Doc

quite · Dec 15, 2023 · 6ccf8b8 · 6ccf8b8
1 parent f50e84d
commit 6ccf8b8
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -23,14 +23,18 @@ You can build the device app locally by running [build.sh](build.sh),
 or checking out what it does.
 
 For reproducibility the device app is typically built in a container,
-thus locking down the toolchain. Because if one single bit changes in
-the app.bin that will run on the TKey (for example due to a newer
-clang/llvm), then the identity (private/public key) of it will change.
+locking down the toolchain, and using specific versions of
+dependencies. Because if one single bit changes in the app.bin that
+will run on the TKey (for example due to a newer clang/llvm), then the
+identity (private/public key) of it will change.
 
 You can use [build-in-container.sh](build-in-container.sh) to do this
 using our own container image (see
 [Containerfile](https://github.com/quite/age-plugin-tkey/blob/main/Containerfile)
-in the age-plugin-tkey repo). This uses `podman` to run container
+in the age-plugin-tkey repo). The clone of this repo that you're
+sitting in will be mounted into the container and built, but
+dependencies will be freshly cloned as they don't exist inside (it
+runs `build.sh` there). `podman` is used for running the container
 (packages: `podman rootlesskit slirp4netns`).
 
 The `x25519/app.bin.sha512` contains the expected hash of the device