sqldb: add network-mismatch safeguard for native-SQL backends#10684
sqldb: add network-mismatch safeguard for native-SQL backends#10684ziggie1984 wants to merge 6 commits intolightningnetwork:masterfrom
Conversation
ziggie1984
force-pushed
the
postgres-network-separation
branch
from
d58fddd to
84fa870
Compare
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a safety mechanism to ensure that a database initialized for one Bitcoin network cannot be accidentally reused for another. By persisting the network identifier in a new metadata table during the first startup, the system can now detect and block incompatible configurations, providing clear error messages to the user instead of allowing silent data corruption. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a mechanism to prevent silent data corruption by ensuring that the database is not reused across different Bitcoin networks. It adds a metadata table to store the network name on first startup and validates it on subsequent restarts for both PostgreSQL and SQLite backends. Feedback was provided regarding the accuracy of a comment in config_builder.go and a suggestion to improve code organization by moving the BaseDB.ValidateNetwork implementation to interfaces.go.
ziggie1984
force-pushed
the
postgres-network-separation
branch
from
84fa870 to
752ad80
Compare
ziggie1984
force-pushed
the
postgres-network-separation
branch
2 times, most recently
from
309ee14 to
3e33be4
Compare
| -- The metadata table stores key/value pairs that describe properties of the | ||
| -- database. It is used to persist and validate invariants across restarts, | ||
| -- such as which Bitcoin network the database was initialised for. | ||
| CREATE TABLE IF NOT EXISTS metadata ( |
There was a problem hiding this comment.
Why not something more specific here?
Given that we do already have the opauqe KV layer from the initial version of the db.
ziggie1984
force-pushed
the
postgres-network-separation
branch
4 times, most recently
from
3041b52 to
02ec43f
Compare
ziggie1984
force-pushed
the
postgres-network-separation
branch
from
02ec43f to
65d3faf
Compare
ziggie1984
force-pushed
the
postgres-network-separation
branch
from
65d3faf to
b927793
Compare
This is in particular important when running with a postgres backend. This only works if you run LND with the native sql flag but people should run it with this flag from 21 on anyways.
ziggie1984
force-pushed
the
postgres-network-separation
branch
from
b927793 to
5b917c4
Compare
3 participants
This PR prevents silent data corruption that can occur when a user accidentally points lnd at a native-SQL database that was initialised for a different Bitcoin network.
Changes
A new
metadatatable (migration000014) stores a singlenetworkkey on first startup. On every subsequent restart, lnd reads that value and refuses to start if it doesn't match the configured network, printing a clear error message with remediation steps.The check is implemented on
BaseDBand applies to both the PostgreSQL and SQLite backends. The itest exercises the full startup-refusal path for PostgreSQL. Unit tests covering the mismatch and idempotent-match cases run against both backends via thetest_db_postgres || test_db_sqlitebuild tag.Fixes: #10354