Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport: Update gpg key documentation with Edouard key #1332

Merged
merged 1 commit into from
Sep 13, 2024
Merged

Backport: Update gpg key documentation with Edouard key #1332

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
# Security policy

Please report any vulnerability or any bug that could potentially affect the security of users'
funds by mail to [`antoine@wizardsardine.com`](mailto:antoine@wizardsardine.com).
funds by mail to [`edouard@wizardsardine.com`](mailto:edouard@wizardsardine.com).

You may use my GPG public key to encrypt your mail: `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. You
You may use Edouard GPG public key to encrypt your mail: `5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. You
can get it from:
- [`keys.openpg.org`](https://keys.openpgp.org/search?q=darosior%40protonmail.com): `gpg --keyserver hkps://keys.openpgp.org --receive 590B7292695AFFA5B672CBB2E13FC145CD3F4304`.
- [My personal website](http://download.darosior.ninja/darosior.pub)
- [Bitcoin Core's `guix.sigs` Github repository](https://github.com/bitcoin-core/guix.sigs/blob/main/builder-keys/darosior.gpg)
- [`keys.openpg.org`](https://keys.openpgp.org/search?q=m%40edouard.paris): `gpg --keyserver hkps://keys.openpgp.org --receive 5B63F3B97699C7EEF3B040B19B7F629A53E77B83`.
- [his personal website](https://edouard.paris/keys/5B63F3B97699C7EEF3B040B19B7F629A53E77B83)
40 changes: 32 additions & 8 deletions doc/TRY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@ simulator](https://github.com/cryptoadvance/specter-diy/blob/master/docs/simulat
Here is a list of the system dependencies: the tools and libraries you need to have installed on
your system to follow the guide if you are running a Linux that isn't Debian- or Arch- based.

- GUI requirements, see the link to projects below to search for the name of your distribution's packages.
- [`fontconfig`](https://www.freedesktop.org/wiki/Software/fontconfig/)
- [Libudev](https://www.freedesktop.org/software/systemd/man/libudev.html)
- GUI requirements, see the link to projects below to search for the name of your distribution's packages.
- [`fontconfig`](https://www.freedesktop.org/wiki/Software/fontconfig/)
- [Libudev](https://www.freedesktop.org/software/systemd/man/libudev.html)
- Running binaries requires GLIBC >= 2.33 (Ubuntu >= 22.04 or Debian >= 12)

We'll use basic tools which should already be present on your system, such as:
Expand All @@ -39,7 +39,7 @@ To verify binaries you will also need:
### Throwaway folder

You can follow the guide from any folder of your choice. We recommend creating a new dedicated folder you
can wipe easily after testing.
can wipe easily after testing.

If you are using a Linux terminal:
```
Expand All @@ -57,7 +57,11 @@ running a too old glibc. In this case you may have to build from source. See the
about this in the README](../README.md#a-note-on-linux-binaries-and-glibc-version).

For every file available on the website, there is an accompanying `.asc` file with the same
name on our [Github release page](https://github.com/wizardsardine/liana/releases). This is a GPG signature made with Antoine Poinsot's key:
name on our [Github release page](https://github.com/wizardsardine/liana/releases).

if Liana version is inferior to v7:

This is a GPG signature made with Antoine Poinsot's key:
`590B7292695AFFA5B672CBB2E13FC145CD3F4304`. This key is available elsewhere for cross-checking, such
as on [his Twitter profile](https://twitter.com/darosior) or his [personal
website](http://download.darosior.ninja/antoine_poinsot_0xE13FC145CD3F4304.txt). It is recommended
Expand All @@ -72,9 +76,29 @@ GPG should tell you the signature is valid for Antoine's key.
If GPG told you that Antoine key has expired, you should refresh it.
Example for Linux (replace the signature name with the one corresponding to your download):
```
gpg --keyserver hkps://keys.openpgp.org --refresh-keys E13FC145CD3F4304
gpg --keyserver hkps://keys.openpgp.org --refresh-keys E13FC145CD3F4304
```

if Liana version is superior or equal to v7:

This is a GPG signature made with Edouard Paris key:
`5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. This key is available elsewhere for cross-checking, such
as on his [personal website](https://edouard.paris/keys/5B63F3B97699C7EEF3B040B19B7F629A53E77B83.asc).
It is recommended you verify your download against this key.
Example for Linux (replace the signature name with the one corresponding to your download):
```
gpg --keyserver hkps://keys.openpgp.org --receive 5B63F3B97699C7EEF3B040B19B7F629A53E77B83
gpg --verify liana_7.0-1_amd64.deb.asc
```
GPG should tell you the signature is valid for Edouard's key.

If GPG told you that Edouard key has expired, you should refresh it.
Example for Linux (replace the signature name with the one corresponding to your download):
```
gpg --keyserver hkps://keys.openpgp.org --refresh-keys 5B63F3B97699C7EEF3B040B19B7F629A53E77B83
```


If all is good, you can run Liana!

At startup, you will have the choice between starting Liana using an existing configuration or to
Expand Down Expand Up @@ -125,7 +149,7 @@ my own configuration, but it depends on what you configured previously). Then yo

Keep in mind that signet coins have no value!

Signet is a network, so you can send coins to other people on signet, receive from them, etc. Feel free to explore Liana!
Signet is a network, so you can send coins to other people on signet, receive from them, etc. Feel free to explore Liana!


## Cleanup
Expand All @@ -149,7 +173,7 @@ rm -rf ~/.liana/signet
```


## Tips & Tricks
## Tips & Tricks

### Simulating multiple wallets

Expand Down
9 changes: 4 additions & 5 deletions doc/USAGE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,12 @@ The recommended installation method for regular users is to download [an executa
from our website](https://wizardsardine.com/liana/). If you prefer to build the project from source,
see [`BUILD.md`](BUILD.md) instead.

We recommend you verify the software you downloaded against a PGP signature made by Antoine Poinsot
using his key `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. For now the PGP signatures for the
We recommend you verify the software you downloaded against a PGP signature made by Edouard Paris
using his key `5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. For now the PGP signatures for the
binaries downloaded on our website are only available on the [Github release
page](https://github.com/wizardsardine/liana/releases). Find the `.asc` file in the list
corresponding to the binary you downloaded. Antoine's key is available elsewhere for cross-checking,
such as on [his Twitter profile](https://twitter.com/darosior) or [Bitcoin Core's like of builder
keys](https://github.com/bitcoin-core/guix.sigs/blob/main/builder-keys/darosior.gpg).
corresponding to the binary you downloaded. Edouard's key is available elsewhere for cross-checking,
such as on [his personal website](https://edouard.paris).

For Arch users, a `liana-bin` is also available at the [AUR](https://aur.archlinux.org/). You can
install it using your favourite wrapper (eg `paru -S liana-bin` or `yay -S liana-bin`), or manually:
Expand Down
Loading