build: add release-install goal, hash individual binaries

We add a new make goal called release-install that creates the same
reproducible binaries as the release script would create, but only for
the current OS/architecture. It then installs those binaries to the
system's GOBIN directory.
To allow easy verification of individual binaries (instead of just the
packag tarballs/zips), we also add the hashes of lnd and lncli binaries
to the manifest. We do the same in the docker build.
This commit is contained in:
Oliver Gugger 2021-01-13 14:26:29 +01:00
parent f057f2c485
commit 25ac071300
No known key found for this signature in database
GPG Key ID: 8E4256593F177720
3 changed files with 19 additions and 3 deletions

@ -23,8 +23,7 @@ RUN apk add --no-cache --update alpine-sdk \
&& git clone https://github.com/lightningnetwork/lnd /go/src/github.com/lightningnetwork/lnd \ && git clone https://github.com/lightningnetwork/lnd /go/src/github.com/lightningnetwork/lnd \
&& cd /go/src/github.com/lightningnetwork/lnd \ && cd /go/src/github.com/lightningnetwork/lnd \
&& git checkout $checkout \ && git checkout $checkout \
&& make \ && make release-install
&& make install tags="signrpc walletrpc chainrpc invoicesrpc"
# Start a new, final image. # Start a new, final image.
FROM alpine as final FROM alpine as final
@ -42,6 +41,11 @@ RUN apk --no-cache add \
COPY --from=builder /go/bin/lncli /bin/ COPY --from=builder /go/bin/lncli /bin/
COPY --from=builder /go/bin/lnd /bin/ COPY --from=builder /go/bin/lnd /bin/
# Store the SHA256 hash of the binaries that were just produced for later
# verification.
RUN sha256sum /bin/lnd /bin/lncli > /shasums.txt \
&& cat /shasums.txt
# Expose lnd ports (p2p, rpc). # Expose lnd ports (p2p, rpc).
EXPOSE 9735 10009 EXPOSE 9735 10009

@ -151,6 +151,11 @@ install:
$(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lnd $(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lnd
$(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lncli $(GOINSTALL) -tags="${tags}" $(LDFLAGS) $(PKG)/cmd/lncli
release-install:
@$(call print, "Installing release lnd and lncli.")
env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lnd
env CGO_ENABLED=0 $(GOINSTALL) -v -trimpath -ldflags="$(RELEASE_LDFLAGS)" -tags="$(RELEASE_TAGS)" $(PKG)/cmd/lncli
release: release:
@$(call print, "Releasing lnd and lncli binaries.") @$(call print, "Releasing lnd and lncli binaries.")
$(VERSION_CHECK) $(VERSION_CHECK)

@ -181,6 +181,10 @@ function build_release() {
env CGO_ENABLED=0 GOOS=$os GOARCH=$arch GOARM=$arm go build -v -trimpath -ldflags="${ldflags}" -tags="${buildtags}" ${PKG}/cmd/lncli env CGO_ENABLED=0 GOOS=$os GOARCH=$arch GOARM=$arm go build -v -trimpath -ldflags="${ldflags}" -tags="${buildtags}" ${PKG}/cmd/lncli
popd popd
# Add the hashes for the individual binaries as well for easy verification
# of a single installed binary.
sha256sum "${dir}/"* >> "manifest-$tag.txt"
if [[ $os == "windows" ]]; then if [[ $os == "windows" ]]; then
reproducible_zip "${dir}" reproducible_zip "${dir}"
else else
@ -188,7 +192,10 @@ function build_release() {
fi fi
done done
sha256sum * >manifest-$tag.txt # Add the hash of the packages too, then sort by the second column (name).
sha256sum lnd-* vendor* >> "manifest-$tag.txt"
LC_ALL=C sort -k2 -o "manifest-$tag.txt" "manifest-$tag.txt"
cat "manifest-$tag.txt"
} }
# usage prints the usage of the whole script. # usage prints the usage of the whole script.