You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clarify that the ability to reproducibly build a piece of software has
nothing to do with being a maintainer.
Minor typo/grammar fixes.
Changelog-None.
Copy file name to clipboardExpand all lines: doc/getting-started/advanced-setup/repro.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ hidden: false
5
5
createdAt: "2023-01-25T10:37:03.476Z"
6
6
updatedAt: "2023-07-12T13:26:52.005Z"
7
7
---
8
-
Reproducible builds close the final gap in the lifecycle of open-source projects by allowing maintainers to verify and certify that a given binary was indeed produced by compiling an unmodified version of the publicly available source. In particular the maintainer certifies that the binary corresponds a) to the exact version of the and b) that no malicious changes have been applied before or after the compilation.
8
+
[Reproducible builds](https://reproducible-builds.org/) close the final gap in the lifecycle of open-source projects by allowing anyone to verify that a given binary was produced by compiling publicly available source code.
9
9
10
10
Core Lightning has provided a manifest of the binaries included in a release, along with signatures from the maintainers since version 0.6.2.
11
11
@@ -14,12 +14,12 @@ The steps involved in creating reproducible builds are:
14
14
- Creation of a known environment in which to build the source code
15
15
- Removal of variance during the compilation (randomness, timestamps, etc)
16
16
- Packaging of binaries
17
-
- Creation of a manifest (`SHA256SUMS` file containing the crytographic hashes of the binaries and packages)
17
+
- Creation of a manifest (`SHA256SUMS` file containing the cryptographic hashes of the binaries and packages)
18
18
- Signing of the manifest by maintainers and volunteers that have reproduced the files in the manifest starting from the source.
19
19
20
-
The bulk of these operations is handled by the [`repro-build.sh`](https://github.com/ElementsProject/lightning/blob/master/tools/repro-build.sh) script, but some manual operations are required to setup the build environment. Since a binary is built against platorm specific libraries we also need to replicate the steps once for each OS distribution and architecture, so the majority of this guide will describe how to set up those starting from a minimal trusted base. This minimal trusted base in most cases is the official installation medium from the OS provider.
20
+
The bulk of these operations are handled by the [`repro-build.sh`](https://github.com/ElementsProject/lightning/blob/master/tools/repro-build.sh) script, but some manual operations are required to setup the build environment. Since a binary is built against platform specific libraries we also need to replicate the steps once for each OS distribution and architecture, so the majority of this guide will describe how to set up those starting from a minimal trusted base. This minimal trusted base in most cases is the official installation medium from the OS provider.
21
21
22
-
Note: Since your signature certifies the integrity of the resulting binaries, please familiarize youself with both the [`repro-build.sh`](https://github.com/ElementsProject/lightning/blob/master/tools/repro-build.sh) script, as well as with the setup instructions for the build environments before signing anything.
22
+
Note: Since your signature certifies the integrity of the resulting binaries, please familiarize yourself with both the [`repro-build.sh`](https://github.com/ElementsProject/lightning/blob/master/tools/repro-build.sh) script, as well as with the setup instructions for the build environments before signing anything.
23
23
24
24
# Build Environment Setup
25
25
@@ -99,7 +99,7 @@ The dockerfiles assume that the base image has the codename as its image name.
99
99
100
100
# Building using the builder image
101
101
102
-
Finally, after building enviornment setup we can perform the actual build. At this point we have a container image that has been prepared to build reproducibly. As you can see from the `Dockerfile` above we assume the source git repository gets mounted as `/repo` in the docker container. The container will clone the repository to an internal path, in order to keep the repository clean, build the artifacts there, and then copy them back to `/repo/release`.
102
+
Finally, after finishing the environment setup we can perform the actual build. At this point we have a container image that has been prepared to build reproducibly. As you can see from the `Dockerfile` above we assume the source git repository gets mounted as `/repo` in the docker container. The container will clone the repository to an internal path, in order to keep the repository clean, build the artifacts there, and then copy them back to `/repo/release`.
103
103
We'll need the release directory available for this, so create it now if it doesn't exist:`mkdir release`, then we can simply execute the following command inside the git repository (remember to checkout the tag you are trying to build):
104
104
105
105
```bash
@@ -144,7 +144,7 @@ gpg -sb --armor SHA256SUMS
144
144
145
145
2: Copy above files in the lightning directory.
146
146
147
-
3: Run `tools/build-release.sh --verify` script. It will build bineries for Ubuntu (Focal, Jammy & Noble), verify zip & ubuntu builds while copying Fedora checksums from the release captain's file.
147
+
3: Run `tools/build-release.sh --verify` script. It will build binaries for Ubuntu (Focal, Jammy & Noble), verify zip & Ubuntu builds while copying Fedora checksums from the release captain's file.
148
148
149
149
4. Then send the resulting `release/SHA256SUMS.asc` file to the release captain so it can be merged with the other signatures into `SHASUMS.asc`.
0 commit comments