You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you prefer to manually verify the authenticity of the Relay Wizard binary before running it, then you can follow along with the verification process described here. This will minimize the possibility of the binary being compromised. To perform the verification you'll need to have `gnupg` and `curl` installed which are most likely already installed on your system, but if not here's how to install them on some operating systems:
44
+
45
+
### gnupg
46
+
47
+
#### Arch
48
+
49
+
```sh
50
+
sudo pacman -S gnupg
51
+
```
52
+
53
+
#### Debian/Ubuntu
54
+
55
+
```sh
56
+
sudo apt install -y gnupg
57
+
```
58
+
59
+
### curl
60
+
61
+
#### Arch
62
+
63
+
```sh
64
+
sudo pacman -S curl
65
+
```
66
+
67
+
#### Debian/Ubuntu
68
+
69
+
```sh
70
+
sudo apt install -y curl
71
+
```
72
+
73
+
Now you need to import the public key that signed the manifest file which you can do by running the following command:
You're now ready to verify the manifest file. You will need to have the `rwz-x.x.x-manifest.sha512sum` and the `rwz-x.x.x-manifest.sha512sum.asc` files in the same directory as the Relay Wizard binary you downloaded where the `x.x.x` is replaced by whatever version of `rwz` you're verifying.
80
+
81
+
To verify the manifest file run the following command:
82
+
83
+
```sh
84
+
gpg --verify rwz-x.x.x-manifest.sha512sum.asc
85
+
```
86
+
87
+
Here's the command to run for the latest version of `rwz`:
88
+
89
+
```sh
90
+
gpg --verify rwz-0.2.0-manifest.sha512sum.asc
91
+
```
92
+
93
+
You should see output similar to the following if the verification was successful:
94
+
95
+
```sh
96
+
gpg: assuming signed data in'rwz-0.2.0-manifest.sha512sum'
97
+
gpg: Signature made Mon Sep 16 21:07:19 2024 EDT
98
+
gpg: using RSA key 252F57B9DCD920EBF14E6151A8841CC4D10CC288
99
+
gpg: Good signature from "NODE-TEC Devs <[email protected]>" [unknown]
> Unless you tell GnuPG to trust the key, you'll see a warning similar to the following:
106
+
107
+
```sh
108
+
gpg: WARNING: This key is not certified with a trusted signature!
109
+
gpg: There is no indication that the signature belongs to the owner.
110
+
```
111
+
112
+
This warning means that the key is not certified by another third party authority. If the downloaded file was a fake, then the signature verification process would fail and you would be warned that the fingerprints don't match.
113
+
114
+
When you get a warning like this it's also good practice to check the key against other sources, e.g., the [NODE-TEC Keybase](https://keybase.io/nodetec"NODE-TEC Keybase") or the [NODE-TEC GitHub](https://github.com/nodetec"NODE-TEC GitHub").
115
+
116
+
You have now verified the signature of the manifest file which ensures the integrity and authenticity of the file but not of the binary.
117
+
118
+
To verify the binary you'll need to recompute the SHA512 hash of the file, compare it with the corresponding hash in the manifest file, and ensure they match exactly which you can do by running the following command:
119
+
120
+
```sh
121
+
sha512sum --check rwz-x.x.x-manifest.sha512sum
122
+
```
123
+
124
+
Here's the command to run for the latest version of `rwz`:
125
+
126
+
```sh
127
+
sha512sum --check rwz-0.2.0-manifest.sha512sum
128
+
```
129
+
130
+
If the verification was successful you should see the output similar to the following:
131
+
132
+
```sh
133
+
rwz-0.2.0-x86_64-linux-gnu.tar.gz: OK
134
+
```
135
+
136
+
By completing the above steps you will have successfully verified the integrity of the binary.
137
+
41
138
## Learn more
42
139
43
-
If you want to learn more about how to setup a relay from scratch, check out [relayrunner.org](https://relayrunner.org)
140
+
If you want to learn more about how to setup a relay from scratch, check out [Relay Runner](https://relayrunner.org"Relay Runner")
44
141
45
142
If you just want to know enough to get started, read the following sections to get a server, hook up a domain name and setup remote access:
46
143
47
-
-[Get a server](https://relayrunner.org/server/get-a-server)
144
+
-[Get a server](https://relayrunner.org/server/get-a-server"Get a server")
48
145
49
-
-[Get a domain](https://relayrunner.org/server/domain-name)
146
+
-[Get a domain](https://relayrunner.org/server/domain-name"Get a domain")
from here you should be able to run the installation command above and get started.
54
151
55
-
## Contributing
152
+
## Contribute
56
153
57
-
If you want to contribute consider adding a new package manager and test the script out on another Linux Distro, I also have plans to support multiple relay implementation options.
154
+
If you want to contribute consider adding a new package manager and testing the script out on another Linux Distro. You can also look into adding support for more relay implementations.
0 commit comments