How do i verify Electrum installer on Linux?

Bitcoin Forum

May 09, 2024, 07:30:22 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Search

Login

Register

More

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Electrum > How do i verify Electrum installer on Linux?

Pages: [1]

« previous topic next topic »

Author

Topic: How do i verify Electrum installer on Linux? (Read 205 times)

ABCbits (OP)

Legendary

Offline

Offline

Activity: 2870
Merit: 7490

Crypto Swap Exchange

How do i verify Electrum installer on Linux?

November 15, 2018, 10:27:49 AM

#1

As the title mentioned, how do i verify Electrum on Linux? I'm talking about installing Electrum on Terminal with these command :

Code:

Install dependencies:
sudo apt-get install python3-setuptools python3-pyqt5 python3-pip
Install Electrum:
sudo python3 -m pip install https://download.electrum.org/3.2.3/Electrum-3.2.3.tar.gz#egg=electrum[fast]

or should i just download Electrum's source, verify it's signature and compile it myself?

█▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄

▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄

██████████████▄
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
████████████▀██▀
████▀█████████▀

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄█

▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
░▀▀██▀▀

^✔Instant ^✔Non KYC Crypto Swap Exchange
.............Bitcoin | Litecoin | Ethereum | Monero | Dash | ERC20 Tokens | more soon.............

▄███████████████████▄
█████████████████████
██▀▀▀▀▀██▀██▀▀███████
████████████████▀████
████████████▄████████
████████████▀████████
████████████████▀████
█████████████▄███████
█████████████▀███████
████████████████▄████
ANN THREAD

▄██████████████████▄
███████████▀▄▀██████
██████████▀█▄███████
████████▀▌█▄████████
████████▌▄██████████
███████▀▄███▀███████
████▀▄▄███████▀█████
███▀▄█▀▄████████████
███████▀▄█▌▐████▐███
████▌▐██▀▌▐█████▐███
ONION LINK

1715283022

Hero Member

Offline

Offline

Posts: 1715283022

Personal Message (Offline)

Ignore

1715283022

1715283022

Reply with quote

#2

1715283022


	Report to moderator

1715283022

Hero Member

Offline

Offline

Posts: 1715283022

Personal Message (Offline)

Ignore

1715283022

1715283022

Reply with quote

#2

1715283022


	Report to moderator

1715283022

Hero Member

Offline

Offline

Posts: 1715283022

Personal Message (Offline)

Ignore

1715283022

1715283022

Reply with quote

#2

1715283022


	Report to moderator

"You Asked For Change, We Gave You Coins" -- casascius

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715283022

Hero Member

Offline

Offline

Posts: 1715283022

Personal Message (Offline)

Ignore

1715283022

1715283022

Reply with quote

#2

1715283022


	Report to moderator

1715283022

Hero Member

Offline

Offline

Posts: 1715283022

Personal Message (Offline)

Ignore

1715283022

1715283022

Reply with quote

#2

1715283022


	Report to moderator

bob123

Legendary

Offline

Offline

Activity: 1624
Merit: 2481

WWW

Re: How do i verify Electrum installer on Linux?

November 15, 2018, 11:33:42 AM

Merited by ABCbits (1)

#2

To verify electrum on linux:

1. Get ThomasV's PGP key:

Code:

gpg --keyserver pool.sks-keyservers.net --recv-keys 2BD5824B7F9470E6

(verify yourself, don't trust me)

2. Get the signature file (from electrum.org)

3. Verify:

Code:

gpg --verify electrum_signature_file.asc electrum_downloaded_file.tar

You should see this line output (among others):

Code:

Good signature from "Thomas Voegtlin (https://electrum.org) "

That's the important line.

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
░███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀

.ChipMixer.{ MIXING REINVENTED FOR YOUR PRIVACY #.ChipMixer.

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
░███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀

bob123

Legendary

Offline

Offline

Activity: 1624
Merit: 2481

WWW

Re: How do i verify Electrum installer on Linux?

November 15, 2018, 05:48:13 PM

#3

That's the preferred way, yes.

I am not aware of a way to verify the version PIP installs automatically.

However, i believe PIP is verifying the signature itself. But i'm not sure about this.

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
░███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀

.ChipMixer.{ MIXING REINVENTED FOR YOUR PRIVACY #.ChipMixer.

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
░███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀

Abdussamad

Legendary

Offline

Offline

Activity: 3612
Merit: 1564

Re: How do i verify Electrum installer on Linux?

November 16, 2018, 09:23:09 AM

#4

pip modules are not subject to review. It is indeed possible that backdoors might be introduced via them.

bob123

Legendary

Offline

Offline

Activity: 1624
Merit: 2481

WWW

Re: How do i verify Electrum installer on Linux?

November 16, 2018, 10:53:37 AM

#5

Quote from: Abdussamad on November 16, 2018, 09:23:09 AM

pip modules are not subject to review. It is indeed possible that backdoors might be introduced via them.

This itself is not possible IF you trust the developer.

1) PIP is using https. This already elminates some attack vectors (e.g. MITM).

2) PIP is using checksums (MD5 i believe) provided by the author (in this case ThomasV) to be sure it has not been tampered with.
This is not necessarily safe since MD5 is quite broken. But it at least is SOME security.

However, downloading it manually and checking the signature is more secure and eliminates any risk of maliciously replaced packages (this still requires that you trust the developer).

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
░███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀

.ChipMixer.{ MIXING REINVENTED FOR YOUR PRIVACY #.ChipMixer.

░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
░███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀

Abdussamad

Legendary

Offline

Offline

Activity: 3612
Merit: 1564

Re: How do i verify Electrum installer on Linux?

November 16, 2018, 03:52:39 PM

#6

I meant the electrum dependencies that get downloaded from pypy. These are pip modules written by other authors and not by Thomas V.

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Electrum > How do i verify Electrum installer on Linux?

« previous topic next topic »

Jump to:

Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines