Bitcoin Forum
November 10, 2024, 06:44:43 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Question on Verifying Armory Installers  (Read 1512 times)
25hashcoin (OP)
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


View Profile
September 13, 2014, 11:10:14 PM
 #1

I am attempting to verify Armory installers. I have had success with this before but am having an issue now.

After I finally enter command: "$ sudo apt-get install dpkg-sig"

...it outputs this:

"Reading package lists... Done
Building dependency tree       
Reading state information... Done
dpkg-sig is already the newest version.
The following package was automatically installed and is no longer required:
  linux-image-generic
Use 'apt-get autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded."


...instead of what is usually expected.


Not sure what to do here.




Bitcoin - Peer to Peer Electronic CASH
josephbisch
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
September 13, 2014, 11:12:22 PM
 #2

The command sudo apt-get install dpkg-sig uses apt-get to install the program dpkg-sig. The output you get indicates that dpkg-sig is already installed. Just proceed to the next step of whatever you are doing.
25hashcoin (OP)
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


View Profile
September 13, 2014, 11:18:32 PM
 #3

The command sudo apt-get install dpkg-sig uses apt-get to install the program dpkg-sig. The output you get indicates that dpkg-sig is already installed. Just proceed to the next step of whatever you are doing.


I tried going to the next step and entering command
Code:
dpkg-sig --verify *.deb

But I get this output:

Code:
Processing armory_0.92.2-testing_ubuntu-64bit.deb...
Processing libqt4-designer_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqt4-help_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqt4-scripttools_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqt4-test_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqtassistantclient4_4.6.3-3ubuntu2_amd64.deb...
Processing libqtwebkit4_2.2.1-1ubuntu4_amd64.deb...
Processing python-psutil_0.4.1-1ubuntu1_amd64.deb...
Processing python-pyasn1_0.0.11a-1ubuntu1_all.deb...
Processing python-qt4_4.9.1-2ubuntu1_amd64.deb...
Processing python-sip_4.13.2-1_amd64.deb...
Processing python-twisted_11.1.0-1ubuntu2_all.deb...
Processing python-twisted-conch_11.1.0-1_all.deb...
Processing python-twisted-lore_11.1.0-1_all.deb...
Processing python-twisted-mail_11.1.0-1_all.deb...
Processing python-twisted-news_11.1.0-1_all.deb...
Processing python-twisted-runner_11.1.0-1_amd64.deb...
Processing python-twisted-words_11.1.0-1_all.deb...


with no "GOODSIG" line...



Bitcoin - Peer to Peer Electronic CASH
josephbisch
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
September 13, 2014, 11:26:42 PM
 #4

Did you download the key first?

Code:
gpg --recv-keys --keyserver keyserver.ubuntu.com 98832223

I get the following output:

Code:
joseph@crunchbang:~/downloads$ dpkg-sig --verify *.deb
Processing armory_0.92.2-testing_ubuntu-64bit.deb...
GOODSIG _gpgbuilder 821F122936BDD565366AC36A4AB16AEA98832223 1409083814
Processing libdvdcss2_1.2.13-0_amd64.deb...
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
September 13, 2014, 11:39:42 PM
 #5

I am attempting to verify Armory installers. I have had success with this before but am having an issue now.

After I finally enter command: "$ sudo apt-get install dpkg-sig"

...it outputs this:

"Reading package lists... Done
Building dependency tree      
Reading state information... Done
dpkg-sig is already the newest version.
The following package was automatically installed and is no longer required:
  linux-image-generic
Use 'apt-get autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded."


...instead of what is usually expected.


Not sure what to do here.


That's the command for installing dpkg-sig.  Not running it.

Run "dpkg-sig --verify *.deb"

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
25hashcoin (OP)
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


View Profile
September 13, 2014, 11:43:06 PM
Last edit: September 14, 2014, 12:28:40 AM by 25hashcoin
 #6

I am attempting to verify Armory installers. I have had success with this before but am having an issue now.

After I finally enter command: "$ sudo apt-get install dpkg-sig"

...it outputs this:

"Reading package lists... Done
Building dependency tree      
Reading state information... Done
dpkg-sig is already the newest version.
The following package was automatically installed and is no longer required:
  linux-image-generic
Use 'apt-get autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 18 not upgraded."


...instead of what is usually expected.


Not sure what to do here.


That's the command for installing dpkg-sig.  Not running it.

Run "dpkg-sig --verify *.deb"


I get the output I mentioned in post #3:

(No "GOODSIG" line)

Code:
Processing armory_0.92.2-testing_ubuntu-64bit.deb...
Processing libqt4-designer_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqt4-help_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqt4-scripttools_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqt4-test_4.8.1-0ubuntu4.8_amd64.deb...
Processing libqtassistantclient4_4.6.3-3ubuntu2_amd64.deb...
Processing libqtwebkit4_2.2.1-1ubuntu4_amd64.deb...
Processing python-psutil_0.4.1-1ubuntu1_amd64.deb...
Processing python-pyasn1_0.0.11a-1ubuntu1_all.deb...
Processing python-qt4_4.9.1-2ubuntu1_amd64.deb...
Processing python-sip_4.13.2-1_amd64.deb...
Processing python-twisted_11.1.0-1ubuntu2_all.deb...
Processing python-twisted-conch_11.1.0-1_all.deb...
Processing python-twisted-lore_11.1.0-1_all.deb...
Processing python-twisted-mail_11.1.0-1_all.deb...
Processing python-twisted-news_11.1.0-1_all.deb...
Processing python-twisted-runner_11.1.0-1_amd64.deb...
Processing python-twisted-words_11.1.0-1_all.deb...

Bitcoin - Peer to Peer Electronic CASH
25hashcoin (OP)
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


View Profile
September 14, 2014, 01:45:50 AM
 #7

May have found part of the issue. I am trying to verify the .deb included in the offline bundle. I tried verifying the standard (not offline bundle) .deb Armory download and it worked. Does this make sense? I'm a bit lost. Can someone tell me how to verify the offline bundle and is there a way to do that offline?

Bitcoin - Peer to Peer Electronic CASH
25hashcoin (OP)
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


View Profile
September 14, 2014, 07:13:56 PM
 #8

May have found part of the issue. I am trying to verify the .deb included in the offline bundle. I tried verifying the standard (not offline bundle) .deb Armory download and it worked. Does this make sense? I'm a bit lost. Can someone tell me how to verify the offline bundle and is there a way to do that offline?


Anyone? How do I verify the Offline Bundle?

Bitcoin - Peer to Peer Electronic CASH
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
September 14, 2014, 07:29:06 PM
 #9

Sorry, forgot to respond.  You're actually right:  the other .deb files do not have digital signatures, so you shouldnt' expect any output for them.  It's the armory*.deb files that have signatures, and my script is supposed to sign them before putting them into the offline bundle.

Therefore, you should only need to run "dpkg-sig --verify armory*.deb" to verify the armory installer is legit.  If not, you can always download the armory installer separately and verify it and put it into the bundle (but this shouldn't be necessary unless my bundling script is botched).

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
josephbisch
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
September 14, 2014, 07:40:50 PM
 #10

When I got it to work, I was using the online version. Now, when I try with the offline bundle, I also can't verify it.

Code:
joseph@crunchbang:~/downloads/OfflineBundle$ dpkg-sig --verify armory_0.92.2-testing_ubuntu-64bit.deb 
Processing armory_0.92.2-testing_ubuntu-64bit.deb...
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
September 14, 2014, 07:55:23 PM
 #11

When I got it to work, I was using the online version. Now, when I try with the offline bundle, I also can't verify it.

Code:
joseph@crunchbang:~/downloads/OfflineBundle$ dpkg-sig --verify armory_0.92.2-testing_ubuntu-64bit.deb 
Processing armory_0.92.2-testing_ubuntu-64bit.deb...

Okay, it sounds like my script is putting the armory*.deb file into the offline bundle before signing it.  This might be related to the RPi bundle which I also know I fixed, but doesn't seem to have made it into the latest release.  Sorry for the inconvenience!

For now, download armory*.deb, verify it, and then copy it into the offline bundle directory (overwrite the existing .deb).  Or verify using the signed hash file, which does contain the hashes of the bundle tar.gzs.  Instructions for that are on the website download page.

I'm thinking of changing this whole thing so that there is only regular releases (which seem to be done correctly), and then have a bunch of "offline-setup-packs" that can be installed one time for the offline computer, one for each linux distribution.  It would be easier than re-creating every bundle for every release, though it's extra steps for the first-time user -- it's probably worth the tradeoff (especially because I can offer a wider array of offline bundles)

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!