jdlcdl on Nostr: SeedSigner v0.8.5, released on the evening of February 4th 2025, brings ...
SeedSigner v0.8.5, released on the evening of February 4th 2025, brings multi-language internationalization to the entire code-base with an initial localization in Spanish.
Since v0.7.0 SeedSigner has supported binary reproducibility which effectively obsoletes the need for verifying a signed release-manifest from somebody that most of us cannot know, because it enables anyone to rebuild the same release-image, byte-for-byte, directly from the open-source code repository.
I hereby attest that:
* I've been following the SeedSigner project since October 2022,
* I take great pride in helping out however I can as part of that team -- following and testing code changes as it evolves, exchanging ideas with the wonderful SeedSigner Community,
* and that I was able to reproduce ALL of the release images for v0.8.5, matching the sha256 hashes that Nick mentions in nostr event "nevent1qvzqqqqqqypzqxj6lwv69s9n5z9y52h0c9r2ec8fuak2pe9nuarj6dy3eqp4hta3qqsxu2zt9v9004u8ndn7ggxeem98u0fqrn372ku3c6v4u3dpst265ag8vykap" and also contained in the release-manifest "seedsigner.0.8.5.sha256.txt" signed by SeedSigner-the-man having rsa fingerprint ~ "4673 9B74 ... 0726 0119".
-jdlcdl
Since v0.7.0 SeedSigner has supported binary reproducibility which effectively obsoletes the need for verifying a signed release-manifest from somebody that most of us cannot know, because it enables anyone to rebuild the same release-image, byte-for-byte, directly from the open-source code repository.
I hereby attest that:
* I've been following the SeedSigner project since October 2022,
* I take great pride in helping out however I can as part of that team -- following and testing code changes as it evolves, exchanging ideas with the wonderful SeedSigner Community,
* and that I was able to reproduce ALL of the release images for v0.8.5, matching the sha256 hashes that Nick mentions in nostr event "nevent1qvzqqqqqqypzqxj6lwv69s9n5z9y52h0c9r2ec8fuak2pe9nuarj6dy3eqp4hta3qqsxu2zt9v9004u8ndn7ggxeem98u0fqrn372ku3c6v4u3dpst265ag8vykap" and also contained in the release-manifest "seedsigner.0.8.5.sha256.txt" signed by SeedSigner-the-man having rsa fingerprint ~ "4673 9B74 ... 0726 0119".
-jdlcdl
quoting nevent1q…ykapSeedSigner v0.8.5 has reproducible builds from source. This means sole trust in SeedSigner the person (or any other SeedSigner contributors) isn’t needed for the image that most people run on thier SeedSigner. This trust can be distributed through others attesting they to can produce the same image byte for byte.
If you have docker installed, a few hours of CPU cycles available, then you too can contribute and attest that all 4 device images built from source match the released binaries.
```
git clone --recursive https://github.com/SeedSigner/seedsigner-os.git
cd seedsigner-os
export DOCKER_DEFAULT_PLATFORM=linux/amd64
export RELEASE_TAG=0.8.5
git checkout $RELEASE_TAG
git submodule init
git submodule update
for device in pi0 pi02w pi2 pi4
do
SS_ARGS="--$device --app-branch=$RELEASE_TAG" docker compose up --force-recreate --build
done
cd images
shasum -a 256 seedsigner_os.0.8.5*
```
My personal attestation:
bcb901e27d309d85f086dc80b49b153d6b1caab2247eba2811731384d58f2f3e seedsigner_os.0.8.5.pi0.img
398d9bf9cda0858fe97c0788b353194c1c902335a858b7dbf5d7b213bda75d96 seedsigner_os.0.8.5.pi02w.img
1e93a82e62d4a1defbdc777a6762a813f4cb5c3ef9090da0bd07542dfd6f62bf seedsigner_os.0.8.5.pi2.img
d298ffad3c765e11e48873efc6d1c65e4230528fde4d5bd4701bb507acbf493c seedsigner_os.0.8.5.pi4.img
matching https://github.com/SeedSigner/seedsigner/releases/download/0.8.5/seedsigner.0.8.5.sha256.txt note1pv8…5s4q