GitHub-Mirror/openbazaar-desktop
0
0
Fork 0
mirror of https://github.com/OpenBazaar/openbazaar-desktop synced 2025-10-06 00:22:47 +02:00
Code Issues Releases Wiki Activity
Files
master
openbazaar-desktop/verify
History
Brian Hoffman c705739f17 Pull SHA file from Releases page rather than .org
2020-04-07 10:32:26 -04:00
..
generateHashes.sh
Clean up echos
2017-08-07 14:35:41 -04:00
README.md
Update README.md
2020-04-07 10:28:46 -04:00
verifyBinaries.sh
Pull SHA file from Releases page rather than .org
2020-04-07 10:32:26 -04:00

README.md

Verify Binaries

This document and associated scripts are derivations of the approach Bitcoin Core uses (https://github.com/bitcoin/bitcoin/edit/master/contrib/verifybinaries).

Preparation:

Make sure you obtain the proper release signing key and verify the fingerprint with several independent sources.

gpg --fingerprint "Brian Hoffman [Open Bazaar] <brian@openbazaar.org>"
pub   rsa2048 2014-05-05 [SC]
      F186 A6A4 CF94 98AB E58F  53B9 DFEE B5A2 438F A17C
uid           [ultimate] Brian Hoffman [Open Bazaar] <brian@openbazaar.org>

Usage:

The verifyBinaries.sh script attempts to download the signature file SHA256SUMS.<version>.asc from https://openbazaar.org.

It first checks if the signature passes, and then downloads the files specified in the file, and checks if the hashes of these files match those that are specified in the signature file.

The script returns 0 if everything passes the checks. It returns 1 if either the signature check or the hash check doesn't pass. If an error occurs the return value is 2.

./verifyBinaries.sh 2.0.0
./verifyBinaries.sh 2.0.0-rc1

If you do not want to keep the downloaded binaries, specify anything as the second parameter.

./verifyBinaries.sh 2.0.0 delete