Sjors
commented
3 months ago The TP authority key is not hardcoded. It's randomly generated if it doesn't exist, and then stored in the data directory. The easiest solution here is to either not delete the bitcoin data dir between updates, or to backup ~/.bitcoin/sv2_authority_key specifically.
You can also backup ~/.bitcoin/sv2_static_key, but it's not necessary because the TP will just generate a fresh static key and make a new certificate for it.
I plan to add a -sv2cert argument later (pull request welcome). With that you wouldn't need to backup the authority key. Instead you would take the freshly generated ~/.bitcoin/sv2_static_key (maybe obtained via RPC in some convenient encoding), and sign it with the pool authority key. This allows for a more secure setup where the authority key is kept offline. But the above approach is much simpler.
plebhash
Please describe the feature you'd like to see added.
we recently re-deployed the TP that's hosted at the SRI community VPS (
75.119.150.111) by taking bitcoin-sv2-tp-0.1.3-x86_64-linux-gnu.tar.gzbefore, we were used to having
9azQdassggC7L3YMVcZyRJmK7qrFDj5MZNHb4LkaUrJRUhct92Was the TP authority pubkey, and that's the value SRI used for allconfig-examples/*-hosted-tp-example.tomlwith the last release, this value changed to
9cRiuTwzFCEUDATcZ5pidbQCvdQucBeWni8oCG9N4nY3D7p7iQW, but I could not find a way to configure it to some custom value (via CLI or config file)Is your feature related to a problem, if so please describe it.
one consequence of having no CLI way of configuring the TP authority key is that we need to adapt the example config files every time there's a new TP release
Describe the solution you'd like
we need a way to deterministically set a TP authority key, so that we don't need to adapt the example config files every time there's a new TP release
Describe any alternatives you've considered
No response
Please leave any additional context
No response