guix, doc: Add a note that codesigners need to rebuild after tagging

One of the issues observed during the 22.0rc1 release process was that a codesigner's attestation mismatched non-codesigner attestations because the guix-codesign step was performed prior to tagging the version in bitcoin-detached-sigs.
author: Andrew Chow <achow101-github@achow101.com> 2021-07-22 18:25:06 -0400
committer: Andrew Chow <achow101-github@achow101.com> 2021-07-28 12:59:47 -0400
commit: d080c27066449f76bc8709fc50e422757971d2cf (patch)
tree: b13d65b9f0e9f3abb042c596ce731298dfaae624 /doc/release-process.md
parent: 4a466388a0092fbdf5f8969c6bfb65bf8cc962e1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/release-process.md b/doc/release-process.md
index e375ae976a..c57fa5b23a 100644
--- a/doc/release-process.md
+++ b/doc/release-process.md
@@ -160,6 +160,9 @@ Codesigner only: Sign the windows binaries:
     Enter the passphrase for the key when prompted
     signature-win.tar.gz will be created
 
+Code-signer only: It is advised to test that the code signature attaches properly prior to tagging by performing the `guix-codesign` step.
+However if this is done, once the release has been tagged in the bitcoin-detached-sigs repo, the `guix-codesign` step must be performed again in order for the guix attestation to be valid when compared against the attestations of non-codesigner builds.
+
 Codesigner only: Commit the detached codesign payloads:
 
 ```sh
author	Andrew Chow <achow101-github@achow101.com>	2021-07-22 18:25:06 -0400
committer	Andrew Chow <achow101-github@achow101.com>	2021-07-28 12:59:47 -0400
commit	d080c27066449f76bc8709fc50e422757971d2cf (patch)
tree	b13d65b9f0e9f3abb042c596ce731298dfaae624 /doc/release-process.md
parent	4a466388a0092fbdf5f8969c6bfb65bf8cc962e1 (diff)