Verify Binary change to Guix #807
Conversation
|
LGTM ACK |
There was a problem hiding this comment.
This needs to be rebased (my bad, I was working the PR queue in latest-PR-first order and so merged another PR containing some of the same changes). Additionally, the version number in the YAML needs to be incremented, as @katesalazar mentioned.
Otherwise, this text LGTM, thanks!
Change gitian -> guix
|
Rebased and force pushed with necessary changes. |
Replays bitcoin-core#807 (Verify Binary change to Guix) in the Spanish translation
Replays bitcoin-core#807 (Verify Binary change to Guix) in the Spanish translation
There was a problem hiding this comment.
ACK.
Maybe also address bitcoin/bitcoin#23369 while touching this file?
diff --git a/_posts/en/pages/2017-01-01-download.md b/_posts/en/pages/2017-01-01-download.md
index 35fb340..aa3c266 100644
--- a/_posts/en/pages/2017-01-01-download.md
+++ b/_posts/en/pages/2017-01-01-download.md
@@ -118,6 +118,9 @@ gpg_trust_warning: >
you need to confirm that the signing key's fingerprint (e.g.
<code>$(SHORT_BUILDER_KEY)</code>) listed in the second line above matches what
you had expected for the signers public key.
+ The output may also contain warnings that the public key is not available. As
+ long as you have all the public keys of signers you trust, this warning can
+ be disregarded.
localized_checksum_ok: "OK"
localized_gpg_good_sig: "Good signature"|
|
||
| The preceding verification instructions will verify that several | ||
| contributors you trust all signed the same checksums distributed in | ||
| the release checksums file. Alternatively, reproducing a binary for |
There was a problem hiding this comment.
| the release checksums file. Alternatively, reproducing a binary for | |
| the release checksums file. Additionally, reproducing a binary for |
I think this is both an alternative and and addition?
There was a problem hiding this comment.
I see it as verify_contrib_sigs or (verify_contrib_sigs + reproduce_binary). Is it safe to just reproduce_binary?
There was a problem hiding this comment.
Yeah, you see it as +, which is why I think Additionally is a better word than Alternatively, which can mean "or"? (I am not a native speaker)
There was a problem hiding this comment.
See also the use of Additional in build_reproduction: "Additional verification with reproducible builds", presumably meaning Additional (on top of) just https verification done by the browser.
|
@stickies-v want to take a look here? |
|
Are you still working on this? |
|
incorporated into new PR: #964 |
bfbf19d download: update translation for Español (Matthew Zipkin) 9dc9a0f Update 2017-01-01-download.md (Robert Spigler) 30dca75 download: update verification procedure for linux (Matthew Zipkin) d801e32 download: update verification procedure for macOS (Matthew Zipkin) 0ef7c4f Update downlad signature verification with new builder keys location (Antoine Poinsot) Pull request description: Closes #945 Closes #957 (included) Closes #807 (included) Closes #878 download + verify procedure tested on macOS and Linux. I will go through it again on Windows tonight and add one more commit for that. ACKs for top commit: achow101: ACK bfbf19d Tree-SHA512: 8281dac8f4acdd43f4cdcaf16d5eef48040e3c14cd7f0ecbe25ced009b51aad536991486c4dd076eddc856b051923d8a92174f136db553bd931d08d3627da06a
Updating description and links of verifying binaries from gitian->guix.