This repository contains Guix attestations for releases of BitcoinZ.
The Guix build consists of two stages:
- In the first stage (
noncodesigned
), people compile the binaries from source. - Then, code signatures for Windows and MacOS are generated from the binaries that were produced in the first stage, and distributed to the builders.
- In the second stage (
all
), the builders attach these code signatures.
See https://github.com/btcz/bitcoinz/blob/master/doc/release-process.md#building on how to build the release with Guix and create an attestation.
/<version>/<signer>/
: Build attestations for repository tagv<version>
for<signer>
.noncodesigned.SHA256SUMS
: Hashes of binaries produced by the first stage build for this version.noncodesigned.SHA256SUMS.asc
: Detached PGP signature fornoncodesigned.SHA256SUMS
.all.SHA256SUMS
: Hashes of binaries produced by the second stage build. This covers all the binaries uploaded to the website, and is what to check release binaries against.all.SHA256SUMS.asc
: Detached PGP signature forall.SHA256SUMS
.
/builder-keys/<signer>.gpg
: PGP keys of the signers. If you're going to do builds and contribute attestations, file a PR to add your key here./contrib
: Scripts used in the CI tests.