Four small improvements I noticed while going through the scripts and workflow:
1. CI doesn't trigger on attestation or builder-key changes (.github/workflows/latest_asmap.yml)
The workflow only fires on *.dat file changes. PRs that only touch attestations/** or
builder-keys/** skip validation entirely. Adding those paths to the trigger would ensure
those PRs are also checked.
2. diff --report-identical is non-standard (asmap-verify:126)
--report-identical is not a recognized flag on BSD diff (macOS). The portable equivalent
is -s (--report-identical-files in GNU). On macOS this could produce unexpected behavior
since diff may treat the unknown flag as an error.
3. asmap-verify requires manual GPG key import before it works (asmap-verify)
When GPG verification fails because a key isn't in the keyring, the script already knows
where the key lives (builder-keys/<signer>.gpg). It could silently import it before
verifying, making the script work out of the box for new participants without needing a
manual gpg --import step first. The import is idempotent so it's safe to always attempt.
4. Wrong output path in asmap-attest usage example (asmap-attest:54-55)
The example shows:
$PWD/2026/attestations/1772726379/satoshi/SHA256SUMS
But the script (line 171) actually writes to:
$PWD/attestations/2026/1772726379/satoshi/SHA256SUMS
The attestations/ directory and the year are transposed. Someone following the example would look in the wrong place.
Happy to submit a PR with all three fixes if there are no objections.
Four small improvements I noticed while going through the scripts and workflow:
1. CI doesn't trigger on attestation or builder-key changes (
.github/workflows/latest_asmap.yml)The workflow only fires on
*.datfile changes. PRs that only touchattestations/**orbuilder-keys/**skip validation entirely. Adding those paths to the trigger would ensurethose PRs are also checked.
2.
diff --report-identicalis non-standard (asmap-verify:126)--report-identicalis not a recognized flag on BSD diff (macOS). The portable equivalentis
-s(--report-identical-filesin GNU). On macOS this could produce unexpected behaviorsince diff may treat the unknown flag as an error.
3.
asmap-verifyrequires manual GPG key import before it works (asmap-verify)When GPG verification fails because a key isn't in the keyring, the script already knows
where the key lives (
builder-keys/<signer>.gpg). It could silently import it beforeverifying, making the script work out of the box for new participants without needing a
manual
gpg --importstep first. The import is idempotent so it's safe to always attempt.4. Wrong output path in
asmap-attestusage example (asmap-attest:54-55)The example shows:
$PWD/2026/attestations/1772726379/satoshi/SHA256SUMS
But the script (line 171) actually writes to:
$PWD/attestations/2026/1772726379/satoshi/SHA256SUMS
The
attestations/directory and the year are transposed. Someone following the example would look in the wrong place.Happy to submit a PR with all three fixes if there are no objections.