build: add release-install goal, hash individual binaries
We add a new make goal called release-install that creates the same reproducible binaries as the release script would create, but only for the current OS/architecture. It then installs those binaries to the system's GOBIN directory. To allow easy verification of individual binaries (instead of just the packag tarballs/zips), we also add the hashes of lnd and lncli binaries to the manifest. We do the same in the docker build.
This commit is contained in:
parent
f057f2c485
commit
25ac071300
@ -23,8 +23,7 @@ RUN apk add --no-cache --update alpine-sdk \
|
|||||||
&& git clone https://github.com/lightningnetwork/lnd /go/src/github.com/lightningnetwork/lnd \
|
&& git clone https://github.com/lightningnetwork/lnd /go/src/github.com/lightningnetwork/lnd \
|
||||||
&& cd /go/src/github.com/lightningnetwork/lnd \
|
&& cd /go/src/github.com/lightningnetwork/lnd \
|
||||||
&& git checkout $checkout \
|
&& git checkout $checkout \
|
||||||
&& make \
|
&& make release-install
|
||||||
&& make install tags="signrpc walletrpc chainrpc invoicesrpc"
|
|
||||||
|
|
||||||
# Start a new, final image.
|
# Start a new, final image.
|
||||||
FROM alpine as final
|
FROM alpine as final
|
||||||
@ -42,6 +41,11 @@ RUN apk --no-cache add \
|
|||||||
COPY --from=builder /go/bin/lncli /bin/
|
COPY --from=builder /go/bin/lncli /bin/
|
||||||
COPY --from=builder /go/bin/lnd /bin/
|
COPY --from=builder /go/bin/lnd /bin/
|
||||||
|
|
||||||
|
# Store the SHA256 hash of the binaries that were just produced for later
|
||||||
|
# verification.
|
||||||
|
RUN sha256sum /bin/lnd /bin/lncli > /shasums.txt \
|
||||||
|
&& cat /shasums.txt
|
||||||
|
|
||||||
# Expose lnd ports (p2p, rpc).
|
# Expose lnd ports (p2p, rpc).
|
||||||
EXPOSE 9735 10009
|
EXPOSE 9735 10009
|
||||||
|
|
||||||
|
5
Makefile
5
Makefile
@ -151,6 +151,11 @@ install:
|
|||||||
$(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lnd
|
$(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lnd
|
||||||
$(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lncli
|
$(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lncli
|
||||||
|
|
||||||
|
release-install:
|
||||||
|
@$(call print, "Installing release lnd and lncli.")
|
||||||
|
env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lnd
|
||||||
|
env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lncli
|
||||||
|
|
||||||
release:
|
release:
|
||||||
@$(call print, "Releasing lnd and lncli binaries.")
|
@$(call print, "Releasing lnd and lncli binaries.")
|
||||||
$(VERSION_CHECK)
|
$(VERSION_CHECK)
|
||||||
|
@ -181,6 +181,10 @@ function build_release() {
|
|||||||
env CGO_ENABLED=0 GOOS=$os GOARCH=$arch GOARM=$arm go build -v -trimpath -ldflags="${ldflags}" -tags="${buildtags}" ${PKG}/cmd/lncli
|
env CGO_ENABLED=0 GOOS=$os GOARCH=$arch GOARM=$arm go build -v -trimpath -ldflags="${ldflags}" -tags="${buildtags}" ${PKG}/cmd/lncli
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
# Add the hashes for the individual binaries as well for easy verification
|
||||||
|
# of a single installed binary.
|
||||||
|
sha256sum "${dir}/"* >> "manifest-$tag.txt"
|
||||||
|
|
||||||
if [[ $os == "windows" ]]; then
|
if [[ $os == "windows" ]]; then
|
||||||
reproducible_zip "${dir}"
|
reproducible_zip "${dir}"
|
||||||
else
|
else
|
||||||
@ -188,7 +192,10 @@ function build_release() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
sha256sum * >manifest-$tag.txt
|
# Add the hash of the packages too, then sort by the second column (name).
|
||||||
|
sha256sum lnd-* vendor* >> "manifest-$tag.txt"
|
||||||
|
LC_ALL=C sort -k2 -o "manifest-$tag.txt" "manifest-$tag.txt"
|
||||||
|
cat "manifest-$tag.txt"
|
||||||
}
|
}
|
||||||
|
|
||||||
# usage prints the usage of the whole script.
|
# usage prints the usage of the whole script.
|
||||||
|
Loading…
Reference in New Issue
Block a user