Merge bitcoin/bitcoin#22654: guix: Don't include directory name in SHA256SUMS

132cae44f2 doc: Mention the flat directory structure for uploads (Andrew Chow)
fb17c99e35 guix: Don't include directory name in SHA256SUMS (Andrew Chow)

Pull request description:

  The SHA256SUMS file can be used in a sha256sum -c command to verify downloaded binaries. However users are likely to download just a single file and not place this file in the correct directory relative to the SHA256SUMS file for the simple verification command to work. By not including the directory name in the SHA256SUMS file, it will be easier for users to verify downloaded binaries.

ACKs for top commit:
  Zero-1729:
    re-ACK 132cae44f2
  fanquake:
    ACK 132cae44f2

Tree-SHA512: c9ff416b8dfb2f3ceaf4d63afb84aac9fcaefbbf9092f9e095061b472884ec92c7a809e6530c7132a82cfe3ab115a7328e47994a412072e1d4feb26fc502c8c5

contrib/guix/guix-attest

@@ -162,6 +162,18 @@ EOF
 echo "Attesting to build outputs for version: '${VERSION}'"
 echo ""
 
+# Given a SHA256SUMS file as stdin that has lines like:
+#     0ba536819b221a91d3d42e978be016aac918f40984754d74058aa0c921cd3ea6  a/b/d/c/d/s/bitcoin-22.0rc2-riscv64-linux-gnu.tar.gz
+#     ...
+#
+# Replace each line's file name with its basename:
+#     0ba536819b221a91d3d42e978be016aac918f40984754d74058aa0c921cd3ea6  bitcoin-22.0rc2-riscv64-linux-gnu.tar.gz
+#     ...
+#
+basenameify_SHA256SUMS() {
+    sed -E 's@(^[[:xdigit:]]{64}[[:space:]]+).+/([^/]+$)@\1\2@'
+}
+
 outsigdir="$GUIX_SIGS_REPO/$VERSION/$signer_name"
 mkdir -p "$outsigdir"
 (
@@ -174,6 +186,7 @@ mkdir -p "$outsigdir"
         cat "${noncodesigned_fragments[@]}" \
             | sort -u \
             | sort -k2 \
+            | basenameify_SHA256SUMS \
                 > "$temp_noncodesigned"
         if [ -e noncodesigned.SHA256SUMS ]; then
             # The SHA256SUMS already exists, make sure it's exactly what we
@@ -201,6 +214,7 @@ mkdir -p "$outsigdir"
         cat "${sha256sum_fragments[@]}" \
             | sort -u \
             | sort -k2 \
+            | basenameify_SHA256SUMS \
                 > "$temp_all"
         if [ -e all.SHA256SUMS ]; then
             # The SHA256SUMS already exists, make sure it's exactly what we

doc/release-process.md

@@ -206,10 +206,15 @@ cat "$VERSION"/*/all.SHA256SUMS.asc > SHA256SUMS.asc
 ```
 
 
-- Upload to the bitcoincore.org server (`/var/www/bin/bitcoin-core-${VERSION}`):
-    1. The contents of `./bitcoin/guix-build-${VERSION}/output`, except for
+- Upload to the bitcoincore.org server (`/var/www/bin/bitcoin-core-${VERSION}/`):
+    1. The contents of each `./bitcoin/guix-build-${VERSION}/output/${HOST}/` directory, except for
        `*-debug*` files.
 
+       Guix will output all of the results into host subdirectories, but the SHA256SUMS
+       file does not include these subdirectories. In order for downloads via torrent
+       to verify without directory structure modification, all of the uploaded files
+       need to be in the same directory as the SHA256SUMS file.
+
        The `*-debug*` files generated by the guix build contain debug symbols
        for troubleshooting by developers. It is assumed that anyone that is
        interested in debugging can run guix to generate the files for
@@ -217,6 +222,10 @@ cat "$VERSION"/*/all.SHA256SUMS.asc > SHA256SUMS.asc
        as save storage space *do not upload these to the bitcoincore.org server,
        nor put them in the torrent*.
 
+       ```sh
+       find guix-build-${VERSION}/output/ -maxdepth 2 -type f -not -name "SHA256SUMS.part" -and -not -name "*debug*" -exec scp {} user@bitcoincore.org:/var/www/bin/bitcoin-core-${VERSION} \;
+       ```
+
     2. The `SHA256SUMS` file
 
     3. The `SHA256SUMS.asc` combined signature file you just created