Everything liveson GitHub.
Canonical is open-source software distributed through its repository — the code, the releases, and the verification files. No installers from a website, no download portals.
One distribution channel you can actually audit.
A wallet download is exactly the thing attackers love to fake. Keeping distribution in the repository means every artifact is tied to public history, signed checksums, and a build path you can reproduce yourself — instead of trusting a website served over someone's CDN.
Build from source.
You need Rust 1.92.0 (pinned in rust-toolchain.toml). Clone, build, done:
git clone <repository-url>
cd canonical-wallet
cargo build --release -p canonicalwalletd -p canonicalwallet
# binaries: ./target/release/canonicalwalletd, ./target/release/canonicalwalletRelease bundles, when published.
Tagged releases on GitHub carry prebuilt core bundles for macOS and Linux with SHA256SUMS, an SBOM, and build provenance. Always verify before running:
shasum -a 256 --check SHA256SUMS # macOS
sha256sum -c SHA256SUMS # LinuxmacOS and Linux. Terminal-first.
The wallet is two command-line binaries — a daemon and a CLI. macOS and Linux are supported natively; on Windows use WSL2. There is no GUI app: that's a deliberate scope decision, not a missing feature.