summarylogtreecommitdiffstats
path: root/PKGBUILD
blob: f168033d3b241a8bf5fab168c7868561df6c54f5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

# Maintainer: Setpill
pkgname=lnd-bin
_pkgname=lnd
pkgver=0.20.1_beta
_pkgver="${pkgver//_/-}"
__pkgver="${_pkgver//\./\\\.}"
pkgrel=1
pkgdesc="Lightning Network Daemon ⚡"
arch=('x86_64' 'aarch64')
case $CARCH in
    'x86_64')
        _arch='amd64'
        ;;
    'aarch64')
        _arch='arm64'
        ;;
esac
url="https://github.com/lightningnetwork/lnd"
license=('MIT')
provides=('lnd' 'lncli')
conflicts=('lnd' 'lnd-git')
source=(
    "$_pkgname-LICENSE-v$_pkgver::https://raw.githubusercontent.com/lightningnetwork/$_pkgname/v$_pkgver/LICENSE"
)
source_x86_64=(
    "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/$_pkgname-linux-amd64-v$_pkgver.tar.gz"
)
source_aarch64=(
    "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/$_pkgname-linux-arm64-v$_pkgver.tar.gz"
)
sha512sums=(
    '49de7041d5c7448a8f5cc387e4e820eca2a87c02b70d5a38aa3823354d960843e93ca12bd8b66a13708937539da85b90328bd4c32575792f0aa6755a011ba4bb'
)
sha512sums_x86_64=(
    'f504ff6b080080fce827d38b1ab4d82370cb90dcba1d86cf851015fc66e061f8470aaaedbc7aac664b0db0e70a5629c9bf9bb3f12f45fb1c50c7def0a03f2638'
)
sha512sums_aarch64=(
    'c7969e452a93bf40d07c640dfdc549989ae4d7007cb6f027ff1f08cecc74504abdcf48e58a33e512eeae66a4a142303fb8f9618283565914b2d6d870a26402bf'
)

# This is a binary package, build flags do not apply
options=(!debug)

# List of maintainer pubkeys, see https://github.com/lightningnetwork/lnd/tree/master/scripts/keys
validpgpkeys=(
    '9FC6B0BFD597A94DBF09708280E5375C094198D8' # bhandras
    '15E7ECF257098A4EF91655EB4CA7FE54A6213C91' # carlaKC
    '26984CB69EB8C4A26196F7A4D7D916376026F177' # ellemouton
    'C97AAA1470F979878F7A6DEDC3440ACF100A33B4' # ffranr
    'F4FC70F07310028424EFC20A8E4256593F177720' # guggero
    '32F7EA1E7A0339F7D37164B9F82D456EA023C9BF' # hieblmi
    '5295A477FFC8064D7057B191FA7E65C951F12439' # proofofkeags
    'A5B61896952D9FDA83BC054CDC42612E89237182' # roasbeef
    '4DC235556B18694E08518DBB671103D881A5F0E4' # sputn1ck
    '3E9BD4436C288039CA827A9200C9E2BC2E45666F' # suheb
    'C20A78516A0944900EBFCA29961CC8259AE675D4' # ViktorT-11
    'E85497D2DBA0EB9ADB0024279BCD95C4FF296868' # yyforyongyu
    '5F75437E11695F86D50C11BB1AFF9C4DCED6D666' # ziggie1984
)

prepare() {
    manifestfile="$srcdir/$_pkgname-manifest-v$_pkgver.txt"

    curl -fLso $manifestfile "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/manifest-v$_pkgver.txt"

    # Check the binaries match the manifest
    cat "$manifestfile" \
        | grep "^[0-9a-f]\{64\}  $_pkgname-linux-$_arch-v$__pkgver\(\.tar\.gz\|/lnd\|/lncli\)$" \
        | sha256sum -c -

    maintainers=(
        'bhandras'
        'carlaKC'
        'ellemouton'
        'ffranr'
        'guggero'
        'hieblmi'
        'proofofkeags'
        'roasbeef'
        'sputn1ck'
        'suheb'
        'ViktorT-11'
        'yyforyongyu'
        'ziggie1984'
    )

    numsigs=0

    for (( i=0; i<${#maintainers[@]}; i++ )); do
        maintainer=${maintainers[$i]}
        validpgpkey=${validpgpkeys[$i]}
        # Try to get the signature for this maintainer, skip if doesn't exist
        signaturefile="$srcdir/$_pkgname-manifest-$maintainer-v$_pkgver.txt.sig"
        curl -fLso "$signaturefile" \
            "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/manifest-$maintainer-v$_pkgver.sig" \
        || curl -fLso "$signaturefile" \
            "https://github.com/lightningnetwork/$_pkgname/releases/download/v$_pkgver/manifest-$maintainer-v$_pkgver.txt.sig" \
        || continue

        echo "Found signature from $maintainer"

        # Verify the signature
        gpgoutput=$(gpg --status-fd=1 --verify "$signaturefile" "$manifestfile" || true)

        # Check if fingerprint matches whitelisted one
        fingerprint=$(echo "$gpgoutput" | awk '{ if ($2 == "VALIDSIG") {print $12} }')
        if [[ ! "${validpgpkey}" = "${fingerprint}" ]]; then
            echo "Not a valid signature from the whitelisted key for this maintainer, ignoring"
            continue
        fi

        numsigs=$((numsigs + 1))
    done

    # LND maintainers try to provide at least 5 signatures per release; break if we have found less
    if (( $numsigs < 5 )); then
        echo "Only $numsigs valid signatures found; exiting"
        exit 1
    fi
    echo "Found $numsigs valid signatures"
}

package() {
    install -Dm 755 "$srcdir/$_pkgname-linux-$_arch-v$_pkgver/lncli" -t "$pkgdir/usr/bin";
    install -Dm 755 "$srcdir/$_pkgname-linux-$_arch-v$_pkgver/lnd" -t "$pkgdir/usr/bin";

    install -Dm644 "${srcdir}/$_pkgname-LICENSE-v$_pkgver" -t "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}