it does, both for MacOS and Windows
it's non-trivial to do this with a deterministic build, because we can't exactly distribute the certificates to builders-who can be anyone
so we first do a non-codesigned build pass, then the people with the certificates sign their binaries using the appropriate signing tool, and upload the detached signature (for both platforms) to https://github.com/bitcoin-core/bitcoin-detached-sigs
these are subsequently attached in a final build pass
a lot of work for what is basically security theater, but as you found there's not really a choice with these platforms
laanwj
npub1p2…crnl6
2024-11-13 16:24:45
in reply to nevent1q…8kzz
Author Public Key
npub1p23eukh0nxsqpfaakz6fj9vvj27y4gs0kevnrffdq4d4adkl7uuq7crnl6Published at
2024-11-13 16:24:45Event JSON
{
"id": "827d5b0f3affbc09b4cdfdbdff31668c33827829f6675884b71cbbf77ab8d0f0",
"pubkey": "0aa39e5aef99a000a7bdb0b499158c92bc4aa20fb65931a52d055b5eb6dff738",
"created_at": 1731515085,
"kind": 1,
"tags": [
[
"e",
"4e6301cf6d5fefdc76dabf98ed84107443d6d33a46d10a836b91098bed9b99d1",
"wss://wot.utxo.one/",
"root"
],
[
"e",
"fdf5ceed314f24586025c01daec0b15f5a7b66f8705d3fb0d008d7d84642de75",
"wss://nos.lol/",
"reply"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728",
"",
"mention"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "it does, both for MacOS and Windows\n\nit's non-trivial to do this with a deterministic build, because we can't exactly distribute the certificates to builders-who can be anyone\n\nso we first do a non-codesigned build pass, then the people with the certificates sign their binaries using the appropriate signing tool, and upload the detached signature (for both platforms) to https://github.com/bitcoin-core/bitcoin-detached-sigs\n\nthese are subsequently attached in a final build pass\n\na lot of work for what is basically security theater, but as you found there's not really a choice with these platforms",
"sig": "2654ef33a486846e36f4869a7f8f8b97296bb7b07be2f3c3c30db932863db301f5b7fd62adb5eb873a7cd6ca7c6deefc250114bf27bbf38155273356f16d4cf1"
}