phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-25 10:43:19 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
bitcoin/contrib/verifybinaries
History
Andrew Chow 7a6e7ffd06 contrib: Use machine parseable GPG output in verifybinaries 
GPG has an option to provide machine parseable output. Use that instead
of trying to parse the human readable output.
2023-03-28 22:16:05 +00:00
..
README.md contrib: verifybinaries: allow multisig verification 2023-03-28 22:16:05 +00:00
test.py contrib: Refactor verifbinaries to support subcommands 2023-03-28 22:16:05 +00:00
verify.py contrib: Use machine parseable GPG output in verifybinaries 2023-03-28 22:16:05 +00:00

README.md

Verify Binaries

Preparation

As of Bitcoin Core v22.0, releases are signed by a number of public keys on the basis of the guix.sigs repository. When verifying binary downloads, you (the end user) decide which of these public keys you trust and then use that trust model to evaluate the signature on a file that contains hashes of the release binaries. The downloaded binaries are then hashed and compared to the signed checksum file.

First, you have to figure out which public keys to recognize. Browse the list of frequent builder-keys and decide which of these keys you would like to trust. For each key you want to trust, you must obtain that key for your local GPG installation.

You can obtain these keys by

  • through a browser using a key server (e.g. keyserver.ubuntu.com),
  • manually using the gpg --keyserver <url> --recv-keys <key> command, or
  • you can run the packaged verifybinaries.py ... --import-keys script to have it automatically retrieve unrecognized keys.

Usage

This script attempts to download the checksum file (SHA256SUMS) and corresponding signature file SHA256SUMS.asc from https://bitcoincore.org and https://bitcoin.org.

It first checks if the checksum file is valid based upon a plurality of signatures, and then downloads the release files specified in the checksum file, and checks if the hashes of the release files are as expected.

If we encounter pubkeys in the signature file that we do not recognize, the script can prompt the user as to whether they'd like to download the pubkeys. To enable this behavior, use the --import-keys flag.

The script returns 0 if everything passes the checks. It returns 1 if either the signature check or the hash check doesn't pass. An exit code of >2 indicates an error.

See the Config object for various options.

Examples

Validate releases with default settings:

./contrib/verifybinaries/verify.py 22.0
./contrib/verifybinaries/verify.py 22.0-rc2
./contrib/verifybinaries/verify.py bitcoin-core-23.0
./contrib/verifybinaries/verify.py bitcoin-core-23.0-rc1

Get JSON output and don't prompt for user input (no auto key import):

./contrib/verifybinaries/verify.py 22.0-x86 --json

Don't trust builder-keys by default, and rely only on local GPG state and manually specified keys, while requiring a threshold of at least 10 trusted signatures:

./contrib/verifybinaries/verify.py 22.0-x86 \
    --no-trust-builder-keys \
    --trusted-keys 74E2DEF5D77260B98BC19438099BAD163C70FBFA,9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C \
    --min-trusted-sigs 10

If you only want to download the binaries of certain platform, add the corresponding suffix, e.g.:

./contrib/verifybinaries/verify.py bitcoin-core-22.0-osx
./contrib/verifybinaries/verify.py bitcoin-core-22.0-rc2-win64

If you do not want to keep the downloaded binaries, specify anything as the second parameter.

./contrib/verifybinaries/verify.py bitcoin-core-22.0 delete