From 26fdde0e25d1b3ea7eed29bfdfae860c10b62da1 Mon Sep 17 00:00:00 2001 From: ShahanaFarooqui Date: Thu, 20 Nov 2025 14:43:05 -0800 Subject: [PATCH 1/3] docker: Add vls remote_hsmd_socket binary This Dockerfile builds the VLS binaries during the builder stage and copies only the `remote_hsmd_socket` binary into the `lightningd-vls-signer` flavor. --- Dockerfile | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 99 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3bb550541721..6a59fd1d2969 100644 --- a/Dockerfile +++ b/Dockerfile @@ -163,7 +163,70 @@ RUN find /tmp/lightning_install -type f -executable -exec \ awk -F: '/ELF/ {print $1}' | \ xargs -r ${STRIP} --strip-unneeded -FROM base-target AS final +# VLS builder stage (only used by lightningd-vls-signer) +FROM base-builder-${TARGETOS}-${TARGETARCH} AS vls-builder + +ARG AR=${target_arch}-ar +ARG AS=${target_arch}-as +ARG CC=${target_arch}-gcc +ARG CXX=${target_arch}-g++ +ARG LD=${target_arch}-ld +ARG STRIP=${target_arch}-strip +ARG TARGET=${target_arch_rust} +ARG RUST_PROFILE=release +ARG VERSION +ENV VERSION=${VERSION} +ARG VLS_VERSION=v0.14.0 + +RUN dpkg --add-architecture ${target_arch_dpkg} + +# Install architecture-independent libraries +RUN apt-get update && \ + apt-get install -qq -y --no-install-recommends \ + python3-dev \ + lowdown + +# Install target-arch libraries +RUN apt-get install -qq -y --no-install-recommends \ + pkg-config:${target_arch_dpkg} \ + libffi-dev:${target_arch_dpkg} \ + libicu-dev:${target_arch_dpkg} \ + zlib1g-dev:${target_arch_dpkg} \ + libsqlite3-dev:${target_arch_dpkg} \ + libpq-dev:${target_arch_dpkg} \ + libsodium-dev:${target_arch_dpkg} \ + crossbuild-essential-${target_arch_dpkg} + +WORKDIR /opt + +RUN ./install-uv.sh -q +RUN ./install-rust.sh -y -q --profile minimal --component rustfmt --target ${target_arch_rust} +ENV PATH="/root/.cargo/bin:/root/.local/bin:${PATH}" + +RUN git clone --depth 1 --branch ${VLS_VERSION} https://gitlab.com/lightning-signer/validating-lightning-signer.git +WORKDIR /opt/validating-lightning-signer + +RUN mkdir -p .cargo && tee .cargo/config.toml < Date: Fri, 21 Nov 2025 17:07:18 -0800 Subject: [PATCH 2/3] ci: Add new `lightningd-vls-signer` flavor for Docker image Changelog-Added: Added a new Docker `lightningd-vls-signer` flavor with includes VLS's `remote_hsmd_socket` binary with the Core Lightning image. --- .github/workflows/docker-release.yml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 64a64995c5aa..e242ce4f5e94 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -1,4 +1,4 @@ -name: Build and push multi-platform docker images +name: Publish multi-platform docker images on: push: @@ -30,6 +30,10 @@ on: jobs: build: runs-on: ubuntu-22.04 + strategy: + fail-fast: false # Let other builds finish. + matrix: + flavor: ['lightningd', 'lightningd-vls-signer'] steps: - name: Checkout repository @@ -50,7 +54,7 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Set up values + - name: Set up values for ${{ matrix.flavor }} id: set-values run: | if [[ "${{ github.event.inputs.version }}" != "" ]]; then @@ -89,9 +93,9 @@ jobs: fi echo "PUSHLATEST=$PUSHLATEST" >> $GITHUB_ENV - TAGS="$REPONAME/lightningd:$VERSION" + TAGS="$REPONAME/${{ matrix.flavor }}:$VERSION" if [[ "$PUSHLATEST" == "true" ]]; then - TAGS="$TAGS,$REPONAME/lightningd:latest" + TAGS="$TAGS,$REPONAME/${{ matrix.flavor }}:latest" fi echo "TAGS=$TAGS" >> $GITHUB_ENV @@ -109,13 +113,16 @@ jobs: echo "ENV PUSH LATEST: ${{ env.PUSHLATEST }}" echo "ENV TAGS: ${{ env.TAGS }}" - - name: Build and push Docker image + - name: Build and push Docker image - ${{ matrix.flavor }} uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile + target: ${{ matrix.flavor }} push: true platforms: ${{ env.PLATFORMS }} tags: ${{ env.TAGS }} build-args: | - VERSION=${{ env.VERSION }} \ No newline at end of file + VERSION=${{ env.VERSION }} + cache-from: type=gha + cache-to: type=gha,mode=max From cfc2843c4b3f40bf5ef8f5c4e62c09c47ccfb602 Mon Sep 17 00:00:00 2001 From: ShahanaFarooqui Date: Thu, 20 Nov 2025 14:52:31 -0800 Subject: [PATCH 3/3] doc: Add instructions to run CLN node with remote_hsmd_socket --- .../docker-images.md | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/doc/contribute-to-core-lightning/docker-images.md b/doc/contribute-to-core-lightning/docker-images.md index 476b8f1348eb..defef771484e 100644 --- a/doc/contribute-to-core-lightning/docker-images.md +++ b/doc/contribute-to-core-lightning/docker-images.md @@ -131,3 +131,96 @@ docker exec -it bash docker run -it --rm --platform=linux/amd64 --network=host -v '/root/.lightning:/root/.lightning' -v '/root/.bitcoin:/root/.bitcoin' -e LIGHTNINGD_DATA=/root/.lightning elementsproject/lightningd:latest --network=regtest ``` + +## Replace the `hsmd` subdaemon with VLS `remote_hsmd_socket`: + +1. This setup assumes that both `bitcoind` and `vlsd` will be running on your host system. + +2. Start your `bitcoind` node on the local machine. + +3. Start `vlsd` locally with your prefered configuration. For example: + +```shell +export LIGHTNING_VLS_DIR=/root/.lightning +export GREENLIGHT_VERSION="v25.12" +export VLS_CLN_VERSION="v25.12" +export VLS_NETWORK="regtest" +export BITCOIND_RPC_URL="http://user:password@127.0.0.1:18443" +export RUST_LOG=info +export RUST_BACKTRACE=1 + +/home/validating-lightning-signer/target/release/vlsd \ + --datadir "$LIGHTNING_VLS_DIR"/.lightning-signer \ + --network regtest \ + --connect http://127.0.0.1:7701 \ + --rpc-server-address 127.0.0.1 \ + --rpc-server-port 8000 \ + --rpc-user vlsuser \ + --rpc-pass vlspassword \ + --log-level info +``` + +4. Finally, run the Core Lightning node: + +4.1 Either by utilizing our docker image flavor `elementsproject/lightningd-vls-signer` which comes with pre-built `remote_hsmd_socket` binaries. + +```shell +docker run -it --rm -d \ + --platform=linux/amd64 \ + --network=host \ + -v '/root/.lightning:/root/.lightning' \ + -v '/root/.bitcoin:/root/.bitcoin' \ + -e GREENLIGHT_VERSION="v25.12" \ + -e VLS_CLN_VERSION="v25.12" \ + -e VLS_NETWORK="regtest" \ + -e BITCOIND_RPC_URL="http://user:password@127.0.0.1:18443" \ + -e LIGHTNINGD_NETWORK=regtest \ + elementsproject/lightningd-vls-signer:v25.12 \ + --bitcoin-rpcconnect=0.0.0.0 \ + --bitcoin-rpcuser=user \ + --bitcoin-rpcpassword=password \ + --network=regtest \ + --database-upgrade=true \ + --bitcoin-datadir=/root/.bitcoin \ + --log-level=debug \ + --announce-addr=127.0.0.1:19750 \ + --bind-addr=localhost:8989 \ + --bind-addr=ws:127.0.0.1:5020 \ + --bind-addr=0.0.0.0:19750 \ + --bitcoin-rpcport=18443 \ + --clnrest-port=3020 \ + --grpc-port=9740 \ + --subdaemon=hsmd:/var/lib/vls/bin/remote_hsmd_socket +``` + +4.2 Or, by replacing subdaemon `hsmd` with your mounted `remote_hsmd_socket`: + +```shell +docker run -it --rm -d \ + --platform=linux/amd64 \ + --network=host \ + -v '/root/.lightning:/root/.lightning' \ + -v '/root/.bitcoin:/root/.bitcoin' \ + -v '/root/vls/target/release/remote_hsmd_socket:/var/lib/vls/bin/remote_hsmd_socket' + -e GREENLIGHT_VERSION="v25.12" \ + -e VLS_CLN_VERSION="v25.12" \ + -e VLS_NETWORK="regtest" \ + -e BITCOIND_RPC_URL="http://user:password@127.0.0.1:18443" \ + -e LIGHTNINGD_NETWORK=regtest \ + elementsproject/lightningd:v25.12 \ + --bitcoin-rpcconnect=0.0.0.0 \ + --bitcoin-rpcuser=user \ + --bitcoin-rpcpassword=password \ + --network=regtest \ + --database-upgrade=true \ + --bitcoin-datadir=/root/.bitcoin \ + --log-level=debug \ + --announce-addr=127.0.0.1:19750 \ + --bind-addr=localhost:8989 \ + --bind-addr=ws:127.0.0.1:5020 \ + --bind-addr=0.0.0.0:19750 \ + --bitcoin-rpcport=18443 \ + --clnrest-port=3020 \ + --grpc-port=9740 \ + --subdaemon=hsmd:/var/lib/vls/bin/remote_hsmd_socket +```