Skip to content

Latest commit

 

History

History
95 lines (65 loc) · 3.2 KB

README.md

File metadata and controls

95 lines (65 loc) · 3.2 KB

decred-binaries

Decred Binary Releases

This repository contains release notes and binaries released for Decred.

Available Releases

This repository contains releases for the following software:

Release notes

Notes for the current and previous releases can be found in the Release Notes document.

Verifying Binaries

For your security, we recommend that you verify binaries before running them. Each release contains a manifest file with SHA-256 hashes for each released binary. To ensure your downloads are authentic, you should verify that the manifest file is signed by release@decred.org, and that your hashed binary matches the manifest.

Detailed instructions can be found in the Decred Documentation: Verifying Binaries. New users should start there.

If you've already done this before and you still have the Decred Release keys on your GnuPG keyring, the following shorthand instructions are provided as a quick refresher:

  1. Download:

    • The zip/tarball for your specific OS / architecture
    • The file manifest and hashes, ending in -manifest.txt
    • The signature for the manifest, ending in -manifest.txt.asc
  2. Verify that the manifest was directly signed by the Decred project:

    $ gpg --verify <your manifest.txt.asc file>
    

    Example output:

    gpg: assuming signed data in 'decred-v1.5.1-manifest.txt'
    gpg: Signature made 01/29/20 15:17:58 Eastern Standard Time
    gpg:                using RSA key F516ADB7A069852C7C28A02D6D897EDF518A031D
    gpg: Good signature from "Decred Release <release@decred.org>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: FD13 B683 5E24 8FAF 4BD1  838D 6DF6 34AA 7608 AF04
       Subkey fingerprint: F516 ADB7 A069 852C 7C28  A02D 6D89 7EDF 518A 031D
    

    If you see Good signature from "Decred Release <release@decred.org>", then you're successful! You can trust that the manifest.txt came directly from the Decred project.

  3. Verify that the hash of your downloaded zip/tarball matches the manifest hash:

    • Windows:

      • If you have 7-Zip installed, simply open up Windows Explorer, right click on the file, mouseover CRC SHA, then click SHA-256.

      • $ certutil -hashfile <your file> SHA256

    • macOS

      • $ shasum -a 256 <your file>
    • Linux

      • $ sha256sum <your file>

    Example output:

    0c43caffa428cebb8a4d3c8efb2a341220fd1c232640ff3b4403ff67e1873e1a  decred-linux-amd64-v1.5.1.tar.gz
    

If your output hash matches the hash from the manifest, you're done! The binary for your platform is now verified and you can be confident it was generated by the Decred Project. It's safe to install the software.

Source code

This repo only contains build archives, build scripts, and similar content. For the source code, please see the individual repositories at: https://github.com/decred/