From 25ac0713004cdc4a24f5a97f5c1834a4e87aae48 Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Wed, 13 Jan 2021 14:26:29 +0100 Subject: [PATCH] build: add release-install goal, hash individual binaries We add a new make goal called release-install that creates the same reproducible binaries as the release script would create, but only for the current OS/architecture. It then installs those binaries to the system's GOBIN directory. To allow easy verification of individual binaries (instead of just the packag tarballs/zips), we also add the hashes of lnd and lncli binaries to the manifest. We do the same in the docker build. --- Dockerfile | 8 ++++++-- Makefile | 5 +++++ scripts/release.sh | 9 ++++++++- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9fdcb4a3d..40640f4eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,8 +23,7 @@ RUN apk add --no-cache --update alpine-sdk \ && git clone https://github.com/lightningnetwork/lnd /go/src/github.com/lightningnetwork/lnd \ && cd /go/src/github.com/lightningnetwork/lnd \ && git checkout $checkout \ -&& make \ -&& make install tags="signrpc walletrpc chainrpc invoicesrpc" +&& make release-install # Start a new, final image. FROM alpine as final @@ -42,6 +41,11 @@ RUN apk --no-cache add \ COPY --from=builder /go/bin/lncli /bin/ COPY --from=builder /go/bin/lnd /bin/ +# Store the SHA256 hash of the binaries that were just produced for later +# verification. +RUN sha256sum /bin/lnd /bin/lncli > /shasums.txt \ + && cat /shasums.txt + # Expose lnd ports (p2p, rpc). EXPOSE 9735 10009 diff --git a/Makefile b/Makefile index cfe1de345..cb956e425 100644 --- a/Makefile +++ b/Makefile @@ -151,6 +151,11 @@ install: $(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lnd $(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lncli +release-install: + @$(call print, "Installing release lnd and lncli.") + env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lnd + env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lncli + release: @$(call print, "Releasing lnd and lncli binaries.") $(VERSION_CHECK) diff --git a/scripts/release.sh b/scripts/release.sh index 4b89bbac4..6ff4c3b6b 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -181,6 +181,10 @@ function build_release() { env CGO_ENABLED=0 GOOS=$os GOARCH=$arch GOARM=$arm go build -v -trimpath -ldflags="${ldflags}" -tags="${buildtags}" ${PKG}/cmd/lncli popd + # Add the hashes for the individual binaries as well for easy verification + # of a single installed binary. + sha256sum "${dir}/"* >> "manifest-$tag.txt" + if [[ $os == "windows" ]]; then reproducible_zip "${dir}" else @@ -188,7 +192,10 @@ function build_release() { fi done - sha256sum * >manifest-$tag.txt + # Add the hash of the packages too, then sort by the second column (name). + sha256sum lnd-* vendor* >> "manifest-$tag.txt" + LC_ALL=C sort -k2 -o "manifest-$tag.txt" "manifest-$tag.txt" + cat "manifest-$tag.txt" } # usage prints the usage of the whole script.