The term deterministic builds is defined as follows:
Reproducible [or deterministic] builds are a set of software development practices that create an independently-verifiable path from source to binary code.
This guide describes how to reproduce Wasabi's builds. If you get stuck with these instructions, take a look at how to build Wasabi from source code.
Warning: Reproducible builds were introduced in 1.1.3 release, you cannot use these instructions for older versions!
In order to reproduce Wasabi's builds, you need git package, Windows 10+, and the version of .NET SDK that was used by the Wasabi team to produce the release.
Which version of .NET SDK to use? There is the BUILDINFO.json file inside the installation folder: C:\Program Files\WasabiWallet\, and the NetSdkVersion field will tell you the right SDK version. If you have multiple .NET SDK versions installed on your system, make sure to specify the exact same version in global.json before building Wasabi Wallet. global.json is in the root of the repository folder.
Example of global.json that is set to strictly use a specific version:
{
"sdk": {
"version": "7.0.100",
"allowPrerelease": false,
"rollForward": "disable"
}
}You can see the list of Wasabi releases here: https://github.com/WalletWasabi/WalletWasabi/releases. Please note that each release has a git tag assigned, which is useful in the following instructions:
# The following command downloads only a single git branch. However, you can clone the whole repository, which is bigger.
git clone --depth 1 --branch <git-branch-or-tag> https://github.com/WalletWasabi/WalletWasabi.git # where `<git-branch-or-tag>` may be, for example, `v1.1.11.1`.
cd WalletWasabi/WalletWasabi.Packager
dotnet nuget locals all --clear
dotnet restore
dotnet build
dotnet run -- --onlybinariesThe previous commands produce Wasabi's binaries for Windows, macOS and Linux. Also, for your convenience, a new file explorer window will navigate you to the binaries location - i.e. WalletWasabi\\WalletWasabi.Fluent.Desktop\\bin\\dist.
Now, we will attempt to verify the binaries you have just compiled with the officially distributed binaries on https://wasabiwallet.io website. Please download those packages from the website, you should see the following files in your File Explorer:
- Install Wasabi using
Wasabi-<version>.msifile. It will install toC:\Program Files\WasabiWalletdirectory. - Start
cmdor Powershell and navigate to thedistdirectory. - Execute the following command:
git diff --no-index "win7-x64" "C:\Program Files\WasabiWallet"
- Make sure that there is NO difference reported by the command.
You can use the Windows Subsystem for Linux to verify all the packages in one go. At the time of writing this guide we provide .tar.gz and .deb packages for Linux and .dmg package for macOS.
Install the .deb package and extract the tar.gz and .dmg packages, then compare them with your build.
After installing WSL, just type wsl in File Explorer where your downloaded and built packages are located.
sudo dpkg -i Wasabi-1.1.6.deb
git diff --no-index linux-x64/ /usr/local/bin/wasabiwallet/tar -pxzf Wasabi-1.1.6.tar.gz
git diff --no-index linux-x64/ Wasabi-1.1.6There could be warnings regarding SOS_README.md that it differs in line endings. That is a text file and it has no effect on the running software.
According to Apple documentation, the signature that is used to ensure the integrity of the software is added into the binary itself - so it will manipulate the content of the files.
If the code is universal, the object code for each slice (architecture) is signed separately. This signature is stored within the binary file itself.
According to this, it is impossible to have both deterministic build and code signature on macOS. macOS Gatekeeper won't let you run software without it. Thus, Wasabi only applies code signature, but no deterministic build for macOS.
There is an issue here for further discussion.
With the following method you can check the differences by yourself:
You will need to install 7z (or something else) to extract the .dmg. You can do that using sudo apt install p7zip-full command.
7z x Wasabi-1.1.6.dmg -oWasabiOsx
git diff --no-index osx-x64/ WasabiOsx/Wasabi\ Wallet.App/Contents/MacOS/