From 658ad0065da9223e28faa230ce6bbbc7ab4730c5 Mon Sep 17 00:00:00 2001 From: cronicc Date: Tue, 30 Nov 2021 10:38:56 +0000 Subject: [PATCH 1/2] Update version to 1.2.13 --- CHANGELOG.md | 4 ++++ README.md | 4 ++-- VERIFY_AUTHENTICITY.md | 34 +++++++++++++++++----------------- 3 files changed, 23 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6beb546..1f7c527 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## [1.2.13-beta](https://github.com/HorizenOfficial/Sphere_by_Horizen/releases/tag/desktop-v1.2.13-beta) +### Changed +- Upgraded the bundled Zend to 3.0.2 + ## [1.2.12-beta](https://github.com/HorizenOfficial/Sphere_by_Horizen/releases/tag/desktop-v1.2.12-beta) ### Changed - Upgraded the bundled Zend to 3.0.1 diff --git a/README.md b/README.md index ce26fe3..2cc0b1d 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ **Please follow the upgrade guides for [Windows](https://horizenofficial.atlassian.net/wiki/spaces/ZEN/pages/1136263172/Sphere+by+Horizen+-+Upgrade+Restore+Windows) or [macOS](https://horizenofficial.atlassian.net/wiki/spaces/ZEN/pages/714309893/Sphere+by+Horizen+-+Upgrade+Restore+Mac+Linux).** -**Latest Version:** [v1.2.12-beta](https://github.com/HorizenOfficial/Sphere_by_Horizen/releases/tag/desktop-v1.2.12-beta) +**Latest Version:** [v1.2.13-beta](https://github.com/HorizenOfficial/Sphere_by_Horizen/releases/tag/desktop-v1.2.13-beta) For a list of changes implemented in this version, please view the [changelog](CHANGELOG.md). @@ -55,7 +55,7 @@ Sphere by Horizen is envisioned as a launching point for Horizen services. The [ * Due to the size of the blockchain at this point we would recommend keeping a minimum of 30GB of storage space free. This requirement will increase over time with blockchain growth. ## Verifying authenticity of installer files -* It is highly recommended to verify the authenticty of the downloaded files before installing them by checking the PGP signatures. Alternatively you can verify the file integrity by calculating the checksums. You may do so by following the instructions provided [here](https://github.com/HorizenOfficial/Sphere_by_Horizen/blob/desktop-v1.2.12-beta/VERIFY_AUTHENTICITY.md). +* It is highly recommended to verify the authenticty of the downloaded files before installing them by checking the PGP signatures. Alternatively you can verify the file integrity by calculating the checksums. You may do so by following the instructions provided [here](https://github.com/HorizenOfficial/Sphere_by_Horizen/blob/desktop-v1.2.13-beta/VERIFY_AUTHENTICITY.md). ## Installation instructions diff --git a/VERIFY_AUTHENTICITY.md b/VERIFY_AUTHENTICITY.md index 4598733..09b4a40 100644 --- a/VERIFY_AUTHENTICITY.md +++ b/VERIFY_AUTHENTICITY.md @@ -4,7 +4,7 @@ It is highly recommended to verify the authenticty of the downloaded files befor ## Windows ### Verify File Authenticity -1. Download Sphere_by_Horizen-1.2.12-beta.exe and Sphere_by_Horizen-1.2.12-beta.exe.asc and store the files in your Downloads folder. +1. Download Sphere_by_Horizen-1.2.13-beta.exe and Sphere_by_Horizen-1.2.13-beta.exe.asc and store the files in your Downloads folder. 2. Download the GNUPG package from https://www.gpg4win.org/get-gpg4win.html 3. Proceed with the installation and launch Kleopatra. 4. Unless you already have a personal GPG key, you will have to create one (required for step 6): @@ -28,20 +28,20 @@ It is highly recommended to verify the authenticty of the downloaded files befor - You should receive a message saying Certification successful 7. Verify the installer binary: - Click the Decrypt/Verify button on the Kleopatra toolbar - - Choose the Downloads\Sphere_by_Horizen-1.2.12-beta.exe file in the file dialog (the .asc signature file must reside in the same directory) + - Choose the Downloads\Sphere_by_Horizen-1.2.13-beta.exe file in the file dialog (the .asc signature file must reside in the same directory) 8. If the verification is successful, you will receive a green-tinted message box saying: - Valid signature by cronic@horizenlabs.io - Date of signature - With certificate 219F 5574 0BBF 7A1C E368 BA45 FB70 53CE 4991 B669 - Anything else would constitute a signature verification failure. ### Verify File Integrity -1. Download Sphere_by_Horizen-1.2.12-beta.exe and Sphere_by_Horizen-1.2.12-beta.exe.sha256 and store the files in your Downloads folder +1. Download Sphere_by_Horizen-1.2.13-beta.exe and Sphere_by_Horizen-1.2.13-beta.exe.sha256 and store the files in your Downloads folder 2. Open a PowerShell window 3. Verify the checksums by copy/pasting the following commands: ``` cd ~\Downloads - $targetHash = (Get-Content -Path Sphere_by_Horizen-1.2.12-beta.exe.sha256 -Delimiter " ")[0].Trim() - $fileName = (Get-Content -Path Sphere_by_Horizen-1.2.12-beta.exe.sha256 -Delimiter " ")[2].Trim() + $targetHash = (Get-Content -Path Sphere_by_Horizen-1.2.13-beta.exe.sha256 -Delimiter " ")[0].Trim() + $fileName = (Get-Content -Path Sphere_by_Horizen-1.2.13-beta.exe.sha256 -Delimiter " ")[2].Trim() if ($(certutil -hashfile $fileName SHA256)[1] -replace " ","" -eq $targetHash) { Write-Host $fileName": OK" } else { @@ -51,12 +51,12 @@ It is highly recommended to verify the authenticty of the downloaded files befor ``` 4. The output of the command should equal: ``` - Sphere_by_Horizen-1.2.12-beta.exe: OK + Sphere_by_Horizen-1.2.13-beta.exe: OK ``` ## MacOS ### Verify File Authenticity -1. Download Sphere_by_Horizen-1.2.12-beta.dmg and Sphere_by_Horizen-1.2.12-beta.dmg.asc and store the files in your Downloads folder. +1. Download Sphere_by_Horizen-1.2.13-beta.dmg and Sphere_by_Horizen-1.2.13-beta.dmg.asc and store the files in your Downloads folder. 2. If you already have the GPG Suite installed, and a personal key generated, please skip to step 5, and if not, proceed with the next step. 3. Go to https://gpgtools.org, head to the GPG Suite section, download the .dmg file and install it: - Right-click the .dmg file, then Open, which will open a new window with two icons: Install and Uninstall @@ -75,7 +75,7 @@ It is highly recommended to verify the authenticty of the downloaded files befor 6. Sign the imported key (this designates trust and is required for the next step): - Right-click on the imported key, then "Sign". 7. Verify the installer binary: - - Right-click the Sphere_by_Horizen-1.2.12-beta.dmg file in Finder (do NOT right click on the .asc file, that will not work), then select Services -> OpenPGP: Verify Signature of File (the .asc signature file must reside in the same directory) + - Right-click the Sphere_by_Horizen-1.2.13-beta.dmg file in Finder (do NOT right click on the .asc file, that will not work), then select Services -> OpenPGP: Verify Signature of File (the .asc signature file must reside in the same directory) - The Verification Results dialog will then appear with the verdict: ``` Trusted signature @@ -84,22 +84,22 @@ It is highly recommended to verify the authenticty of the downloaded files befor ``` - Anything different means there was no valid signature for the installer. ### Verify File Integrity -1. Download Sphere_by_Horizen-1.2.12-beta.dmg and Sphere_by_Horizen-1.2.12-beta.dmg.sha256 and store the files in your Downloads folder +1. Download Sphere_by_Horizen-1.2.13-beta.dmg and Sphere_by_Horizen-1.2.13-beta.dmg.sha256 and store the files in your Downloads folder 2. Open a Terminal window 3. Verify the checksums by copy/pasting the following command: ``` cd ~/Downloads \ - && shasum -a256 -c Sphere_by_Horizen-1.2.12-beta.dmg.sha256 + && shasum -a256 -c Sphere_by_Horizen-1.2.13-beta.dmg.sha256 ``` 4. The output of the command should equal: ``` - Sphere_by_Horizen-1.2.12-beta.dmg: OK + Sphere_by_Horizen-1.2.13-beta.dmg: OK ``` ## Linux ### Verify File Authenticity -1. Download Sphere_by_Horizen-1.2.12-beta.deb and Sphere_by_Horizen-1.2.12-beta.deb.asc and store the files in your Downloads folder for Debian based systems, or Sphere_by_Horizen-1.2.12-beta.AppImage and Sphere_by_Horizen-1.2.12-beta.AppImage.asc and store the files in your Downloads folder for all other Linux systems. +1. Download Sphere_by_Horizen-1.2.13-beta.deb and Sphere_by_Horizen-1.2.13-beta.deb.asc and store the files in your Downloads folder for Debian based systems, or Sphere_by_Horizen-1.2.13-beta.AppImage and Sphere_by_Horizen-1.2.13-beta.AppImage.asc and store the files in your Downloads folder for all other Linux systems. 2. Ensure that the gpg2 command is available (assuming Ubuntu Linux) in your shell, and if not execute the following shell command: ``` sudo apt-get update \ @@ -128,11 +128,11 @@ It is highly recommended to verify the authenticty of the downloaded files befor 6. Verify the installer binary using the .asc signature (the .asc signature file must reside in the same directory as the installer binary): ``` cd ~/Downloads \ - && gpg2 --verify Sphere_by_Horizen-1.2.12-beta.*.asc + && gpg2 --verify Sphere_by_Horizen-1.2.13-beta.*.asc ``` - Successful verification should produce a message like follows: ``` - gpg: assuming signed data in 'Sphere_by_Horizen-1.2.12-beta.{extension}' + gpg: assuming signed data in 'Sphere_by_Horizen-1.2.13-beta.{extension}' gpg: Signature made Tue 26 Oct 2021 14:48:10 UTC gpg: using RSA key FB7053CE4991B669 gpg: checking the trustdb @@ -146,15 +146,15 @@ It is highly recommended to verify the authenticty of the downloaded files befor gpg: aka "cronic " [full] ``` ### Verify File Integrity -1. Download Sphere_by_Horizen-1.2.12-beta.deb and Sphere_by_Horizen-1.2.12-beta.deb.sha256 and store the files in your Downloads folder for Debian based systems, or Sphere_by_Horizen-1.2.12-beta.AppImage and Sphere_by_Horizen-1.2.12-beta.AppImage.sha256 and store the files in your Downloads folder for all other Linux systems. +1. Download Sphere_by_Horizen-1.2.13-beta.deb and Sphere_by_Horizen-1.2.13-beta.deb.sha256 and store the files in your Downloads folder for Debian based systems, or Sphere_by_Horizen-1.2.13-beta.AppImage and Sphere_by_Horizen-1.2.13-beta.AppImage.sha256 and store the files in your Downloads folder for all other Linux systems. 2. Open a Terminal window 3. Verify the checksums by copy/pasting the following command: ``` cd ~/Downloads \ - && sha256sum -c Sphere_by_Horizen-1.2.12-beta.*.sha256 + && sha256sum -c Sphere_by_Horizen-1.2.13-beta.*.sha256 ``` 4. The output of the command should equal: ``` - Sphere_by_Horizen-1.2.12-beta.{extension}: OK + Sphere_by_Horizen-1.2.13-beta.{extension}: OK ``` From 8097337504a61e3e7e4d27bc91f94e9f851c8356 Mon Sep 17 00:00:00 2001 From: cronicc Date: Tue, 30 Nov 2021 10:40:43 +0000 Subject: [PATCH 2/2] Replace non working keyserver --- VERIFY_AUTHENTICITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERIFY_AUTHENTICITY.md b/VERIFY_AUTHENTICITY.md index 09b4a40..dbcbe17 100644 --- a/VERIFY_AUTHENTICITY.md +++ b/VERIFY_AUTHENTICITY.md @@ -113,7 +113,7 @@ It is highly recommended to verify the authenticty of the downloaded files befor - Choose a passphrase to protect your personal key (NOTE: the passphrase can be empty, but it is not recommended if you intend to use this key and GNUPG in future) 4. Import the key used to sign releases: ``` - gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 219F55740BBF7A1CE368BA45FB7053CE4991B669 + gpg2 --keyserver hkps://keys.openpgp.org --recv-keys 219F55740BBF7A1CE368BA45FB7053CE4991B669 ``` - The output of the command should show: ```