|
|
|
@ -1,5 +1,4 @@ |
|
|
|
Windows binaries |
|
|
|
================ |
|
|
|
# Windows binaries |
|
|
|
|
|
|
|
✓ _These binaries should be reproducible, meaning you should be able to generate |
|
|
|
binaries that match the official releases._ |
|
|
|
@ -29,8 +28,7 @@ similar system. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Code Signing |
|
|
|
============ |
|
|
|
## Code Signing |
|
|
|
|
|
|
|
Electrum Windows builds are signed with a Microsoft Authenticode™ code signing |
|
|
|
certificate in addition to the GPG-based signatures. |
|
|
|
@ -57,8 +55,7 @@ certificate/key) and one or multiple trusted verifiers: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Verify Integrity of signed binary |
|
|
|
================================= |
|
|
|
## Verify Integrity of signed binary |
|
|
|
|
|
|
|
Every user can verify that the official binary was created from the source code in this |
|
|
|
repository. To do so, the Authenticode signature needs to be stripped since the signature |
|
|
|
@ -73,3 +70,20 @@ This procedure removes the differences between the signed and unsigned binary: |
|
|
|
of 8. |
|
|
|
|
|
|
|
The script `unsign.sh` performs these steps. |
|
|
|
|
|
|
|
## FAQ |
|
|
|
|
|
|
|
### How to investigate diff between binaries if reproducibility fails? |
|
|
|
`pyi-archive_viewer` is needed, for that run `$ pip install pyinstaller`. |
|
|
|
As a first pass overview, run: |
|
|
|
``` |
|
|
|
pyi-archive_viewer -l electrum-*.exe1 > f1 |
|
|
|
pyi-archive_viewer -l electrum-*.exe2 > f2 |
|
|
|
diff f1 f2 > d |
|
|
|
cat d |
|
|
|
``` |
|
|
|
Then investigate manually: |
|
|
|
``` |
|
|
|
$ pyi-archive_viewer electrum-*.exe1 |
|
|
|
? help |
|
|
|
``` |
|
|
|
|
SomberNight
3 years ago