{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"codeGuideFiles":[],"seo":{"title":"Rakurai Binary Attestation — Guide","description":"Learn how to work with Staking API for managing deposits, withdrawals, and stake pool information."},"dynamicMarkdocComponents":[],"metadata":{"type":"markdown"},"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"rakurai-binary-attestation--guide"},"children":["Rakurai Binary Attestation — Guide"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Verify the provenance and integrity of the Rakurai scheduler binary using GitHub artifact attestations."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Audience:"]}," Validator operators who want to cryptographically verify scheduler binaries before deployment."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["See also:"]}," ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/docs/services/rakurai_jito_private/rakurai_docs/validators/setup#23-download-rakurai-scheduler-binary"},"children":["Setup and build"]}," · ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/docs/services/rakurai_jito_private/readme"},"children":["Documentation hub"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"1.-github-artifact-attestations"},"children":["1. GitHub artifact attestations"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The Rakurai scheduler binary comes with ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://docs.github.com/en/actions/concepts/security/artifact-attestations"},"children":["GitHub artifact attestation"]},", providing cryptographic proof of its build provenance and integrity."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Artifact attestations enable unfalsifiable provenance and integrity guarantees for software. Software consumers can verify where and how the software was built. GitHub's artifact attestations create cryptographically signed claims that establish build provenance and include:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["A link to the workflow associated with the artifact"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The repository, organization, environment, commit SHA, and triggering event for the artifact"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For more information, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://docs.github.com/en/actions/concepts/security/artifact-attestations"},"children":["Artifact attestations"]},"."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"2.-slsa-compliance"},"children":["2. SLSA compliance"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["GitHub artifact attestations are SLSA compliant. The SLSA framework is an industry standard used to evaluate supply chain security. This gives you confidence that the binary has not been tampered with after the build and can be securely traced back to its source."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For more information, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://slsa.dev/"},"children":["SLSA"]},"."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"3.-verify-with-github-cli"},"children":["3. Verify with GitHub CLI"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Rakurai generates an attestation for every release. The following steps show how to verify it using the GitHub CLI."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"3.1.-prerequisites"},"children":["3.1. Prerequisites"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://github.com/cli/cli#installation"},"children":["GitHub CLI"]}," installed"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"3.2.-verification"},"children":["3.2. Verification"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To verify the Rakurai scheduler binary, use the following GitHub CLI command."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Note:"]}," This command assumes you are in an online environment. If you are in an offline or air-gapped environment, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://docs.github.com/en/actions/how-tos/secure-your-work/use-artifact-attestations/verify-attestations-offline"},"children":["Verifying attestations offline"]},"."]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","header":{"controls":{"copy":{}}},"source":"gh attestation verify PATH/TO/RAKURAI/SCHEDULER/BINARY -R rakurai-io/rakurai-validator\n","lang":"bash"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"3.3.-results"},"children":["3.3. Results"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Check the command output to determine the result. If verification is successful, you will see a message like ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["✓ Verification succeeded!"]},". If verification fails, you will see an error message such as ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["✗ Loading attestations from GitHub API failed"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":4,"id":"successful-verification"},"children":["Successful verification"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You will see the enforced policy, a checkmark, and one or more matched attestations summarizing the build and signer. Example:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","header":{"controls":{"copy":{}}},"source":"$ gh attestation verify ./PATH/TO/BINARY -R rakurai-io/rakurai-validator\nLoaded digest sha256:<ARTIFACT_DIGEST> for file://...\nLoaded <N> attestations from GitHub API\n\nPolicy criteria enforced:\n- Predicate type: https://slsa.dev/provenance/v1\n- Source repository owner: https://github.com/rakurai-io\n- Source repository: https://github.com/rakurai-io/rakurai-validator\n- Subject Alternative Name: ^https://github.com/rakurai-io/rakurai-validator/\n- OIDC issuer: https://token.actions.githubusercontent.com\n\n✓ Verification succeeded!\n\nMatched attestations:\n- Attestation #<NUMBER>\n- Build repo: rakurai-io/rakurai-validator\n- Build workflow: .github/workflows/<WORKFLOW_FILE>@refs/tags/<TAG>\n- Signer repo: rakurai-io/rakurai-validator\n- Signer workflow: .github/workflows/<WORKFLOW_FILE>@refs/tags/<TAG>\n","lang":"bash"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":4,"id":"failed-verification"},"children":["Failed verification"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["A failure result means no attestation could be found (HTTP 404), and the binary's authenticity could not be confirmed. Example:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","header":{"controls":{"copy":{}}},"source":"$ gh attestation verify ./PATH/TO/BINARY -R rakurai-io/rakurai-validator\nLoaded digest sha256:<artifact-digest> for file://...\n✗ Loading attestations from GitHub API failed\n\nError: HTTP 404: Not Found\n","lang":"bash"},"children":[]}]},"headings":[{"value":"Rakurai Binary Attestation — Guide","id":"rakurai-binary-attestation--guide","depth":1},{"value":"1. GitHub artifact attestations","id":"1.-github-artifact-attestations","depth":2},{"value":"2. SLSA compliance","id":"2.-slsa-compliance","depth":2},{"value":"3. Verify with GitHub CLI","id":"3.-verify-with-github-cli","depth":2},{"value":"3.1. Prerequisites","id":"3.1.-prerequisites","depth":3},{"value":"3.2. Verification","id":"3.2.-verification","depth":3},{"value":"3.3. Results","id":"3.3.-results","depth":3},{"value":"Successful verification","id":"successful-verification","depth":4},{"value":"Failed verification","id":"failed-verification","depth":4}],"frontmatter":{"seo":{"title":"Rakurai Binary Attestation — Guide"}},"lastModified":"2026-06-22T13:51:52.000Z"},"slug":"/docs/services/rakurai_jito_private/rakurai_docs/validators/binary-attestation","userData":{"isAuthenticated":false,"teams":["anonymous"]}}