Skip to content

Commit

Permalink
Merge pull request #5052 from cfromknecht/v0.12.1-beta.rc7-branch-com…
Browse files Browse the repository at this point in the history 
…mits

v0.12.1-beta.rc7
  • Loading branch information
@cfromknecht
cfromknecht authored Feb 23, 2021
2 parents 953e3cc + 51aaf2b commit d233f61
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 35 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,7 @@ jobs:
To verify the `lnd` and `lncli` binaries inside the docker images against the signed, reproducible release binaries, there is a verification script in the image that can be called (before starting the container for example):
```shell
$ docker pull lightninglabs/lnd:${{ env.RELEASE_VERSION }}
$ docker run --rm --entrypoint="" lightninglabs/lnd:${{ env.RELEASE_VERSION }} /verify-install.sh
$ docker run --rm --entrypoint="" lightninglabs/lnd:${{ env.RELEASE_VERSION }} /verify-install.sh ${{ env.RELEASE_VERSION }}
$ OK=$?
$ if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
$ docker run lightninglabs/lnd [command-line options]
Expand Down
2 changes: 1 addition & 1 deletion build/version.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ const (

// AppPreRelease MUST only contain characters from semanticAlphabet
// per the semantic versioning spec.
AppPreRelease = "beta.rc6"
AppPreRelease = "beta"
)

func init() {
Expand Down
3 changes: 1 addition & 2 deletions docs/DOCKER.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,7 @@ script in the image that can be called (before starting the container for
example):

```shell
⛰ docker pull lightninglabs/lnd:v0.12.0-beta
⛰ docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.0-beta /verify-install.sh
⛰ docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.1-beta /verify-install.sh v0.12.1-beta
⛰ OK=$?
if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
⛰ docker run lightninglabs/lnd [command-line options]
Expand Down
3 changes: 1 addition & 2 deletions docs/release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,7 @@ script in the image that can be called (before starting the container for
example):

```shell
⛰ docker pull lightninglabs/lnd:v0.12.0-beta
⛰ docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.0-beta /verify-install.sh
⛰ docker run --rm --entrypoint="" lightninglabs/lnd:v0.12.1-beta /verify-install.sh v0.12.1-beta
⛰ OK=$?
if [ "$OK" -ne "0" ]; then echo "Verification failed!"; exit 1; done
⛰ docker run lightninglabs/lnd [command-line options]
Expand Down
60 changes: 32 additions & 28 deletions scripts/verify-install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,24 @@ function check_command() {
fi
}

# By default we're picking up lnd and lncli from the system $PATH.
LND_BIN=$(which lnd)
LNCLI_BIN=$(which lncli)

if [[ $# -eq 0 ]]; then
echo "ERROR: missing expected version!"
echo "Usage: verify-install.sh expected-version [path-to-lnd-binary path-to-lncli-binary]"
exit 1
fi

# The first argument should be the expected version of the binaries.
VERSION=$1
shift

# Verify that the expected version is well-formed.
version_regex="^v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]"
if [[ ! "$VERSION" =~ $version_regex ]]; then
echo "ERROR: Invalid expected version detected: $VERSION"
exit 1
fi
echo "Expected version for binaries: $VERSION"

# If exactly two parameters are specified, we expect the first one to be lnd and
# the second one to be lncli.
Expand All @@ -49,22 +64,23 @@ if [[ $# -eq 2 ]]; then
exit 1
fi
elif [[ $# -eq 0 ]]; then
# Make sure both binaries can be found and are executable.
check_command lnd
check_command lncli
# By default we're picking up lnd and lncli from the system $PATH.
LND_BIN=$(which lnd)
LNCLI_BIN=$(which lncli)
else
echo "ERROR: invalid number of parameters!"
echo "Usage: verify-install.sh [lnd-binary lncli-binary]"
exit 1
fi

# Make sure both binaries can be found and are executable.
check_command lnd
check_command lncli

check_command curl
check_command jq
check_command gpg

LND_VERSION=$($LND_BIN --version | cut -d'=' -f2)
LNCLI_VERSION=$($LNCLI_BIN --version | cut -d'=' -f2)

# Make this script compatible with both linux and *nix.
SHA_CMD="sha256sum"
if ! command -v "$SHA_CMD"; then
Expand All @@ -78,21 +94,6 @@ fi
LND_SUM=$($SHA_CMD $LND_BIN | cut -d' ' -f1)
LNCLI_SUM=$($SHA_CMD $LNCLI_BIN | cut -d' ' -f1)

echo "Detected lnd $LND_BIN version $LND_VERSION with SHA256 sum $LND_SUM"
echo "Detected lncli $LNCLI_BIN version $LNCLI_VERSION with SHA256 sum $LNCLI_SUM"

# Make sure lnd and lncli are installed with the same version and is an actual
# version string.
if [[ "$LNCLI_VERSION" != "$LND_VERSION" ]]; then
echo "ERROR: Version $LNCLI_VERSION of lncli does not match $LND_VERSION of lnd!"
exit 1
fi
version_regex="^v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]"
if [[ ! "$LND_VERSION" =~ $version_regex ]]; then
echo "ERROR: Invalid version of lnd detected: $LND_VERSION"
exit 1
fi

# Make sure the hash was actually calculated by looking at its length.
if [[ ${#LND_SUM} -ne 64 ]]; then
echo "ERROR: Invalid hash for lnd: $LND_SUM!"
Expand All @@ -103,6 +104,9 @@ if [[ ${#LNCLI_SUM} -ne 64 ]]; then
exit 1
fi

echo "Verifying lnd $LND_BIN as version $VERSION with SHA256 sum $LND_SUM"
echo "Verifying lncli $LNCLI_BIN as version $VERSION with SHA256 sum $LNCLI_SUM"

# If we're inside the docker image, there should be a shasums.txt file in the
# root directory. If that's the case, we first want to make sure we still have
# the same hash as we did when building the image.
Expand Down Expand Up @@ -135,7 +139,7 @@ done
echo ""

# Download the JSON of the release itself. That'll contain the release ID we need for the next call.
RELEASE_JSON=$(curl -L -s -H "$HEADER_JSON" "$RELEASE_URL/$LND_VERSION")
RELEASE_JSON=$(curl -L -s -H "$HEADER_JSON" "$RELEASE_URL/$VERSION")

TAG_NAME=$(echo $RELEASE_JSON | jq -r '.tag_name')
RELEASE_ID=$(echo $RELEASE_JSON | jq -r '.id')
Expand All @@ -150,11 +154,11 @@ SIGNATURES=$(echo $ASSETS | jq -r "$SIGNATURE_SELECTOR")
# the detached signatures.
TEMP_DIR=$(mktemp -d /tmp/lnd-sig-verification-XXXXXX)
echo "Downloading $MANIFEST"
curl -L -s -o "$TEMP_DIR/$MANIFEST" "$RELEASE_URL/download/$LND_VERSION/$MANIFEST"
curl -L -s -o "$TEMP_DIR/$MANIFEST" "$RELEASE_URL/download/$VERSION/$MANIFEST"

for signature in $SIGNATURES; do
echo "Downloading $signature"
curl -L -s -o "$TEMP_DIR/$signature" "$RELEASE_URL/download/$LND_VERSION/$signature"
curl -L -s -o "$TEMP_DIR/$signature" "$RELEASE_URL/download/$VERSION/$signature"
done

echo ""
Expand Down Expand Up @@ -193,7 +197,7 @@ if [[ $NUM_CHECKS -lt $MIN_REQUIRED_SIGNATURES ]]; then
echo " Valid signatures found: $NUM_CHECKS"
echo " Valid signatures required: $MIN_REQUIRED_SIGNATURES"
echo
echo " Make sure the release $LND_VERSION contains the required "
echo " Make sure the release $VERSION contains the required "
echo " number of signatures on the manifest, or wait until more "
echo " signatures have been added to the release."
exit 1
Expand Down

0 comments on commit d233f61

Please sign in to comment.