Skip to content

Instantly share code, notes, and snippets.

@hebasto

hebasto/guix-sigs.md

Last active September 28, 2025 12:12
Show Gist options
  • Save hebasto/7293726cbfcd0b58e1cfd5418316cee3 to your computer and use it in GitHub Desktop.
Save hebasto/7293726cbfcd0b58e1cfd5418316cee3 to your computer and use it in GitHub Desktop.
Download ZIP
The `bitcoin-core/guix.sigs` Repository Workflow
Raw
guix-sigs.md

The bitcoin-core/guix.sigs Repository Workflow

Common environment variables

export FINGERPRINT="0x410108112E7EA81F=hebasto"

Prerequisites

The Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers subdirectory must resides in the depends/SDKsdirectory.

Fork the bitcoin-core/guix.sigs repository on GitHub (if not forked yet).

pushd /home/hebasto/guix.sigs
git remote add hebasto [email protected]:hebasto/guix.sigs.git
git config remote.pushDefault hebasto
popd

Preparing repository

If building for a tag:

VERSION=21.99-guixtest1
git checkout v$VERSION

If building for a non-tagged commit:

VERSION=$(git rev-parse --short=12 HEAD)

Building

contrib/guix/guix-build

Attesting non-codesigned binaries

env GUIX_SIGS_REPO=/home/hebasto/guix.sigs SIGNER=$FINGERPRINT contrib/guix/guix-attest
pushd /home/hebasto/guix.sigs
git checkout -b ${VERSION}-non-codesigned
git add $VERSION
git commit -m "Add hebasto Guix attestations for $VERSION non-codesigned"
git push
git switch main
popd

Submit a PR to the bitcoin-core/guix.sigs repository on GitHub.

Verifying

env GUIX_SIGS_REPO=/home/hebasto/guix.sigs contrib/guix/guix-verify
@Emzy
Copy link

Emzy commented Apr 16, 2021

tested, worked.

@jonatack
Copy link

jonatack commented Jul 23, 2021
edited
Loading

Very helpful doc! Thanks!

In Signing Binaries, the git checkout command should be git checkout v$VERSION (the "v" is missing).

@jonatack
Copy link

(Maybe also state that the ./contrib/guix/guix-{build, attest, verify} commands should be run from the root of the bitcoin directory.)

@hebasto
Copy link
Author

hebasto commented Jul 24, 2021

Very helpful doc! Thanks!

Thanks you!

In Signing Binaries, the git checkout command should be git checkout v$VERSION (the "v" is missing).

Is it ok now?

@jonatack
Copy link

In Signing Binaries, the git checkout command should be git checkout v$VERSION (the "v" is missing).

Is it ok now?

Seems good. Thanks!

@0xB10C
Copy link

0xB10C commented Aug 4, 2021

Thank you! Very helpful.

@benthecarman
Copy link

Is this possible without having an apple developer account?

@hebasto
Copy link
Author

hebasto commented Aug 7, 2021

@benthecarman

Is this possible without having an apple developer account?

https://bitcoincore.org/depends-sources/sdks/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz

@willcl-ark
Copy link

Thanks, very useful (and worked very well!)

@jamesob
Copy link

jamesob commented Mar 8, 2022

Awesome, thanks @hebasto !

@0xB10C
Copy link

0xB10C commented Mar 16, 2022

@benthecarman

Is this possible without having an apple developer account?

https://bitcoincore.org/depends-sources/sdks/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz

fwiw: this is the latest Xcode needed (12.2-12B45b): https://bitcoincore.org/depends-sources/sdks/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment