97a141e7af
The verification script makes sure the hashes of the binaries inside of a docker image match those of an official release. The script first downloads all signatures, validates them, then compares the hashes of the installed binaries to those contained in the detached signature files.
58 lines
1.7 KiB
Docker
58 lines
1.7 KiB
Docker
# If you change this value, please change it in the following files as well:
|
|
# /.travis.yml
|
|
# /dev.Dockerfile
|
|
# /make/builder.Dockerfile
|
|
# /.github/workflows/main.yml
|
|
# /.github/workflows/release.yml
|
|
FROM golang:1.15.6-alpine as builder
|
|
|
|
# Force Go to use the cgo based DNS resolver. This is required to ensure DNS
|
|
# queries required to connect to linked containers succeed.
|
|
ENV GODEBUG netdns=cgo
|
|
|
|
# Pass a tag, branch or a commit using build-arg. This allows a docker
|
|
# image to be built from a specified Git state. The default image
|
|
# will use the Git tip of master by default.
|
|
ARG checkout="master"
|
|
|
|
# Install dependencies and build the binaries.
|
|
RUN apk add --no-cache --update alpine-sdk \
|
|
git \
|
|
make \
|
|
gcc \
|
|
&& git clone https://github.com/lightningnetwork/lnd /go/src/github.com/lightningnetwork/lnd \
|
|
&& cd /go/src/github.com/lightningnetwork/lnd \
|
|
&& git checkout $checkout \
|
|
&& make release-install
|
|
|
|
# Start a new, final image.
|
|
FROM alpine as final
|
|
|
|
# Define a root volume for data persistence.
|
|
VOLUME /root/.lnd
|
|
|
|
# Add utilities for quality of life and SSL-related reasons. We also require
|
|
# curl and gpg for the signature verification script.
|
|
RUN apk --no-cache add \
|
|
bash \
|
|
jq \
|
|
ca-certificates \
|
|
gnupg \
|
|
curl
|
|
|
|
# Copy the binaries from the builder image.
|
|
COPY --from=builder /go/bin/lncli /bin/
|
|
COPY --from=builder /go/bin/lnd /bin/
|
|
COPY --from=builder /go/src/github.com/lightningnetwork/lnd/scripts/verify-install.sh /
|
|
|
|
# Store the SHA256 hash of the binaries that were just produced for later
|
|
# verification.
|
|
RUN sha256sum /bin/lnd /bin/lncli > /shasums.txt \
|
|
&& cat /shasums.txt
|
|
|
|
# Expose lnd ports (p2p, rpc).
|
|
EXPOSE 9735 10009
|
|
|
|
# Specify the start command and entrypoint as the lnd daemon.
|
|
ENTRYPOINT ["lnd"]
|