Bitcoin Forum
September 27, 2018, 10:41:45 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Bitcoin Forum > Bitcoin > Development & Technical Discussion (Moderators: gmaxwell, achow101) > Can I verify that the official binary was compiled from the open source code?
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Can I verify that the official binary was compiled from the open source code?  (Read 805 times)
pf
Full Member
***
Offline Offline

Activity: 159
Merit: 100


View Profile
April 19, 2014, 03:36:10 PM
 #1
The Bitcoin website, https://bitcoin.org, provides links to both binaries and source code of Bitcoin Core (Bitcoin-Qt).

I would say that 99% of people just download the binaries and trust them.

Is there any way to verify that the binaries were actually produced from the advertised source code?
1538088105
Hero Member
*
Offline Offline

Posts: 1538088105

View Profile Personal Message (Offline)

Ignore
1538088105
1538088105
Reply with quote  #2
1538088105
Report to moderator
Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1538088105
Hero Member
*
Offline Offline

Posts: 1538088105

View Profile Personal Message (Offline)

Ignore
1538088105
1538088105
Reply with quote  #2
1538088105
Report to moderator
ncsupanda
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
April 19, 2014, 04:06:05 PM
 #2
You could always compile it yourself.

Most people have trouble with the dependencies, and admittedly in the past this included me, so we just accept the binaries and move on.

Do you believe there is a fake going around? Would be interesting.
dserrano5
Legendary
*
Offline Offline

Activity: 1848
Merit: 1000



View Profile
April 19, 2014, 04:12:26 PM
 #3
Quote from: pf on April 19, 2014, 03:36:10 PM
Is there any way to verify that the binaries were actually produced from the advertised source code?

Compile the source using gitian and check that the generated binaries are identical to the published ones.
PGP 404B 1B79 DF33 2359 4C8F 0F5E 1BCC 1A1F 280A 01F9 (bitcointalkatdserrano5.es)
cr1776
Legendary
*
Offline Offline

Activity: 2016
Merit: 1007


View Profile
April 19, 2014, 07:55:37 PM
 #4
On the download page on bitcoin.org you can click the link "Verify signature releases" which will download the signatures and then you can use the signatures to verify it is the correct release.

E.g something like

gpg --verify ...
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 3164
Merit: 3725


View Profile
April 20, 2014, 01:02:52 AM
 #5
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
drawingthesun
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 20, 2014, 04:11:44 AM
 #6
Quote from: theymos on April 20, 2014, 01:02:52 AM
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.

Is this is preferred process?

http://gitian.org/
bitsmichel
Sr. Member
****
Offline Offline

Activity: 518
Merit: 250



View Profile
April 20, 2014, 01:52:15 PM
 #7
First compare the code you have downloaded with the original.
Then compile it.
oleganza
Full Member
***
Offline Offline

Activity: 200
Merit: 100


Software design and user experience.


View Profile WWW
April 20, 2014, 02:10:45 PM
 #8
Quote from: theymos on April 20, 2014, 01:02:52 AM
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.

Where can I read more about this environment? I'm very interested in having the same thing for my own app.
Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
drawingthesun
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
April 20, 2014, 02:19:28 PM
 #9
Quote from: oleganza on April 20, 2014, 02:10:45 PM
Quote from: theymos on April 20, 2014, 01:02:52 AM
Yes. The official binary is compiled in a special environment that can be exactly replicated so that the binary can be verified. It's a bit difficult to set up, though.

Where can I read more about this environment? I'm very interested in having the same thing for my own app.

I'm very sure it's http://gitian.org/
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 3164
Merit: 3725


View Profile
April 20, 2014, 05:31:33 PM
 #10
Quote from: oleganza on April 20, 2014, 02:10:45 PM
Where can I read more about this environment? I'm very interested in having the same thing for my own app.

It's Gitian. See https://github.com/bitcoin/bitcoin/blob/master/doc/gitian-building.md for some info about Bitcoin's use of it.
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion (Moderators: gmaxwell, achow101) > Can I verify that the official binary was compiled from the open source code?
 « previous topic next topic »
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!