Add instructions for verifying download integrity against release signer keys
ClosedPublic
Actions

Authored by jasonbcox on Dec 30 2019, 20:17.

Details

Reviewers

deadalnix
Fabien

Group Reviewers

Restricted Project

Commits

rSTAGING6de41be236e3: Add instructions for verifying download integrity against release signer keys
rABC6de41be236e3: Add instructions for verifying download integrity against release signer keys

Summary

The current process for verifying Bitcoin ABC binaries is unclear.
An example of how users experience this can be seen here: https://old.reddit.com/r/btc/comments/egj10s/where_can_i_find_bitcoin_abc_pgp_keys/
However, that example only scratches the surface as there are multiple issues here:

The keys are not easy to find/download.
Having some copy of the key fingerprints has no gaurantees against tampering of the fingerprints out of the box.
While verifying the binary hashes match the signature file(s) is easy, not all users verify the integrity of the signature files themselves.

This patch is a good first step to help tackling the above issues. It provides a mechanism for users to easily identify
tampering in any part of the download process, given that they are not downloading a fresh copy of the release keys.
If the later cannot be assumed, the user is provided with the necessary tools to do so for future downloads.

Test Plan

Version 0.20.11+:

# test a similar set of commands on locally-generated source package
ninja package_source
VERSION="0.20.11"
KEYS_FILE="bitcoin-abc-${VERSION}/contrib/gitian-signing/keys.txt"
# tweaked the line below since no release currently contains keys.txt
tar -zxOf <build-dir>/bitcoin-abc-0.20.11.tar.gz "${KEYS_FILE}" | while read FINGERPRINT _; do gpg --recv-keys "${FINGERPRINT}"; done

Earlier versions:

Download any number of binaries from https://download.bitcoinabc.org/0.20.9/<platform>
Download signature files from https://download.bitcoinabc.org/0.20.9/
Follow the second set of instructions for earlier versions.

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jasonbcox created this revision.Dec 30 2019, 20:17

Herald added a reviewer: deadalnix. · View Herald TranscriptDec 30 2019, 20:17

Build Bitcoin-ABC / Diffs / Diff Testing started.

jasonbcox added inline comments.Dec 30 2019, 20:18

doc/README.md
19 ↗	(On Diff #15090)	Reviewer note: Doing `gpg --recv-keys` for every release is important, because fetching the keys will also fetch any revoke certificates, if they exist.

jasonbcox edited the test plan for this revision. (Show Details)Dec 30 2019, 20:20

Build Bitcoin-ABC / Diffs / Diff Testing passed.

Harbormaster completed remote builds in B8694: Diff 15090.Dec 30 2019, 20:27

Adding the keys.txt file at the root of download.bitcoinabc.org will cause additional maintenance, as someone has to remember to re-upload the file each time it gets updated.
This seems an unnecessary duplication to me as the file is already in the source tree.
Furthermore doing so can cause verification of the previous releases to fail if the file is updated.

I'll suggest to add the keys.txt into the source package and extract the file from the release source archive instead:

wget -q https://download.bitcoinabc.org/${VERSION}/src/bitcoin-abc-${VERSION}.tar.gz
tar -xvzf bitcoin-abc-${VERSION}.tar.gz contrib/gitian-signing/keys.txt
[...]

And for the previous releases:

wget -q https://github.com/Bitcoin-ABC/bitcoin-abc/blob/v${VERSION}/contrib/gitian-signing/keys.txt
[...]

This revision now requires changes to proceed.Jan 2 2020, 11:26

jasonbcox mentioned this in D4828: Add keys to source package.Jan 4 2020, 01:20

D4828

jasonbcox mentioned this in rABC67412d1ef956: Add keys to source package.Jan 12 2020, 17:54

Use versioned keys.txt file from bitcoinabc.org or github.com depending on availability by version.
Fixed a bug where the script would break on multiple signature files.

Build Bitcoin-ABC / Diffs / Diff Testing started.

Build Bitcoin-ABC / Diffs / Diff Testing passed.

Harbormaster completed remote builds in B8905: Diff 15409.Jan 13 2020, 17:58

jasonbcox edited the test plan for this revision. (Show Details)Jan 13 2020, 17:58

Fabien requested changes to this revision.Jan 14 2020, 11:10

Fabien added inline comments.

doc/README.md
35 ↗	(On Diff #15409)	You can have the common part in a common section, something like: Get the keys for v >= 0.20.11 Get the keys for v < 0.20.11 Check the binaries (common to all versions)
35 ↗	(On Diff #15409)	This command does not work for me. It looks like the pipe to `ls` is not working, so it ends up verifying all the files even if they don't exist, which causes the failure.