guix, doc: Add a note that codesigners need to rebuild after tagging

One of the issues observed during the 22.0rc1 release process was that a codesigner's attestation mismatched non-codesigner attestations because the guix-codesign step was performed prior to tagging the version in bitcoin-detached-sigs. Github-Pull: #22531 Rebased-From: d080c27066449f76bc8709fc50e422757971d2cf
author: Andrew Chow <achow101-github@achow101.com> 2021-07-22 18:25:06 -0400
committer: fanquake <fanquake@gmail.com> 2021-07-29 11:15:29 +0800
commit: 38d18c01e25d3a103697c120a50b366414876370 (patch)
tree: f1f1a0ac36fe0a35cc741dc2540d28326e103d8f /doc
parent: aa9b6aba0302a3c7345f8e6d73a1868083f87874 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/release-process.md b/doc/release-process.md
index 0ac67b9146..26ac259c46 100644
--- a/doc/release-process.md
+++ b/doc/release-process.md
@@ -160,6 +160,9 @@ Codesigner only: Sign the windows binaries:
     Enter the passphrase for the key when prompted
     signature-win.tar.gz will be created
 
+Code-signer only: It is advised to test that the code signature attaches properly prior to tagging by performing the `guix-codesign` step.
+However if this is done, once the release has been tagged in the bitcoin-detached-sigs repo, the `guix-codesign` step must be performed again in order for the guix attestation to be valid when compared against the attestations of non-codesigner builds.
+
 Codesigner only: Commit the detached codesign payloads:
 
 ```sh
author	Andrew Chow <achow101-github@achow101.com>	2021-07-22 18:25:06 -0400
committer	fanquake <fanquake@gmail.com>	2021-07-29 11:15:29 +0800
commit	38d18c01e25d3a103697c120a50b366414876370 (patch)
tree	f1f1a0ac36fe0a35cc741dc2540d28326e103d8f /doc
parent	aa9b6aba0302a3c7345f8e6d73a1868083f87874 (diff)