Update download signature verification with new builder keys location #957
Conversation
| key using this command:</p> | ||
| <p>For example, you could load the key <a | ||
| href='$(BUILDER_KEYS_URL)/$(EXAMPLE_BUILDER_KEY_FILE)'><code> | ||
| builder-keys/$(EXAMPLE_BUILDER_KEY_FILE)</code></a> by downloading the file as <code> |
There was a problem hiding this comment.
Being vague on purpose about downloading the file since i don't think a curl -sS https://raw.githubusercontent.com/bitcoin-core/guix.sigs/main/builder-keys/fanquake.gpg | gpg --import would be portable to Windows. And downloading a file should be straightforward enough?
There was a problem hiding this comment.
I think using the raw... link here instead of the github file viewing UI does make it a bit easier for users. From the raw URL I can right click (in firefox/macOS) and "save as..." but currently the page you see when you click here has no explicit download button.
There was a problem hiding this comment.
Huh never mind! Did GH just change this interface? Raw copy and download buttons are, in fact, just fine right there.
| key using this command:</p> | ||
| <p>For example, you could load the key <a | ||
| href='$(BUILDER_KEYS_URL)/$(EXAMPLE_BUILDER_KEY_FILE)'><code> | ||
| builder-keys/$(EXAMPLE_BUILDER_KEY_FILE)</code></a> by downloading the file as <code> |
There was a problem hiding this comment.
I think using the raw... link here instead of the github file viewing UI does make it a bit easier for users. From the raw URL I can right click (in firefox/macOS) and "save as..." but currently the page you see when you click here has no explicit download button.
| <p>For example, you could load the key <a | ||
| href='$(BUILDER_KEYS_URL)/$(EXAMPLE_BUILDER_KEY_FILE)'><code> | ||
| builder-keys/$(EXAMPLE_BUILDER_KEY_FILE)</code></a> by downloading the file as <code> | ||
| $(EXAMPLE_BUILDER_KEY_FILE)</code> and using this command:</p> | ||
|
|
||
| choosing_builders: > | ||
| It is recommended that you choose a few individuals from this list who you find |
There was a problem hiding this comment.
This section needs an update as well, there is no more README in the specified link.
There was a problem hiding this comment.
Similarly, macOS step 10 (gpg_trust_warning) is not entirely clear, or it could just be my version of gpg...
Current:
Actual (example, one good one bad):
fanquake
changed the title
|
@darosior are you still working on this? Would be good to get these changes in. |
|
If someone is able to apply the feedback from @pinheadmz before i am, please do. EDIT: to reformulate more clearly i'd be glad if someone grabs this up. Otherwise i'll get back to it because i agree it's important. |
|
I'll open a new PR with you as co-author in the next few days and finish up there 💪 |
|
Awesome. :)
…-------- Original Message --------
On May 6, 2023, 3:32 PM, Matthew Zipkin wrote:
I'll open a new PR with you as co-author in the next few days and finish up there 💪
—
Reply to this email directly, [view it on GitHub](#957 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AFLK3F3P2JR2JXYR3ZLURV3XEZHF5ANCNFSM6AAAAAAWDTI4NM).
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Included in #964. |
dang you're fast |
bfbf19d download: update translation for Español (Matthew Zipkin) 9dc9a0f Update 2017-01-01-download.md (Robert Spigler) 30dca75 download: update verification procedure for linux (Matthew Zipkin) d801e32 download: update verification procedure for macOS (Matthew Zipkin) 0ef7c4f Update downlad signature verification with new builder keys location (Antoine Poinsot) Pull request description: Closes #945 Closes #957 (included) Closes #807 (included) Closes #878 download + verify procedure tested on macOS and Linux. I will go through it again on Windows tonight and add one more commit for that. ACKs for top commit: achow101: ACK bfbf19d Tree-SHA512: 8281dac8f4acdd43f4cdcaf16d5eef48040e3c14cd7f0ecbe25ced009b51aad536991486c4dd076eddc856b051923d8a92174f136db553bd931d08d3627da06a
Untested HTML and english, but wanted to get the ball rolling to fix #945 since it's starting to confuse some users.