Sections: Intro / requirements Packet forwarding setup Building and c-lightning bitcoin-cli Installing Lightning Charge Installing for a point-of-sale solution nanopos The Inverse Path USB Armory is a unique device among the now-popularized SoC-powered category of hardware, which includes the Raspberry Pi and the Rock64. Like the other systems, it is relatively underpowered in terms of computing ability. However, its uniqueness comes from its compact form factor and its components. The Armory requires no power adapter or wall socket; it only needs a USB port to plug into to function. The Armory powers itself via USB and also communicates to its host device in the same manner — via an emulated Ethernet connection. The Armory utilizes the NXP i.MX53 ARM® Cortex™-A8 processor running at 800 Mhz. It also includes 512 MB of DDR3 RAM and a microSD card slot for storage. The USB armory board has been created by Inverse Path to support the development of a variety of security applications. The capability of emulating arbitrary USB devices in combination with the i.MX53 SoC speed, the security features and the flexible and fully customizable operating environment, makes the USB armory the ideal platform for all kinds of personal security applications. The transparency of the open and minimal design for the USB armory hardware facilitates auditability and greatly limits the potentiality and scope of supply chain attacks. From: https://inversepath.com/usbarmory A good use case that takes advantage of the form factor, the power-over-USB, and the emulated Ethernet-over-USB is a portable Bitcoin Lightning wallet. With this configuration, users can setup a device that runs and stores their private keys on a portable platform that is easily plugged into existing hardware such as Raspberry Pis that run . Also, another scenario is if a user has a laptop they run a full node on. The Armory can simply be plugged in and the user can then transact over the Lightning Network and run Lightning-powered applications (LApps). c-lightning bitcoind Another use case for this setup is for adding processing power to an underpowered device such an older laptop or Raspberry Pi. This way, the Armory acts as a sort of co-processor for Lightning! An Armory connected to a Rock64 Requirements: An Inverse Path USB Armory microSD card of 4GB or greater capacity with the installed official Debian base image A USB host device (laptop, workstation, or RPi-like) running on your LAN, or elsewhere with access credentials for RPC bitcoind aring the Armory for installation: Prep All that is needed for to communicate with a remote is , which drastically reduces the time needed to build on the Armory. Cross-compiliation is possible, but that is out of the scope of this guide. In order to build only , the Bitcoin code needs to be pulled from its Github repository. But, before that can be done, packet forwarding must be enabled on the host device (the device the Armory is plugged into). lightningd bitcoind bitcoin-cli bitcoin-cli Networking: The Armory (if using the official Debian base image), when plugged in and booted, creates a virtual interface that . Once configured, the Armory and its USB host can communicate with each other as if they were on the same LAN (since they technically are). It is up to the USB host to allow the Armory’s packets to be forwarded or not, which if allowed enables the Armory to open Lightning Network channels with other nodes outside of the local network. Packet forwarding is also required to install build tools and dependencies. emulates an Ethernet connection Windows: Instructions for enabling packet forwarding (also known as Connection Sharing) for Windows 7, 8, and 10 can be found . here MacOS: MacOS instructions can be found . here Linux: Note: On Ubuntu 16.04, the Network Manager did not interfere. Other distributions’ configurations might, however. From the Linux instructions: Enable masquerading for outgoing connections: # iptables -t nat -A POSTROUTING -s 10.0.0.2/32 -o wlan0 -j MASQUERADEenable IP forwarding: # echo 1 > /proc/sys/net/ipv4/ip_forward Plug in the Armory, and notice the blinking white LED. This means the Armory is running. The “heartbeat” LED blinks more quickly as the Armory is being utilized. Now, into your Armory with the Debian base image’s default credentials (user and password are both ) ssh usbarmory $ ssh usbarmory@10.0.0.1 Ping a public address to see if your Armory is routed correctly: $ ping 8.8.8.8 If successful, you will receive replies: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=1 ttl=60 time=46.3 ms64 bytes from 8.8.8.8: icmp_seq=2 ttl=60 time=48.0 ms64 bytes from 8.8.8.8: icmp_seq=3 ttl=60 time=48.1 ms64 bytes from 8.8.8.8: icmp_seq=4 ttl=60 time=71.5 ms Great! Building c-lightning: $ sudo apt update && sudo apt -y upgrade Once that is finished, reboot the Armory for good measure in case there is a kernel update: $ sudo reboot Now, begin installing the build tools and dependencies needed to compile and : bitcoin-cli c-lightning $ sudo apt-get install -y \ autoconf automake build-essential git libtool libgmp-dev \ libsqlite3-dev python python3 net-tools libsodium-dev \ pkg-config libssl-dev libevent-dev \ libboost-system-dev libboost-filesystem-dev \ libboost-chrono-dev libboost-program-options-dev \ libboost-test-dev libboost-thread-dev tmux curl Clone the repository: c-lightning $ git clone https://github.com/ElementsProject/lightning.git Navigate to the local repository: $ cd lightning Then start the build: $ make Once that is finished, navigate to the user’s home directory: usbarmory $ cd ~/ Download the Bitcoin Core 0.16.0 source code archive, SHA256SUMS.asc, and import the Core maintainer’s gpg key to verify the hashes. Finally, decompress the archive: $ wget https://bitcoincore.org/bin/bitcoin-core-0.16.0/bitcoin-0.16.0.tar.gz $ wget https://bitcoincore.org/bin/bitcoin-core-0.16.0/SHA256SUMS.asc $ gpg --recv-key 90C8019E36C2E964 $ gpg --verify SHA256SUMS.asc $ sha256sum -c --ignore-missing SHA256SUMS.asc# should output an "OK" $ tar zxvf bitcoin-0.16.0.tar.gz Excellent! Now, on to building . bitcoin-cli Building bitcoin-cli: Navigate to the Bitcoin source code directory and start the build process: $ cd bitcoin-0.16.0/ $ ./autogen.sh While running , a flood of warning messages about locales may occur. This can be remedied by setting a locale: autogen.sh $ sudo dpkg-reconfigure locales # Select something like en_US.UTF-8 and hit Ok Continuing the build process: $ CFLAGS="-march=native" ./configure --disable-wallet tells our compiler, , to auto-detect the Armory’s processor and enable optimizations specific to that processor. It helps squeeze out any increases in performance the ARM processor has, which is important because this processor is relatively slow. -march=native gcc is not being built, so is not needed. Pass to build without wallet support ( will be the wallet in this configuration). bitcoind libdb --disable-wallet c-lightning Now, build : bitcoin-cli $ make src/bitcoin-cli Finally, copy the freshly built binary to : bitcoin-cli /usr/local/bin $ sudo cp src/bitcoin-cli /usr/local/bin $ whereis bitcoin-cli # Should return "/usr/local/bin/bitcoin-cli" Connecting the Armory to via RPC: bitcoind uses to send raw transactions to for various reasons such as opening, force-closing, or mutually-closing channels. Since is running on the Armory, it requires as well. However, needs to be able to communicate to , so create and add appropriate items to the Armory’s, and the USB host’s, : c-lightning bitcoin-cli bitcoind c-lightning bitcoin-cli bitcoin-cli bitcoind bitcoin.conf On the USB host, or the device elsewhere that has running, specify the following items in : bitcoind bitcoin.conf rpcuser= <username>rpcpassword= <yourpasswordnotthisone>rpcallowip= <the Armory's IP address> Save those changes, then create the Armory’s , and add the following items: bitcoin.conf $ nano ~/.bitcoin/bitcoin.conf In : bitcoin.conf rpcuser= <username from before>rpcpassword= <password from before>rpcconnect= <USB hosts's IP (10.0.0.2)> Substitute for the IP address may be listening on (eg. ) 10.0.0.2 bitcoind 192.168.0.254 Attempt to query from the Armory: bitcoind $ bitcoin-cli -getinfo If successful, a response will be returned with the relevant information (block height, difficulty, etc.) Awesome! Running c-lightning: Now that everything is built, configured, and networked correctly, can be run. c-lightning Start a session and then start : tmux lightningd $ tmux$ ./lightning/lightningd/lightningd --network testnet --log-level debug$ ./lightning/cli/lightning-cli getinfo Note: pass _--network bitcoin_ instead, if you’re #reckless. If starts outputting , and returns the current block height (among other information), the Armory is successfully setup! lightningd Adding block <block number> lightning-cli may now be used to generate new addresses for depositing/withdrawing bitcoin, and to open/close Lightning Network channels! lightning-cli Lightning Charge: LApps are Lightning-powered applications that utilize the instant payments that the Lightning Network provides. Recently released LApps include those listed here on Blockstream’s blog: https://blockstream.com/2018/03/29/blockstreams-week-of-lapps-ends.html To run these LApps, Lightning Charge needs to be installed on the Armory. Lightning Charge is a micropayment processing system written in node.js. It exposes the functionality of c-lightning through its REST API, which can be accessed through and libraries. From: JavaScript PHP https://blockstream.com/2018/01/16/lightning-charge.html Lightning Charge requires and . Install them now: c-lightning nodejs $ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - $ sudo apt-get install -y nodejs Permissions errors might occur due to the nodesource.com-provided package. To work around this, do the following: nodejs $ mkdir ~/.npm-global$ npm config set prefix '~/.npm-global' Add the following to : ~/.profile $ export PATH=~/.npm-global/bin:$PATH Finally: $ source ~/.profile Then simply use to install Lightning Charge, and run : npm charged $ npm install -g lightning-charge $ charged --api-token <a secret token> will then be running on the default port of 9112! charged Installing the nanopos LApp to turn your Lightning module into a micro point-of-sale solution: is easily installed with : nanopos npm $ npm install -g nanopos Edit an file with the products for sale, specify a currency with , and then run : items.yaml --currency nanopos $ nanopos -t <charge API token> --items-path items.yaml --currency USD The title of the rendered page can be changed with , and there are an assortment of themes available at bootswatch.com that can be chosen with . --title -m Now , , and the LApp are all running on the portable Armory! c-lightning charged nanopos Once done transacting, simply shutdown the Armory and unplug it in order to store it for transporting. When ready to transact again, plug it back in, in, and fire up again. This can be configured to use a running on a VPS or similar public-facing hosting service to further increase portability (only the Armory is needed versus an accompanying workstation/laptop/host with ). ssh c-lightning bitcoind bitcoind The Armory can also run in “standalone mode”, which requires no USB host for connectivity or power (it is still powered via USB, however). This enables other cool use cases like a much more portable battery-powered and WiFi-enabled configuration! Thanks for reading! -grubles