Commit Graph

70 Commits

Author SHA1 Message Date
c568ba9fa2 github+Makefile: add new action make tidy-module-check
This commit adds `tidy-module` and `tidy-module-check` to make sure the
modules are always tidy.
2023-09-06 02:48:13 +08:00
5296509474 Makefile+action: add make unit-module to test submodules
This commit adds a new command `make unit-module` to run unit tests for
submodules to avoid future build errors.
2023-09-06 02:47:55 +08:00
2914f8007f scripts: Direct 'lnd --help' output to a file
We are directing the output of 'lnd --help' to a file, as there
is currently an issue when an option is mentioned in the help
text.
2023-08-08 11:47:21 +02:00
aa7e7a1e5a Merge pull request #7770 from feelancer21/sample-lnd-conf-update-defaults
Revision of default values in sample-lnd.conf and building of a check script
2023-08-04 13:10:29 +02:00
aa6bc0828a scripts: Add check script for sample-lnd.conf
The new script perfoms the following checks on the sample-lnd.conf file:
 1. Checks that all relevant options of lnd are included.
 2. Verifies that defaults are labeled if there are also further examples.
 3. Checks that all default values of lnd --help are mentioned correctly,
    including empty defaults and booleans which are set to false by
    default.
2023-08-03 18:04:18 +02:00
37c0e521e8 scripts: add gpg key for Slyghtning [skip ci] 2023-07-20 16:28:21 +02:00
f2b3674b3a scripts/check-release-notes.sh: fix bash expression 2023-07-13 12:51:40 -04:00
acecb12f54 Merge pull request #7354 from positiveblue/invoice-sql-schema
sqldb: add invoice schema and sql queries
2023-07-12 17:03:26 -07:00
8c9f4515b6 scripts: use gpg --homedir flag to fix new behavior in 2.4
With the latest Golang Docker base image we are using the new gpg
version 2.4 is now being installed in the lnd Docker base image.

Apparently the expected value for the --keyring flag is just a file name
and not an absolute path. The path of the file is indicated either by
the $HOME environment variable or the --homedir flag. It looks like 2.4
now finally stopped supporting an absolute path in the --keyring flag
and we need to update our gpg command to make the script work again.

This should be backward compatible and still work on older versions of
gpg.
2023-07-11 09:18:22 +02:00
43a9e2f1ca multi: add sqlc support
sqlc is a tool that generates fully type-safe idiomatic code from SQL.
The result is Go code can then used execute the queries in the database.

The noraml flow looks like:
- The developer write some sql that will update the schema in the
  database: new tables, indices, etc
- The developer updates the set of queries that will use the new schema.
- `sqlc` generates type-safe interfaces to those queries.
- The developer can then write application code that calls the methods
  generated by sqlc.

The tool configuration needs to live in the repo's root and its name is
`sqlc.yaml`.

LND will support out of the box sqlite and postgres. The sql code needs to
be (almost) the same for both engines, so we cannot use custom functions
like `ANY` in postgres.

The SQLC config file needs to define what is the target engine, we will
set postgres but the generated code can be executed by sqlite too.

In some specific cases, we will `match and replace` some sql lines to be
sure the table definitions are valid for the targeted engine.
2023-07-10 17:36:58 -07:00
376aeec52a scripts: add ViktorTigerstrom PGP key [skip ci] 2023-07-10 12:55:19 +02:00
f42b6a3949 scripts: update release notes check for merge queue usage
Without this commit, PRs can fail to be merged via the merge queue, as
it'll fail with this error:
```
Run scripts/check-release-notes.sh
PR gh-readonly-queue didn't update release notes
Error: Process completed with exit code 1.
```
2023-06-15 17:48:55 -05:00
d730797880 itest: remove unused flag goroutineDump 2023-02-23 21:56:08 +08:00
0bc86a3b4b multi: move itest out of lntest
This commit moves all the test cases living in `itest` out of `lntest`,
further making `lntest` an independent package for general testing.
2023-02-23 21:56:08 +08:00
25a7bb8b86 make+scripts+docs: update fuzzing script and make fuzz 2022-11-11 10:30:05 -06:00
d16fcf12aa scripts: add sputn1ck pgp key
[skip ci]
2022-10-11 09:00:46 +02:00
8ab914dae5 scripts: add ffranr PGP signing key [skip ci] 2022-10-10 19:08:28 +01:00
c09a81624c keys: update key for bhandras 2022-06-09 09:28:46 +02:00
dec389d54f build: update CI to build against bitcoind 23 2022-05-04 15:24:22 -07:00
eca2ac8a57 scripts: add gpg key for ellemouton [skip ci] 2022-04-19 11:38:04 +02:00
bdda2aa059 docs+github+scripts: remove submodule update check
Because we want to avoid local replace directives (as they make it easy
to screw up things for external applications that use lnd as a library
without us noticing), we're going to switch over to a new process.
See section "Use of Golang submodules" in the code contribution
guideline.
2022-03-22 14:17:26 +01:00
a6282ab08e scripts: remove expiring key for cfromknecht [skip ci]
The user cfromknecht isn't an active contributor anymore and the key
will expire in less than two weeks.
2022-02-21 10:26:48 +01:00
d46e9d2d29 scripts: remove expired key for halseth
Fixes #6272.
The user halseth isn't an active contributor anymore and the key
expired.
2022-02-21 10:21:54 +01:00
55edd1b260 scripts+GitHub: check submodule version bump 2021-11-22 14:40:28 +01:00
56d00f40ef script: update CI to bitcoind 22 2021-11-03 16:43:27 -07:00
d7d1574095 scripts: verify version in manifest
To make a downgrade attack harder, we also check that the version string
is contained in the manifest, on the same line as the hash.
2021-09-27 15:49:12 +02:00
5bafff2cf2 scripts: allow packaged release archive to be verified
Instead of only allowing to verify installed/unpacked binaries, we also
allow a single binary or packaged release archive to be verified.
2021-09-27 15:49:11 +02:00
6d0368a189 scripts: pin signatures to keys
With this commit we add a new restriction that checks that the
username in the signature file (manifest-<username>-<version>.sig) actually
does have a signing key and that the signature was created with that key.
The signature is only counted towards the minimum of 5 signatures if
that check is successful.
The changes in this commit were inspired by @kixunil in #5048.
2021-09-27 15:49:11 +02:00
0984638a74 scripts: make sure signature files have unique names
To fix a simple attack where the same file would be uploaded multiple
times under the same name, we make sure we only count unique file names.
2021-09-27 15:49:10 +02:00
c8987ec2c5 scripts: add positiveblue key to verify script 2021-09-27 15:49:10 +02:00
f6c66ca980 scripts: add signing keys to repo
Instead of importing the keys from Keybase, we add all the signing keys
to the repository. In addition to having the key file present each key's
ID must also be added to the verification script. This acts as a double
check that the correct key is added and makes a key change more
explicit.
2021-09-27 15:49:08 +02:00
fc4a16b672 scripts/verify-install.sh: pass expected version as argument
This removes a vulnerability brought up by @Kixunil where both the lnd
and lncli binaries are executed to obtain their version before they have
been verified against the release. A malicious binary could have already
compromised the user's system before any of the checks had been
performed.

This commit it split out from the doc changes so that it can easily be
cherry-picked to master/0.13.0.
2021-09-27 15:48:19 +02:00
4c8bf9c28d scripts: extract functions
As a preparation to make the script easier to understand, we extract
some of the sub tasks into functions.
2021-09-27 15:48:19 +02:00
5d1bcaeb61 scripts: add arshbot key to verify script 2021-09-26 21:57:04 -04:00
36a316e29a make+scripts: fix rpc-check command 2021-07-27 12:59:54 +02:00
fee92941f1 scripts: account for master branch merges in release notes script
Without this commit, the build may break if a PR commit is created, as
that shows the `PR_NUMBER` field we parse out as "master", reflecting
that its a merge commit into the master branch.
2021-07-20 16:22:37 -07:00
6570749f7f build: add new GH actions to require release note updates
In this commit, we add a simple bash script to parse out the current PR
number from an environment variable in the GH actions context, and use
that to check to see if the PR has been referenced in the release notes
or not. This isn't 100% fool proof, but it should catch most of the
common cases.
2021-07-16 11:00:56 -07:00
591954ff61 scripts: detect whether sha256sum or shasum is available
The shasum command isn't available in Alpine linux while the sha256sum
command isn't available on MacOS. We add a simple switch that tries to
detect which one is available.
2021-02-17 18:11:42 +01:00
95eadfee2f scripts/verify-install.sh: combine final SUCCESS logs 2021-02-15 10:00:42 -08:00
c03f95a63b scripts/verify-install: bump min required signatures to 5 2021-02-15 09:59:59 -08:00
85c42b0b79 scripts: add more verbose error messages to verification
We want to be more precise in what exactly went wrong and what the cause
could be.
2021-02-15 10:47:46 +01:00
99ba272822 docs+scripts: switch to detached signatures
Due to a misunderstanding of how the gpg command line options work, we
didn't actually create detached signatures because the --clear-sign
flag would overwrite that. We update our verification script to now only
download the detached signatures and verify them against the main
manifest file.
We also update the signing instructions.
2021-02-15 10:33:20 +01:00
132d23c964 scripts: verify hash length
To make sure we've actually calculated the hash correctly, we make sure
it's 64 characters long.
2021-02-15 10:26:17 +01:00
644424296b scripts: use shasum instead of sha256sum
Because the sha256sum binary isn't available on MacOS we instead use the
shasum -a 256 command that was used before.
2021-02-15 10:26:15 +01:00
aca93199cf scripts: allow verification of custom binary
Instead of only allowing the installed versions of lnd and lncli to be
verified, we now also support specifying explicit paths to binaries that
we want to verify.
2021-02-12 13:22:13 +01:00
315f97ffd5 Merge pull request #4911 from guggero/docker-rpc-compile
lnrpc+mobile: use docker to compile/format protos
2021-02-01 13:42:42 +01:00
688a8045f0 Merge pull request #4963 from guggero/verify-no-key-fix
scripts: don't fail signature verification on missing public key
2021-01-28 14:52:22 +01:00
9c6e208797 multi: remove proto install script 2021-01-28 10:29:01 +01:00
734441d6c0 scripts: don't fail on missing public key
When verifying the release signatures, we don't want to fail if a
signer's signature is not available in the gpg key ring. Instead we just
don't want to count the signature for now and still succeed if there's
at least one other good sig with a known key.
2021-01-27 11:12:04 +01:00
991e077bf3 scripts: add halseth key to verify script 2021-01-27 10:43:32 +01:00