Verifiable Builds

Building programs with the Solana CLI may embed machine specific code into the resulting binary. As a result, building the same program on different machines may produce different executables. To get around this problem, one can build inside a docker image with pinned dependencies to produce a verifiable build.

Anchor makes this easy by providing CLI commands to build and take care of docker for you. To get started, first make sure you install docker on your local machine.

Building

To produce a verifiable build, run

anchor build --verifiable

Verifying

To verify a build against a program deployed on mainnet, run

anchor verify -p <lib-name> <program-id>

where the <lib-name> is defined by your program's Cargo.toml.

If the program has an IDL, it will also check the IDL deployed on chain matches.

Images

A docker image for each version of Anchor is published on Docker Hub. They are tagged in the form backpackapp/build:<version>. For example, to get the image for Anchor v0.30.1 one can run

docker pull backpackapp/build:v0.30.1

Removing an Image

In the event you run a verifiable build from the CLI and exit prematurely, it's possible the docker image may still be building in the background.

To remove, run

docker rm -f anchor-program

where anchor-program is the name of the image created by default from within the Anchor CLI.