mirror of
https://github.com/monero-project/monero-docs.git
synced 2024-12-23 03:59:23 +00:00
Update signature verification guide to include binaryFate and 0.16.0.0 release
This commit is contained in:
parent
1cb9cdeabb
commit
0fa555256e
2 changed files with 19 additions and 19 deletions
|
@ -13,15 +13,15 @@ This is a one time action. Skip this step for subsequent Monero releases.
|
||||||
|
|
||||||
Monero core developers sign a list of hashes of released binaries.
|
Monero core developers sign a list of hashes of released binaries.
|
||||||
|
|
||||||
Riccardo "fluffypony" Spagni is Monero core developer who signs the releases.
|
BinaryFate is Monero core developer who signs the releases.
|
||||||
Riccardo's public key is available on GitHub in the project source code.
|
His public key is available on GitHub in the project source code.
|
||||||
Import Riccardo's public key to your keyring:
|
Import binaryFate's public key to your keyring:
|
||||||
|
|
||||||
`curl https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc | gpg --import`
|
`curl https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/binaryfate.asc | gpg --import`
|
||||||
|
|
||||||
Trust Riccardo's public key (fingerprint must be exactly this):
|
Trust binaryFate's public key (fingerprint must be exactly this):
|
||||||
|
|
||||||
gpg --edit-key 'BDA6BD7042B721C467A9759D7455C5E3C0CDCEB9'
|
gpg --edit-key '81AC591FE9C4B65C5806AFC3F0AF4D462A0BDF92'
|
||||||
trust
|
trust
|
||||||
4
|
4
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ Trust Riccardo's public key (fingerprint must be exactly this):
|
||||||
If key with this fingerprint was not found then remove imported key immediately (gpg --delete-keys ...).
|
If key with this fingerprint was not found then remove imported key immediately (gpg --delete-keys ...).
|
||||||
That would mean the key changed (likely was compromised).
|
That would mean the key changed (likely was compromised).
|
||||||
|
|
||||||
## 2. Verify signature of hash list
|
## 2. Verify signature of hash list (hashes.txt)
|
||||||
|
|
||||||
The list of binaries and their hashes is published on [getmonero.org](https://www.getmonero.org/downloads/hashes.txt) and a few other places like release notes on [r/monero](https://reddit.com/r/monero).
|
The list of binaries and their hashes is published on [getmonero.org](https://www.getmonero.org/downloads/hashes.txt) and a few other places like release notes on [r/monero](https://reddit.com/r/monero).
|
||||||
Please note the publication channel does not matter as long as you properly verify the signature! u
|
Please note the publication channel does not matter as long as you properly verify the signature! u
|
||||||
|
@ -40,7 +40,7 @@ To verify these are real hashes (not tampered with) run:
|
||||||
|
|
||||||
The expected output should contain the line:
|
The expected output should contain the line:
|
||||||
|
|
||||||
`gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [full]`
|
`gpg: Good signature from "binaryFate <binaryfate@getmonero.org>"`
|
||||||
|
|
||||||
## 3. Verify the hash
|
## 3. Verify the hash
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ The last step is to compare published hash with downloaded archive SHA-256 hash.
|
||||||
|
|
||||||
Replace the example file name with actual one:
|
Replace the example file name with actual one:
|
||||||
|
|
||||||
file_name=monero-linux-x64-v0.14.0.0.tar.bz2
|
file_name=monero-gui-linux-x64-v0.16.0.0.tar.bz2
|
||||||
|
|
||||||
file_hash=`sha256sum $file_name | cut -c 1-64`
|
file_hash=`sha256sum $file_name | cut -c 1-64`
|
||||||
|
|
||||||
|
@ -67,4 +67,4 @@ Replace the example file name with actual one:
|
||||||
!!! danger
|
!!! danger
|
||||||
If the grep output is empty then double check everything because apparently the hashes don't match.
|
If the grep output is empty then double check everything because apparently the hashes don't match.
|
||||||
|
|
||||||
If grep printed filename and a hash then everything is alright!
|
If grep printed filename and hash then everything is alright!
|
||||||
|
|
Loading…
Reference in a new issue