summarylogtreecommitdiffstats
path: root/PKGBUILD
blob: bebcfb277fe8fa3356c09cc50a802697b7458a45 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Maintainer: Setpill
pkgname=lnd-bin
_pkgname=lnd
pkgver=0.18.3_beta
_pkgver="${pkgver//_/-}"
__pkgver="${_pkgver//\./\\\.}"
pkgrel=1
pkgdesc="Lightning Network Daemon ⚡"
arch=('x86_64')
url="https://github.com/lightningnetwork/lnd"
license=('MIT')
provides=('lnd' 'lncli')
conflicts=('lnd' 'lnd-git')
source=(
    "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/$_pkgname-linux-amd64-v$_pkgver.tar.gz"
    "$_pkgname-LICENSE-v$_pkgver::https://raw.githubusercontent.com/lightningnetwork/$_pkgname/v$_pkgver/LICENSE"
)
sha512sums=(
    'ecca575ca56f8e4202083bc4011d1cf75edcbfee5097f4cc796b20f64054f8fdad7d083171a67f647e1779fb86b11f742698f734d2cc7b50cfa09fa8d8e30ff0'
    '49de7041d5c7448a8f5cc387e4e820eca2a87c02b70d5a38aa3823354d960843e93ca12bd8b66a13708937539da85b90328bd4c32575792f0aa6755a011ba4bb'
)

# List of maintainer pubkeys, see https://github.com/lightningnetwork/lnd/tree/master/scripts/keys
validpgpkeys=(
    'E97A1AB6C77A1D2B72F50A6F90E00CCB1C74C611' # arshbot
    '9FC6B0BFD597A94DBF09708280E5375C094198D8' # bhandras
    '15E7ECF257098A4EF91655EB4CA7FE54A6213C91' # carlaKC
    '7E81EF6B9989A9CC93884803118759E83439A9B1' # Crypt-iQ
    '26984CB69EB8C4A26196F7A4D7D916376026F177' # ellemouton
    'FE5E159A70C436D6AF4D2887B1F8848557AA29D2' # ffranr
    'F4FC70F07310028424EFC20A8E4256593F177720' # guggero
    '32F7EA1E7A0339F7D37164B9F82D456EA023C9BF' # hieblmi
    'EB13A98091E8D67CDD7FC5A7E9FE7FE00AD163A4' # positiveblue
    'E4D85299674B2D31FAA1892E372CBD7633C61696' # roasbeef
    '4DC235556B18694E08518DBB671103D881A5F0E4' # sputn1ck
    '187F6ADD93AE3B0CF335AA6AB984570980684DCC' # ViktorTigerstrom
    '729E9D9D92C75A5FBFEEE057B5DD717BEF7CA5B1' # wpaulino
    'E85497D2DBA0EB9ADB0024279BCD95C4FF296868' # yyforyongyu
)

prepare() {
    manifestfile="$srcdir/$_pkgname-manifest-v$_pkgver.txt"

    curl -fLso $manifestfile "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/manifest-v$_pkgver.txt"

    # Check the binaries match the manifest
    cat "$manifestfile" \
        | grep "^[0-9a-f]\{64\}  $_pkgname-linux-amd64-v$__pkgver\(\.tar\.gz\|/lnd\|/lncli\)$" \
        | sha256sum -c -

    maintainers=(
        'arshbot'
        'bhandras'
        'carlaKC'
        'Crypt-iQ'
        'ellemouton'
        'ffranr'
        'guggero'
        'hieblmi'
        'positiveblue'
        'roasbeef'
        'sputn1ck'
        'ViktorTigerstrom'
        'wpaulino'
        'yyforyongyu'
    )

    numsigs=0

    for (( i=0; i<${#maintainers[@]}; i++ )); do
        maintainer=${maintainers[$i]}
        validpgpkey=${validpgpkeys[$i]}
        # Try to get the signature for this maintainer, skip if doesn't exist
        signaturefile="$srcdir/$_pkgname-manifest-$maintainer-v$_pkgver.txt.sig"
        curl -fLso "$signaturefile" \
            "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/manifest-$maintainer-v$_pkgver.sig" \
            || continue

        echo "Found signature from $maintainer"

        # Verify the signature
        gpgoutput=$(gpg --status-fd=1 --verify "$signaturefile" "$manifestfile" || true)

        # Check if fingerprint matches whitelisted one
        fingerprint=$(echo "$gpgoutput" | awk '{ if ($2 == "VALIDSIG") {print $12} }')
        if [[ ! "${validpgpkey}" = "${fingerprint}" ]]; then
            echo "Not a valid signature from the whitelisted key for this maintainer, ignoring"
            continue
        fi

        numsigs=$((numsigs + 1))
    done

    # LND maintainers try to provide at least 5 signatures per release; break if we have found less
    if (( $numsigs < 5 )); then
        echo "Only $numsigs valid signatures found; exiting"
        exit 1
    fi
    echo "Found $numsigs valid signatures"
}

package() {
    install -Dm 755 "$srcdir/$_pkgname-linux-amd64-v$_pkgver/lncli" -t "$pkgdir/usr/bin";
    install -Dm 755 "$srcdir/$_pkgname-linux-amd64-v$_pkgver/lnd" -t "$pkgdir/usr/bin";

    install -Dm644 "${srcdir}/$_pkgname-LICENSE-v$_pkgver" -t "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}