--- Log opened Wed May 26 00:00:06 2021
00:59 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has quit [Quit: jonatack]
01:00 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has joined #bitcoin-builds
01:00 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has quit [Client Quit]
01:00 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has joined #bitcoin-builds
01:03 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has quit [Client Quit]
01:04 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has joined #bitcoin-builds
03:20 -!- Laurie50Wilkinso [~Laurie50W@static.57.1.216.95.clients.your-server.de] has joined #bitcoin-builds
--- Log closed Wed May 26 07:12:32 2021
--- Log opened Wed May 26 07:18:20 2021
--- Log closed Wed May 26 07:20:51 2021
--- Log opened Wed May 26 07:21:27 2021
--- Log closed Wed May 26 07:46:25 2021
--- Log opened Wed May 26 07:48:04 2021
--- Log closed Wed May 26 07:48:17 2021
--- Log opened Wed May 26 07:48:32 2021
07:48 -!- gnusha [~gnusha@user/gnusha] has joined #bitcoin-builds
07:48 -!- Topic for #bitcoin-builds: **please use #bitcoin-core-builds instead**
07:48 -!- Topic set by orionwl [] [Tue May 25 03:37:42 2021]
07:48 [Users #bitcoin-builds]
07:48 [ dongcarl] [ gnusha      ] [ jarolrod] [ kallewoof] [ MarcoFalke] 
07:48 [ emzy    ] [ jackielove4u] [ jkczyz  ] [ kanzure  ] 
07:48 -!- Irssi: #bitcoin-builds: Total of 9 nicks [0 ops, 0 halfops, 0 voices, 9 normal]
07:48 -!- Channel #bitcoin-builds created Wed May 19 13:02:08 2021
--- Log closed Wed May 26 07:49:01 2021
--- Log opened Wed May 26 07:49:19 2021
07:49 -!- gnusha [~gnusha@user/gnusha] has joined #bitcoin-builds
07:49 -!- Topic for #bitcoin-builds: **please use #bitcoin-core-builds instead**
07:49 -!- Topic set by orionwl [] [Tue May 25 03:37:42 2021]
07:49 [Users #bitcoin-builds]
07:49 [ dongcarl] [ gnusha      ] [ jarolrod] [ kallewoof] [ MarcoFalke] 
07:49 [ emzy    ] [ jackielove4u] [ jkczyz  ] [ kanzure  ] 
07:49 -!- Irssi: #bitcoin-builds: Total of 9 nicks [0 ops, 0 halfops, 0 voices, 9 normal]
07:49 -!- Channel #bitcoin-builds created Wed May 19 13:02:08 2021
07:51 -!- Irssi: Join to #bitcoin-builds was synced in 124 secs
08:20 < dongcarl> Oh good idea
10:55 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has joined #bitcoin-builds
11:04 < jonasschnelli> dongcarl: okay. I could successful build master through guix.. how should I test the macOS signature?
11:05 < jonasschnelli> I can sign bitcoin-3ad1b8899bfb-osx-unsigned.tar.gz but is there aready a guix build for attaching the signature?
11:10 < dongcarl> looking now
11:10 < dongcarl> glad you were able to perform the build :-)
11:11 < jonasschnelli> heh.. 
11:13 < dongcarl> jonasschnelli: Looks like we've moved to #bitcoin-core-builds, apologies for the confusion: https://github.com/bitcoin-core/bitcoincore.org/pull/778#issuecomment-847687619
11:14 < jonasschnelli> ack
11:28 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
11:31 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has joined #bitcoin-builds
11:31 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has quit [Client Quit]
11:36 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has joined #bitcoin-builds
11:36 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has quit [Client Quit]
13:35 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has joined #bitcoin-builds
13:37 -!- jonasschnelli [~jonasschn@cpe-98-150-193-182.hawaii.res.rr.com] has quit [Client Quit]
--- Log closed Wed May 26 14:27:15 2021
--- Log opened Wed May 26 14:27:15 2021
14:27 -!- gnusha [~gnusha@user/gnusha] has joined #bitcoin-core-builds
14:27 -!- Topic for #bitcoin-core-builds: Bitcoin Core build system discussions | Channel logs: https://gnusha.org/bitcoin-builds/ | To get started learning about our build system: https://github.com/bitcoin/bitcoin/tree/master/depends
14:27 -!- Topic set by orionwl [] [Tue May 25 06:15:05 2021]
14:27 [Users #bitcoin-core-builds]
14:27 [ _0x0ff   ] [ dongcarl] [ harding      ] [ jonatack  ] [ roconnor  ] [ windsok] 
14:27 [ achow101 ] [ emzy    ] [ hebasto      ] [ kinlo     ] [ ryanofsky ] 
14:27 [ cfields  ] [ fanquake] [ jarolrod     ] [ laanwj    ] [ sdaftuar  ] 
14:27 [ copumpkin] [ glozow  ] [ jkczyz       ] [ luke-jr   ] [ sipa      ] 
14:27 [ darosior ] [ gnusha  ] [ jonasschnelli] [ MarcoFalke] [ willcl_ark] 
14:27 -!- Irssi: #bitcoin-core-builds: Total of 26 nicks [0 ops, 0 halfops, 0 voices, 26 normal]
14:27 -!- Channel #bitcoin-core-builds created Sat May 22 03:59:28 2021
14:27 -!- Irssi: Join to #bitcoin-core-builds was synced in 1 secs
14:28 -!- kanzure [~kanzure@user/kanzure] has joined #bitcoin-core-builds
14:28 < kanzure> test http://gnusha.org/bitcoin-builds/2021-05-26.log
14:32 < hebasto> kanzure: thanks!
14:35 < achow101> oh, we didn't merge #22017 before starting this..
14:35 < achow101> (new codesigning key)
14:35 < achow101> I guess I should use the old one?
14:39 < achow101> windows sig is up, waiting for mac. ping jonasschnelli
14:40 < jonasschnelli> achow101: since I was away for a few weeks, I really lost the overview of guix signing. So, I guess I need to download the guix output (mac unsigned), then sign (as I did before with your tool). Push the signatures where?
14:42 < achow101> jonasschnelli: the signing itself is the same as gitian really. download the mac unsigned tarball, run detached-sig-create, add sigs to bitcoin-detached-sigs, tag, and push
14:43 < jonasschnelli> achow101: okay.. good. I guess there is a guix build that attaches the signature? Just do the guix build again?
14:44 < achow101> yes, the script contrib/guix/guix-codesign will do the attaching
14:44 < achow101> within the guix environment of course
14:46 < jonasschnelli> okay.... so I'll do 1.) I checkout v21.99-guixtest1, call contrib/guix/guix-build, 2.) sign the unsigned tarball (detached-sig-create), 3.) push signature to bitcoin-detached-sig, 4.) test signature attaching process by calling contrib/guix/guix-codesign
14:46 < jonasschnelli> is there an option to test the signature before pushing it to bitcoin-detached-sigs?
14:47 < achow101> between 2 and 3 you should do contrib/guix/guix-attest and contrib/guix/guix-verify. These are the equivalents of gitian's gsign and gverify to create the gitian sigs which we are now calling guix attestations
14:48 < achow101> to test the signature application, just do guix-codesign. it doesn't do any of the tag checking out nonsense that gitian did. it just works directly on whatever is in currently in the tree
14:57 < jonasschnelli> achow101: got it. but from where does contrib/guix/guix-codesign pull the signatures (where do I locally checkout and modify the bitcoin-detached-sigs repository)?
14:59 -!- belcher [~belcher@user/belcher] has joined #bitcoin-core-builds
14:59 < achow101> jonasschnelli: set an environment variable DETACHED_SIGS_REPO with the path to wherever your bitcoin-detached-sigs is located
15:00 < jonasschnelli> achow101: thanks
15:01 < achow101> when you do guix-attest and guix-verify you will need to set GUIX_SIGS_REPO, and SIGNER for guix-attest too
15:01 < jonasschnelli> okay... i'll try that soon. Thanks for guiding me. :-)
15:01 < achow101> the scripts will also tell you this if you don't have those set when you run them
15:42 -!- kallewoof [~quassel@user/kallewoof] has joined #bitcoin-core-builds
15:57 -!- emzy [~quassel@user/emzy] has quit [Ping timeout: 252 seconds]
15:57 -!- emzy [~quassel@user/emzy] has joined #bitcoin-core-builds
15:58 < dongcarl> jonasschnelli: Here's an overview: https://github.com/bitcoin/bitcoin/issues/22077#issue-902841367
16:04 < hebasto> a simple step-by-step guide for newbies who is willing to take part in the guix building party -- https://gist.github.com/hebasto/7293726cbfcd0b58e1cfd5418316cee3
16:06 < jonatack> thanks hebasto 
16:07 < sipa> ~/git/bitcoin-guix/guix-build-21.99-guixtest1/output$ sha256sum $(find -type f | LANG=C sort) | sha256sum 
16:07 < sipa> c3e5fe3bd09423ad4ac1ba8f2dbcb80ed2e4c38e9fdce58fcc6723ab7f2554dd  -
16:07 < sipa> (non-codesigned output)
16:09 -!- emzy [~quassel@user/emzy] has quit [Ping timeout: 264 seconds]
16:13 < hebasto> sipa: the same is on my side
16:15 -!- emzy [~quassel@user/emzy] has joined #bitcoin-core-builds
16:28 < jonasschnelli> dongcarl: in order to guix-attest on a different machine, I need to copy over the whole guix-build-?? folder?
16:41 < dongcarl> jonasschnelli: Likely just guix-build-blah/outputs
16:54 < jonasschnelli> hmm... that's >2GB of data for a signature?
16:54 < jonasschnelli> Ideally we would have something like gitian where one just needs to download the *.assert files and signs that with GPG locally
16:55 < jonasschnelli> (for me signing and building are two different security layers)
16:56 < jonasschnelli> (as I use the same key for signing gitian [& soon guix] and for other purposes like signing merge commits and email communication)
17:13 < achow101> jonasschnelli: you can do NO_SIGN=1 to just make the SHA256SUMS and then sign those elsewhere
17:29 < dongcarl> Right, I think the proposed new hierarchy might solve this problem, very good to know your workflow so I can consider it. Will post an issue soon.
21:05 -!- lukedashjr [~luke-jr@user/luke-jr] has joined #bitcoin-core-builds
21:07 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Ping timeout: 264 seconds]
21:07 -!- lukedashjr is now known as luke-jr
21:10 -!- belcher_ [~belcher@user/belcher] has joined #bitcoin-core-builds
21:13 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 264 seconds]
21:44 -!- achow101 [~achow101@user/achow101] has quit [Read error: Connection reset by peer]
21:45 -!- achow101 [~achow101@user/achow101] has joined #bitcoin-core-builds
22:55 < jonasschnelli> as for the SHA256SUM signature: would be great to have an additional signature with a secp256k1 (or Schnorr) key (per developer). Maybe too late to add.
22:55 < jonasschnelli> But if we would add a secp256k1 or Schnorr signature, we could have Bitcoin-Qt or cli easily and user friendly verify future releases
22:56 < jonasschnelli> (we could still keep the gpg sig though)
23:09 < sipa> we've thought about having a simple secp256k1 based command line tool for signatures, but ultimately didn't, because there isn't any particular reason to prefer secp256k1 keys over other thibgs
23:11 < sipa> and there are a few very reasonable alternatives for signatures already... including openbsd's signify tool, and (and i think that's pretty unknown), ssh-keygen -Y sign a d ssh-keygen -Y verify
23:12 < sipa> if you want it built into bitcoin core there may be logistical reasons why secp256k1 keys/sigs are preferable of course
23:13 < sipa> in any case, all of this can be changed easily later on
23:19 < jonasschnelli> Agree. The only reason for using a simple secp256k1 signature would be verifiability without third party dependency (==UX)
23:20 < jonasschnelli> The problem with gverify (and probably also guix / gpg signature verifications) is, that users most affected (non experts) will not verify the binaries
23:21 < jonasschnelli> Thats why I think an additional secp256k1 signature could lead to much more binary verifications (again, no third party app would be required)
23:21 < jonasschnelli> Adding secp256k1 sigs/keys would maybe make sense with the introduction of guix.sigs
23:41 -!- koolazer [~koo@user/koolazer] has joined #bitcoin-core-builds
--- Log closed Thu May 27 00:00:20 2021