Yes, but the Justfiles are all open-source and verifiable themselves, they just greatly simplify things and remove the need to make changes to the WalletScrutiny script if the build environment or steps change. The use of Rust in particular poses unique challenges to reproducibility, as even doing the rust setup commands in a slightly different order will change the output binaries and thus their hashes.

Understand wanting to be able to reproduce from scratch, though! Is there a reason you aren't directly copying the Dockerfile and the `docker run` command and using them directly to build the image and then build the firmware? You would also need to replicate the build steps *exactly* from the relevant Justfile.

Doing that would ensure that you're using the exact same environment. If you don't want to copy the files themselves, I would use them as a direct reference, as if there is even the smallest difference in the image you build under podman you can expect the hashes to not match.


Will pass it on once we get things worked out for your manual script to reproduce properly