wownero
/
gitian.sigs
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 Commits
1 Branch
0 Tags
4.4 MiB
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '24b8b5a305'
${ noResults }
Go to file
Jonathan Cross 24b8b5a305
Adding travis build status image. 		5 years ago
gitian-pubkeys Add stefanomarty pubkey 5 years ago
v0.14.1.0-linux Asserts, signatures and pubkey of @dikdust 5 years ago
v0.14.1.0-osx Merge pull request #6 into master 5 years ago
v0.14.1.0-win Asserts, signatures and pubkey of @dikdust 5 years ago
v0.14.1.1-linux Add TheCharlatan's v0.14.1.1 5 years ago
v0.14.1.1-osx Add TheCharlatan's v0.14.1.1 5 years ago
v0.14.1.1-win Add TheCharlatan's v0.14.1.1 5 years ago
v0.14.1.2-linux Merge pull request #21 into master 5 years ago
v0.14.1.2-osx Merge pull request #8 into master 5 years ago
v0.14.1.2-win Merge pull request #21 into master 5 years ago
v0.15.0.0-android Add stefanomarty v.0.15.0.0 sigs 5 years ago
v0.15.0.0-linux Add stefanomarty v.0.15.0.0 sigs 5 years ago
v0.15.0.0-osx Add hyc v0.15.0.0 5 years ago
v0.15.0.0-win Add stefanomarty v.0.15.0.0 sigs 5 years ago
v0.15.0.1-android Add stefanomarty v0.15.0.1 sigs 5 years ago
v0.15.0.1-freebsd Add stefanomarty v0.15.0.1 sigs 5 years ago
v0.15.0.1-linux Add stefanomarty v0.15.0.1 sigs 5 years ago
v0.15.0.1-osx Add stefanomarty v0.15.0.1 sigs 5 years ago
v0.15.0.1-win Add stefanomarty v0.15.0.1 sigs 5 years ago
.travis.yml Add travis config to check assert sigs 5 years ago
README.md Adding travis build status image. 5 years ago
verify-merge.py verify-merge.py : code consistency improvements. 5 years ago

README.md

Gitian assertions and signatures

This repo contains files asserting that various contributers have built Monero using a consistent process (reproducible builds with Gitian) and cryptographically signed the results of those builds.

From gitian.org:

Gitian uses a deterministic build process to allow multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used. It removes the build and distribution process as a single point of failure.

How to contribute

Build Status

We need more contributors to build Monero and confirm the Gitian results. Please follow the gitian build instructions to contribute your assertions.

Directory structure

Each release will have a directory in root, eg v0.14.1.0-linux/ Developers submitting their own gitian results will create a subdirectory matching their GitHub user name. Inside that directory, assert files from gitian and gpg signature files on those will be submitted.

Example for release v0.14.1.0:

v0.14.1.0-linux/${GH_USERNAME}/monero-linux-0.14-build.assert
v0.14.1.0-linux/${GH_USERNAME}/monero-linux-0.14-build.assert.sig

If you are committing for the first time, add your pgp public key to the gitian-pubkeys directory in armored ASCII format and a filename of username.asc.

Verifying Gitian Signatures

The verify-merge.py script can be used to verify existing gitian signatures and assert file contents (hashes of binaries). By default, it will check all releases. You can also specify a particular version to check, eg: ./verify-merge.py --version v0.14.1.0. More information on how to use the script can be found by running ./verify-merge.py --help.

It is also possible to use the script to check the signatures of open pull requests. For example for pull request id #12 on github: ./verify-merge.py --pull_id 12. Be aware that running this will change the content of your git tree by creating a new $pull_id_head and $pull_id_base branch. The script deletes these branches again on exit.