Title: Having trouble verifying SHA256SUMS.asc Post by: ProbablyDrunk on September 16, 2021, 10:51:06 PM I downloaded SHA256SUMS.asc from https://bitcoincore.org/en/download/. When I run shasum -c SHA256SUMS.asc I get:
Code: Oberon:Downloads remco$ shasum -c SHA256SUMS.asc Ideas? I'm on a Mac (OSX 11.5.2) Title: Re: Having trouble verifying SHA256SUMS.asc Post by: BitMaxz on September 16, 2021, 11:31:18 PM Can you add more space before SHA256SUMS.asc
Sample Code: shasum -c SHA256SUMS.asc Add space between -c and SHA256SUMS.asc so it should be two spaces and test if it will work. I just got the idea from this link below - https://unix.stackexchange.com/questions/139891/why-does-verifying-sha256-checksum-with-sha256sum-fail-on-debian-and-work-on-u Title: Re: Having trouble verifying SHA256SUMS.asc Post by: ProbablyDrunk on September 17, 2021, 12:15:33 AM Thanks but that makes no difference.
Title: Re: Having trouble verifying SHA256SUMS.asc Post by: ProbablyDrunk on September 17, 2021, 01:02:52 AM Additionally I tried doing this on Linux and I get the same result.
Title: Re: Having trouble verifying SHA256SUMS.asc Post by: achow101 on September 17, 2021, 01:49:27 AM For Bitcoin Core 22.0, the hashes are located in the SHA256SUMS file which you can download from https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS. SHA256SUMS.asc just contains the GPG signatures; you will need that file too in order to verify the release.
The website still needs to be updated for the new release format. Title: Re: Having trouble verifying SHA256SUMS.asc Post by: ProbablyDrunk on September 17, 2021, 11:23:20 AM Thanks, that worked better. Even so, the result of GPG verification is not what I expect:
Code: Untrusted signature https://i.imgur.com/xjyRBET.jpg From what I understand it's expected that file is signed by Wladimir van der Laan. Trying to be a responsible citizen here. Title: Re: Having trouble verifying SHA256SUMS.asc Post by: ProbablyDrunk on September 17, 2021, 11:49:06 AM With a bit more Googling it seems that 0xb10c is a Bitcoin Core developer. Found his blog https://b10c.me/ (https://b10c.me/) and that is indeed his email address. So it looks legit I guess.
This part could be a bit clearer though for people starting to run their own node like me... I couldn't find any instructions on this on bitcoincore.org itself. Would be nice if it was part of the FAQ. Title: Re: Having trouble verifying SHA256SUMS.asc Post by: achow101 on September 17, 2021, 04:09:00 PM The format changed starting with 22.0. The signatures file actually contains signatures from several developers. The standard gpg --verify command will verify all of those signatures.
The website will be updated with detailed instructions. Title: Re: Having trouble verifying SHA256SUMS.asc Post by: ProbablyDrunk on September 17, 2021, 06:30:52 PM Cool; thanks for your help.
Title: Re: Having trouble verifying SHA256SUMS.asc Post by: AdolfinWolf on September 17, 2021, 08:08:45 PM Ok so basically we download the sigs from
https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS.asc then the hashes from... https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS btw, this is indeed kinda hidden for now it seems, couldn't find it anywhere, not on github, not on bitcoincore.org, though perhaps I did not search hard enough on github.. then? Code: --verify SHA256SUMS.asc SHA256SUMS Now this kinda assumes I have all the signers imported already. Obviously I don't and i'm not sure I care that much to import them all in a "decentralized - individual" manner (I think that's more or less the intention of this change?) Any easy way to check the signers and how much authority they hold as someone who isn't that involved? Edit: I guess the latter part of the question is still somewhat relevant though every individual will probably weigh this differently. I guess achow's key works. (EDIT: for those wondering: Imported using https://github.com/bitcoin/bitcoin/blob/master/contrib/builder-keys/keys.txt, which? corresponds with http://achow101.com/achow101.pgp, and thus? trustworthy) & Code: gpg --keyserver keyserver.ubuntu.com --receive-keys 152812300785C96444D3334D17565732E08E5E41 |