-
hyc
-
hyc
anyone else posted that I missed?
-
Proudmuslim[m]
<sgp_> "it's... not. sorry" <- Nice one
-
hyc
no one else has gitian build hashes yet?
-
Halver[m]
I'm beginning but it will certainly take me some hours
-
hyc
ok, just making sure I didn't miss a posting
-
sech1
hyc I tried to build yesterday but it errored out and I didn't have time to investigate
-
Halver[m]
Does somebody know if the gitian buid should work on Debian GNU/Linux 10 (buster) ?
-
Halver[m]
I ask since the doc says : Gitian host OS should be Ubuntu 18.04 "Bionic Beaver".
-
Halver[m]
I guess Debian should be ok since Ubuntu is based on Debian, but I prefer asking.
-
hyc
Halver: maybe. should be ok. your best bet is to use dockrun.sh which isolates you from host OS incompatibilities
-
hyc
read the DOCKRUN.md
-
hyc
sech1: interesting. what's your build OS?
-
sech1
I use Ubuntu 18.04 VM
-
sech1
gitian builds worked there before
-
sech1
I used it to build p2pool-compatible binaries
-
hyc
strange yeah that should be perfect
-
sech1
Same VM that was successfully used to build 0.17.2.3 and hashes were correct
-
Halver[m]
hyc: Thanks. I'll do. I'm just beginning the read.
-
Halver[m]
First time I use Docker and 1st time I'll try a gitian build. Crossing fingers !
-
sech1
I installed a bunch of stuff in that VM recently, maybe it broke things
-
hyc
I guess that's possible. that's why I wrote dockrun.sh; too much stuff on my host machine wasn't compatible any more
-
sethsimmons
Starting Gitian builds now
-
sethsimmons
Opened PR to add my new GPG key:
monero-project/gitian.sigs #157
-
sethsimmons
Hmm, maybe I need to just add the new key instead of renaming old?
github.com/monero-project/gitian.si…s/4382112120?check_suite_focus=true selsta hyc
-
selsta
yes, add a new one
-
sethsimmons
-
selsta
otherwise the old signatures can't be verified anymore
-
Halver[m]
... I don't exactly catch why gpg is needed in reproductible compilation
-
sethsimmons
It's not needed for reproduction, it's needed for proving you didn't forge the hashes and fake it.
-
sethsimmons
And that no one can pretend they were you verifying sigs.
-
sethsimmons
-
sethsimmons
s/sigs/hashes/, s///
-
hyc
use a pastebin...
-
hyc
hashes look good
-
hyc
-
sethsimmons
<hyc> "use a pastebin..." <- Sorry, forget that doesn't come across well to IRC, and I will use a pastebin for the full hashes.
-
Siren[m]
Hi, how can I compile monero-wallet-rpc without compiling other stuff like monerod?
-
selsta
make -C build/release/ wallet_rpc_server
-
selsta
change build/release to your build dir
-
Theo[m]1
<sethsimmons> "Starting Gitian builds now" <- Are all monero binaries built using deterministic building ?
-
sethsimmons
<Theo[m]1> "Are all monero binaries built..." <- They are all reproducible, yes.
-
Theo[m]1
Nice
-
sethsimmons
-
sethsimmons
-
sethsimmons
#158 has to be merged first for it to pass checks due to the new gpg key.
-
selsta
you can also add gpg key and sigs in one PR
-
sethsimmons
True I can do that instead.
-
sethsimmons
WIll close #158
-
sethsimmons
Combined and passed in 161 🙂
-
sech1
-
sech1
-
sech1
hyc just removing all builder folders and starting from scratch helped with my error
-
monerobull[m]
An i understanding this right? You all submit a signed hash of the binaries to make sure no single person can sneak in malicious stuff?
-
Canadiantaku[m]
prob
-
merope
Technically it only proves that everybody is getting the same result when compiling the code
-
merope
If anyone builds the code and gets a different result from the others, then there's an issue (either in that person's setup, or in the other people colluding to publish a malicious build)
-
merope
And anyone "at home" can perform the same steps and verify that they're getting the same result too
-
monerobull[m]
Ok cool
-
sethsimmons
Yup, essentially ensures that the builds of each release are the same as the source code that is publicly available.
-
sethsimmons
All verifiers would have to collude to produce binaries that didn't match the source code, and still anyone could verify that the build was malicious/incorrect by running the verification themselves.
-
sethsimmons
Makes it much harder to produce a malicious binary and pass it off as legitimate 🙂