17 releases
0.4.1 | Jan 17, 2025 |
---|---|
0.4.0 | Dec 19, 2024 |
0.3.1 | Nov 22, 2024 |
0.2.11 | Apr 16, 2024 |
0.2.3 | Jul 10, 2023 |
#372 in Magic Beans
332 downloads per month
145KB
3K
SLoC
Solana Verified Builds
This repository demonstrates how to implement verified builds for Solana programs. Verified builds ensure that your deployed program matches exactly with your public source code, promoting transparency and security in the Solana ecosystem.
What are Verified Builds?
Verified builds allow developers and users to verify that a deployed Solana program matches its source code. This verification:
- Ensures program authenticity
- Promotes transparency
- Builds user trust
- Makes source code discoverable
Quick Start
-
Install prerequisites:
- Docker
- Cargo
- Solana Verify CLI (
cargo install solana-verify
)
-
Build your program:
solana-verify build
- Deploy and verify:
# Deploy
solana program deploy -u $NETWORK_URL target/deploy/$PROGRAM_LIB_NAME.so --program-id $PROGRAM_ID
# Verify against repository -> upload your build data on chain
solana-verify verify-from-repo -u $NETWORK_URL --program-id $PROGRAM_ID https://github.com/$REPO_PATH
# Trigger a remote job
solana-verify remote submit-job --program-id $PROGRAM_ID --uploader $THE_PUBKEY_THAT_UPLOADED_YOUR_BUILD_DATA
Documentation
For detailed instructions and best practices, please refer to the official Solana documentation on verified builds.
Security Considerations
While verified builds enhance transparency, they should not be considered a complete security solution. Always:
- Review the source code
- Use trusted build environments
- Consider using governance solutions for program upgrades
For responsible disclosure of bugs related to verified builds CLI, please email [email protected] with a detailed description of the attack vector.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Dependencies
~78MB
~1.5M SLoC