2016-04-15 07:18:12 -03:00
|
|
|
### Verify Binaries
|
2016-08-21 16:58:29 -03:00
|
|
|
|
2021-09-16 19:33:20 -03:00
|
|
|
#### Preparation
|
2016-08-21 16:58:29 -03:00
|
|
|
|
2021-09-16 19:33:20 -03:00
|
|
|
As of Bitcoin Core v22.0, releases are signed by a number of public keys on the basis
|
|
|
|
of the [guix.sigs repository](https://github.com/bitcoin-core/guix.sigs/). When
|
|
|
|
verifying binary downloads, you (the end user) decide which of these public keys you
|
|
|
|
trust and then use that trust model to evaluate the signature on a file that contains
|
|
|
|
hashes of the release binaries. The downloaded binaries are then hashed and compared to
|
|
|
|
the signed checksum file.
|
2013-10-16 00:14:30 -03:00
|
|
|
|
2021-09-16 19:33:20 -03:00
|
|
|
First, you have to figure out which public keys to recognize. Browse the [list of frequent
|
|
|
|
builder-keys](https://github.com/bitcoin-core/guix.sigs/tree/main/builder-keys) and
|
|
|
|
decide which of these keys you would like to trust. For each key you want to trust, you
|
|
|
|
must obtain that key for your local GPG installation.
|
2013-10-21 21:00:10 -03:00
|
|
|
|
2021-09-16 19:33:20 -03:00
|
|
|
You can obtain these keys by
|
|
|
|
- through a browser using a key server (e.g. keyserver.ubuntu.com),
|
|
|
|
- manually using the `gpg --keyserver <url> --recv-keys <key>` command, or
|
|
|
|
- you can run the packaged `verifybinaries.py ... --import-keys` script to
|
|
|
|
have it automatically retrieve unrecognized keys.
|
2016-04-15 07:18:12 -03:00
|
|
|
|
2021-09-16 19:33:20 -03:00
|
|
|
#### Usage
|
2016-04-15 07:18:12 -03:00
|
|
|
|
2021-09-16 19:33:20 -03:00
|
|
|
This script attempts to download the checksum file (`SHA256SUMS`) and corresponding
|
|
|
|
signature file `SHA256SUMS.asc` from https://bitcoincore.org and https://bitcoin.org.
|
|
|
|
|
|
|
|
It first checks if the checksum file is valid based upon a plurality of signatures, and
|
|
|
|
then downloads the release files specified in the checksum file, and checks if the
|
|
|
|
hashes of the release files are as expected.
|
|
|
|
|
|
|
|
If we encounter pubkeys in the signature file that we do not recognize, the script
|
|
|
|
can prompt the user as to whether they'd like to download the pubkeys. To enable
|
|
|
|
this behavior, use the `--import-keys` flag.
|
|
|
|
|
|
|
|
The script returns 0 if everything passes the checks. It returns 1 if either the
|
|
|
|
signature check or the hash check doesn't pass. An exit code of >2 indicates an error.
|
|
|
|
|
|
|
|
See the `Config` object for various options.
|
|
|
|
|
|
|
|
#### Examples
|
|
|
|
|
|
|
|
Validate releases with default settings:
|
|
|
|
```sh
|
2023-04-04 15:45:53 -04:00
|
|
|
./contrib/verifybinaries/verify.py pub 22.0
|
|
|
|
./contrib/verifybinaries/verify.py pub 22.0-rc2
|
|
|
|
./contrib/verifybinaries/verify.py pub bitcoin-core-23.0
|
|
|
|
./contrib/verifybinaries/verify.py pub bitcoin-core-23.0-rc1
|
2021-09-16 19:33:20 -03:00
|
|
|
```
|
|
|
|
|
|
|
|
Get JSON output and don't prompt for user input (no auto key import):
|
|
|
|
|
|
|
|
```sh
|
2023-04-04 15:45:53 -04:00
|
|
|
./contrib/verifybinaries/verify.py --json pub 22.0-x86
|
2021-09-16 19:33:20 -03:00
|
|
|
```
|
|
|
|
|
|
|
|
Don't trust builder-keys by default, and rely only on local GPG state and manually
|
|
|
|
specified keys, while requiring a threshold of at least 10 trusted signatures:
|
2016-04-15 07:18:12 -03:00
|
|
|
```sh
|
2023-04-04 15:45:53 -04:00
|
|
|
./contrib/verifybinaries/verify.py \
|
2021-09-16 19:33:20 -03:00
|
|
|
--no-trust-builder-keys \
|
|
|
|
--trusted-keys 74E2DEF5D77260B98BC19438099BAD163C70FBFA,9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C \
|
2023-04-04 15:45:53 -04:00
|
|
|
--min-trusted-sigs 10 pub 22.0-x86
|
2016-04-15 07:18:12 -03:00
|
|
|
```
|
2016-08-21 16:37:21 -03:00
|
|
|
|
2017-04-25 06:40:09 -03:00
|
|
|
If you only want to download the binaries of certain platform, add the corresponding suffix, e.g.:
|
|
|
|
|
|
|
|
```sh
|
2023-04-04 15:45:53 -04:00
|
|
|
./contrib/verifybinaries/verify.py pub bitcoin-core-22.0-osx
|
|
|
|
./contrib/verifybinaries/verify.py pub bitcoin-core-22.0-rc2-win64
|
2017-04-25 06:40:09 -03:00
|
|
|
```
|
|
|
|
|
2016-08-21 16:37:21 -03:00
|
|
|
If you do not want to keep the downloaded binaries, specify anything as the second parameter.
|
|
|
|
|
|
|
|
```sh
|
2023-04-04 15:45:53 -04:00
|
|
|
./contrib/verifybinaries/verify.py pub bitcoin-core-22.0 delete
|
2016-08-21 16:37:21 -03:00
|
|
|
```
|