sesi_the_man on Nostr: I was trying to come up with a joke about how all of our users should take advantage ...
I was trying to come up with a joke about how all of our users should take advantage of their “reproductive rights”, and I got nothing.
Just build our release image w/ the instructions below and share the hashes if you’re able. 🧡
Just build our release image w/ the instructions below and share the hashes if you’re able. 🧡
quoting note1dc5…k4t7SeedSigner v0.8.5 has reproducible builds from source. This means sole trust in SeedSigner the person (or any other SeedSigner contributors) isn’t needed for the image that most people run on thier SeedSigner. This trust can be distributed through others attesting they to can produce the same image byte for byte.
If you have docker installed, a few hours of CPU cycles available, then you too can contribute and attest that all 4 device images built from source match the released binaries.
```
git clone --recursive https://github.com/SeedSigner/seedsigner-os.git
cd seedsigner-os
export DOCKER_DEFAULT_PLATFORM=linux/amd64
export RELEASE_TAG=0.8.5
git checkout $RELEASE_TAG
git submodule init
git submodule update
for device in pi0 pi02w pi2 pi4
do
SS_ARGS="--$device --app-branch=$RELEASE_TAG" docker compose up --force-recreate --build
done
cd images
shasum -a 256 seedsigner_os.0.8.5*
```
My personal attestation:
bcb901e27d309d85f086dc80b49b153d6b1caab2247eba2811731384d58f2f3e seedsigner_os.0.8.5.pi0.img
398d9bf9cda0858fe97c0788b353194c1c902335a858b7dbf5d7b213bda75d96 seedsigner_os.0.8.5.pi02w.img
1e93a82e62d4a1defbdc777a6762a813f4cb5c3ef9090da0bd07542dfd6f62bf seedsigner_os.0.8.5.pi2.img
d298ffad3c765e11e48873efc6d1c65e4230528fde4d5bd4701bb507acbf493c seedsigner_os.0.8.5.pi4.img
matching https://github.com/SeedSigner/seedsigner/releases/download/0.8.5/seedsigner.0.8.5.sha256.txt note1pv8…5s4q