10 sats \ 1 reply \ @BlokchainB 9 Aug 2023 \ parent \ on: Why reproducibility matters | Foundation tech
Not to be cynical but I looked at this
In order to build and verify the reproducibility of Passport firmware, you will need to: Get the source code Install the dependencies Docker Just Build the reproducible binaries Verify the binaries match the: Published build hash Release binary (with signatures stripped out) hash We’ll walk through every step above in this guide to ensure you can build and verify any version of Passport’s firmware easily.
So to do this you need docker and just. I’m just confused as things should be reproducible but depend on docker which I heard of and just which I have never heard of. I am assuming they are trusted software packages but can you do this rebuild without docker and just.
write
preview
0 sats \ 0 replies \ @foundationdvcs OP 10 Aug 2023
This is the easy path to make it more accessible, and relying on Docker is absolutely standard and almost required in reproducible builds. Justfiles are simply human-readable scripts in the style of Bash scripting that reduce the amount of copy-pasting without obfuscating anything (we link to all the relevant Justfile lines in the guide).
If you want to do this as "from scratch" as possible, I'd recommend looking at the Wallet Scrutiny script we recently built to help them verify builds here:
https://gitlab.com/walletscrutiny/walletScrutinyCom/-/blob/master/scripts/test/hardware/passport.sh
That removes all reliance on Just.
reply