05:25:41 <Theo[m]1> I wish more open source projects would use reproducible builds. No one can build everything they use, so we should be able to use binaries directly without having to trust a single person/entity
05:32:21 <Theo[m]1> Do you know if there are any automated ways to check that at least some amount of people that you trust have verified a build before installing it ? It would be nice but I don't think it's widespread enough
05:33:13 <Theo[m]1> I belive this verification is done manually for monero right ?
05:50:11 <shroomreactionar> "Excuse me friend, can you please run sha512sum on your monero build"
06:41:01 <rock[m]> lmao
08:10:08 <g0d0h932> hi
12:10:03 <monerobull[m]> Seth For Privacy till when does this need to be done? I want to try contributing
12:20:51 <sethsimmons> <monerobull[m]> "Seth For Privacy till when..." <- Ideally before release, but its never too late really!
12:22:00 <sethsimmons> <Theo[m]1> "Do you know if there are any..." <- What do you mean "automated"?
12:22:00 <sethsimmons> Some way to simply compare all of the signed hashes people produce?
12:23:09 <monerobull[m]> sethsimmons: Is 6 hours from now enough 😅?
12:30:12 <sethsimmons> Its always helpful, even after release, so a great chance to become familiar with the process either way 🙂
12:30:12 <sethsimmons> Would recommend the Docker approach:
12:30:13 <sethsimmons> https://github.com/monero-project/monero/blob/aeae337c0be565ae2bde4f00ba7d732f6eab7bfc/contrib/gitian/DOCKRUN.md
12:31:42 <moneromooo> monero-update checks for >= 2 agreeing hashes from a set of trusted people IIRC.
12:31:59 <moneromooo> Trusted in this context being... hyc iDunk and a couple others.
12:41:28 <Halver[m]> I'm currently doing the gitian builds following https://github.com/monero-project/monero/tree/master/contrib/gitian
12:41:28 <Halver[m]> It's 1st time and it seems to work (not finished).
12:41:28 <Halver[m]> The scripts are doing quite all the job, so, not so complicated.
12:41:30 <Halver[m]> Thanks to the people who write the scripts.
12:41:53 <Halver[m]> * gitian builds,, *  with docker, following https://github.com/monero-project/monero/tree/master/contrib/gitian
12:44:07 <hyc> that's the idea. i wanted a simple automation that anyone can do...
12:44:33 <hyc> and the scripts themselves are also simple, anyone can read them to verify what they do
13:09:23 <sethsimmons> Thankful for the Dockerized approach, much more easy to cleanup after and a bit simpler to follow 🙂
13:10:40 <hyc> I got sick of polluting my main dev machine
13:11:02 <hyc> and having my dev environment break after every OS upgrade
14:00:22 <monerobull[m]> In trying to figure out PGP right now with the gpg frontend, why does it say my signed messages are "NOT fully valid"?
14:04:41 <sethsimmons> Did you have the private key imported/created before running it? Did you accept to sign at the prompt? What exact output did it give?
14:06:16 <monerobull[m]> I generated a private/pub key, put "test message 3" into the editor field, clicked sign, clicked verify
14:07:33 <monerobull[m]> Verify report says success
14:07:33 <monerobull[m]> > It contains:
14:07:33 <monerobull[m]> A signature NOT fully valid.
14:07:33 <monerobull[m]> Signed by: testsignature<test3⊙gc>
14:09:17 <LyzaL> I think you have to tell gpg that keys come from a trusted source to avoid that warning.... although it should prolly be automatically marked trusted if you generated it yourself heh
14:11:33 <monerobull[m]> Alright so it only says that because it isn't a "trusted key"
14:12:57 <sethsimmons> Yes, just run `gpg --edit-key [key-id]` and then `trust` and set to ultimate trust (5).
14:19:12 <monerobull[m]> Worked
14:19:21 <monerobull[m]> Good signature fully valid
14:20:37 <sethsimmons> Awesome 😎
14:20:45 <monerobull[m]> How do I now check something you guys signed is valid?
14:21:16 <monerobull[m]> Like your PR Seth For Privacy 
14:21:48 <sethsimmons> Did you answer yes to signing when running the dockrun.sh script?
14:22:08 <sethsimmons> If so the directory will be in `sigs` there.
14:22:33 <monerobull[m]> I only have gpg installed, didnt do any of the monero gitian stuff yet
14:22:43 <sethsimmons> Ah
14:23:18 <sethsimmons> Then once you run through the gitian build you'll be able to sign and push sigs: https://github.com/monero-project/monero/blob/master/contrib/gitian/README.md or https://github.com/monero-project/monero/blob/master/contrib/gitian/DOCKRUN.md (I recommend the latter)
14:24:02 <sethsimmons> You'll also need to fork https://github.com/monero-project/gitian.sigs
14:25:49 <Rucknium[m]> monero-guides: I sense a Monero Guide in the making ^
15:04:52 <monerobull[m]> Holy moly I've been struggling the whole day to get my mint vm updated. I wasn't logged into the firewall...
15:07:20 <monerobull[m]> So can I sign with my monero secret key or will i need a seperate PGP key?
15:08:08 <sethsimmons> You sign with a PGP key, up to you which one but you'll have to publish the public key as part of the gitian.sigs repo.
15:34:05 <hyc> sethsimmons: did you by any chance run the dockrun script once before downloading the Mac SDK?
15:34:29 <sethsimmons> Yes
15:34:39 <hyc> then that's why you didn't get it.
15:34:43 <sethsimmons> Well, I downloaded the SDK in the root monero dir, so it was in the wrong place.
15:34:52 <sethsimmons> Docs didn't say where to download it, but I can add that as well
15:35:01 <hyc> dockrun only builds the gitrun container once, and the SDK has to be there at that time.
15:35:10 <hyc> after that it just uses the container as-is.
15:35:28 <sethsimmons> Ah makes sense
15:35:32 <sethsimmons> I'll add dirs to docs
15:35:44 <hyc> sure. dockrun assumes everything is in the current working directory - contrib/gitian
15:36:28 <sethsimmons> If DOCKRUN.md will be referred to directly, it needs to include the git clone and cd commands, so I'll add those
15:36:46 <hyc> which git clone?
15:37:01 <hyc> I would assume you've already cloned the repo if you're reading the document
15:37:06 <sethsimmons> of monero source
15:37:17 <sethsimmons> It's not even mentioned at present in the DOCKRUN.md doc
15:37:31 <hyc> right, because you already have the repo if you have the file to read.
15:38:11 <sethsimmons> But that won't be the case necessarily for people sent straight there via URL
15:38:25 <sethsimmons> Most people won't be vim'ing the md file, they'll be reading it on Github itself.
15:39:03 <hyc> meh.
15:39:25 <hyc> we have to draw the line somewhere. you have to know how to use git
15:39:26 <sethsimmons> Just adding this:... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/a221f0236fccc37514700e901a7c316eff4ec63e)
15:39:36 <sethsimmons>  * Just adding this:... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/a309b73cec1c422f49696ce295284f203a3c55c8)
15:40:24 <sethsimmons> Yes, but I don't think the line should include you knowing what source to clone and what directory to be in 🙂
15:40:43 <hyc> those steps won't make sense / would be redundant once you're actually reading the file from your own soure tree
15:41:32 <sethsimmons> Like I said, I don't think that's the majority of people, and the Docker setup is a good "beginner" approach.
15:41:47 <hyc> the docker setup requires you to know how to use docker
15:41:55 <hyc> so we're already excluding total beginners
15:42:00 <hyc> and that's ok.
15:42:47 <hyc> it requires you to know how to install docker on your machine
15:43:19 <hyc> it thus requires you to be able to responsibly use sysadmin privs without blowing things up
15:44:00 <sethsimmons> It's just a minor change that adds much-needed context/initial steps.
15:44:11 <hyc> ok fine. yeah it's a small change.
15:45:22 <sethsimmons> hyc: It doesn't, though, it includes the basic steps to install and prep Docker, and rightly so.
15:45:34 <sethsimmons> And includes all Docker commands necessary to complete and verify the builds.
15:46:14 <sethsimmons> This is just a small piece of missing context, I certainly don't want to add a beginner guide to git or Docker, but to run the process start to finish the clone/cd are required steps that shouldn't be assumed, IMO.
15:46:35 <sethsimmons> I pushed the commit with the changes to https://github.com/monero-project/monero/pull/8101
15:48:03 <hyc> ok
15:48:18 <hyc> now just need to add a note about the out/ directory
15:48:41 <sethsimmons> Starting a clean build including mac builds now
15:48:56 <sethsimmons> hyc: Ah, yes
15:49:09 <hyc> oh also you could just docker cp the SDK file into the gitrun container
15:49:23 <hyc> no need to tear it all down and start over
15:49:57 <sethsimmons> Meh good way to test and already done 😛
15:50:06 <sethsimmons> But that would have been much faster for sure lol
15:50:07 <hyc> heh ok
15:52:19 <sethsimmons> Will add the out notes once the first build is done and I can validate the dir
15:52:28 <hyc> ok
16:38:07 <Halver[m]> Results from my gitian builds :
16:38:07 <Halver[m]> http://dropbox24l7p7sfy4fbgli7swdssvdsifkwzatsppbibqba3tnqszeqd.onion/u/u483/monero-v0.17.3.0-sha256sum.txt
16:38:07 <Halver[m]> seems inline with others.
16:38:12 <Halver[m]> apple build and sig is missing because I missed it. Sorry.
16:38:31 <Halver[m]> I'll now try to do the GPG things.
16:40:10 <sethsimmons> Nice!
16:57:52 <kinghat[m]> i dont think being verbose in instructions is bad. im not a docker or git wizard, with only cursory knowledge, it can help dummies like me.
16:58:51 <masterbob79[m]> I do not like docker. systemd makes more sense to me. this stuff is still new to me
16:59:14 <masterbob79[m]> copy and paste, it's what I do. hahaha
17:00:03 <Theo[m]1> <moneromooo> "monero-update checks for >= 2..." <- thanks that's exactly what I was asking 👌
17:01:19 <Theo[m]1> is this done by the devs before publishing the binaries or localy before updating ?
17:23:57 <Halver[m]> I have forked monero/gitian.sigs on my own github (https://github.com/HoverHalver/gitian.sigs)
17:23:57 <Halver[m]> I have also my gpg public key which I try to add to https://github.com/HoverHalver/gitian.sigs/tree/master/gitian-pubkeys
17:24:23 <Halver[m]> I'm doing this using Tor, but the file refuses to upload. 
17:24:53 <Halver[m]> I wonder that it's probably github which dislikes me using Tor ?
17:25:13 <sethsimmons> Just cat the file and copy+paste, and name the same as your Github username (i.e. HoverHalver.asc)
17:25:30 <sethsimmons> Add file>Create new file
17:28:47 <Halver[m]> Thanks Seth, this way works.
17:30:40 <sethsimmons> Nice
18:23:13 <Halver[m]> Still using Tor, I encounter (of course) the same issue when I try eg to upload my sig folder
18:23:13 <Halver[m]> into https://github.com/HoverHalver/gitian.sigs/tree/master/v0.17.3.0-android
18:23:41 <Halver[m]> I guess I will either have to use vanilla Firefox or use git command lines.
18:24:43 <Halver[m]> in which case I guess such uploading probably leaks my IP to github.com
18:24:59 <Halver[m]> s/./,/
18:28:15 <Rucknium[m]> Halver: torsocks (more preferred I think) or torify (less preferred I think) plus git commands should work on Linux.
19:15:16 <Halver[m]> in order to do `git commit ...`
19:15:16 <Halver[m]> git asks for an email an a name.
19:15:20 <Halver[m]> Not sure if giving a fake email will work (?)
19:16:18 <Halver[m]> afk
19:19:41 <moneromooo> It won't, since it'll double check with the password number it asks you afterwards.
19:19:50 <moneromooo> passport*
19:20:42 <moneromooo> (though anything with a @ works IIRC, it's just being a pain about asking)
21:41:29 <woodser[m]> spirobel you can call `MoneroUtils.getIntegratedAddress(networkType, address, paymentId)` with the monero-javascript-v0.5.9 release