-
Notifications
You must be signed in to change notification settings - Fork 267
Ensure security chain of RskJ source code
Martin Medina edited this page May 19, 2017
·
13 revisions
Before anything, you must ensure the security chain of the source code. For that, you must go through the following steps. For Linux based OS (Ubuntu for example) it's recommended install gnupg-curl
to download the key through HTTPS.
- Download RSK Release Signing Key public key. (Is recommended use gpg v1 because gpg v2 has a bug with import throught https)
$ gpg --keyserver https://secchannel.rsk.co/release.asc --recv-keys 5DECF4415E3B8FA4
gpg: requesting key 5E3B8FA4 from https server secchannel.rsk.co
gpg: key 5E3B8FA4: public key "RSK Release Signing Key <support@rsk.co>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
- Verify the downloaded key fingerprint (THIS CHANGES BEFORE GO LIVE)
$ gpg --finger 5DECF4415E3B8FA4
pub 4096R/5E3B8FA4 2017-05-16 [expires: 2022-05-15]
Key fingerprint = 1A92 D894 2171 AFA9 51A8 5736 5DEC F441 5E3B 8FA4
uid RSK Release Signing Key <support@rsk.co>
sub 4096R/A44DCC86 2017-05-16 [expires: 2022-05-15]
sub 4096R/5E488E87 2017-05-16 [expires: 2022-05-15]
sub 4096R/9FC3E7C2 2017-05-16 [expires: 2022-05-15]
- Clone the repo
$ git clone https://github.com/rsksmart/RSKj
$ cd RSKj
- Verify the
SHA256SUMS.asc
signature
$ gpg2 --verify SHA256SUMS.asc
gpg: Signature made mar 16 may 2017 16:47:56 ART
gpg: using RSA key 0x67D06695A44DCC86
gpg: Good signature from "RSK Release Signing Key <support@rsk.co>" [ultimate]
Primary key fingerprint: 1A92 D894 2171 AFA9 51A8 5736 5DEC F441 5E3B 8FA4
Subkey fingerprint: D135 DDC0 B54D 6EF3 5901 52DF 67D0 6695 A44D CC86
- Verify the
configure.sh
script
Linux:
$ sha256sum --check SHA256SUMS.asc
configure.sh: OK
sha256sum: WARNING: 19 lines are improperly formatted
MacOs:
$ shasum --check SHA256SUMS.asc
configure.sh: OK
sha256sum: WARNING: 19 lines are improperly formatted
- Run configure script to configure secure environment.
$ ./configure.sh
Now you're ready to configure and run the proyect.