build/release: create new release package for reproducible builds

In this commit, we create a new `build/release` package which houses the
build instructions and scripts that we need to do deterministic builds
across Windows, Linux, and MacOS.

With this new system, it's now possible for all `lnd` developers, as
well as users to verify the posted build binaries. This wasn't possible
in prior release as only in Go 1.13 did deterministic builds becomes
easier/possible. See the new `README.md` for further details.
This commit is contained in:
Olaoluwa Osuntokun 2019-09-26 16:17:45 -07:00
parent 5ed1084130
commit 0e41f07c47
No known key found for this signature in database
GPG Key ID: BC13F65E2DC84465
2 changed files with 38 additions and 2 deletions

34
build/release/README.md Normal file

@ -0,0 +1,34 @@
# lnd's Reproducible Build System
This package contains the buidl script that the `lnd` project uses in order to
build binaries for each new release. As of Go 1.13, with some new build flags,
binaries are now reproducible, allowing developers to build the binary on
distinct machines, and end up with a byte-for-byte identical binary. However,
this wasn't _fully_ solved in Go 1.13, as the build system still includes the
directory the binary is built into the binary itself. As a result, our scripts
utilize a work around needed until Go 1.13.2.
## Building a New Release
### MacOS/Linux/Windows (WSL)
No prior set up is needed on Linux or MacOS is required in order to build the
release binaries. However, on Windows, the only way to build the binaries atm
is using the Windows Subsystem Linux. One can build the release binaries from
one's `lnd` directory, no matter where it's located. One can download `lnd` to
```
git clone https://github.com/lightningnetwork/lnd.git
```
Afterwards, the release manager/verifier simply needs to run:
`./build/release/release.sh <TAG>` (from the top-level `lnd` directory) , where
`<TAG>` is the name of the next release/tag.
## Verifying a Release
With Go 1.13, it's now possible for third parties to verify a release binary.
Before this release, one had to trust that release manager to build the proper
binary. With this new system, third parties can now _independently_ run the
release process, and verify that all the hashes in the final `manifest.txt`
match up.

@ -7,6 +7,8 @@
# Use of this source code is governed by the ISC
# license.
set -e
# If no tag specified, use date + version otherwise use tag.
if [[ $1x = x ]]; then
DATE=`date +%Y%m%d`
@ -60,8 +62,8 @@ for i in $SYS; do
cd $PACKAGE-$i-$TAG
echo "Building:" $OS $ARCH $ARM
env GOOS=$OS GOARCH=$ARCH GOARM=$ARM go build -v -trimpath -ldflags "$COMMITFLAGS" -tags="autopilotrpc signrpc walletrpc chainrpc invoicesrpc routerrpc watchtowerrpc" github.com/lightningnetwork/lnd/cmd/lnd
env GOOS=$OS GOARCH=$ARCH GOARM=$ARM go build -v -trimpath -ldflags "$COMMITFLAGS" -tags="autopilotrpc invoicesrpc walletrpc routerrpc watchtowerrpc" github.com/lightningnetwork/lnd/cmd/lncli
env CGO_ENABLED=0 GOOS=$OS GOARCH=$ARCH GOARM=$ARM go build -v -trimpath -ldflags="-s -w -buildid= $COMMITFLAGS" -tags="autopilotrpc signrpc walletrpc chainrpc invoicesrpc routerrpc watchtowerrpc" github.com/lightningnetwork/lnd/cmd/lnd
env CGO_ENABLED=0 GOOS=$OS GOARCH=$ARCH GOARM=$ARM go build -v -trimpath -ldflags="-s -w -buildid= $COMMITFLAGS" -tags="autopilotrpc invoicesrpc walletrpc routerrpc watchtowerrpc" github.com/lightningnetwork/lnd/cmd/lncli
cd ..
if [[ $OS = "windows" ]]; then