https://github.com/decred/decred-release

Decred binary releases.
https://github.com/decred/decred-release

Last synced: 11 months ago
JSON representation

Decred binary releases.

• Host: GitHub
• URL: https://github.com/decred/decred-release
• Owner: decred
• License: isc
• Created: 2016-02-24T19:16:06.000Z (over 10 years ago)
• Default Branch: master
• Last Pushed: 2024-05-21T20:47:31.000Z (about 2 years ago)
• Last Synced: 2024-05-22T15:56:33.892Z (about 2 years ago)
• Language: Go
• Homepage:
• Size: 351 KB
• Stars: 86
• Watchers: 32
• Forks: 42
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
decred-release

==============

[![Build Status](https://github.com/decred/decred-release/workflows/Build%20and%20Test/badge.svg)](https://github.com/decred/decred-release/actions)

[![ISC License](https://img.shields.io/badge/license-ISC-blue.svg)](http://copyfree.org)

## Overview

This repository contains the decred installers and the installer manifests.

For the binary archives, binary manifests and release notes please 

go to [decred-binaries](https://github.com/decred/decred-binaries).

## Verifying dcrinstall

For your security, we recommend that you verify binaries before running them.

Each release contains a manifest file with SHA-256 hashes for each released

binary. To ensure your downloads are authentic, you should verify that the

manifest file is signed by `release@decred.org`, and that your hashed binary

matches the manifest.

Detailed instructions can be found in the Decred Documentation:

[Verifying Binaries](https://docs.decred.org/advanced/verifying-binaries/).

New users should start there.

If you've already done this before and you still have the Decred Release keys

on your GnuPG keyring, the following shorthand instructions are provided as a

quick refresher:

1. Download:

   * The zip/tarball for your specific OS / architecture

   * The file manifest and hashes, ending in `-manifest.txt`

   * The signature for the manifest, ending in `-manifest.txt.asc`

2. Verify that the manifest was directly signed by the Decred project:

   ```

   $ gpg --verify dcrinstall-v1.5.1-manifest.txt.asc

   ```

   Example output:

   ```

   gpg: assuming signed data in 'dcrinstall-v1.5.1-manifest.txt'

   gpg: Signature made 01/29/20 15:17:45 Eastern Standard Time

   gpg:                using RSA key F516ADB7A069852C7C28A02D6D897EDF518A031D

   gpg: Good signature from "Decred Release " [unknown]

   gpg: WARNING: This key is not certified with a trusted signature!

   gpg:          There is no indication that the signature belongs to the owner.

   Primary key fingerprint: FD13 B683 5E24 8FAF 4BD1  838D 6DF6 34AA 7608 AF04

      Subkey fingerprint: F516 ADB7 A069 852C 7C28  A02D 6D89 7EDF 518A 031D

   ```

   If you see `Good signature from "Decred Release "`, then

   you're successful! You can trust that the `manifest.txt` came directly from the

   Decred project.

3. Verify that the hash of your downloaded zip/tarball matches the manifest hash:

   * Windows:

      * If you have [7-Zip](https://7-zip.org/) installed, simply open up Windows

      Explorer, right click on the file, mouseover `CRC SHA`, then click `SHA-256`.

      * `$ certutil -hashfile  SHA256`

   * macOS

      * `$ shasum -a 256 `

   * Linux

      * `$ sha256sum `

   Example output:

   ```

   9c346bbdb5dbd9671f2ef6731f52c228f5972000960be8dfdc9346f52bab48b2 *dcrinstall-linux-amd64-v1.5.1

   ```

   

If your output hash matches the hash from the manifest, you're done! The binary

for your platform is now verified and you can be confident it was generated by

the Decred Project. It's safe to install the software.