Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Armory
Re: GPG: Running "dpkg-sig --verify *.deb" does not output "GOODSIG _gpgbuilder"
by
achow101
on 15/10/2015, 23:02:54 UTC
Quote from: brancao on October 15, 2015, 09:43:15 PM
Note (1):

The following link on stackexchange recommended running the 'ar vx' command, which also occurs in the above transcript.

https://bitcoin.stackexchange.com/questions/35840/verify-offline-bitcoin-bundle-on-ubuntu

In the transcript and file listing shown at the above link (involving an older version of Armory), a file '_gpgbuilder' is extracted.

However, in the current version of Armory, no  file '_gpgbuilder' is extracted.

I wonder if this file '_gpgbuilder' is necessary in order for the command 'dpkg-sig --verify *.deb' to work properly?
I think those instructions are wrong now, since it seems like the deb file isn't signed. Instead, download the signed hash file and verify the signature of that file. Then take the sha256sum of the deb file and check that it matches.

Quote from: brancao on October 15, 2015, 09:43:15 PM
Note (2):

The download instructions mention that the offline signing key is "Also available on MIT PGP Public Key Server", at the following link:

http://pgp.mit.edu:11371/pks/lookup?search=bitcoinarmory+offline&op=index

This evidently gets translated from http to https when clicked on - ie, it goes here:

https://pgp.mit.edu:11371/pks/lookup?search=bitcoinarmory+offline&op=index

In my brower (Tor 5.0.3 / Mozilla Firefox), it went to a page saying:

   Secure Connection Failed

   An error occurred during a connection to pgp.mit.edu:11371.
   SSL received a record that exceeded the maximum permissible length.
   (Error code: ssl_error_rx_record_too_long)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

Is this something I should be worried about?
That link has :11371 which is for port 11371, which is for the PGP Key server port for software, not browsing. Remove that and you will be able to access the http page on the keyserver.

Quote from: brancao on October 15, 2015, 09:43:15 PM
Note (3):

I can't get the tabs to work on the downloads page here:

https://bitcoinarmory.com/download/#tab-pre

https://bitcoinarmory.com/download/#tab-stable

I'm running Tor 5.0.3, and I allowed all scripts on the page.
Are you sure? Look very carefully, the only change is from 0.93.2 to 0.92.3 or vice versa.

Quote from: brancao on October 15, 2015, 09:43:15 PM
Note (4):

The wording may be unclear (or the version numbers outdated) in this section:

"Offline bundles for Ubuntu 12.04 have been removed in 0.93.1 due to compatibility issues. Please use the offline bundles posted on the 0.92.3 tab, which is perfectly compatible when paired with an online computer using 0.93.1."

I want to use 0.93.2, so does anything in the above paragraph pertain to me?
No.