Add "Download" and "Verify" chapters

This commit is contained in:
Piotr Włodarek 2018-10-28 19:05:01 +01:00
parent 2c151266c5
commit ac2d7341c3
4 changed files with 103 additions and 2 deletions

View file

@ -0,0 +1,37 @@
---
title: Download Monero | Monero Documentation
---
# Download Monero
A single archive contains all you need to start using Monero (the full node and the wallet).
We recommend downloading Monero binaries directly from GitHub:
* GUI + CLI: [https://github.com/monero-project/monero-gui/releases](https://github.com/monero-project/monero-gui/releases)
* CLI only: [https://github.com/monero-project/monero/releases](https://github.com/monero-project/monero/releases)
GUI is a graphical desktop wallet.
CLI is a commandline desktop wallet.
If you need more guidance check [download Monero](https://getmonero.org/downloads) section on Monero website.
It is critical to [verify the signature](/interacting/verify-monero-binaries) of downloaded archive.
## Which version to download?
Download the latest version matching your operating system and processor architecture.
The CLI version is released earlier and is suitable for server deployments.
The GUI version contains both CLI and GUI. It is preferable for end-users.
All versions contain a full node and a wallet.
## Why prefer GitHub over getmonero.org?
Binaries appear earlier on GitHub.
On top of that, if you fail to properly verify the signature, GitHub is safer, simply because you don't need to trust a separate website to not be compromised.
Obviously, you should still carefully verify the signature for each release. Signature verification is always the primary line of defense.

View file

@ -10,8 +10,6 @@ On top of that, Monero nodes interact with each other in a peer-to-peer network.
## Installation directory overview ## Installation directory overview
[Download Monero](https://getmonero.org/downloads).
Once unpacked you will see several executable files. You will also find a nice PDF guide for the GUI wallet. Once unpacked you will see several executable files. You will also find a nice PDF guide for the GUI wallet.
Monero project nicely decouples network node logic from wallet logic. Monero project nicely decouples network node logic from wallet logic.

View file

@ -0,0 +1,64 @@
---
title: Verify Monero Binaries Signature | Monero Documentation
---
# Verify Monero Binaries
Verification must be carried on **before extracting the archive and before using Monero**.
Instructions are for Linux but should also work on macOS with cosmetic modifications.
## 0. Import core dev PGP key
This is a one time action. Skip this step for subsequent Monero releases.
Monero core developers sign a list of hashes of released binaries.
Riccardo "fluffypony" Spagni is Monero core developer who signs the releases.
Riccardo's public key is available on GitHub in the project source code.
Import Riccardo's public key to your keyring:
`curl https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/fluffypony.asc | gpg --import`
Trust Riccardo's public key:
gpg --edit-key '7455C5E3C0CDCEB9'
trust
4
## 1. Verify signature of hash list
The list of binaries and their hashes is published on [getmonero.org](https://www.getmonero.org/downloads/hashes.txt) and a few other places like release notes on [r/monero](https://reddit.com/r/monero).
Please note the publication channel does not matter as long as you properly verify the signature!
To verify these are real hashes (not tampered with) run:
`curl https://www.getmonero.org/downloads/hashes.txt | gpg --verify`
The expected output is:
...
gpg: Good signature from "Riccardo Spagni <ric@spagni.net>" [full]
## 2. Verify the hash
By this step we checked that published hashes were not tampered with.
The last step is to compare published hash with hash of downloaded archive.
Replace file name with yours:
file_name=monero-linux-x64-v0.13.0.4.tar.bz2
file_hash=`sha256sum $filename | cut -c 1-64`
curl https://www.getmonero.org/downloads/hashes.txt > /tmp/reference-hashes.txt
# verify the signature (previous step repeated here)
gpg --verify /tmp/reference-hashes.txt
grep $file_hash /tmp/reference-hashes.txt
If grep displayed a line containing your binary name and a hash then all is fine!
If the output is empty then double check everything because apparently the hashes don't match.

View file

@ -7,6 +7,8 @@ site_url: 'https://monerodocs.org/'
nav: nav:
- Home: 'index.md' - Home: 'index.md'
- Interacting: - Interacting:
- Download: 'interacting/download-monero-binaries.md'
- Verify: 'interacting/verify-monero-binaries.md'
- Overview: 'interacting/overview.md' - Overview: 'interacting/overview.md'
- monerod: 'interacting/monerod-reference.md' - monerod: 'interacting/monerod-reference.md'
- Technical specs: 'technical-specs.md' - Technical specs: 'technical-specs.md'