Author

Topic: Having trouble verifying SHA256SUMS.asc (Read 160 times)

legendary
Activity: 1946
Merit: 1427
September 17, 2021, 03:08:45 PM
#10
Ok so basically we download the sigs from

https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS.asc

then the hashes from...

https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS

btw, this is indeed kinda hidden for now it seems, couldn't find it anywhere, not on github, not on bitcoincore.org, though perhaps I did not search hard enough on github..

then?
Code:
--verify SHA256SUMS.asc SHA256SUMS
and shasum your individual release and recheck obviously.

Now this kinda assumes I have all the signers imported already. Obviously I don't and i'm not sure I care that much to import them all in a "decentralized - individual" manner (I think that's more or less the intention of this change?)

I'm scrolling to see if I can verify Wladimir's signature with his old (11+) key, but no luck.

Any easy way to check the signers and how much authority they hold as someone who isn't that involved?
Edit: I guess the latter part of the question is still somewhat relevant though every individual will probably weigh this differently.

I have a couple names + email addresses - easiest way for now seems to google them and add them individually..?

I guess achow's key works. (EDIT: for those wondering: Imported using https://github.com/bitcoin/bitcoin/blob/master/contrib/builder-keys/keys.txt, which? corresponds with http://achow101.com/achow101.pgp, and thus? trustworthy) &
Code:
 gpg --keyserver keyserver.ubuntu.com --receive-keys 152812300785C96444D3334D17565732E08E5E41 
newbie
Activity: 6
Merit: 3
September 17, 2021, 01:30:52 PM
#9
Cool; thanks for your help.
staff
Activity: 3458
Merit: 6793
Just writing some code
September 17, 2021, 11:09:00 AM
#8
The format changed starting with 22.0. The signatures file actually contains signatures from several developers. The standard gpg --verify command will verify all of those signatures.

The website will be updated with detailed instructions.
newbie
Activity: 6
Merit: 3
September 17, 2021, 06:49:06 AM
#7
With a bit more Googling it seems that 0xb10c is a Bitcoin Core developer. Found his blog https://b10c.me/ and that is indeed his email address. So it looks legit I guess.

This part could be a bit clearer though for people starting to run their own node like me... I couldn't find any instructions on this on bitcoincore.org itself. Would be nice if it was part of the FAQ.
newbie
Activity: 6
Merit: 3
September 17, 2021, 06:23:20 AM
#6
Thanks, that worked better. Even so, the result of GPG verification is not what I expect:

Code:
Untrusted signature
.0xB10C <[email protected]>
0CCB AAFD 76A2 ECE2 CCD3  141D E2FF D5B1 D88C A97D

https://i.imgur.com/xjyRBET.jpg

From what I understand it's expected that file is signed by Wladimir van der Laan. Trying to be a responsible citizen here.
staff
Activity: 3458
Merit: 6793
Just writing some code
September 16, 2021, 08:49:27 PM
#5
For Bitcoin Core 22.0, the hashes are located in the SHA256SUMS file which you can download from https://bitcoincore.org/bin/bitcoin-core-22.0/SHA256SUMS. SHA256SUMS.asc just contains the GPG signatures; you will need that file too in order to verify the release.

The website still needs to be updated for the new release format.
newbie
Activity: 6
Merit: 3
September 16, 2021, 08:02:52 PM
#4
Additionally I tried doing this on Linux and I get the same result.
newbie
Activity: 6
Merit: 3
September 16, 2021, 07:15:33 PM
#3
Thanks but that makes no difference.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
September 16, 2021, 06:31:18 PM
#2
Can you add more space before SHA256SUMS.asc

Sample
Code:
shasum -c  SHA256SUMS.asc

Add space between -c and SHA256SUMS.asc so it should be two spaces and test if it will work.

I just got the idea from this link below

- https://unix.stackexchange.com/questions/139891/why-does-verifying-sha256-checksum-with-sha256sum-fail-on-debian-and-work-on-u
newbie
Activity: 6
Merit: 3
September 16, 2021, 05:51:06 PM
#1
I downloaded SHA256SUMS.asc from https://bitcoincore.org/en/download/. When I run shasum -c SHA256SUMS.asc I get:

Code:
Oberon:Downloads remco$ shasum -c SHA256SUMS.asc
shasum: SHA256SUMS.asc: no properly formatted SHA checksum lines found

Ideas? I'm on a Mac (OSX 11.5.2)
Jump to: