pull down to refresh

After the wallet scrutiny drama and nvk's twitter response I decided to verify for myself whether I could reproduce several Coldcard builds, focusing on MK3 as I had seen most people complaining about these.
I started with a vanilla Ubuntu 22.04 VM running on QEMU/KVM (virt-manager)
I installed Docker using this guide and installed gcc etc. with sudo apt install build-essential
I then followed the Coinkite guide and basically did the following operation several times:
git clone https://github.com/Coldcard/firmware.git cd firmware/stm32 git tag (<--- here I picked a build) git checkout <paste item from tag> make repro
I did this for MK4: 2023-04-07T1330-v5.1.2 (latest build)
MK3: 2023-06-19T1627-v4.1.8 (latest build) 2022-11-14T1854-v4.1.7 2022-10-05T1517-v4.1.6 2022-05-04T1258-v4.1.5 2022-04-25T1618-v4.1.4 2021-09-02T1752-v4.1.3
After each build, I recorded my results, then rm -rf ./firmware and started again from the beginning picking out a different build from git tag
For M4 5.1.2 I got SUCCESS from make repro The binary on the webpage 893,237 bytes and the build file in ~/firmware/stm32/built/firmware-signed.dfu was also 893,237 bytes.
For M3 4.1.8 I got SUCCESS from make repro The binary on the webpage is 753,981bytes, yet the build file in ~/firmware/stm32/built/firmware-signed.dfu was 722944 bytes
For M3 4.1.7 I got error 1 from make repro The binary on the webpage is 760,637 bytes, yet the build file in ~/firmware/stm32/built/ was 729,600 bytes
This is the Diff: (the right hand side human readable stuff)
| to exit...R..Mi| |croPython v1.12-| |1092-gc087bbe8d-| |dirty on 2023-06| |-22; Coldcard wi| |dirty on 2022-11| |-14; Coldcard wi| |th STM32L4xxRG..| |.Type "help()" f| |or more informat| | with STM32L4xxR| |G.v1.12-1092-gc0| |87bbe8d-dirty on| | 2023-06-22.1.13| | 2022-11-14.1.13| |.0.pyboard...[..| |9....b..<...TS..| |........L.......|
For M3 4.1.6 I got error 1 from make repro The binary on the webpage is 760,125bytes, yet the build file in ~/firmware/stm32/built/ was 729,088 bytes
This is the Diff: (the right hand side human readable stuff)
| to exit...R..Mi| |croPython v1.12-| |1092-gc087bbe8d-| |dirty on 2023-06| |-22; Coldcard wi| |dirty on 2022-10| |-05; Coldcard wi| |th STM32L4xxRG..| |.Type "help()" f| |or more informat| | with STM32L4xxR| |G.v1.12-1092-gc0| |87bbe8d-dirty on| | 2023-06-22.1.13| | 2022-10-05.1.13| |.0.pyboard...[..| |9....b..<...TS..| |........L.......|
For M3 4.1.5 make repro failed with an error
=> ERROR [4/4] RUN ln -s /usr/bin/python3 /usr/bin/python 0.4s ------ > [4/4] RUN ln -s /usr/bin/python3 /usr/bin/python: #0 0.366 ln: /usr/bin/python: File exists ------ Dockerfile:23 -------------------- 21 | --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing/ 22 | 23 | >>> RUN ln -s /usr/bin/python3 /usr/bin/python 24 | 25 | -------------------- ERROR: failed to solve: process "/bin/sh -c ln -s /usr/bin/python3 /usr/bin/python" did not complete successfully: exit code: 1 make: *** [Makefile:248: repro] Error 1
Looking at the dockerfile.build file, it seems from 4.1.6 there is a change in the file:
<4.1.5 and previous> FROM alpine:edge
<4.1.6 and subsequent builds> FROM apline: 3.16.0
There is also the comment:
# PROBLEM: alpine has `gcc-arm-none-eabi` `but it's not in main repo, instead its part of "edge"? # # - for firmware v4.0.2, I used alphine:3.13.2 as base, but that doesn't work now for # some random reason, and I don't care to debug why. #
So this seems related to the issue of 4.1.5 not building for me. I got the same error for 4.1.4 and 4.1.3
These are my questions which I hope to get an answer for:
1: It seems that the 4.1.7 and 4.1.6 failing are just down to the build date being included in the build for some reason. This was also the finding of the original wallet scrutiny test if you scroll down to the bottom of the page. Whether Coldcard fixed 4.1.8 in the meantime or not I do not know. But, regardless, if the diff is nothing but a date, is it really a big deal?
2: For the MK4, not only do you get SUCCESS using Coinkite's docker build tool, but the build file is also the same size as the binary on their website. But for the MK3 even if you get SUCCESS the build file is a different number of bytes to the binary on Coinkit's website. Why would this be? If the files are supposed to be binary equivalent with only a minor (64 byte?) signing key difference why are the files such different sizes? Especially since the MK4 is the same size.
3: Anyone know how to fix the alpine.edge issue so I can complete my testing of 4.1.5 and below?
4: I was disappointed to find you cannot get the hash of the current firmware running on a Coldcard. You are able to do this on Foundation Passport. Am I missing something? Perhaps you can do it on newer firmware/ devices? I suppose the paranoid reflash the firmware from factory so the hash on the device is redundant, especially since it could tell you anything on the screen if it was compromised?
Finally, some comments, I am a big NVK and Coinkite fan and I really wanted to be reassured by the reproducible build process. I understand as a regular pleb I know just enough to be dangerous and maybe it's above my paygrade, but it does seem to me like, especially for the MK3, this is a bit of an afterthought for Coinkite. It seems like some text in their documentation pointing out the slight diff due to date in MK3 builds would be helpful, at the very least.
Also, I found NVK being a bit gaslightly in that Twitter thread. Of course some users can make videos showing SUCCESS of some builds. But there are other users with other builds who are not getting SUCCESS, especially for the MK3. I myself have found this.
Not wanting to FUD a great Bitcion only company like Coinkite but at the same time I'd love a bit of reassurance on my questions above.
quality contribution, big thanks for taking the time, and sharing your results
software development is inherently imperfect, mistakes happen all the time, the best you can do is design reliable systems
and it seems here, their system is working as it should (minus some fine tuning in the past)- my faith in coinkite has only increased, and I'm grateful to wallet scrutiny for bringing it (and themselves) to our attention.
More hodlers should be cognizant of this whole topic area imho
reply
Your faith in coinkite has only increased? Really? You should probably read the tweets by NVK with all the gaslighting, bullying, and eventual threatening to sue WalletScrutiny. My faith in them went down the drain with their responses.
reply
I don't do twatter
what you're saying doesn't sound great
nobody is doubting the quality of the software though, right?
or the intention to do reproducible builds properly?
perhaps they struggle with having mistakes pointed out (many gifted developers do)
what would be the alternative to coinkite?
reply
I wasn't doubting their software until 1) I couldn't reproduce their build, 2) I realized they don't have their issues tracker enabled, and 3) I saw their toxic attitude and actions taken towards it's users. Those a three very big red flags for me and are enough to not trust them.
So is their software bad now? I don't think so but at the same time, how would one know without a public issue tracker and with how they react when issues are found and pointed out. These two combined lead me to believe that there is the potential for issues or bugs to be present that some may have found but have no way of publicly reporting and/or are blocked and/or threatened with lawsuits by Coinkite themselves if the person finding the issue speaks out.
The alternative to CC that I've found so far is Foundation's Passport2. They have been a stark contrast to CC in terms of being extremely transparent, receptive to feedback and issue reporting, and have probably the BEST reproducibility documentation out there. So far they seem to be doing all the right things.
reply
I agree. Passport2 is my favorite hardware wallet. They have a very responsive support section on Telegram too.
reply
Did you see the follow-up thread as well? https://twitter.com/nvk/status/1671856113484955648
reply
Thanks for your reply. Yes I did. I was also able to successfully build the latest MK3 and MK4 builds. I quote myself below.
For M4 5.1.2 I got SUCCESS from make repro The binary on the webpage 893,237 bytes and the build file in ~/firmware/stm32/built/firmware-signed.dfu was also 893,237 bytes.
For M3 4.1.8 I got SUCCESS from make repro The binary on the webpage is 753,981bytes, yet the build file in ~/firmware/stm32/built/firmware-signed.dfu was 722944 bytes
The issue is that older builds of MK3 fail with error 1, or else fail to build entirely.
It seems related to the build date being included in the build file, thus showing up in the diff. If it's just this, it seems minor to me and not anything to be concerned about. But it does cause the error 1 which is confusing to people and there is no documentation on the Coinkite site as to why this is the case.
What is particularity frustrating about NVK's response to this is that he's responding with successful MK4 5.1.2 and MK3 4.1.8 successful builds although that proves the process is working fine and that people who are finding problems must be doing it wrong or else malicious. But as I say, I am able to replicate the success of the videos people have posted with latest builds. The issue is about older MK3 builds. Also I am not sure how to explain the file size difference between even the successful MK3 4.1.8 build between the built file vs the binary on the webpage, although that may just be me misunderstanding something.
reply
Just use a seedsigner
reply
I would disagree. Coinkite is a fantastic bitcoin only company making some of the best products in bitcoin. I believe their hardware are software is of the highest quality and should be in the toolbox of all bitcoiners who want to protect their funds. If the reproducible build stuff was taken a little bit more seriously by Coinkite it would be helpful though, I think, especially concerning the MK3.
reply
Haha, as both a dev and someone with recent painful experience with IOMMUs and libvirtd, I can say that there can be so many factors involved, unless you base it on a widely accessible, docker image for a version and platform with all the build components in a specific set and not messed around with.
Well, "messed around with"... like patches to severe vulnerabilities that were found and squashed since the first build, resulting in a substantially different output.
I'm sure that it is on its' way to becoming an industry standard though. Wallets, and wallet hardware must not require faith, but mathematics to function, focusing on ensuring the build is easy to reproduce and nothing is left out is a great thing.
Coinkite is pretty damn good in the business, one of the best. Their tapsigners are awesome, guaranteed to be cold and unlikely to have the space to compromise anything on an RFID circuit.
Honestly, any developer who doesn't have a tale of the interminable, endless struggle to make something that supposedly is easy work, 5 days later magically transformed into the fuzzy middle aged guy meme from an attractive twentysomething. and swearing off some brand or technology is LYING. and anyone who has any experience in IT and doesn't call them out on such obvious insinuations... that someone complaining is incompetent, in a business where literally 8 little bits wrong can make a program completely unpredictable and unreliable or not even compile. I had a literal single character bug just the other day. Out of 17000 LINES of code, 1 character wrong and it was really hard to find.
reply
I had the same issue and when I contacted Coinkite they refused to acknowledge there being an issue and insisted I didn't know what I was doing. Same with NVK on twitter. NVK's responses towards me and WalletScrutiny for pointing out that we could not get THEIR procedure to give "SUCCESS" was met with bullying, threats of lawsuits, and eventually just outright blocking me.
Even if carl_dong and walletscrutiny eventually got to the bottom of what the issue was, NVKs responses were VERY telling and I will never do business with them ever again. I've moved on to Foundation and their Passport and couldn't be happier with their support and transparency. Stark contrast with Coinkite. Hell coinkite doesn't even have the issue tracker enabled on their github repo so you have no way of publicly reporting issues.
reply
MK3 v4.1.8 + MK4 v5.1.2 reproducible build by Erik Nylund https://gist.github.com/eriknylund/811b7f23154268dadfc84058a6f2cdc8
reply
Thanks for your reply. Yes I was also able to successfully build the latest MK3 and MK4 builds. I quote myself below.
For M4 5.1.2 I got SUCCESS from make repro The binary on the webpage 893,237 bytes and the build file in ~/firmware/stm32/built/firmware-signed.dfu was also 893,237 bytes.
For M3 4.1.8 I got SUCCESS from make repro The binary on the webpage is 753,981bytes, yet the build file in ~/firmware/stm32/built/firmware-signed.dfu was 722944 bytes
The issue is that older builds of MK3 fail with error 1, or else fail to build entirely.
It seems related to the build date being included in the build file, thus showing up in the diff. If it's just this, it seems minor to me and not anything to be concerned about. But it does cause the error 1 which is confusing to people and there is no documentation on the Coinkite site as to why this is the case.
What is particularity frustrating about NVK's response to this is that he's responding with successful MK4 5.1.2 and MK3 4.1.8 successful builds although that proves the process is working fine and that people who are finding problems must be doing it wrong or else malicious. But as I say, I am able to replicate the success of the videos people have posted with latest builds. The issue is about older MK3 builds. Also I am not sure how to explain the file size difference between even the successful MK3 4.1.8 build between the built file vs the binary on the webpage, although that may just be me misunderstanding something.
reply
I'd also refer you to this comment to better understand the context behind this FUD: #197505
reply
I would argue that the post you linked is the FUD. WalletScrutiny is doing what everyone should do but doesn't. What they've claimed with regard to ColdCard is the same exact thing I and many others have experienced.
reply
Rob Hamilton running the latest MK3 firmware 2023-06-19T 1627-v4.1.8: https://twitter.com/Rob1Ham/status/1671615542262657025
Demo on how to run MK4 repo builds by Praveen Perera: https://twitter.com/PraveenPerera/status/1671618928265576448
reply
Thanks for your reply. Yes I was also able to successfully build the latest MK3 and MK4 builds. I quote myself below.
For M4 5.1.2 I got SUCCESS from make repro The binary on the webpage 893,237 bytes and the build file in ~/firmware/stm32/built/firmware-signed.dfu was also 893,237 bytes.
For M3 4.1.8 I got SUCCESS from make repro The binary on the webpage is 753,981bytes, yet the build file in ~/firmware/stm32/built/firmware-signed.dfu was 722944 bytes
The issue is that older builds of MK3 fail with error 1, or else fail to build entirely.
It seems related to the build date being included in the build file, thus showing up in the diff. If it's just this, it seems minor to me and not anything to be concerned about. But it does cause the error 1 which is confusing to people and there is no documentation on the Coinkite site as to why this is the case.
What is particularity frustrating about NVK's response to this is that he's responding with successful MK4 5.1.2 and MK3 4.1.8 successful builds although that proves the process is working fine and that people who are finding problems must be doing it wrong or else malicious. But as I say, I am able to replicate the success of the videos people have posted with latest builds. The issue is about older MK3 builds. Also I am not sure how to explain the file size difference between even the successful MK3 4.1.8 build between the built file vs the binary on the webpage, although that may just be me misunderstanding something.
reply
Thanks for the very helpful and tedious work to share to the community.
reply
Wallet scrutinity are grifters. We know that from long time ago.
reply
reply
Thanks for your reply. Yes I used a clean Ubuntu 22.04 system in a VM.
I started with a vanilla Ubuntu 22.04 VM running on QEMU/KVM (virt-manager)
It's very possible that the 4.1.5 builds and below failed because of an issue with my local environment. But the 4.1.6 and 4.1.7 builds failing with error 1 are I believe due to the MK3 build process including the build date in the build file which causes the make repro to fail with error 1
reply
reply