Skip to content

Releases: input-output-hk/mithril

Mithril v2310.0

10 Mar 09:14
f3a5e39
Compare
Choose a tag to compare

What's Changed

Full Changelog: 2306.0...2310.0

Crates Versions

Crate Version
mithril-aggregator 0.2.27
mithril-client 0.2.9
mithril-common 0.2.22
mithril-signer 0.2.19
mithril-stm 0.2.4

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2310.0-prerelease

08 Mar 10:49
f3a5e39
Compare
Choose a tag to compare
Pre-release

What's Changed

Full Changelog: 2306.0...2310.0-prerelease

Crates Versions

Crate Version
mithril-aggregator 0.2.27
mithril-client 0.2.9
mithril-common 0.2.22
mithril-signer 0.2.19
mithril-stm 0.2.4

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2306.0

10 Feb 08:38
7e1a41f
Compare
Choose a tag to compare

What's Changed

Full Changelog: 2304.1...2306.0

Crates Versions

Crate Version
mithril-aggregator 0.2.12
mithril-client 0.2.7
mithril-common 0.2.12
mithril-signer 0.2.9
mithril-stm 0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2306.0-prerelease

08 Feb 14:50
7e1a41f
Compare
Choose a tag to compare
Pre-release

What's Changed

Full Changelog: 2304.1...2306.0-prerelease

Crates Versions

Crate Version
mithril-aggregator 0.2.12
mithril-client 0.2.7
mithril-common 0.2.12
mithril-signer 0.2.9
mithril-stm 0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2304.1

01 Feb 08:49
cd471d7
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 2302.0...2304.1

Crates Versions

Crate Version
mithril-aggregator 0.2.10
mithril-client 0.2.6
mithril-common 0.2.9
mithril-signer 0.2.7
mithril-stm 0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2304.1-prerelease

30 Jan 11:39
cd471d7
Compare
Choose a tag to compare
Pre-release

What's Changed

New Contributors

Full Changelog: 2302.0...2304.1-prerelease

Crates Versions

Crate Version
mithril-aggregator 0.2.10
mithril-client 0.2.6
mithril-common 0.2.9
mithril-signer 0.2.7
mithril-stm 0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2304.0-prerelease

25 Jan 08:28
df6024f
Compare
Choose a tag to compare
Pre-release

What's Changed

Full Changelog: 2302.0...2304.0-prerelease

Crates Versions

Crate Version
mithril-aggregator 0.2.8
mithril-client 0.2.5
mithril-common 0.2.8
mithril-signer 0.2.6
mithril-stm 0.2.1

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2302.0

13 Jan 08:26
72978a9
Compare
Choose a tag to compare

What's Changed

Full Changelog: 2250.1...2302.0

Crates Versions

Crate Version
mithril-aggregator 0.2.1
mithril-client 0.2.1
mithril-common 0.2.1
mithril-signer 0.2.1
mithril-stm 0.2.1

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2302.0-prerelease

11 Jan 09:33
72978a9
Compare
Choose a tag to compare
Pre-release

What's Changed

Full Changelog: 2250.1...2302.0-prerelease

Crates Versions

Crate Version
mithril-aggregator 0.2.1
mithril-client 0.2.1
mithril-common 0.2.1
mithril-signer 0.2.1
mithril-stm 0.2.1

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2250.1

16 Dec 13:18
a673f3e
Compare
Choose a tag to compare

What's Changed

Full Changelog: 2248.1...2250.1

Crates Versions

Crate Version
mithril-aggregator 0.2.0
mithril-client 0.2.0
mithril-common 0.2.0
mithril-signer 0.2.0
mithril-stm 0.2.0

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

  • Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
  • Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
  • Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
  • Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK
  • Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
  • Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
  • Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

  • there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
  • there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
  • Step 8:
    If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
    If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️