Reproducible Builds Instructions 😊

[xrviv]

Heya team OneKeyHQ 😊,

Danny here from @WalletScrutiny,

We'd love for the One Key Pro to be tested for reproducible build verification. In this light, may we request for build instructions re: One Key pro?

Sincerely,

Danny

[PatrickChoo]

Thank you for your interest in testing OneKey Pro for reproducible build verification. We would be happy to assist you with this. Please send us an email at [email protected] with your mailing address, and we will arrange for the shipment.

Looking forward to your email. 🙌

[xrviv]

Oh, no, thank you! You are most kind, but we are not asking for a device :)

Although, I am thinking of buying one for myself soon!

But as you can see from our Gitlab , we just need assistance with the script as other versions of the one Key are proven to be reproducible.

The instructions would be sufficient since this is Open Source.

Instructions like:

• bitkey: https://github.com/proto-at-block/bitkey/blob/main/app/verifiable-build/android/README.md
• seedsigner: https://github.com/SeedSigner/seedsigner-os/blob/main/docs/building.md
• foundation devices passportb2: https://github.com/Foundation-Devices/passport2/blob/main/REPRODUCIBILITY.md

That would be really helpful! Thanks

[424778940z]

Building the firmware is very straightforward:

1. install dependencies
2. enable nix environment
3. initialize poetry environment
4. run build commands under poetry
5. check artifacts under core/build/{target} folder

For details of each step, I would suggest take a look at the Github CI task file which is here -> https://github.com/OneKeyHQ/firmware-pro/blob/main/.github/workflows/build-pro.yml

The easiest way will be just fork this repo on Github, then run CI jobs from your own fork. This should be sufficient to prove our release binaries are from our opensource code. Adapt the whole build environment/config/process to Gitlab should be possible, but I could not see the point if the goal is to verify binaries are reproducible.