Skip to content

Instantly share code, notes, and snippets.

@eriknylund

eriknylund/sparrow-wallet-v1.5.0-beta1-reproducible.md

Last active September 16, 2021 13:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eriknylund/dbfd0750ff30de40bf15bd14d5c5afe5 to your computer and use it in GitHub Desktop.
Save eriknylund/dbfd0750ff30de40bf15bd14d5c5afe5 to your computer and use it in GitHub Desktop.
Download ZIP
Sparrow Wallet 1.5.0-beta1 reproducible build
Raw
sparrow-wallet-v1.5.0-beta1-reproducible.md

General instructions

https://github.com/sparrowwallet/sparrow/blob/master/docs/reproducible.md

VPS

Digital Ocean Debian 9 x64

Steps

Preparation

# Prepare a throw away SSH key to git clone with SSH since sparrow uses/depends on submodules
ssh-keygen -t ed25519 -C "one-time-use-for-sparrow-repro"
cat .ssh/id_ed25519.pub

# Go to https://github.com/settings/keys and add the public key
# Prepare adoptopenjdk-16-hotspot and utils
apt-get install -y wget apt-transport-https gnupg
wget https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public
gpg --no-default-keyring --keyring ./adoptopenjdk-keyring.gpg --import public
gpg --no-default-keyring --keyring ./adoptopenjdk-keyring.gpg --export --output adoptopenjdk-archive-keyring.gpg
rm adoptopenjdk-keyring.gpg
mv adoptopenjdk-archive-keyring.gpg /usr/share/keyrings
echo "deb [signed-by=/usr/share/keyrings/adoptopenjdk-archive-keyring.gpg] https://adoptopenjdk.jfrog.io/adoptopenjdk/deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/adoptopenjdk.list
apt update && apt install -y adoptopenjdk-16-hotspot=16.0.1+9-3 rpm fakeroot binutils git wget

Clone repo & build

export GIT_TAG="1.5.0-beta1"
git clone --recursive --branch "${GIT_TAG}" git@github.com:sparrowwallet/sparrow.git

pushd sparrow
git show

# Build!
./gradlew jpackage --info

Diff

pushd /tmp
wget https://github.com/sparrowwallet/sparrow/releases/download/${GIT_TAG}/sparrow-${GIT_TAG}.tar.gz
wget https://github.com/sparrowwallet/sparrow/releases/download/${GIT_TAG}/sparrow-${GIT_TAG}-manifest.txt.asc
wget https://github.com/sparrowwallet/sparrow/releases/download/${GIT_TAG}/sparrow-${GIT_TAG}-manifest.txt
cat sparrow-${GIT_TAG}-manifest.txt
wget https://keys.openpgp.org/vks/v1/by-fingerprint/D4D0D3202FC06849A257B38DE94618334C674B40
gpg --import D4D0D3202FC06849A257B38DE94618334C674B40
gpg --verify sparrow-${GIT_TAG}-manifest.txt.asc
export SHA256_HASH=`shasum -a 256 sparrow-${GIT_TAG}.tar.gz | awk '{ print $1 }'`
grep $SHA256_HASH sparrow-${GIT_TAG}-manifest.txt

# The binary checks out, let's diff it against our own build to see if it's reproducible
tar xzf sparrow-${GIT_TAG}.tar.gz
popd
diff -r build/jpackage/Sparrow /tmp/Sparrow
popd

Cleanup

Remove SSH-key from https://github.com/settings/keys

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment