They include the following build tags: autopilotrpc, signrpc, walletrpc, chainrpc, invoicesrpc, routerrpc, watchtowerrpc and monitoring. The release binaries are compiled with go1.17.3, which is required by verifiers to arrive at the same ones. See our reproducible builds guide for how this can be achieved. Third parties are able to verify that the release binaries were produced properly without having to trust the release manager(s). Our release binaries are fully reproducible. These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires. Two new files are now included along with the rest of our release artifacts: manifest-guggero-v0.14.Īssuming you have the opentimestamps client installed locally, the timestamps can be verified with the following commands: ots verify manifest-guggero-v0.14. -f manifest-guggero-v0.14.5-beta.sigĪlternatively, the open timestamps website can be used to verify timestamps if one doesn't have a bitcoind instance accessible locally. Verifying the Release Timestampįrom this new version onwards, in addition time-stamping the git tag with OpenTimeStamps, we'll also now timestamp the manifest file along with its signature. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256, compare it with the corresponding one in the manifest file, and ensure they match exactly. That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Once you have the required PGP keys, you can verify the release (assuming manifest-guggero-v0.14.5-beta.sig and manifest-v0.14.5-beta.txt are in the current directory) with: gpg -verify manifest-guggero-v0.14.5-beta.sig manifest-v0.14.5-beta.txt This release contains no database migrations.
0 Comments
Leave a Reply. |