Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Reproducible build for binary signing #5807

Open
wileyj opened this issue Feb 5, 2025 · 0 comments
Open

Reproducible build for binary signing #5807

wileyj opened this issue Feb 5, 2025 · 0 comments
Assignees
@wileyj

Comments

@wileyj
Copy link
Collaborator

wileyj commented Feb 5, 2025

Similar to what other projects do to verify a binary, we should create a reproducible build process to democratize the release process more.
The first step is providing a process that others can use to verify a build artifact, and later the ci release process may use this signed artifact to perform a "release" build.

Opening this issue as the first step into investigating if this would be feasible (or even a good idea for stacks).

https://guix.gnu.org/manual/devel/en/guix.html
https://guix.gnu.org/en/blog/2020/reproducible-computations-with-guix/

and using bitcoin as inspiration:
https://gist.github.com/eriknylund/a58d7587f785881eee0aea10bba60546
https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md#building
https://github.com/bitcoin-core/guix.sigs
https://github.com/bitcoin-core/bitcoin-detached-sigs

another interesting idea to look into is to timestamp the build artifacts: https://opentimestamps.org/
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@wileyj wileyj

Labels
None yet
Projects
Stacks Core Eng
Status: Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wileyj