✅ Just verified that Phoenix Wallet (Mainnet) v2.6.0 is reproducible! Built from source and matched Play Store APK byte-for-byte. 🔒 No signed tag/commit, but the build checks out. Full verification:

WalletScrutiny

Asset Information

🔍 Verified: @nunchuk_io Desktop v1.9.46 is fully reproducible Built on Ubuntu 22.04 using their official Docker-based guide ✅ ZIP & AppImage SHA256 match official release 🛠 Build: CMake + Qt + Docker 📦 Result: Byte-for-byte identical #ReproducibleBuilds #Bitcoin #OpenSource

WalletScrutiny

Asset Information

🔍 Just verified the Bitcoin Knots v28.1 (Linux x86_64) binary as reproducible! 🧪 Build matched byte-for-byte. 🔐 Signatures validated from Luke Dashjr & other Knots builders. 📎 Full details on WalletScrutiny:

WalletScrutiny

Asset Information

#Bitcoin #ReproducibleBuilds #FOSS

✅ Reproducibility confirmed for it.airgap.vault v3.32.7 (68124) 🔐 APK hash: 5ae0a8...9c25 🧬 Matches source at commit 3ec5c79... 🛠️ Built using test.sh & Docker 📄 Verified report:

WalletScrutiny

Asset Information

#ReproducibleBuilds #Android #OpenSource #WalletSecurity

Tried building Mixin Messenger for Linux (v2.2.0) from source — ran into a missing breakpad_client error. No buildable path without upstream fix. 🔧 GitHub Issue:

GitHub

Reproducible builds Linux Desktop Build Fails Due to Missing `breakpad_client` Source and Headers - WalletScrutiny.com · Issue #1747 · MixinNetwork/flutter-app

Hi Mixin team, I'm working with walletscrutiny.com a project dedicated to improving transparency and verifiability in mobile and desktop cryptocurr...

🔍 WalletScrutiny Asset Info:

WalletScrutiny

Asset Information

#ReproducibleBuilds #CryptoWallets #LinuxApps

🔎 Check out this asset information I registered on WalletScrutiny: ✅ Reproducible Electrum Windows Standalone Executable (v4.5.8) Full verification and report available here:

WalletScrutiny

Asset Information

Independent reproducibility strengthens open-source security. 🔐 #ReproducibleBuilds #OpenSource #Electrum #WalletScrutiny

🚀 Successfully reproduced and verified Electrum 4.5.8 from source! 🔒 Full PGP verification passed — signatures from Thomas Voegtlin, Emzy, and SomberNight were ✅ ultimate trust ✅. 📜 SHA256 matched: dd8595a138132dee87cee76ce760a1d622fc2fd65d3b6ac7df7e53b7fb6ea7e8 🔎 See the full asset registered at WalletScrutiny: 👉

WalletScrutiny

Asset Information

#Bitcoin #OpenSource #ReproducibleBuilds #Electrum #WalletScrutiny

Worked til 1 AM, age 43, feel like shit. Apologies if I am combative. I'm usually more mellow when well-rested.

GM! nostr. So. What are you building today? Any chance that would get acquired for 31949.69 BTC? ($3 billion USD)

llm doesn't want to do the drake meme. just keeps on getting the hair (all of the hair) wrong. ;) https://pbs.twimg.com/media/GpSljzzbYAIRr7E?format=jpg&name=small

🧱 Bitcoin Core Reproducible Build: Web of Trust Diagram [1] Official Source Release (v29.0) | |---> Signed Git tag by maintainer (e.g., Glozow) | | | `---> Tag is GPG-signed by: F19F5FF2B0589EC341220045BA03F4DBE0C63FB4 | [2] Independent Builders Clone Repo | |---> hebasto ---> git checkout v29.0 | ---> guix build | ---> generate hash + .buildinfo + manifest | ---> sign the hash with GPG | |---> fanquake ---> same steps | |---> others ---> same steps | [3] Submit signatures to guix.sigs | `---> Each signature (.sig) matches the same commit/hash | `---> Verified: Everyone built the exact same binary from the same source [4] Anyone can verify: | |---> Compare hashes of downloaded binaries |---> Check `.sig` files against public GPG keys of signers | `---> Trust is built because: Multiple builders + identical outputs + verified GPG signatures

AHA! So this is why!!! Ubuntu 24.04 breaks GUIX setup when trying to build Bitcoin Core Desktop

Launchpad

Bug #2064115 “Conflict between apparmor and guix on Ubuntu 24.04...” : Bugs : guix package : Ubuntu

On Ubuntu 24.04 i

Bitcoin Core v29 Deterministic Build Attempt 2025-04-17.1616 ``` dannybuntu@MS-7978:~/work/builds/desktop/bitcoin$ env HOSTS="x86_64-linux-gnu" ./contrib/guix/guix-build Checking that we can connect to the guix-daemon... Hint: If this hangs, you may want to try turning your guix-daemon off and on again. make: Entering directory '/home/dannybuntu/work/builds/desktop/bitcoin/depends' make[1]: Entering directory '/home/dannybuntu/work/builds/desktop/bitcoin/depends' make[1]: Leaving directory '/home/dannybuntu/work/builds/desktop/bitcoin/depends' make: Leaving directory '/home/dannybuntu/work/builds/desktop/bitcoin/depends' INFO: Building 29.0 for platform triple x86_64-linux-gnu: ...using reference timestamp: 1744384813 ...running at most 4 jobs ...from worktree directory: '/home/dannybuntu/work/builds/desktop/bitcoin' ...bind-mounted in container to: '/bitcoin' ...in build directory: '/home/dannybuntu/work/builds/desktop/bitcoin/guix-build-29.0/distsrc-29.0-x86_64-linux-gnu' ...bind-mounted in container to: '/distsrc-base/distsrc-29.0-x86_64-linux-gnu' ...outputting in: '/home/dannybuntu/work/builds/desktop/bitcoin/guix-build-29.0/output/x86_64-linux-gnu' ...bind-mounted in container to: '/outdir-base/x86_64-linux-gnu' ADDITIONAL FLAGS (if set) ADDITIONAL_GUIX_COMMON_FLAGS: ADDITIONAL_GUIX_ENVIRONMENT_FLAGS: ADDITIONAL_GUIX_TIMEMACHINE_FLAGS: guix shell: error: mount: mount "none" on "/tmp/guix-directory.oNb3QP": Permission denied ```

Verifying the reproducibility of bitcoin core is way harder than i expected. And the problem is, with multiple engineers doing it, I know that's it's my fault if it doesn't build...

``` make[1]: Leaving directory '/home/dannybuntu/home/dannybuntu/bitcoin/depends' make: Leaving directory '/home/dannybuntu/home/dannybuntu/bitcoin/depends' INFO: Building 29.0 for platform triple x86_64-linux-gnu: ...using reference timestamp: 1744384813 ...running at most 4 jobs ...from worktree directory: '/home/dannybuntu/home/dannybuntu/bitcoin' ...bind-mounted in container to: '/bitcoin' ...in build directory: '/home/dannybuntu/home/dannybuntu/bitcoin/guix-build-29.0/distsrc-29.0-x86_64-linux-gnu' ...bind-mounted in container to: '/distsrc-base/distsrc-29.0-x86_64-linux-gnu' ...outputting in: '/home/dannybuntu/home/dannybuntu/bitcoin/guix-build-29.0/output/x86_64-linux-gnu' ...bind-mounted in container to: '/outdir-base/x86_64-linux-gnu' ADDITIONAL FLAGS (if set) ADDITIONAL_GUIX_COMMON_FLAGS: ADDITIONAL_GUIX_ENVIRONMENT_FLAGS: ADDITIONAL_GUIX_TIMEMACHINE_FLAGS: guix shell: error: mount: mount "none" on "/home/dannybuntu/tmp/guix-directory.PeHlio": Permission denied ``` Possible solution... run as `sudo`

Doing research on how to reproducibly verify desktop bitcoin core. So far:

> From FB: > I was just watching the new season of "HOW TO SELL DRUGS ONLINE (FAST)". I got to the bit where the startup is kidnapped by drug dealers and forced to make an encrypted messaging app for them. Managed to pause the video when Dan the CEO is pretending he knows how to write code so he doesn't get shot 🤣

The Primeagen talks about Open Source

🔐 Verified: Keystone3 Pro Firmware v2.0.4 (Cypherpunk, Modern) is reproducible ✅ Unsigned binary matches local build byte-for-byte. Signed hash differs (as expected due to signature). 📄 Asset registered on WalletScrutiny:

WalletScrutiny

Asset Information

#ReproducibleBuilds #FirmwareIntegrity #Bitcoin

🔐 Verified! Keystone3 Pro Firmware v2.0.4 (Multi-Coin, Modern) is reproducible 🧪✅ Our build perfectly matches the unsigned official binary. Signed binary differs (expected due to signature). Tested with: keystone3pro.sh 2.0.4 multicoin modern 🔗 #ReproducibleBuilds #Bitcoin #FirmwareIntegrity #WalletScrutiny

WalletScrutiny

Asset Information