lightningd / docker / windows / non-root user = broken hsmd

docker-compose.log

polar-n1-alice | adding user clightning (1000:1000)
polar-n1-alice | Running as clightning user: lightningd --network=regtest --bitcoin-rpcuser=polaruser --bitcoin-rpcpassword=polarpass --bitcoin-rpcconnect=polar-n1-backend --bitcoin-rpcport=18443 --alias=alice --log-level=debug --plugin=/opt/c-lightning-rest/plugin.js --rest-port=8080 --rest-protocol=http
polar-n1-alice | 2019-11-18T16:09:38.456Z DEBUG plugin-manager started(25) /usr/local/bin/../libexec/c-lightning/plugins/pay
polar-n1-alice | 2019-11-18T16:09:38.457Z DEBUG plugin-manager started(26) /usr/local/bin/../libexec/c-lightning/plugins/autoclean
polar-n1-alice | 2019-11-18T16:09:38.461Z DEBUG plugin-manager started(27) /usr/local/bin/../libexec/c-lightning/plugins/fundchannel
polar-n1-alice | 2019-11-18T16:09:38.465Z DEBUG plugin-manager started(28) /opt/c-lightning-rest/plugin.js
polar-n1-alice | 2019-11-18T16:09:38.528Z DEBUG lightningd(1): testing /usr/local/libexec/c-lightning/lightning_channeld
polar-n1-alice | 2019-11-18T16:09:38.531Z DEBUG lightningd(1): testing /usr/local/libexec/c-lightning/lightning_closingd
polar-n1-alice | 2019-11-18T16:09:38.534Z DEBUG lightningd(1): testing /usr/local/libexec/c-lightning/lightning_connectd
polar-n1-alice | 2019-11-18T16:09:38.536Z DEBUG lightningd(1): testing /usr/local/libexec/c-lightning/lightning_gossipd
polar-n1-alice | 2019-11-18T16:09:38.540Z DEBUG lightningd(1): testing /usr/local/libexec/c-lightning/lightning_hsmd
polar-n1-alice | 2019-11-18T16:09:38.547Z DEBUG lightningd(1): testing /usr/local/libexec/c-lightning/lightning_onchaind
polar-n1-alice | 2019-11-18T16:09:38.548Z DEBUG lightningd(1): testing /usr/local/libexec/c-lightning/lightning_openingd
polar-n1-alice | 2019-11-18T16:09:38.552Z INFO lightningd(1): Creating database
polar-n1-alice | 2019-11-18T16:09:38.576Z DEBUG lightning_hsmd(42): pid 42, msgfd 22
polar-n1-alice | lightning_hsmd: fsyncdir: Invalid argument (version v0.7.3)
polar-n1-alice | 0x561cc79d35aa send_backtrace
polar-n1-alice |        common/daemon.c:41
polar-n1-alice | 0x561cc79d5d0a status_failed
polar-n1-alice |        common/status.c:199
polar-n1-alice | 0x561cc79cc719 maybe_create_new_hsm
polar-n1-alice |        hsmd/hsmd.c:587
polar-n1-alice | 0x561cc79cd3c5 init_hsm
polar-n1-alice |        hsmd/hsmd.c:711
polar-n1-alice | 0x561cc79cf476 handle_client
polar-n1-alice |        hsmd/hsmd.c:1933
polar-n1-alice | 0x561cc79e6968 next_plan
polar-n1-alice |        ccan/ccan/io/io.c:59
polar-n1-alice | 0x561cc79e6e50 do_plan
polar-n1-alice |        ccan/ccan/io/io.c:407
polar-n1-alice | 0x561cc79e6e7d io_ready
polar-n1-alice |        ccan/ccan/io/io.c:417
polar-n1-alice | 0x561cc79e8743 io_loop
polar-n1-alice |        ccan/ccan/io/poll.c:445
polar-n1-alice | 0x561cc79cf6ea main
polar-n1-alice |        hsmd/hsmd.c:2055
polar-n1-alice | 0x7f7e135da2e0 ???
polar-n1-alice |        ???:0
polar-n1-alice | 0x561cc79cc079 ???
polar-n1-alice |        ???:0
polar-n1-alice | 0xffffffffffffffff ???
polar-n1-alice |        ???:0
polar-n1-alice | lightningd: HSM did not give init reply

docker-compose.yml

version: '3.3'
services:
  backend:
    image: 'polarlightning/bitcoind:0.18.1'
    container_name: polar-n1-backend
    environment:
      USERID: '${USERID:-1000}'
      GROUPID: '${GROUPID:-1000}'
    hostname: backend
    command: >-
      bitcoind -server=1 -regtest=1
      -rpcauth=polaruser:5e5e98c21f5c814568f8b55d83b23c1c$$066b03f92df30b11de8e4b1b1cd5b1b4281aa25205bd57df9be82caf97a05526
      -debug=0 -zmqpubrawblock=tcp://0.0.0.0:28334
      -zmqpubrawtx=tcp://0.0.0.0:28335 -txindex=1 -dnsseed=0 -upnp=0
      -rpcbind=0.0.0.0 -rpcallowip=0.0.0.0/0 -rpcport=18443
    volumes:
      - './volumes/bitcoind/backend:/home/bitcoin/.bitcoin'
    expose:
      - '18443'
      - '18444'
      - '28334'
      - '28335'
    ports:
      - '18443:18443'
  alice:
    image: 'polarlightning/clightning:0.7.3'
    container_name: polar-n1-alice
    environment:
      USERID: '${USERID:-1000}'
      GROUPID: '${GROUPID:-1000}'
    hostname: alice
    command: >-
      lightningd --network=regtest --bitcoin-rpcuser=polaruser --bitcoin-rpcpassword=polarpass --bitcoin-rpcconnect=polar-n1-backend --bitcoin-rpcport=18443 --alias=alice --log-level=debug --plugin=/opt/c-lightning-rest/plugin.js --rest-port=8080 --rest-protocol=http
    restart: always
    volumes:
      - './volumes/clightning/alice:/home/clightning/.lightning'
    expose:
      - '8080'
      - '9735'
    ports:
      - '8081:8080'
  bob:
    image: 'polarlightning/lnd:0.8.0-beta'
    container_name: polar-n1-bob
    environment:
      USERID: '${USERID:-1000}'
      GROUPID: '${GROUPID:-1000}'
    hostname: bob
    command: >-
      lnd --noseedbackup --alias=bob --externalip=bob --tlsextradomain=bob
      --listen=0.0.0.0:9735 --rpclisten=0.0.0.0:10009 --restlisten=0.0.0.0:8080
      --bitcoin.active --bitcoin.regtest --bitcoin.node=bitcoind
      --bitcoind.rpchost=polar-n1-backend --bitcoind.rpcuser=polaruser
      --bitcoind.rpcpass=polarpass
      --bitcoind.zmqpubrawblock=tcp://polar-n1-backend:28334
      --bitcoind.zmqpubrawtx=tcp://polar-n1-backend:28335
    restart: always
    volumes:
      - './volumes/lnd/bob:/home/lnd/.lnd'
    expose:
      - '8080'
      - '10009'
      - '9735'
    ports:
      - '8082:8080'
      - '10005:10009'

# docker build --build-arg CLN_VERSION=0.7.3 -t polarlightning/clightning ./clightning
# bitcoin-cli -regtest -rpcconnect=polar-n1-backend -rpcport=18443 -rpcuser=polaruser -rpcpassword=polarpass getnewaddress
# bitcoin-cli -regtest -rpcconnect=polar-n1-backend -rpcport=18443 -rpcuser=polaruser -rpcpassword=polarpass generatetoaddress 10
# base64 /opt/c-lightning-rest/certs/access.macaroon

docker-entrypoint.sh

#!/bin/sh
set -e

# containers on linux share file permissions with hosts.
# assigning the same uid/gid from the host user
# ensures that the files can be read/write from both sides
if ! id clightning > /dev/null 2>&1; then
  USERID=${USERID:-1000}
  GROUPID=${GROUPID:-1000}

  echo "adding user clightning ($USERID:$GROUPID)"
  groupadd -f -g $GROUPID clightning
  useradd -r -u $USERID -g $GROUPID clightning
  # ensure correct ownership of user home dir
  mkdir -p /home/clightning
  chown clightning:clightning /home/clightning
fi

if [ $(echo "$1" | cut -c1) = "-" ]; then
  echo "$0: assuming arguments for lightningd"

  set -- lightningd "$@"
fi

if [ "$1" = "lightningd" ] || [ "$1" = "lightning-cli" ]; then
  echo "Running as clightning user: $@"
  exec gosu clightning "$@"
fi

echo
exec "$@"

Dockerfile

ARG CLN_VERSION

FROM elementsproject/lightningd:v${CLN_VERSION}

# install nodejs
RUN apt-get update -y \
  && apt-get install -y curl gosu \
  && curl -sL https://deb.nodesource.com/setup_12.x | bash - \
  && apt-get install -y git nodejs \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# install c-lightning-REST API plugin
RUN git clone https://github.com/saubyk/c-lightning-rest /opt/c-lightning-rest/ \
  && cd /opt/c-lightning-rest \
  && npm install \
  && chmod -R a+rw /opt/c-lightning-rest

COPY docker-entrypoint.sh /entrypoint.sh

RUN chmod a+x /entrypoint.sh

VOLUME ["/home/clightning/.lightning"]

EXPOSE 9735 8080 10000

ENTRYPOINT ["/entrypoint.sh"]

CMD ["lightningd"]

# Build using:
# docker build --build-arg CLN_VERSION=0.7.3 -t polarlightning/clightning .