Releases: input-output-hk/mithril
Mithril v2306.0
What's Changed
- Fix API version sent in wrong header by @jpraynaud in #712
- Update dependencies by @jpraynaud in #715
- Create Era Checker by @jpraynaud in #711
- Reorganize mithril-stm multi_sig.rs by @curiecrypt in #719
- Add security policy by @jpraynaud in #728
- Update Cardano node to
1.35.5
by @jpraynaud in #726 - add era reader by @ghubertpalo in #720
- Add new signer in 'testing-preview' by @jpraynaud in #731
- Implement Era Reader on chain adapter by @jpraynaud in #721
Full Changelog: 2304.1...2306.0
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.12 |
mithril-client | 0.2.7 |
mithril-common | 0.2.12 |
mithril-signer | 0.2.9 |
mithril-stm | 0.2.2 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2306.0-prerelease
What's Changed
- Fix API version sent in wrong header by @jpraynaud in #712
- Update dependencies by @jpraynaud in #715
- Create Era Checker by @jpraynaud in #711
- Reorganize mithril-stm multi_sig.rs by @curiecrypt in #719
- Add security policy by @jpraynaud in #728
- Update Cardano node to
1.35.5
by @jpraynaud in #726 - add era reader by @ghubertpalo in #720
- Add new signer in 'testing-preview' by @jpraynaud in #731
- Implement Era Reader on chain adapter by @jpraynaud in #721
Full Changelog: 2304.1...2306.0-prerelease
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.12 |
mithril-client | 0.2.7 |
mithril-common | 0.2.12 |
mithril-signer | 0.2.9 |
mithril-stm | 0.2.2 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2304.1
What's Changed
- Mithril Network Update ADR by @ghubertpalo in #676
- Update PR template by @jpraynaud in #680
- Upgrade
devnet
to Cardano1.35.4
by @jpraynaud in #667 - Fix make build portable by @jpraynaud in #685
- Update build documentation by @jpraynaud in #682
- Update docs
current
version by @jpraynaud in #686 - Update dependencies by @jpraynaud in #683
- Fix
make
errors from root by @jpraynaud in #684 - Accelerate end to end test execution by @jpraynaud in #692
- 689 Signer Register Message by @ghubertpalo in #691
- Fix
make
errors from root v2 by @jpraynaud in #687 - [693] register signature message by @ghubertpalo in #694
- [695] add epoch settings message & adapter by @ghubertpalo in #700
- Add snapshot message and adapter by @jpraynaud in #702
- Add certificate message and adapter by @jpraynaud in #701
- [705] Api version enforcement update by @Alenar in #706
- Greg/696/certificate pending message by @ghubertpalo in #704
- Add snapshot list message and adapter by @jpraynaud in #703
- Add link to the Mithril explorer by @Proxiweb in #713
- Fix clippy warnings from Rust
1.67.0
by @jpraynaud in #714 - Fix signer unable to sign with
2304.0 prerelease
by @jpraynaud in #717
New Contributors
Full Changelog: 2302.0...2304.1
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.10 |
mithril-client | 0.2.6 |
mithril-common | 0.2.9 |
mithril-signer | 0.2.7 |
mithril-stm | 0.2.2 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2304.1-prerelease
What's Changed
- Mithril Network Update ADR by @ghubertpalo in #676
- Update PR template by @jpraynaud in #680
- Upgrade
devnet
to Cardano1.35.4
by @jpraynaud in #667 - Fix make build portable by @jpraynaud in #685
- Update build documentation by @jpraynaud in #682
- Update docs
current
version by @jpraynaud in #686 - Update dependencies by @jpraynaud in #683
- Fix
make
errors from root by @jpraynaud in #684 - Accelerate end to end test execution by @jpraynaud in #692
- 689 Signer Register Message by @ghubertpalo in #691
- Fix
make
errors from root v2 by @jpraynaud in #687 - [693] register signature message by @ghubertpalo in #694
- [695] add epoch settings message & adapter by @ghubertpalo in #700
- Add snapshot message and adapter by @jpraynaud in #702
- Add certificate message and adapter by @jpraynaud in #701
- [705] Api version enforcement update by @Alenar in #706
- Greg/696/certificate pending message by @ghubertpalo in #704
- Add snapshot list message and adapter by @jpraynaud in #703
- Add link to the Mithril explorer by @Proxiweb in #713
- Fix clippy warnings from Rust
1.67.0
by @jpraynaud in #714 - Fix signer unable to sign with
2304.0 prerelease
by @jpraynaud in #717
New Contributors
Full Changelog: 2302.0...2304.1-prerelease
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.10 |
mithril-client | 0.2.6 |
mithril-common | 0.2.9 |
mithril-signer | 0.2.7 |
mithril-stm | 0.2.2 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2304.0-prerelease
What's Changed
- Mithril Network Update ADR by @ghubertpalo in #676
- Update PR template by @jpraynaud in #680
- Upgrade
devnet
to Cardano1.35.4
by @jpraynaud in #667 - Fix make build portable by @jpraynaud in #685
- Update build documentation by @jpraynaud in #682
- Update docs
current
version by @jpraynaud in #686 - Update dependencies by @jpraynaud in #683
- Fix
make
errors from root by @jpraynaud in #684 - Accelerate end to end test execution by @jpraynaud in #692
- 689 Signer Register Message by @ghubertpalo in #691
- Fix
make
errors from root v2 by @jpraynaud in #687 - [693] register signature message by @ghubertpalo in #694
- [695] add epoch settings message & adapter by @ghubertpalo in #700
- Add snapshot message and adapter by @jpraynaud in #702
- Add certificate message and adapter by @jpraynaud in #701
- [705] Api version enforcement update by @Alenar in #706
- Greg/696/certificate pending message by @ghubertpalo in #704
- Add snapshot list message and adapter by @jpraynaud in #703
Full Changelog: 2302.0...2304.0-prerelease
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.8 |
mithril-client | 0.2.5 |
mithril-common | 0.2.8 |
mithril-signer | 0.2.6 |
mithril-stm | 0.2.1 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2302.0
What's Changed
- Extract signer registration from muti-signer in Aggregator by @jpraynaud in #655
- Fix clippy warnings from Rust
1.66.0
by @jpraynaud in #657 - Update dependencies by @jpraynaud in #659
- check API version by @ghubertpalo in #641
- Optimize snapshot digest computation by @Alenar in #652
- Simplify epoch offset computations by @Alenar in #661
- Remove test lab monitor & aggregator-server by @Alenar in #660
- Decommission signer registration with declarative PoolId by @jpraynaud in #653
- Fix badge workflow CI status in
README
by @jpraynaud in #664 - Deactivate uncertified signers in networks by @jpraynaud in #666
- Add MithrilFixture builder by @Alenar in #670
- Batch verify by @iquerejeta in #531
- Update kes by @iquerejeta in #674
- Update crates version 2302 by @jpraynaud in #679
Full Changelog: 2250.1...2302.0
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.1 |
mithril-client | 0.2.1 |
mithril-common | 0.2.1 |
mithril-signer | 0.2.1 |
mithril-stm | 0.2.1 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2302.0-prerelease
What's Changed
- Extract signer registration from muti-signer in Aggregator by @jpraynaud in #655
- Fix clippy warnings from Rust
1.66.0
by @jpraynaud in #657 - Update dependencies by @jpraynaud in #659
- check API version by @ghubertpalo in #641
- Optimize snapshot digest computation by @Alenar in #652
- Simplify epoch offset computations by @Alenar in #661
- Remove test lab monitor & aggregator-server by @Alenar in #660
- Decommission signer registration with declarative PoolId by @jpraynaud in #653
- Fix badge workflow CI status in
README
by @jpraynaud in #664 - Deactivate uncertified signers in networks by @jpraynaud in #666
- Add MithrilFixture builder by @Alenar in #670
- Batch verify by @iquerejeta in #531
- Update kes by @iquerejeta in #674
- Update crates version 2302 by @jpraynaud in #679
Full Changelog: 2250.1...2302.0-prerelease
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.1 |
mithril-client | 0.2.1 |
mithril-common | 0.2.1 |
mithril-signer | 0.2.1 |
mithril-stm | 0.2.1 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2250.1
What's Changed
- Update dependencies by @jpraynaud in #634
- Add test-client workflow by @Alenar in #632
- Remove certificate creation responsability from the multi-signer by @Alenar in #639
- Start blog post describing release process by @abailly-iohk in #533
- Add a verified signer to 'pre-release-preview' by @jpraynaud in #640
- GPG sign distribution artifacts by @jpraynaud in #630
- Fix sign distribution CI by @jpraynaud in #644
- Fix sign distribution CI v2 by @jpraynaud in #645
- Fix verify signature links in release notes by @jpraynaud in #646
- Add a verified signer to 'release-preprod' by @jpraynaud in #647
- Fix Cardano relay node topology configuration by @jpraynaud in #649
- Add query KES period info for test SPOs by @jpraynaud in #648
- Simplify signature by @iquerejeta in #620
- Update crates version 2250 by @jpraynaud in #654
- Fix protocol parameters transition by @jpraynaud in #650
- Upgrade instances capacity infrastructure by @jpraynaud in #656
Full Changelog: 2248.1...2250.1
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.0 |
mithril-client | 0.2.0 |
mithril-common | 0.2.0 |
mithril-signer | 0.2.0 |
mithril-stm | 0.2.0 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2250.1-prerelease
What's Changed
- Update dependencies by @jpraynaud in #634
- Add test-client workflow by @Alenar in #632
- Remove certificate creation responsability from the multi-signer by @Alenar in #639
- Start blog post describing release process by @abailly-iohk in #533
- Add a verified signer to 'pre-release-preview' by @jpraynaud in #640
- GPG sign distribution artifacts by @jpraynaud in #630
- Fix sign distribution CI by @jpraynaud in #644
- Fix sign distribution CI v2 by @jpraynaud in #645
- Fix verify signature links in release notes by @jpraynaud in #646
- Add a verified signer to 'release-preprod' by @jpraynaud in #647
- Fix Cardano relay node topology configuration by @jpraynaud in #649
- Add query KES period info for test SPOs by @jpraynaud in #648
- Simplify signature by @iquerejeta in #620
- Update crates version 2250 by @jpraynaud in #654
- Fix protocol parameters transition by @jpraynaud in #650
- Upgrade instances capacity infrastructure by @jpraynaud in #656
Full Changelog: 2248.1...2250.1-prerelease
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.0 |
mithril-client | 0.2.0 |
mithril-common | 0.2.0 |
mithril-signer | 0.2.0 |
mithril-stm | 0.2.0 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️
Mithril v2250.0-prerelease
What's Changed
- Update dependencies by @jpraynaud in #634
- Add test-client workflow by @Alenar in #632
- Remove certificate creation responsability from the multi-signer by @Alenar in #639
- Start blog post describing release process by @abailly-iohk in #533
- Add a verified signer to 'pre-release-preview' by @jpraynaud in #640
- GPG sign distribution artifacts by @jpraynaud in #630
- Fix sign distribution CI by @jpraynaud in #644
- Fix sign distribution CI v2 by @jpraynaud in #645
- Fix verify signature links in release notes by @jpraynaud in #646
- Add a verified signer to 'release-preprod' by @jpraynaud in #647
- Fix Cardano relay node topology configuration by @jpraynaud in #649
- Add query KES period info for test SPOs by @jpraynaud in #648
- Simplify signature by @iquerejeta in #620
- Update crates version 2250 by @jpraynaud in #654
Full Changelog: 2248.1...2250.0-prerelease
Crates Versions
Crate | Version |
---|---|
mithril-aggregator | 0.2.0 |
mithril-client | 0.2.0 |
mithril-common | 0.2.0 |
mithril-signer | 0.2.0 |
mithril-stm | 0.2.0 |
Verify the authenticity of a downloaded asset
Detailed procedure to verify an asset
- Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
- Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
- Step 3: In your terminal, go to the asset folder by running:
cd ***YOUR_ASSET_FOLDER***
- Step 4: Then verify the checksum of the asset by running:
sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***
You must see:
./***YOUR_ASSET_FILE***: OK
- Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
- Step 6: Then import the GPG public key:
gpg --import ./gpg-public.key
You must see something like:
gpg: key : public key "Input Output / Mithril <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
- Step 7: Then verify the GPG signature of the checksum file:
gpg --verify ./gpg-public.key ./CHECKSUM.asc
You must see something like:
gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg: using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388 E655 899A CD26 B8BC A0D2
The signature is valid if and only if:
- there is a line with
gpg: Good signature from "Input Output / Mithril <[email protected]>"
- there is a line with
Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021
- Step 8:
If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
If not, contact us at [[email protected]] and let us know of the outcome of your run of this process⚠️