Skip to content

Ensure security chain of RskJ source code

Martin Medina edited this page May 19, 2017 · 13 revisions

Setting up the project

Before anything, you must ensure the security chain of the source code. For that, you must go through the following steps. For Linux based OS (Ubuntu for example) it's recommended install gnupg-curl to download the key through HTTPS.

  1. Download RSK Release Signing Key public key. (Is recommended use gpg v1 because gpg v2 has a bug with import throught https)
$ gpg --keyserver https://secchannel.rsk.co/release.asc --recv-keys 5DECF4415E3B8FA4
gpg: requesting key 5E3B8FA4 from https server secchannel.rsk.co
gpg: key 5E3B8FA4: public key "RSK Release Signing Key <support@rsk.co>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
  1. Verify the downloaded key fingerprint (THIS CHANGES BEFORE GO LIVE)
$ gpg --finger 5DECF4415E3B8FA4
pub   4096R/5E3B8FA4 2017-05-16 [expires: 2022-05-15]
      Key fingerprint = 1A92 D894 2171 AFA9 51A8  5736 5DEC F441 5E3B 8FA4
uid                  RSK Release Signing Key <support@rsk.co>
sub   4096R/A44DCC86 2017-05-16 [expires: 2022-05-15]
sub   4096R/5E488E87 2017-05-16 [expires: 2022-05-15]
sub   4096R/9FC3E7C2 2017-05-16 [expires: 2022-05-15]
  1. Clone the repo
$ git clone https://github.com/rsksmart/RSKj
$ cd RSKj
  1. Verify the SHA256SUMS.asc signature
$ gpg2 --verify SHA256SUMS.asc 
gpg: Signature made mar 16 may 2017 16:47:56 ART
gpg:                using RSA key 0x67D06695A44DCC86
gpg: Good signature from "RSK Release Signing Key <support@rsk.co>" [ultimate]
Primary key fingerprint: 1A92 D894 2171 AFA9 51A8  5736 5DEC F441 5E3B 8FA4
     Subkey fingerprint: D135 DDC0 B54D 6EF3 5901  52DF 67D0 6695 A44D CC86
  1. Verify the configure.sh script

Linux:

$ sha256sum --check SHA256SUMS.asc 
configure.sh: OK
sha256sum: WARNING: 19 lines are improperly formatted

MacOs:

$ shasum --check SHA256SUMS.asc
configure.sh: OK
sha256sum: WARNING: 19 lines are improperly formatted
  1. Run configure script to configure secure environment.
$ ./configure.sh

Now you're ready to configure and run the proyect.

Clone this wiki locally