_address: $APP_LIBRE_RELAY_NODE_IP
+
+  tor:
+    image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
+    user: "1000:1000"
+    restart: on-failure
+    volumes:
+      - ${APP_DATA_DIR}/torrc:/etc/tor/torrc:ro
+      - ${TOR_DATA_DIR}:/data
+    environment:
+      HOME: "/tmp"
+    networks:
+      default:
+        ipv4_address: "${APP_LIBRE_RELAY_TOR_PROXY_IP}"
+  
+  i2pd_daemon:
+    image: purplei2p/i2pd:release-2.44.0@sha256:d154a599793c393cf9c91f8549ba7ece0bb40e5728e1813aa6dd4c210aa606f6
+    user: "root"
+    command: --sam.enabled=true --sam.address=0.0.0.0 --sam.port=7656 --loglevel=error
+    restart: on-failure
+    volumes:
+      - ${APP_DATA_DIR}/data/i2pd:/home/i2pd/data
+    networks:
+      default:
+        ipv4_address: "${APP_LIBRE_RELAY_I2P_DAEMON_IP}"

libre-relay/exports.sh

@@ -0,0 +1,171 @@
+export APP_LIBRE_RELAY_IP="10.21.22.20"
+export APP_LIBRE_RELAY_NODE_IP="10.21.21.20"
+export APP_LIBRE_RELAY_TOR_PROXY_IP="10.21.22.21"
+export APP_LIBRE_RELAY_I2P_DAEMON_IP="10.21.22.22"
+
+export APP_LIBRE_RELAY_DATA_DIR="${EXPORTS_APP_DIR}/data/bitcoin"
+# Keeping same port pattern as Bitcoin Core but moving to 84xx range to avoid conflicts with Bitcion Node app
+export APP_LIBRE_RELAY_RPC_PORT="8442"
+export APP_LIBRE_RELAY_P2P_PORT="8443"
+export APP_LIBRE_RELAY_TOR_PORT="8444"
+export APP_LIBRE_RELAY_ZMQ_RAWBLOCK_PORT="28442"
+export APP_LIBRE_RELAY_ZMQ_RAWTX_PORT="28443"
+export APP_LIBRE_RELAY_ZMQ_HASHBLOCK_PORT="28444"
+export APP_LIBRE_RELAY_ZMQ_SEQUENCE_PORT="28445"
+
+BITCOIN_CHAIN="main"
+BITCOIN_ENV_FILE="${EXPORTS_APP_DIR}/.env"
+
+{
+	BITCOIN_APP_CONFIG_FILE="${EXPORTS_APP_DIR}/data/app/bitcoin-config.json"
+	if [[ -f "${BITCOIN_APP_CONFIG_FILE}" ]]
+	then
+		bitcoin_app_network=$(jq -r '.network' "${BITCOIN_APP_CONFIG_FILE}")
+		case $bitcoin_app_network in
+			"main")
+				BITCOIN_NETWORK="mainnet";;
+			"test")
+				BITCOIN_NETWORK="testnet3";;
+			"testnet4")
+				BITCOIN_NETWORK="testnet4";;
+			"signet")
+				BITCOIN_NETWORK="signet";;
+			"regtest")
+				BITCOIN_NETWORK="regtest";;
+		esac
+	fi
+} > /dev/null || true
+
+if [[ ! -f "${BITCOIN_ENV_FILE}" ]]; then
+	if [[ -z "${BITCOIN_NETWORK}" ]]; then
+		BITCOIN_NETWORK="mainnet"
+	fi
+	
+	if [[ -z ${BITCOIN_RPC_USER+x} ]] || [[ -z ${BITCOIN_RPC_PASS+x} ]] || [[ -z ${BITCOIN_RPC_AUTH+x} ]]; then
+		BITCOIN_RPC_USER="umbrel"
+		BITCOIN_RPC_DETAILS=$("${EXPORTS_APP_DIR}/scripts/rpcauth.py" "${BITCOIN_RPC_USER}")
+		BITCOIN_RPC_PASS=$(echo "$BITCOIN_RPC_DETAILS" | tail -1)
+		BITCOIN_RPC_AUTH=$(echo "$BITCOIN_RPC_DETAILS" | head -2 | tail -1 | sed -e "s/^rpcauth=//")
+	fi
+
+	echo "export APP_LIBRE_RELAY_NETWORK='${BITCOIN_NETWORK}'"		>  "${BITCOIN_ENV_FILE}"
+	echo "export APP_LIBRE_RELAY_RPC_USER='${BITCOIN_RPC_USER}'"	>> "${BITCOIN_ENV_FILE}"
+	echo "export APP_LIBRE_RELAY_RPC_PASS='${BITCOIN_RPC_PASS}'"	>> "${BITCOIN_ENV_FILE}"
+	echo "export APP_LIBRE_RELAY_RPC_AUTH='${BITCOIN_RPC_AUTH}'"	>> "${BITCOIN_ENV_FILE}"
+fi
+
+. "${BITCOIN_ENV_FILE}"
+
+# Make sure we don't persist the original value in .env if we have a more recent
+# value from the app config
+{
+	if [[ ! -z ${BITCOIN_NETWORK+x} ]] && [[ "${BITCOIN_NETWORK}" ]] && [[ "${APP_LIBRE_RELAY_NETWORK}" ]]
+	then
+		APP_LIBRE_RELAY_NETWORK="${BITCOIN_NETWORK}"
+	fi
+} > /dev/null || true
+
+if [[ "${APP_LIBRE_RELAY_NETWORK}" == "mainnet" ]]; then
+	BITCOIN_CHAIN="main"
+elif [[ "${APP_LIBRE_RELAY_NETWORK}" == "testnet3" ]]; then
+	BITCOIN_CHAIN="test"
+	# export APP_LIBRE_RELAY_RPC_PORT="18332"
+	# export APP_LIBRE_RELAY_P2P_PORT="18333"
+	# export APP_LIBRE_RELAY_TOR_PORT="18334"
+elif [[ "${APP_LIBRE_RELAY_NETWORK}" == "testnet4" ]]; then
+	BITCOIN_CHAIN="testnet4"
+	# export APP_LIBRE_RELAY_RPC_PORT="48332"
+	# export APP_LIBRE_RELAY_P2P_PORT="48333"
+	# export APP_LIBRE_RELAY_TOR_PORT="48334"
+elif [[ "${APP_LIBRE_RELAY_NETWORK}" == "signet" ]]; then
+	BITCOIN_CHAIN="signet"
+	# export APP_LIBRE_RELAY_RPC_PORT="38332"
+	# export APP_LIBRE_RELAY_P2P_PORT="38333"
+	# export APP_LIBRE_RELAY_TOR_PORT="38334"
+elif [[ "${APP_LIBRE_RELAY_NETWORK}" == "regtest" ]]; then
+	BITCOIN_CHAIN="regtest"
+	# export APP_LIBRE_RELAY_RPC_PORT="18443"
+	# export APP_LIBRE_RELAY_P2P_PORT="18444"
+	# export APP_LIBRE_RELAY_TOR_PORT="18445"
+else
+	echo "Warning (${EXPORTS_APP_ID}): Bitcoin Network '${APP_LIBRE_RELAY_NETWORK}' is not supported"
+fi
+
+export BITCOIN_DEFAULT_NETWORK="${BITCOIN_CHAIN}"
+
+BIN_ARGS=()
+# Commenting out options that are replaced by generated config file. We should migrate all these over in a future update.
+# BIN_ARGS+=( "-chain=${BITCOIN_CHAIN}" )
+# BIN_ARGS+=( "-proxy=${TOR_PROXY_IP}:${TOR_PROXY_PORT}" )
+# BIN_ARGS+=( "-listen" )
+# BIN_ARGS+=( "-bind=0.0.0.0:${APP_LIBRE_RELAY_TOR_PORT}=onion" )
+# BIN_ARGS+=( "-bind=${APP_LIBRE_RELAY_NODE_IP}" )
+# BIN_ARGS+=( "-port=${APP_LIBRE_RELAY_P2P_PORT}" )
+# BIN_ARGS+=( "-rpcport=${APP_LIBRE_RELAY_RPC_PORT}" )
+# We hardcode the ports p2p and rpc ports to always be the same for all networks
+BIN_ARGS+=( "-port=${APP_LIBRE_RELAY_P2P_PORT}" )
+BIN_ARGS+=( "-rpcport=${APP_LIBRE_RELAY_RPC_PORT}" )
+BIN_ARGS+=( "-rpcbind=${APP_LIBRE_RELAY_NODE_IP}" )
+BIN_ARGS+=( "-rpcbind=127.0.0.1" )
+BIN_ARGS+=( "-rpcallowip=${NETWORK_IP}/16" )
+BIN_ARGS+=( "-rpcallowip=127.0.0.1" )
+BIN_ARGS+=( "-rpcauth=\"${APP_LIBRE_RELAY_RPC_AUTH}\"" )
+BIN_ARGS+=( "-zmqpubrawblock=tcp://0.0.0.0:${APP_LIBRE_RELAY_ZMQ_RAWBLOCK_PORT}" )
+BIN_ARGS+=( "-zmqpubrawtx=tcp://0.0.0.0:${APP_LIBRE_RELAY_ZMQ_RAWTX_PORT}" )
+BIN_ARGS+=( "-zmqpubhashblock=tcp://0.0.0.0:${APP_LIBRE_RELAY_ZMQ_HASHBLOCK_PORT}" )
+BIN_ARGS+=( "-zmqpubsequence=tcp://0.0.0.0:${APP_LIBRE_RELAY_ZMQ_SEQUENCE_PORT}" )
+# BIN_ARGS+=( "-txindex=1" )
+# BIN_ARGS+=( "-blockfilterindex=1" )
+# BIN_ARGS+=( "-peerbloomfilters=1" )
+# BIN_ARGS+=( "-peerblockfilters=1" )
+# BIN_ARGS+=( "-rpcworkqueue=128" )
+# We can remove depratedrpc=create_bdb in a future update once Jam (JoinMarket) implements descriptor wallet support
+BIN_ARGS+=( "-deprecatedrpc=create_bdb" )
+# Required for LND compatibility. We can remove deprecatedrpc=warnings in a future update once LND releases a version with this fix: https://github.com/btcsuite/btcd/pull/2245
+BIN_ARGS+=( "-deprecatedrpc=warnings" )
+
+export APP_LIBRE_RELAY_COMMAND=$(IFS=" "; echo "${BIN_ARGS[@]}")
+
+# echo "${APP_LIBRE_RELAY_COMMAND}"
+
+rpc_hidden_service_file="${EXPORTS_TOR_DATA_DIR}/app-${EXPORTS_APP_ID}-rpc/hostname"
+p2p_hidden_service_file="${EXPORTS_TOR_DATA_DIR}/app-${EXPORTS_APP_ID}-p2p/hostname"
+export APP_LIBRE_RELAY_RPC_HIDDEN_SERVICE="$(cat "${rpc_hidden_service_file}" 2>/dev/null || echo "notyetset.onion")"
+export APP_LIBRE_RELAY_P2P_HIDDEN_SERVICE="$(cat "${p2p_hidden_service_file}" 2>/dev/null || echo "notyetset.onion")"
+
+# electrs compatible network param
+export APP_LIBRE_RELAY_NETWORK_ELECTRS=$APP_LIBRE_RELAY_NETWORK
+if [[ "${APP_LIBRE_RELAY_NETWORK_ELECTRS}" = "mainnet" ]]; then
+	APP_LIBRE_RELAY_NETWORK_ELECTRS="bitcoin"
+fi
+
+for var in \
+    IP \
+    NODE_IP \
+    TOR_PROXY_IP \
+    I2P_DAEMON_IP \
+    DATA_DIR \
+    RPC_PORT \
+    P2P_PORT \
+    TOR_PORT \
+    ZMQ_RAWBLOCK_PORT \
+    ZMQ_RAWTX_PORT \
+    ZMQ_HASHBLOCK_PORT \
+    ZMQ_SEQUENCE_PORT \
+    NETWORK \
+    RPC_USER \
+    RPC_PASS \
+    RPC_AUTH \
+    COMMAND \
+    RPC_HIDDEN_SERVICE \
+    P2P_HIDDEN_SERVICE \
+    NETWORK_ELECTRS
+do
+    bitcoin_var="APP_BITCOIN_${var}"
+    libre_relay_var="APP_LIBRE_RELAY_${var}"
+    if [ -n "${!libre_relay_var-}" ]; then
+        export "$bitcoin_var"="${!bitcoin_var:=${!libre_relay_var}}"
+    else
+        echo "Warning: $libre_relay_var is unset or empty"
+    fi
+done

libre-relay/hooks/pre-start

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# Delay booting the app until the RPC and P2P Tor Hidden Services are ready
+
+HIDDEN_SERVICE_FILE="${TOR_DATA_DIR}/app-${APP_ID}-rpc/hostname"
+
+if [[ -f "${HIDDEN_SERVICE_FILE}" ]]; then
+	exit
+fi
+
+"${UMBREL_ROOT}/scripts/app" compose "${APP_ID}" up --detach bitcoind
+"${UMBREL_ROOT}/scripts/app" compose "${APP_ID}" up --detach tor
+
+echo "App: ${APP_ID} - Generating Tor Hidden Service..."
+
+for attempt in $(seq 1 100); do
+	if [[ -f "${HIDDEN_SERVICE_FILE}" ]]; then
+		echo "App: ${APP_ID} - Hidden service file created successfully!"
+		break
+	fi
+	sleep 0.1
+done
+
+if [[ ! -f "${HIDDEN_SERVICE_FILE}" ]]; then
+	echo "App: ${APP_ID} - Hidden service file wasn't created"
+fi

libre-relay/scripts/rpcauth.py

@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# Copyright (c) 2015-2018 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+from argparse import ArgumentParser
+from base64 import urlsafe_b64encode
+from binascii import hexlify
+from getpass import getpass
+from os import urandom
+
+import hmac
+
+def generate_salt(size):
+    """Create size byte hex salt"""
+    return hexlify(urandom(size)).decode()
+
+def generate_password():
+    """Create 32 byte b64 password"""
+    return urlsafe_b64encode(urandom(32)).decode('utf-8')
+
+def password_to_hmac(salt, password):
+    m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
+    return m.hexdigest()
+
+def main():
+    parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
+    parser.add_argument('username', help='the username for authentication')
+    parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
+    args = parser.parse_args()
+
+    if not args.password:
+        args.password = generate_password()
+    elif args.password == '-':
+        args.password = getpass()
+
+    # Create 16 byte hex salt
+    salt = generate_salt(16)
+    password_hmac = password_to_hmac(salt, args.password)
+
+    print('String to be appended to bitcoin.conf:')
+    print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
+    print('Your password:\n{0}'.format(args.password))
+
+if __name__ == '__main__':
+    main()

libre-relay/torrc.template

@@ -0,0 +1,13 @@
+SocksPort 0.0.0.0:9050
+ControlPort 0.0.0.0:9051
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+HashedControlPassword 16:39AF5EEFA4FC1D986022FDFB13663669FE50FB6DE9A3B4FE4FC7D82010 # moneyprintergobrrr
+
+# Bitcoin Core P2P Hidden Service
+HiddenServiceDir /data/app-$APP_ID-p2p
+HiddenServicePort $APP_LIBRE_RELAY_P2P_PORT $APP_LIBRE_RELAY_NODE_IP:$APP_LIBRE_RELAY_TOR_PORT
+
+# Bitcoin Core RPC Hidden Service
+HiddenServiceDir /data/app-$APP_ID-rpc
+HiddenServicePort $APP_LIBRE_RELAY_RPC_PORT $APP_LIBRE_RELAY_NODE_IP:$APP_LIBRE_RELAY_RPC_PORT

libre-relay/umbrel-app.yml

@@ -0,0 +1,72 @@
+manifestVersion: 1.1
+id: libre-relay
+implements:
+  - bitcoin
+category: bitcoin
+name: Libre Relay
+version: "28.0"
+tagline: Run your personal node powered by Libre Relay
+description: >-
+  > "[Bitcoin] takes advantage of the nature of information being easy to spread but hard to stifle." - Satoshi Nakamoto
+
+
+  While Bitcoin Core's mempool policies have been loosened over the years, there still remains some paternalism in what kinds of transactions Bitcoin Core allows. For example, Bitcoin Core maintains the pointless OP_Return size limit, even though it's just one of many ways to publish data in Bitcoin transactions; Libre Relay doesn't. Additionally, there's been constant pressure on Core to block more types of transactions for various reasons, such as censoring "spam".
+
+
+  Libre Relay is a fork of Bitcoin Core that does two things:
+    - Removes paternalistic transaction filtering.
+    - Peers with other Libre Relay nodes to ensure transactions that would have been blocked by Core can reach miners such as F2Pool and MARA anyway.
+
+  While this is of course good for people whose transactions are being blocked by Core, it's also good for Core itself: by having an alternative, when people try to pressure Core into blocking more transactions, Core can always point out that censorship doesn't work.
+
+
+  Finally, Libre Relay is also being used to develop Replace-By-Fee-Rate, a transaction pinning solution that mitigates pinning attacks on L2 protocols in a simple and effective way.
+developer: Peter Todd
+website: https://umbrel.com
+dependencies: []
+repo: https://github.com/petertodd/bitcoin
+support: https://github.com/petertodd/bitcoin/issues
+port: 2108
+gallery:
+  - 1.jpg
+  - 2.jpg
+  - 3.jpg
+path: ""
+defaultPassword: ""
+releaseNotes: ""
+widgets:
+  - id: "stats"
+    type: "four-stats"
+    refresh: "5s"
+    endpoint: "server:3005/v1/bitcoind/widgets/stats"
+    link: ""
+    example:
+      type: "four-stats"
+      link: ""
+      items:
+        - title: "Connections"
+          text: "11"
+          subtext: "peers"
+        - title: "Mempool"
+          text: "257"
+          subtext: "MB"
+        - title: "Hashrate"
+          text: "590"
+          subtext: "EH/s"
+        - title: "Blockchain size"
+          text: "600"
+          subtext: "GB"
+  - id: "sync"
+    type: "text-with-progress"
+    refresh: "2s"
+    endpoint: "server:3005/v1/bitcoind/widgets/sync"
+    link: ""
+    example:
+      type: "text-with-progress"
+      link: ""
+      title: "Blockchain sync"
+      text: "83%"
+      progressLabel: "In progress"
+      progress: 0.83
+submitter: Peter Todd
+submission: https://github.com/getumbrel/umbrel-apps/pull/1815