diff --git a/Dockerfile b/Dockerfile index 9fdcb4a3..40640f4e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,8 +23,7 @@ RUN apk add --no-cache --update alpine-sdk \ && git clone https://github.com/lightningnetwork/lnd /go/src/github.com/lightningnetwork/lnd \ && cd /go/src/github.com/lightningnetwork/lnd \ && git checkout $checkout \ -&& make \ -&& make install tags="signrpc walletrpc chainrpc invoicesrpc" +&& make release-install # Start a new, final image. FROM alpine as final @@ -42,6 +41,11 @@ RUN apk --no-cache add \ COPY --from=builder /go/bin/lncli /bin/ COPY --from=builder /go/bin/lnd /bin/ +# Store the SHA256 hash of the binaries that were just produced for later +# verification. +RUN sha256sum /bin/lnd /bin/lncli > /shasums.txt \ + && cat /shasums.txt + # Expose lnd ports (p2p, rpc). EXPOSE 9735 10009 diff --git a/Makefile b/Makefile index cfe1de34..cb956e42 100644 --- a/Makefile +++ b/Makefile @@ -151,6 +151,11 @@ install: $(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lnd $(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lncli +release-install: + @$(call print, "Installing release lnd and lncli.") + env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lnd + env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lncli + release: @$(call print, "Releasing lnd and lncli binaries.") $(VERSION_CHECK) diff --git a/scripts/release.sh b/scripts/release.sh index 4b89bbac..6ff4c3b6 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -181,6 +181,10 @@ function build_release() { env CGO_ENABLED=0 GOOS=$os GOARCH=$arch GOARM=$arm go build -v -trimpath -ldflags="${ldflags}" -tags="${buildtags}" ${PKG}/cmd/lncli popd + # Add the hashes for the individual binaries as well for easy verification + # of a single installed binary. + sha256sum "${dir}/"* >> "manifest-$tag.txt" + if [[ $os == "windows" ]]; then reproducible_zip "${dir}" else @@ -188,7 +192,10 @@ function build_release() { fi done - sha256sum * >manifest-$tag.txt + # Add the hash of the packages too, then sort by the second column (name). + sha256sum lnd-* vendor* >> "manifest-$tag.txt" + LC_ALL=C sort -k2 -o "manifest-$tag.txt" "manifest-$tag.txt" + cat "manifest-$tag.txt" } # usage prints the usage of the whole script.