To avoid leaking any sensitive information like Docker Hub credentials
because of compromised actions repositories, we use our own, vendored
actions for all steps that potentially touch sensitive information.
All of the other mission control exported functions acquire their locks
immediately, and do not lock in the subsequent unexported functions.
This commit moves the lock up for the report payment functions so that
mission control's config values are covered by this lock, in preparation
for allowing config to be updated at runtime. Moving this lock means
that we will hold the lock for the additional time it takes to store a
single result, AddResult, to the store.
We are going to use the config struct to allow getting and setting
of the mission control config in the commits that follow. Self node
is not something we want to change, so we move it out for better
separation.
The verification script makes sure the hashes of the binaries inside of
a docker image match those of an official release.
The script first downloads all signatures, validates them, then compares
the hashes of the installed binaries to those contained in the detached
signature files.
This commit reverts the anchors-by-default change, and instead make
anchor commitments and opt-in option. The plan is to enable anchors by
default further down the line.
We add a new make goal called release-install that creates the same
reproducible binaries as the release script would create, but only for
the current OS/architecture. It then installs those binaries to the
system's GOBIN directory.
To allow easy verification of individual binaries (instead of just the
packag tarballs/zips), we also add the hashes of lnd and lncli binaries
to the manifest. We do the same in the docker build.
This commit moves the contract breach event dispatch after the channel
close summary has been added to the database. This is important
otherwise it may occur that we attempt to mark the channel fully closed
while the channel close summary is not yet serialized.
To prevent novice users from running non-release versions, we update the
installation instructions to point them towards our release binaries.
We also document the new Docker build helper that allows you to compile
lnd without needing to install golang.