Bitcoin Forum
November 10, 2024, 09:48:48 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: HOW CAN I VERIFY EASY INSTALL 2.7.18 for Linux on ubuntu ?  (Read 405 times)
Flanagan (OP)
Full Member
***
Offline Offline

Activity: 204
Merit: 100


View Profile
March 06, 2017, 04:41:33 PM
 #1

Installed the Linux EASY INSTALLATION method shown at download page: https://electrum.org/#download

How can I verify downloaded package? And Signature ?
Where is the application installed in Ubuntu ?


Thanks

Learn to listen, listen to learn.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 06, 2017, 04:48:47 PM
 #2

Installed the Linux EASY INSTALLATION method shown at download page: https://electrum.org/#download

How can I verify downloaded package? And Signature ?
Where is the application installed in Ubuntu ?


Thanks

#1 download the PGP key by ThomasV https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6
#2 import it into gpg with gpg2 --import path/to/file.asc
#3 download electrum source https://download.electrum.org/2.7.18/Electrum-2.7.18.tar.gz
#4 download signature for source https://download.electrum.org/2.7.18/Electrum-2.7.18.tar.gz.asc
#5 verify download with gpg2 --verify Electrum-2.7.18.tar.gz.asc
#5.1 it should show a valid signature from an untrusted key
#6 untar with tar xvf Electrum-2.7.18.tar.gz
#7 run with python electrum from folder

Im not really here, its just your imagination.
Flanagan (OP)
Full Member
***
Offline Offline

Activity: 204
Merit: 100


View Profile
March 06, 2017, 05:21:10 PM
 #3

Thanks, then I guess I need to uninstall Electrum first as I installed using the sudo apt-get install python-qt4 python-pip    etc etc
terminal cmmands to install it, and then follow the installation using Python sources

Learn to listen, listen to learn.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 06, 2017, 06:59:27 PM
 #4

Thanks, then I guess I need to uninstall Electrum first as I installed using the sudo apt-get install python-qt4 python-pip    etc etc
terminal cmmands to install it, and then follow the installation using Python sources

Maybe there is a way to verify that as well. I only used the source directly so I only know that way.

Im not really here, its just your imagination.
Coin-Keeper
Hero Member
*****
Offline Offline

Activity: 761
Merit: 606



View Profile
March 06, 2017, 08:42:32 PM
 #5

Flanagan,

Shorena's way is the surest.  That is how I did it before starting to use a hardware wallet with Electrum.  I am less worried now with my Trezor, but I still use the process below without fail.

Since you are using Linux you are likely to be OK the way you did it.  If you decide to continue downloading from Electrum the "easy way" you discussed, then perform a simple test to KNOW you are connected to the actual Electrum site.  How?  Confirm the site's certificate fingerprint before downloading.  Open the browser and observe the certificate symbol in the url window (the lock symbol).  Then open it up and observe the SHA256 fingerprint.  A MITM site cannot fully replicate the full fingerprint because it takes possession of the private key to generate a match.  Remember how we here sign a BTC address as members to prove we own our btc address?  Well the certificate allows for a similar strength proof.  If the site doesn't own the private side of the certificate key it won't and cannot match the correct fingerprint.  This is math and math won't allow for an imposter.  Go ahead and connect to Electrum's site using https and open the cert.  You should observe the following and if you don't you are not at Electrum's site.  Easy stuff.


SHA256

D0:9E:C1:85:9C:CF:85:4A:42:C1:48:38:8D:33:43:0C:4F:23:77:A3:BB:F3:DE:92:51:9F:0E:6F:E8:63:DE:C6


Now you need to save this fingerprint somewhere so when you return to Electrum (or the site you think is Electrum) you can view it and inspect for a match.  Without a match do not proceed with any download.  A cert will expire, so you will need to update every couple of years or so.  Hope this helps put your mind at ease.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
March 06, 2017, 09:50:29 PM
 #6

Note that you are supposed to verify it before installing it:

https://bitcointalk.org/index.php?topic=518133.msg5981126#msg5981126

You don't have to be root to verify the download. You only need to be root if you want to install it. Also adjust the ELECTRUM_VERSION variable to the one you downloaded.
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
March 06, 2017, 09:52:49 PM
 #7

Thanks, then I guess I need to uninstall Electrum first as I installed using the sudo apt-get install python-qt4 python-pip    etc etc
terminal cmmands to install it, and then follow the installation using Python sources

no you don't have to uninstall anything. the instructions there are correct. what you install using apt-get is already verified by apt prior to installation. you only need to verify the electrum tar ball that you downloaded.
Flanagan (OP)
Full Member
***
Offline Offline

Activity: 204
Merit: 100


View Profile
March 08, 2017, 01:48:50 PM
 #8

Thanks for all the replies. I',m making screenshots and saving all the good information  for reference, thanks

Perhaps for now I will trust that what I installed using apt-get is already verified by apt prior to installation, so no need for to to further verify...

Learn to listen, listen to learn.
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
March 08, 2017, 06:09:22 PM
 #9

Thanks for all the replies. I',m making screenshots and saving all the good information  for reference, thanks

Perhaps for now I will trust that what I installed using apt-get is already verified by apt prior to installation, so no need for to to further verify...

you misunderstood apt doesn't verify the electrum download. You did that using pip.

You installed dependencies via apt and those are verified:

Quote
sudo apt-get install python-qt4 python-pip

But the pip install step did not involve apt. You have to verify the electrum tar ball manually

Code:
sudo pip install https://download.electrum.org/2.7.18/Electrum-2.7.18.tar.gz 
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
March 10, 2017, 12:05:21 AM
 #10

I created a script that downloads, verifies and installs electrum for you:

https://github.com/BitcoinsPakistan/electrum-install

Flanagan (OP)
Full Member
***
Offline Offline

Activity: 204
Merit: 100


View Profile
March 10, 2017, 12:24:29 AM
 #11

Thanks again but I didn't download anything directly. I installed using this commenad shown on the electrum download page:

sudo pip install https://download.electrum.org/2.7.18/Electrum-2.7.18.tar.gz

So, since the command uses "pip" I have to trust that it is verified just installing like that right ?

Learn to listen, listen to learn.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!