Release Trust
B3IQ installer, release-manifest, GUI package, signing, and update trust gates.
B3IQ install and update trust is a production gate. The current public installers are useful pilot artifacts, but production trust requires stronger signing and smoke evidence across platforms.
Current Installer Trust
| Platform | Current state | Remaining gate |
|---|---|---|
| Linux script | Public route verifies release checksums before installing | Signed release metadata enforcement, Linux package trust, desktop install/reinstall/uninstall smoke |
| macOS script | Public route verifies release checksums before installing | Production signed update apply and rollback smokes |
| macOS GUI | Signed and notarized DMG public pilot | Clean-machine and existing-machine GUI smoke evidence |
| Windows script | Public PowerShell install route exists | Production signed metadata enforcement and Windows service/install smoke |
| Windows GUI | NSIS validation artifact only | Azure Trusted Signing or PFX Authenticode, VM smoke, production-ready manifest evidence |
| Linux GUI | DEB validation artifact only | Package trust plus real Ubuntu Desktop GUI smoke |
Release Manifest
The host-agent release pipeline can generate and verify a signed
release-manifest.json with Ed25519 over exact manifest bytes. Production
publish should require the manifest signature and a configured production public
key.
Same-origin checksum verification is useful for pilots. Production install and update trust should require signed metadata and platform-native package trust where possible.
Update Trust
Production update trust still needs:
- Signed apply paths for Linux, macOS, and Windows.
- Rollback smokes after bad or failed updates.
- GUI surfacing for update state and recovery.
- Manifest signature enforcement with the real production public key.
- Existing-machine tests that preserve local owner state, models, runtime state, and service state.
Public Installer Copy
Call macOS GUI a signed pilot
The macOS DMG is signed and notarized and can be presented as a public pilot.
Call all GUI installers production-ready
Windows Authenticode and Linux package trust remain explicit gates.