From 1cf22eb00c2d9bdc06be6c05c2a094281159f76a Mon Sep 17 00:00:00 2001 From: edouardparis Date: Fri, 13 Sep 2024 09:33:28 +0200 Subject: [PATCH] Update gpg key documentation with Edouard key --- SECURITY.md | 9 ++++----- doc/TRY.md | 40 ++++++++++++++++++++++++++++++++-------- doc/USAGE.md | 9 ++++----- 3 files changed, 40 insertions(+), 18 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index e90f388e3..f32ba7499 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,10 +1,9 @@ # Security policy Please report any vulnerability or any bug that could potentially affect the security of users' -funds by mail to [`antoine@wizardsardine.com`](mailto:antoine@wizardsardine.com). +funds by mail to [`edouard@wizardsardine.com`](mailto:edouard@wizardsardine.com). -You may use my GPG public key to encrypt your mail: `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. You +You may use Edouard GPG public key to encrypt your mail: `5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. You can get it from: -- [`keys.openpg.org`](https://keys.openpgp.org/search?q=darosior%40protonmail.com): `gpg --keyserver hkps://keys.openpgp.org --receive 590B7292695AFFA5B672CBB2E13FC145CD3F4304`. -- [My personal website](http://download.darosior.ninja/darosior.pub) -- [Bitcoin Core's `guix.sigs` Github repository](https://github.com/bitcoin-core/guix.sigs/blob/main/builder-keys/darosior.gpg) +- [`keys.openpg.org`](https://keys.openpgp.org/search?q=m%40edouard.paris): `gpg --keyserver hkps://keys.openpgp.org --receive 5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. +- [his personal website](https://edouard.paris/keys/5B63F3B97699C7EEF3B040B19B7F629A53E77B83) diff --git a/doc/TRY.md b/doc/TRY.md index 8e354b77f..cf6f36be8 100644 --- a/doc/TRY.md +++ b/doc/TRY.md @@ -24,9 +24,9 @@ simulator](https://github.com/cryptoadvance/specter-diy/blob/master/docs/simulat Here is a list of the system dependencies: the tools and libraries you need to have installed on your system to follow the guide if you are running a Linux that isn't Debian- or Arch- based. -- GUI requirements, see the link to projects below to search for the name of your distribution's packages. - - [`fontconfig`](https://www.freedesktop.org/wiki/Software/fontconfig/) - - [Libudev](https://www.freedesktop.org/software/systemd/man/libudev.html) +- GUI requirements, see the link to projects below to search for the name of your distribution's packages. + - [`fontconfig`](https://www.freedesktop.org/wiki/Software/fontconfig/) + - [Libudev](https://www.freedesktop.org/software/systemd/man/libudev.html) - Running binaries requires GLIBC >= 2.33 (Ubuntu >= 22.04 or Debian >= 12) We'll use basic tools which should already be present on your system, such as: @@ -39,7 +39,7 @@ To verify binaries you will also need: ### Throwaway folder You can follow the guide from any folder of your choice. We recommend creating a new dedicated folder you -can wipe easily after testing. +can wipe easily after testing. If you are using a Linux terminal: ``` @@ -57,7 +57,11 @@ running a too old glibc. In this case you may have to build from source. See the about this in the README](../README.md#a-note-on-linux-binaries-and-glibc-version). For every file available on the website, there is an accompanying `.asc` file with the same -name on our [Github release page](https://github.com/wizardsardine/liana/releases). This is a GPG signature made with Antoine Poinsot's key: +name on our [Github release page](https://github.com/wizardsardine/liana/releases). + +if Liana version is inferior to v7: + +This is a GPG signature made with Antoine Poinsot's key: `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. This key is available elsewhere for cross-checking, such as on [his Twitter profile](https://twitter.com/darosior) or his [personal website](http://download.darosior.ninja/antoine_poinsot_0xE13FC145CD3F4304.txt). It is recommended @@ -72,9 +76,29 @@ GPG should tell you the signature is valid for Antoine's key. If GPG told you that Antoine key has expired, you should refresh it. Example for Linux (replace the signature name with the one corresponding to your download): ``` -gpg --keyserver hkps://keys.openpgp.org --refresh-keys E13FC145CD3F4304 +gpg --keyserver hkps://keys.openpgp.org --refresh-keys E13FC145CD3F4304 +``` + +if Liana version is superior or equal to v7: + +This is a GPG signature made with Edouard Paris key: +`5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. This key is available elsewhere for cross-checking, such +as on his [personal website](https://edouard.paris/keys/5B63F3B97699C7EEF3B040B19B7F629A53E77B83.asc). +It is recommended you verify your download against this key. +Example for Linux (replace the signature name with the one corresponding to your download): +``` +gpg --keyserver hkps://keys.openpgp.org --receive 5B63F3B97699C7EEF3B040B19B7F629A53E77B83 +gpg --verify liana_7.0-1_amd64.deb.asc +``` +GPG should tell you the signature is valid for Edouard's key. + +If GPG told you that Edouard key has expired, you should refresh it. +Example for Linux (replace the signature name with the one corresponding to your download): +``` +gpg --keyserver hkps://keys.openpgp.org --refresh-keys 5B63F3B97699C7EEF3B040B19B7F629A53E77B83 ``` + If all is good, you can run Liana! At startup, you will have the choice between starting Liana using an existing configuration or to @@ -125,7 +149,7 @@ my own configuration, but it depends on what you configured previously). Then yo Keep in mind that signet coins have no value! -Signet is a network, so you can send coins to other people on signet, receive from them, etc. Feel free to explore Liana! +Signet is a network, so you can send coins to other people on signet, receive from them, etc. Feel free to explore Liana! ## Cleanup @@ -149,7 +173,7 @@ rm -rf ~/.liana/signet ``` -## Tips & Tricks +## Tips & Tricks ### Simulating multiple wallets diff --git a/doc/USAGE.md b/doc/USAGE.md index 975a77eca..8d8ec94cc 100644 --- a/doc/USAGE.md +++ b/doc/USAGE.md @@ -10,13 +10,12 @@ The recommended installation method for regular users is to download [an executa from our website](https://wizardsardine.com/liana/). If you prefer to build the project from source, see [`BUILD.md`](BUILD.md) instead. -We recommend you verify the software you downloaded against a PGP signature made by Antoine Poinsot -using his key `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. For now the PGP signatures for the +We recommend you verify the software you downloaded against a PGP signature made by Edouard Paris +using his key `5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. For now the PGP signatures for the binaries downloaded on our website are only available on the [Github release page](https://github.com/wizardsardine/liana/releases). Find the `.asc` file in the list -corresponding to the binary you downloaded. Antoine's key is available elsewhere for cross-checking, -such as on [his Twitter profile](https://twitter.com/darosior) or [Bitcoin Core's like of builder -keys](https://github.com/bitcoin-core/guix.sigs/blob/main/builder-keys/darosior.gpg). +corresponding to the binary you downloaded. Edouard's key is available elsewhere for cross-checking, +such as on [his personal website](https://edouard.paris). For Arch users, a `liana-bin` is also available at the [AUR](https://aur.archlinux.org/). You can install it using your favourite wrapper (eg `paru -S liana-bin` or `yay -S liana-bin`), or manually: