From 1dd58b6ad636cae114779297ccb4758a35365046 Mon Sep 17 00:00:00 2001
From: Patrick McClurg <patrick@confidential.ai>
Date: Fri, 15 May 2026 06:22:41 +0200
Subject: [PATCH 1/2] fix: installer docs steps

corrected download link and chmod/exec to install
---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 877b457..3d64e48 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,10 @@ Kettle is available from GitHub Releases or from source via Cargo, the Rust buil
 ### From GitHub Releases
 
 ```bash
-curl -LO https://github.com/lunal-dev/kettle/releases/latest/download/kettle
+curl -LO https://github.com/lunal-dev/kettle/releases/latest/download/kettle-installer.sh
+# don't forget to read the source before you run random scripts from the internet :)
+chmod +x kettle-installer.sh
+./kettle-installer.sh
 ```
 
 ### From source

From 3518ebc7abdb48970293057a28e23376f17e541b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Arko?= <andre@arko.net>
Date: Fri, 15 May 2026 23:06:31 +0000
Subject: [PATCH 2/2] update README with reproduction info

---
 README.md                                   | 16 ++++++++++++++--
 bin/{reproduce-build => build-reproducible} |  0
 2 files changed, 14 insertions(+), 2 deletions(-)
 rename bin/{reproduce-build => build-reproducible} (100%)

diff --git a/README.md b/README.md
index 3d64e48..181eae3 100644
--- a/README.md
+++ b/README.md
@@ -46,8 +46,7 @@ Kettle is available from GitHub Releases or from source via Cargo, the Rust buil
 ```bash
 curl -LO https://github.com/lunal-dev/kettle/releases/latest/download/kettle-installer.sh
 # don't forget to read the source before you run random scripts from the internet :)
-chmod +x kettle-installer.sh
-./kettle-installer.sh
+bash kettle-installer.sh
 ```
 
 ### From source
@@ -65,6 +64,17 @@ apt-get install -y libtss2-dev
 cargo install --features attest --git https://github.com/lunal-dev/kettle
 ```
 
+### Reproducible build
+
+Every release of Kettle includes a full reproducible binary, with support for attestation, built inside a fully reproducible environment in Docker. Download and use the fully reproducible binary by running:
+
+```bash
+curl -LO https://github.com/lunal-dev/kettle/releases/latest/download/kettle-reproducible-x86_64-unknown-linux-gnu.tar.xz
+tar xfvj kettle-reproducible-x86_64-unknown-linux-gnu.tar.xz 
+chmod +x kettle
+./kettle attest
+```
+
 ## Using Kettle
 
 ### Build anywhere
@@ -129,3 +139,5 @@ Planned toolchain support includes:
 Use `cargo nextest run` to run the tests for any platform.
 
 In a TEE, use `cargo nextest run --ignored all` to run the full integration tests that checkout Rust and Nix projects, build them, attest them, and verify them.
+
+Run `bin/build-reproducible` to use Docker images provided by the StageX project to build a byte-for-byte reproducible build of Kettle into `./target/reproducible/kettle`.
diff --git a/bin/reproduce-build b/bin/build-reproducible
similarity index 100%
rename from bin/reproduce-build
rename to bin/build-reproducible