01:35:09 <hyc> build hashes https://paste.debian.net/1221451/
01:35:21 <hyc> anyone else posted that I missed?
02:36:56 <Proudmuslim[m]> <sgp_> "it's... not. sorry" <- Nice one
08:18:41 <hyc> no one else has gitian build hashes yet?
08:22:20 <Halver[m]> I'm beginning but it will certainly take me some hours
08:23:19 <hyc> ok, just making sure I didn't miss a posting
09:06:02 <sech1> hyc I tried to build yesterday but it errored out and I didn't have time to investigate
09:34:57 <Halver[m]> Does somebody know if the gitian buid should work on Debian GNU/Linux 10 (buster) ?
09:34:57 <Halver[m]> I ask since the doc says : Gitian host OS should be Ubuntu 18.04 "Bionic Beaver". 
09:35:00 <Halver[m]> I guess Debian should be ok since Ubuntu is based on Debian, but I prefer asking.
09:44:18 <hyc> Halver: maybe. should be ok. your best bet is to use dockrun.sh which isolates you from host OS incompatibilities
09:44:29 <hyc> read the DOCKRUN.md
09:44:53 <hyc> sech1: interesting. what's your build OS?
09:45:22 <sech1> I use Ubuntu 18.04 VM
09:45:31 <sech1> gitian builds worked there before
09:45:45 <sech1> I used it to build p2pool-compatible binaries
09:45:46 <hyc> strange yeah that should be perfect
09:46:15 <sech1> Same VM that was successfully used to build 0.17.2.3 and hashes were correct
09:46:17 <Halver[m]> hyc: Thanks. I'll do. I'm just beginning the read.
09:46:18 <Halver[m]> First time I use Docker and 1st time I'll try a gitian build. Crossing fingers !
09:46:27 <sech1> I installed a bunch of stuff in that VM recently, maybe it broke things
09:50:11 <hyc> I guess that's possible. that's why I wrote dockrun.sh; too much stuff on my host machine wasn't compatible any more
13:37:12 <sethsimmons> Starting Gitian builds now
13:46:58 <sethsimmons> Opened PR to add my new GPG key: https://github.com/monero-project/gitian.sigs/pull/157
13:50:30 <sethsimmons> Hmm, maybe I need to just add the new key instead of renaming old? https://github.com/monero-project/gitian.sigs/runs/4382112120?check_suite_focus=true selsta hyc 
13:50:55 <selsta> yes, add a new one
13:54:29 <sethsimmons> OK fixed: https://github.com/monero-project/gitian.sigs/pull/158
13:55:08 <selsta> otherwise the old signatures can't be verified anymore
15:11:26 <Halver[m]> ... I don't exactly catch why gpg is needed in reproductible compilation
15:12:40 <sethsimmons> It's not needed for reproduction, it's needed for proving you didn't forge the hashes and fake it.
15:12:45 <sethsimmons> And that no one can pretend they were you verifying sigs.
15:20:30 <sethsimmons> Initial Linux sigs (unsigned):... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/7b47309defae595272da4ddda5c58c143ebcc7fa)
15:20:33 <sethsimmons> s/sigs/hashes/, s///
15:20:57 <hyc> use a pastebin...
15:22:36 <hyc> hashes look good
15:22:52 <hyc> full set has been posted in reddit https://old.reddit.com/r/Monero/comments/r60io7/cli_v01730_oxygen_orion_has_been_tagged/
15:36:40 <sethsimmons> <hyc> "use a pastebin..." <- Sorry, forget that doesn't come across well to IRC, and I will use a pastebin for the full hashes.
16:01:20 <Siren[m]> Hi, how can I compile monero-wallet-rpc without compiling other stuff like monerod?
16:06:11 <selsta> make -C build/release/ wallet_rpc_server
16:07:27 <selsta> change build/release to your build dir
16:26:24 <Theo[m]1> <sethsimmons> "Starting Gitian builds now" <- Are all monero binaries built using deterministic building ?
16:35:27 <sethsimmons> <Theo[m]1> "Are all monero binaries built..." <- They are all reproducible, yes.
16:45:09 <Theo[m]1> Nice
16:58:31 <sethsimmons> https://github.com/monero-project/gitian.sigs/pull/161
16:58:40 <sethsimmons> Hashes: https://paste.sethforprivacy.com/?cb4552070ced5d8d#8YF2pefeknYTa8Bcqt8fgXp76cJLYxY9jDjphL7S1yWP
16:59:33 <sethsimmons> #158 has to be merged first for it to pass checks due to the new gpg key.
17:01:01 <selsta> you can also add gpg key and sigs in one PR
17:07:58 <sethsimmons> True I can do that instead.
17:08:02 <sethsimmons> WIll close #158
17:10:34 <sethsimmons> Combined and passed in 161 🙂
20:05:20 <sech1> My hashes: https://paste.debian.net/hidden/828b12fd/
20:06:28 <sech1> and https://github.com/monero-project/gitian.sigs/pull/162
20:07:04 <sech1> hyc just removing all builder folders and starting from scratch helped with my error
22:47:27 <monerobull[m]> An i understanding this right? You all submit a signed hash of the binaries to make sure no single person can sneak in malicious stuff?
22:48:00 <Canadiantaku[m]> prob
23:20:26 <merope> Technically it only proves that everybody is getting the same result when compiling the code
23:23:02 <merope> If anyone builds the code and gets a different result from the others, then there's an issue (either in that person's setup, or in the other people colluding to publish a malicious build)
23:27:00 <merope> And anyone "at home" can perform the same steps and verify that they're getting the same result too
23:30:34 <monerobull[m]> Ok cool
23:34:42 <sethsimmons> Yup, essentially ensures that the builds of each release are the same as the source code that is publicly available.
23:34:42 <sethsimmons> All verifiers would have to collude to produce binaries that didn't match the source code, and still anyone could verify that the build was malicious/incorrect by running the verification themselves.
23:34:57 <sethsimmons> Makes it much harder to produce a malicious binary and pass it off as legitimate 🙂