mirror of
https://github.com/monero-project/monero-docs.git
synced 2024-12-22 19:49:22 +00:00
Add "Download" and "Verify" chapters
This commit is contained in:
Piotr Włodarek
parent
2c151266c5
commit
ac2d7341c3
4 changed files with 103 additions and 2 deletions
37
docs/interacting/download-monero-binaries.md
Normal file
37
docs/interacting/download-monero-binaries.md
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
title: Download Monero | Monero Documentation
|
||||
---
|
||||
|
||||
# Download Monero
|
||||
|
||||
A single archive contains all you need to start using Monero (the full node and the wallet).
|
||||
|
||||
We recommend downloading Monero binaries directly from GitHub:
|
||||
|
||||
* GUI + CLI: [https://github.com/monero-project/monero-gui/releases](https://github.com/monero-project/monero-gui/releases)
|
||||
* CLI only: [https://github.com/monero-project/monero/releases](https://github.com/monero-project/monero/releases)
|
||||
|
||||
GUI is a graphical desktop wallet.
|
||||
|
||||
CLI is a commandline desktop wallet.
|
||||
|
||||
If you need more guidance check [download Monero](https://getmonero.org/downloads) section on Monero website.
|
||||
|
||||
It is critical to [verify the signature](/interacting/verify-monero-binaries) of downloaded archive.
|
||||
|
||||
## Which version to download?
|
||||
|
||||
Download the latest version matching your operating system and processor architecture.
|
||||
|
||||
The CLI version is released earlier and is suitable for server deployments.
|
||||
|
||||
The GUI version contains both CLI and GUI. It is preferable for end-users.
|
||||
|
||||
All versions contain a full node and a wallet.
|
||||
|
||||
## Why prefer GitHub over getmonero.org?
|
||||
|
||||
Binaries appear earlier on GitHub.
|
||||
|
||||
On top of that, if you fail to properly verify the signature, GitHub is safer, simply because you don't need to trust a separate website to not be compromised.
|
||||
Obviously, you should still carefully verify the signature for each release. Signature verification is always the primary line of defense.
|
||||
|
|
@ -10,8 +10,6 @@ On top of that, Monero nodes interact with each other in a peer-to-peer network.
|
|||
|
||||
## Installation directory overview
|
||||
|
||||
[Download Monero](https://getmonero.org/downloads).
|
||||
|
||||
Once unpacked you will see several executable files. You will also find a nice PDF guide for the GUI wallet.
|
||||
|
||||
Monero project nicely decouples network node logic from wallet logic.
|
||||
|
|
|
|||
64
docs/interacting/verify-monero-binaries.md
Normal file
64
docs/interacting/verify-monero-binaries.md
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
title: Verify Monero Binaries Signature | Monero Documentation
|
||||
---
|
||||
|
||||
# Verify Monero Binaries
|
||||
|
||||
Verification must be carried on **before extracting the archive and before using Monero**.
|
||||
|
||||
Instructions are for Linux but should also work on macOS with cosmetic modifications.
|
||||
|
||||
## 0. Import core dev PGP key
|
||||
|
||||
This is a one time action. Skip this step for subsequent Monero releases.
|
||||
|
||||
Monero core developers sign a list of hashes of released binaries.
|
||||
|
||||
Riccardo "fluffypony" Spagni is Monero core developer who signs the releases.
|
||||
Riccardo's public key is available on GitHub in the project source code.
|
||||
Import Riccardo's public key to your keyring:
|
||||
|
||||
`curl https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc | gpg --import`
|
||||
|
||||
Trust Riccardo's public key:
|
||||
|
||||
gpg --edit-key '7455C5E3C0CDCEB9'
|
||||
trust
|
||||
4
|
||||
|
||||
## 1. Verify signature of hash list
|
||||
|
||||
The list of binaries and their hashes is published on [getmonero.org](https://www.getmonero.org/downloads/hashes.txt) and a few other places like release notes on [r/monero](https://reddit.com/r/monero).
|
||||
Please note the publication channel does not matter as long as you properly verify the signature!
|
||||
|
||||
To verify these are real hashes (not tampered with) run:
|
||||
|
||||
`curl https://www.getmonero.org/downloads/hashes.txt | gpg --verify`
|
||||
|
||||
The expected output is:
|
||||
|
||||
...
|
||||
gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [full]
|
||||
|
||||
## 2. Verify the hash
|
||||
|
||||
By this step we checked that published hashes were not tampered with.
|
||||
|
||||
The last step is to compare published hash with hash of downloaded archive.
|
||||
|
||||
Replace file name with yours:
|
||||
|
||||
file_name=monero-linux-x64-v0.13.0.4.tar.bz2
|
||||
|
||||
file_hash=`sha256sum $filename | cut -c 1-64`
|
||||
|
||||
curl https://www.getmonero.org/downloads/hashes.txt > /tmp/reference-hashes.txt
|
||||
|
||||
# verify the signature (previous step repeated here)
|
||||
gpg --verify /tmp/reference-hashes.txt
|
||||
|
||||
grep $file_hash /tmp/reference-hashes.txt
|
||||
|
||||
If grep displayed a line containing your binary name and a hash then all is fine!
|
||||
|
||||
If the output is empty then double check everything because apparently the hashes don't match.
|
||||
|
|
@ -7,6 +7,8 @@ site_url: 'https://monerodocs.org/'
|
|||
nav:
|
||||
- Home: 'index.md'
|
||||
- Interacting:
|
||||
- Download: 'interacting/download-monero-binaries.md'
|
||||
- Verify: 'interacting/verify-monero-binaries.md'
|
||||
- Overview: 'interacting/overview.md'
|
||||
- monerod: 'interacting/monerod-reference.md'
|
||||
- Technical specs: 'technical-specs.md'
|
||||
|
|
|
|||
Loading…
Reference in a new issue