mirrors/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2024-11-19 09:53:54 +01:00
Code Issues Projects Releases Wiki Activity

scripts: allow packaged release archive to be verified

Browse Source 
Instead of only allowing to verify installed/unpacked binaries, we also
allow a single binary or packaged release archive to be verified.
This commit is contained in:
Oliver Gugger 2021-09-27 11:03:15 +02:00
parent 5afed8ab62
commit 5bafff2cf2
No known key found for this signature in database
GPG Key ID: 8E4256593F177720
1 changed files with 36 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
scripts/verify-install.sh
View File

@ -247,7 +247,7 @@ LNCLI_BIN=$(which lncli)
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then
echo "ERROR: missing expected version!" echo "ERROR: missing expected version!"
echo "Usage: verify-install.sh expected-version [path-to-lnd-binary path-to-lncli-binary]" echo "Usage: verify-install.sh expected-version [path-to-lnd-binary-or-download-archive [path-to-lncli-binary]]"
exit 1 exit 1
fi fi
@ -258,12 +258,19 @@ shift
# Verify that the expected version is well-formed. # Verify that the expected version is well-formed.
verify_version "$VERSION" verify_version "$VERSION"
# Make sure we have all tools needed for the verification.
check_command curl
check_command jq
check_command gpg
# If exactly two parameters are specified, we expect the first one to be lnd and # If exactly two parameters are specified, we expect the first one to be lnd and
# the second one to be lncli. # the second one to be lncli. One parameter is either just a single binary or a
# packaged release archive. No parameters means picking up lnd and lncli from
# the system path.
if [[ $# -eq 2 ]]; then if [[ $# -eq 2 ]]; then
LND_BIN=$(realpath $1) LND_BIN=$(realpath $1)
LNCLI_BIN=$(realpath $2) LNCLI_BIN=$(realpath $2)
# Make sure both files actually exist. # Make sure both files actually exist.
if [[ ! -f $LND_BIN ]]; then if [[ ! -f $LND_BIN ]]; then
echo "ERROR: $LND_BIN not found!" echo "ERROR: $LND_BIN not found!"
@ -273,24 +280,30 @@ if [[ $# -eq 2 ]]; then
echo "ERROR: $LNCLI_BIN not found!" echo "ERROR: $LNCLI_BIN not found!"
exit 1 exit 1
fi fi
# Make sure both binaries can be found and are executable.
check_command "$LND_BIN"
check_command "$LNCLI_BIN"
elif [[ $# -eq 1 ]]; then
# We're verifying a single binary or a packaged release archive.
PACKAGE_BIN=$(realpath $1)
elif [[ $# -eq 0 ]]; then elif [[ $# -eq 0 ]]; then
# By default we're picking up lnd and lncli from the system $PATH. # By default we're picking up lnd and lncli from the system $PATH.
LND_BIN=$(which lnd) LND_BIN=$(which lnd)
LNCLI_BIN=$(which lncli) LNCLI_BIN=$(which lncli)
# Make sure both binaries can be found and are executable.
check_command "$LND_BIN"
check_command "$LNCLI_BIN"
else else
echo "ERROR: invalid number of parameters!" echo "ERROR: invalid number of parameters!"
echo "Usage: verify-install.sh [lnd-binary lncli-binary]" echo "Usage: verify-install.sh [lnd-binary lncli-binary]"
exit 1 exit 1
fi fi
# Make sure both binaries can be found and are executable.
check_command "$LND_BIN"
check_command "$LNCLI_BIN"
check_command curl
check_command jq
check_command gpg
# Import all the signing keys. # Import all the signing keys.
import_keys import_keys
@ -301,8 +314,16 @@ verify_signatures
# Then make sure that the hash of the installed binaries can be found in the # Then make sure that the hash of the installed binaries can be found in the
# manifest that we now have verified the signatures for. # manifest that we now have verified the signatures for.
check_hash "$LND_BIN" "lnd" if [[ "$PACKAGE_BIN" != "" ]]; then
check_hash "$LNCLI_BIN" "lncli" check_hash "$PACKAGE_BIN" "$PACKAGE_BIN"
echo "" echo ""
echo "SUCCESS! Verified lnd and lncli against $MANIFEST signed by $NUM_CHECKS developers." echo "SUCCESS! Verified $PACKAGE_BIN against $MANIFEST signed by $NUM_CHECKS developers."
else
check_hash "$LND_BIN" "lnd"
check_hash "$LNCLI_BIN" "lncli"
echo ""
echo "SUCCESS! Verified lnd and lncli against $MANIFEST signed by $NUM_CHECKS developers."
fi