add instructions to verify signatures in readme (#1651)
This commit is contained in:
parent
ab22126b45
commit
b06f732015
33
README.md
33
README.md
|
@ -14,6 +14,39 @@ Please search for any [existing issues](https://github.com/oxen-io/session-deskt
|
|||
|
||||
Build instructions can be found in [BUILDING.md](BUILDING.md).
|
||||
|
||||
|
||||
## Verifing signatures
|
||||
|
||||
|
||||
Get Kee's key and import it:
|
||||
```
|
||||
wget https://raw.githubusercontent.com/oxen-io/oxen-core/master/utils/gpg_keys/KeeJef.asc
|
||||
gpg --import KeeJef.asc
|
||||
```
|
||||
|
||||
Get the signed hash for this release, the SESSION_VERSION needs to be updated for the release you want to verify
|
||||
```
|
||||
export SESSION_VERSION=1.6.1
|
||||
wget https://github.com/oxen-io/session-desktop/releases/download/v$SESSION_VERSION/signatures.asc
|
||||
```
|
||||
|
||||
Verify the signature of the hashes of the files
|
||||
|
||||
```
|
||||
gpg --verify signatures.asc 2>&1 |grep "Good signature from"
|
||||
```
|
||||
|
||||
The command above should print "`Good signature from "Kee Jefferys...`"
|
||||
If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files.
|
||||
|
||||
Make sure the two commands below returns the same hash.
|
||||
If they do, files are valid
|
||||
```
|
||||
sha256sum session-desktop-linux-amd64-$SESSION_VERSION.deb
|
||||
grep .deb signatures.asc
|
||||
```
|
||||
|
||||
|
||||
## Debian repository
|
||||
|
||||
Please visit https://deb.oxen.io/<br/>
|
||||
|
|
Loading…
Reference in New Issue