guix: Fixes to guix-{attest,verify} #22531

achow101 commented at 5:39 PM on July 22, 2021: member

guix-verify expects all.SHA256SUMS but guix-attest produces codesigned.SHA256SUMS. Since all.SHA256SUMS makes more sense (as the file contains all the sha256sums, not just the codesigned ones), guix-attest has been changed to output a file of that name.

As a quality of life improvement, guix-verify can take SIGNER and use the signer's manifest as the base to compare against. This makes it easier to compare a single person's attestations with everyone else's and can make it more obvious when one builder is clearly mismatching with everyone else.

Lastly release-process.md is updated with a note about a gotcha that can cause a mismatch in the codesigned attestation.

achow101 commented at 5:40 PM on July 22, 2021: member

Needs backport to 22.0

MarcoFalke added the label Needs backport (0.22) on Jul 22, 2021

MarcoFalke added this to the milestone 22.0 on Jul 22, 2021

dongcarl commented at 9:32 PM on July 22, 2021: member

Thanks, just pushed up a branch that did what the first commit did but saw this more extensive one.

I'd like to use all.SHA256SUMS instead of codesigned.SHA256SUMS if possible as it's clear that that is the one to be distributed in the release process. Incidentally if we have more finer distinctions in the future, it'll always be all.SHA256SUMS that needs to be distributed.

achow101 force-pushed on Jul 22, 2021

achow101 commented at 9:51 PM on July 22, 2021: member

I've changed it to make all.SHA256SUMS.

achow101 renamed this:
~~guix: Fixes to guix-verify~~
guix: Fixes to guix-{attest,verify}
on Jul 22, 2021

guix: Make all.SHA256SUMS rather than codesigned.SHA256SUMS 33455c7696

in contrib/guix/guix-attest:225 in 2d0aa3eeec outdated

 222 | -        if [ -e codesigned.SHA256SUMS ]; then
 223 | +                > "$temp_all"
 224 | +        if [ -e all.SHA256SUMS ]; then
 225 |              # The SHA256SUMS already exists, make sure it's exactly what we
 226 |              # expect, error out if not
 227 |              if diff -u all.SHA256SUMS "$temp_codesigned"; then

dongcarl commented at 9:55 PM on July 22, 2021:

            if diff -u all.SHA256SUMS "$temp_all"; then

achow101 commented at 9:57 PM on July 22, 2021:

Fixed

achow101 force-pushed on Jul 22, 2021

guix: Allow changing the base manifest in guix-verify

When verifying guix attestations, it is useful to set a particular
signer's manifest as the base to compare against.

4a466388a0

achow101 force-pushed on Jul 22, 2021

achow101 commented at 10:50 PM on July 22, 2021: member

@dongcarl has informed me that replacing comm with diff is not the correct way to solve the erroneous failure since it's actually due to the line endings rather than line order. So that commit has been dropped.

dongcarl commented at 11:17 PM on July 22, 2021: member

@dongcarl has informed me that replacing comm with diff is not the correct way to solve the erroneous failure since it's actually due to the line endings rather than line order. So that commit has been dropped.

Here's the actual fix:

diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest
index 51d589c1de..0270fcc50e 100755
--- a/contrib/guix/guix-attest
+++ b/contrib/guix/guix-attest
@@ -216,7 +216,6 @@ mkdir -p "$outsigdir"
         cat "${sha256sum_fragments[@]}" \
             | sort -u \
             | sort -k2 \
-            | sed 's/$/\r/' \
             | rfc4880_normalize_document \
                 > "$temp_codesigned"
         if [ -e codesigned.SHA256SUMS ]; then

achow101 commented at 12:30 AM on July 23, 2021: member

Added the fix in another commit.

achow101 commented at 7:20 PM on July 23, 2021: member

I've added an additional commit to resolve an issue where having log.showSignature=true in the git config causes EPOCH_SOURCE_DATE to contain gpg signature information.

achow101 force-pushed on Jul 23, 2021

fanquake commented at 4:01 AM on July 27, 2021: member

Guix builds:

34fc2aa86fae587f58a5438533bd0288b302b32d1aaca5a00091e8f5a619b705  guix-build-3411491d0f99/output/aarch64-linux-gnu/SHA256SUMS.part
04f772df30f304e3a41431ae9cc51b86330bf7be0d53a7a96f710a1b63b0f51e  guix-build-3411491d0f99/output/aarch64-linux-gnu/bitcoin-3411491d0f99-aarch64-linux-gnu-debug.tar.gz
6269f1978c585cee048e5f419aa435d0ac825f2b80752595cf6011bf94d94fe6  guix-build-3411491d0f99/output/aarch64-linux-gnu/bitcoin-3411491d0f99-aarch64-linux-gnu.tar.gz
7d6f22d6e8bd5a16e1e0ca29ea24cf5e1dfc633e9282b45619b10b0e10cfc02c  guix-build-3411491d0f99/output/arm-linux-gnueabihf/SHA256SUMS.part
ac9759700084267b818914a74dc26dc305ebfe780d7ab725f34a1046a40b0d22  guix-build-3411491d0f99/output/arm-linux-gnueabihf/bitcoin-3411491d0f99-arm-linux-gnueabihf-debug.tar.gz
f7808dc0aab7525b16264033456507dd1ee82498328a91bb10656c9948cd331e  guix-build-3411491d0f99/output/arm-linux-gnueabihf/bitcoin-3411491d0f99-arm-linux-gnueabihf.tar.gz
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  guix-build-3411491d0f99/output/dist-archive/SKIPATTEST.TAG
9b19a663259093234ad9c68c20e99b7544226bb3c76c625518b6b99e0aa20f7d  guix-build-3411491d0f99/output/dist-archive/bitcoin-3411491d0f99.tar.gz
801247480ab2edd79724330148c30116fcbe6b62b22ff63da45d991e7fbc41df  guix-build-3411491d0f99/output/powerpc64-linux-gnu/SHA256SUMS.part
e62ec0522847db648cdfab3cf1b11d6a4730a5bf5526d4e80beca28b5ee59e76  guix-build-3411491d0f99/output/powerpc64-linux-gnu/bitcoin-3411491d0f99-powerpc64-linux-gnu-debug.tar.gz
0949f868050a23c4dfe1a1ec8743a09264bfa9062225905de0aa705ec55d6447  guix-build-3411491d0f99/output/powerpc64-linux-gnu/bitcoin-3411491d0f99-powerpc64-linux-gnu.tar.gz
4b964c9d39e2a75773775425bfa56ef8de443cf64f539c41ee749d61ff7c23f8  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/SHA256SUMS.part
7a36a5eb774aeca41c3b82dbf0b6d7a26ca98ede6eefac6ae3ae6ee86a34a451  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/bitcoin-3411491d0f99-powerpc64le-linux-gnu-debug.tar.gz
72658040558c21f1ab6f4d955d7e93c5de088ae5280ba05697f253b69d370900  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/bitcoin-3411491d0f99-powerpc64le-linux-gnu.tar.gz
79a23110848aaa3617e1cee8cfeb6792cb0bb854406a2c5195049a64e0bab679  guix-build-3411491d0f99/output/riscv64-linux-gnu/SHA256SUMS.part
ad266b7f8dc9748912414b21f68bfd047fb6cb662013287666043ff57d55499f  guix-build-3411491d0f99/output/riscv64-linux-gnu/bitcoin-3411491d0f99-riscv64-linux-gnu-debug.tar.gz
e93a5d648f1db2f61a1c279ed304442b2f23b1449a81e43e7e7b788a467a5914  guix-build-3411491d0f99/output/riscv64-linux-gnu/bitcoin-3411491d0f99-riscv64-linux-gnu.tar.gz
9f654aa209f24cf2f40de2c3091f1b64745dec442a9f0f8d5c63b58931e52cca  guix-build-3411491d0f99/output/x86_64-apple-darwin18/SHA256SUMS.part
b24ddfd85daa210dadb940c7d54a9f1915022a3f65a81c07a149b962823f9441  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx-unsigned.dmg
b8a5efe0cc08744c4ad42cb7dd75e81b4e0c341e474c54da2cc8e4726f510ba4  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx-unsigned.tar.gz
834f2553f85e3ba1b6c90cf37e8b50ec88527c26583d7e6ce7aa1a817c5dbe54  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx64.tar.gz
5f2c6c3034bb16271629e2896c61c94f623f9d27cae7928669a0273f6a8822cc  guix-build-3411491d0f99/output/x86_64-linux-gnu/SHA256SUMS.part
9b288d445a27033134f54ae552ede420aa2095d579e78ec7b97455545a53fd25  guix-build-3411491d0f99/output/x86_64-linux-gnu/bitcoin-3411491d0f99-x86_64-linux-gnu-debug.tar.gz
6c63128c8658e28d2dec98c9d3553127f1b060f84c2dd40d5a434cf7ec3fecba  guix-build-3411491d0f99/output/x86_64-linux-gnu/bitcoin-3411491d0f99-x86_64-linux-gnu.tar.gz
54283ef979293c66f742eb2778d47a4ad95c0ffebfef5b95a8149e692fb9d7c9  guix-build-3411491d0f99/output/x86_64-w64-mingw32/SHA256SUMS.part
0dcdf046ab7a7139f2d1b49e2138a3f4492f07599ab0c8b33be702c1cec9cf4b  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win-unsigned.tar.gz
001a402cd2a02c8a263f83b70d8aaf2d43c5d05bcde50e820159f5d6ba765a70  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64-debug.zip
a806fed96264625f30fb1c28ee3899fa9f40b6e68f8e921726af9968000a6931  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64-setup-unsigned.exe
d19a45362cc4ae07bc93e6f04ac9032552dfba867a6f68fca0b50e939d5c243b  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64.zip

dongcarl commented at 3:04 PM on July 27, 2021: member

I'm matching fanquake's

34fc2aa86fae587f58a5438533bd0288b302b32d1aaca5a00091e8f5a619b705  guix-build-3411491d0f99/output/aarch64-linux-gnu/SHA256SUMS.part
04f772df30f304e3a41431ae9cc51b86330bf7be0d53a7a96f710a1b63b0f51e  guix-build-3411491d0f99/output/aarch64-linux-gnu/bitcoin-3411491d0f99-aarch64-linux-gnu-debug.tar.gz
6269f1978c585cee048e5f419aa435d0ac825f2b80752595cf6011bf94d94fe6  guix-build-3411491d0f99/output/aarch64-linux-gnu/bitcoin-3411491d0f99-aarch64-linux-gnu.tar.gz
7d6f22d6e8bd5a16e1e0ca29ea24cf5e1dfc633e9282b45619b10b0e10cfc02c  guix-build-3411491d0f99/output/arm-linux-gnueabihf/SHA256SUMS.part
ac9759700084267b818914a74dc26dc305ebfe780d7ab725f34a1046a40b0d22  guix-build-3411491d0f99/output/arm-linux-gnueabihf/bitcoin-3411491d0f99-arm-linux-gnueabihf-debug.tar.gz
f7808dc0aab7525b16264033456507dd1ee82498328a91bb10656c9948cd331e  guix-build-3411491d0f99/output/arm-linux-gnueabihf/bitcoin-3411491d0f99-arm-linux-gnueabihf.tar.gz
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  guix-build-3411491d0f99/output/dist-archive/SKIPATTEST.TAG
9b19a663259093234ad9c68c20e99b7544226bb3c76c625518b6b99e0aa20f7d  guix-build-3411491d0f99/output/dist-archive/bitcoin-3411491d0f99.tar.gz
801247480ab2edd79724330148c30116fcbe6b62b22ff63da45d991e7fbc41df  guix-build-3411491d0f99/output/powerpc64-linux-gnu/SHA256SUMS.part
e62ec0522847db648cdfab3cf1b11d6a4730a5bf5526d4e80beca28b5ee59e76  guix-build-3411491d0f99/output/powerpc64-linux-gnu/bitcoin-3411491d0f99-powerpc64-linux-gnu-debug.tar.gz
0949f868050a23c4dfe1a1ec8743a09264bfa9062225905de0aa705ec55d6447  guix-build-3411491d0f99/output/powerpc64-linux-gnu/bitcoin-3411491d0f99-powerpc64-linux-gnu.tar.gz
4b964c9d39e2a75773775425bfa56ef8de443cf64f539c41ee749d61ff7c23f8  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/SHA256SUMS.part
7a36a5eb774aeca41c3b82dbf0b6d7a26ca98ede6eefac6ae3ae6ee86a34a451  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/bitcoin-3411491d0f99-powerpc64le-linux-gnu-debug.tar.gz
72658040558c21f1ab6f4d955d7e93c5de088ae5280ba05697f253b69d370900  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/bitcoin-3411491d0f99-powerpc64le-linux-gnu.tar.gz
79a23110848aaa3617e1cee8cfeb6792cb0bb854406a2c5195049a64e0bab679  guix-build-3411491d0f99/output/riscv64-linux-gnu/SHA256SUMS.part
ad266b7f8dc9748912414b21f68bfd047fb6cb662013287666043ff57d55499f  guix-build-3411491d0f99/output/riscv64-linux-gnu/bitcoin-3411491d0f99-riscv64-linux-gnu-debug.tar.gz
e93a5d648f1db2f61a1c279ed304442b2f23b1449a81e43e7e7b788a467a5914  guix-build-3411491d0f99/output/riscv64-linux-gnu/bitcoin-3411491d0f99-riscv64-linux-gnu.tar.gz
9f654aa209f24cf2f40de2c3091f1b64745dec442a9f0f8d5c63b58931e52cca  guix-build-3411491d0f99/output/x86_64-apple-darwin18/SHA256SUMS.part
b24ddfd85daa210dadb940c7d54a9f1915022a3f65a81c07a149b962823f9441  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx-unsigned.dmg
b8a5efe0cc08744c4ad42cb7dd75e81b4e0c341e474c54da2cc8e4726f510ba4  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx-unsigned.tar.gz
834f2553f85e3ba1b6c90cf37e8b50ec88527c26583d7e6ce7aa1a817c5dbe54  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx64.tar.gz
5f2c6c3034bb16271629e2896c61c94f623f9d27cae7928669a0273f6a8822cc  guix-build-3411491d0f99/output/x86_64-linux-gnu/SHA256SUMS.part
9b288d445a27033134f54ae552ede420aa2095d579e78ec7b97455545a53fd25  guix-build-3411491d0f99/output/x86_64-linux-gnu/bitcoin-3411491d0f99-x86_64-linux-gnu-debug.tar.gz
6c63128c8658e28d2dec98c9d3553127f1b060f84c2dd40d5a434cf7ec3fecba  guix-build-3411491d0f99/output/x86_64-linux-gnu/bitcoin-3411491d0f99-x86_64-linux-gnu.tar.gz
54283ef979293c66f742eb2778d47a4ad95c0ffebfef5b95a8149e692fb9d7c9  guix-build-3411491d0f99/output/x86_64-w64-mingw32/SHA256SUMS.part
0dcdf046ab7a7139f2d1b49e2138a3f4492f07599ab0c8b33be702c1cec9cf4b  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win-unsigned.tar.gz
001a402cd2a02c8a263f83b70d8aaf2d43c5d05bcde50e820159f5d6ba765a70  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64-debug.zip
a806fed96264625f30fb1c28ee3899fa9f40b6e68f8e921726af9968000a6931  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64-setup-unsigned.exe
d19a45362cc4ae07bc93e6f04ac9032552dfba867a6f68fca0b50e939d5c243b  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64.zip

hebasto commented at 5:48 PM on July 27, 2021: member

Guix builds:

$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
34fc2aa86fae587f58a5438533bd0288b302b32d1aaca5a00091e8f5a619b705  guix-build-3411491d0f99/output/aarch64-linux-gnu/SHA256SUMS.part
04f772df30f304e3a41431ae9cc51b86330bf7be0d53a7a96f710a1b63b0f51e  guix-build-3411491d0f99/output/aarch64-linux-gnu/bitcoin-3411491d0f99-aarch64-linux-gnu-debug.tar.gz
6269f1978c585cee048e5f419aa435d0ac825f2b80752595cf6011bf94d94fe6  guix-build-3411491d0f99/output/aarch64-linux-gnu/bitcoin-3411491d0f99-aarch64-linux-gnu.tar.gz
7d6f22d6e8bd5a16e1e0ca29ea24cf5e1dfc633e9282b45619b10b0e10cfc02c  guix-build-3411491d0f99/output/arm-linux-gnueabihf/SHA256SUMS.part
ac9759700084267b818914a74dc26dc305ebfe780d7ab725f34a1046a40b0d22  guix-build-3411491d0f99/output/arm-linux-gnueabihf/bitcoin-3411491d0f99-arm-linux-gnueabihf-debug.tar.gz
f7808dc0aab7525b16264033456507dd1ee82498328a91bb10656c9948cd331e  guix-build-3411491d0f99/output/arm-linux-gnueabihf/bitcoin-3411491d0f99-arm-linux-gnueabihf.tar.gz
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  guix-build-3411491d0f99/output/dist-archive/SKIPATTEST.TAG
9b19a663259093234ad9c68c20e99b7544226bb3c76c625518b6b99e0aa20f7d  guix-build-3411491d0f99/output/dist-archive/bitcoin-3411491d0f99.tar.gz
801247480ab2edd79724330148c30116fcbe6b62b22ff63da45d991e7fbc41df  guix-build-3411491d0f99/output/powerpc64-linux-gnu/SHA256SUMS.part
e62ec0522847db648cdfab3cf1b11d6a4730a5bf5526d4e80beca28b5ee59e76  guix-build-3411491d0f99/output/powerpc64-linux-gnu/bitcoin-3411491d0f99-powerpc64-linux-gnu-debug.tar.gz
0949f868050a23c4dfe1a1ec8743a09264bfa9062225905de0aa705ec55d6447  guix-build-3411491d0f99/output/powerpc64-linux-gnu/bitcoin-3411491d0f99-powerpc64-linux-gnu.tar.gz
4b964c9d39e2a75773775425bfa56ef8de443cf64f539c41ee749d61ff7c23f8  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/SHA256SUMS.part
7a36a5eb774aeca41c3b82dbf0b6d7a26ca98ede6eefac6ae3ae6ee86a34a451  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/bitcoin-3411491d0f99-powerpc64le-linux-gnu-debug.tar.gz
72658040558c21f1ab6f4d955d7e93c5de088ae5280ba05697f253b69d370900  guix-build-3411491d0f99/output/powerpc64le-linux-gnu/bitcoin-3411491d0f99-powerpc64le-linux-gnu.tar.gz
79a23110848aaa3617e1cee8cfeb6792cb0bb854406a2c5195049a64e0bab679  guix-build-3411491d0f99/output/riscv64-linux-gnu/SHA256SUMS.part
ad266b7f8dc9748912414b21f68bfd047fb6cb662013287666043ff57d55499f  guix-build-3411491d0f99/output/riscv64-linux-gnu/bitcoin-3411491d0f99-riscv64-linux-gnu-debug.tar.gz
e93a5d648f1db2f61a1c279ed304442b2f23b1449a81e43e7e7b788a467a5914  guix-build-3411491d0f99/output/riscv64-linux-gnu/bitcoin-3411491d0f99-riscv64-linux-gnu.tar.gz
9f654aa209f24cf2f40de2c3091f1b64745dec442a9f0f8d5c63b58931e52cca  guix-build-3411491d0f99/output/x86_64-apple-darwin18/SHA256SUMS.part
b24ddfd85daa210dadb940c7d54a9f1915022a3f65a81c07a149b962823f9441  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx-unsigned.dmg
b8a5efe0cc08744c4ad42cb7dd75e81b4e0c341e474c54da2cc8e4726f510ba4  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx-unsigned.tar.gz
834f2553f85e3ba1b6c90cf37e8b50ec88527c26583d7e6ce7aa1a817c5dbe54  guix-build-3411491d0f99/output/x86_64-apple-darwin18/bitcoin-3411491d0f99-osx64.tar.gz
5f2c6c3034bb16271629e2896c61c94f623f9d27cae7928669a0273f6a8822cc  guix-build-3411491d0f99/output/x86_64-linux-gnu/SHA256SUMS.part
9b288d445a27033134f54ae552ede420aa2095d579e78ec7b97455545a53fd25  guix-build-3411491d0f99/output/x86_64-linux-gnu/bitcoin-3411491d0f99-x86_64-linux-gnu-debug.tar.gz
6c63128c8658e28d2dec98c9d3553127f1b060f84c2dd40d5a434cf7ec3fecba  guix-build-3411491d0f99/output/x86_64-linux-gnu/bitcoin-3411491d0f99-x86_64-linux-gnu.tar.gz
54283ef979293c66f742eb2778d47a4ad95c0ffebfef5b95a8149e692fb9d7c9  guix-build-3411491d0f99/output/x86_64-w64-mingw32/SHA256SUMS.part
0dcdf046ab7a7139f2d1b49e2138a3f4492f07599ab0c8b33be702c1cec9cf4b  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win-unsigned.tar.gz
001a402cd2a02c8a263f83b70d8aaf2d43c5d05bcde50e820159f5d6ba765a70  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64-debug.zip
a806fed96264625f30fb1c28ee3899fa9f40b6e68f8e921726af9968000a6931  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64-setup-unsigned.exe
d19a45362cc4ae07bc93e6f04ac9032552dfba867a6f68fca0b50e939d5c243b  guix-build-3411491d0f99/output/x86_64-w64-mingw32/bitcoin-3411491d0f99-win64.zip

hebasto approved

hebasto commented at 5:53 PM on July 27, 2021: member

ACK 3411491d0f992e43e827a178ea58cceda3c7fac0, I have reviewed the code and it looks OK, I agree it can be merged.

in doc/release-process.md:163 in 3411491d0f outdated

 159 | @@ -160,6 +160,9 @@ Codesigner only: Sign the windows binaries:
 160 |      Enter the passphrase for the key when prompted
 161 |      signature-win.tar.gz will be created
 162 |  
 163 | +Codeisnger only: It is advised to test that the code signature attaches properly prior to tagging by performing the `guix-codesign` step.

laanwj commented at 1:44 PM on July 28, 2021:

s/Codeisnger/Codesigner/

jonatack commented at 2:03 PM on July 28, 2021:

Each time I read "codesigned" I first see "co-designed" and have to push that interpretation away :D

Writing "code signer" for the noun and "code-signed" / "code-signing" etc for the verb would be clearer to me.

achow101 commented at 4:59 PM on July 28, 2021:

Fixed

guix, doc: Add a note that codesigners need to rebuild after tagging

One of the issues observed during the 22.0rc1 release process was that a
codesigner's attestation mismatched non-codesigner attestations because
the guix-codesign step was performed prior to tagging the version in
bitcoin-detached-sigs.

d080c27066

guix: Remove extra \r from all.SHA256SUMS line ending

guix-attest mistakenly added an extra \r to the line endings in
all.SHA256SUMS, causing guix-verify to erroneously fail.

Co-Authored-By: Carl Dong <contact@carldong.me>

43225f0a2a

guix: Ensure EPOCH_SOURCE_DATE does not include GPG information

If the user has set log.showSignature=true in their git config, then the
git log will always output GPG signature information. Since git log is
used to set EPOCH_SOURCE_DATE, this will mistakenly have GPG signature
information in it which causes issues for the build. To avoid this
issue, we override the config and force log.showSignature=false.

9b313dfef1

achow101 force-pushed on Jul 28, 2021

fanquake approved

fanquake commented at 3:12 AM on July 29, 2021: member

ACK 9b313dfef18792fcc36e78ef3caa693fafcce04e

fanquake merged this on Jul 29, 2021

fanquake closed this on Jul 29, 2021

fanquake referenced this in commit 056e47d887 on Jul 29, 2021

fanquake referenced this in commit aa9b6aba03 on Jul 29, 2021

fanquake referenced this in commit 38d18c01e2 on Jul 29, 2021

fanquake referenced this in commit 219900a123 on Jul 29, 2021

fanquake referenced this in commit cd57bb1a66 on Jul 29, 2021

fanquake commented at 3:17 AM on July 29, 2021: member

Backported in #22534.

fanquake removed the label Needs backport (22.x) on Jul 29, 2021

sidhujag referenced this in commit 5635fd4585 on Jul 29, 2021

DrahtBot locked this on Aug 16, 2022