ceremony_toolSame binary the coordinator runs. Contributions never leave your machine until you upload the output files. Signed releases, reproducible builds.
No release is published yet. Build from source (instructions below).
Pick one or more of:
.minisign/ceremony-tool.pub and also mirrored on Nostr.
minisign -Vm ceremony_tool \
-P RWRV9yO9DwVctoMc0b9oT3vmt/6M0riHkSmnxmgt8LNi+KnW9PjsERDv \
-x ceremony_tool.minisigcosign verify-blob \
--certificate-identity-regexp '^https://github\.com/rinat-enikeev/stellar-mls/\.github/workflows/release-ceremony-tool\.yml@refs/tags/' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--signature ceremony_tool.sig \
--certificate ceremony_tool.pem \
ceremony_toolsha256sum -c ceremony_tool.sha256No release yet. The release workflow publishes to GitHub Releases; this page will auto-update.
The release build runs inside a pinned Docker image with a fixed rustc. Any machine with Docker can rebuild and byte-identically reproduce the Linux artifacts:
git clone https://github.com/rinat-enikeev/stellar-mls
cd stellar-mls
./scripts/verify-ceremony-tool.sh vX.Y.Z x86_64-unknown-linux-muslThe script prints OK if your local rebuild matches the published unsigned SHA-256 in buildinfo.json. See ceremony-reproducible-build.md for the full methodology.
rust-toolchain.tomlCargo.lock committed; build uses --locked[profile.release-ceremony] in root Cargo.toml--remap-path-prefix to strip build hostSOURCE_DATE_EPOCH from commit time; TZ=UTC; LC_ALL=C