Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Re: Bitcoin Core 0.18.1 Installation Help Request for Ubuntu 18 LTS
by
matrix01
on 11/09/2019, 16:31:43 UTC
Bob123,
Thank you for your post. To answer your question below is the Terminal output I got when I went through the verification process with two changes I made included. The "john@mylaptop" differs and also the "90xxxxxxxxxxxxxx" differs because I don't know if such keys should be posted for the public to see. The 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964 key seems to be posted all over the place so I left that key unchanged. 


Code:
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

john@mylaptop:~/Downloads$ sha256sum --ignore-missing --check SHA256SUMS.asc
bitcoin-0.18.1-x86_64-linux-gnu.tar.gz: OK
sha256sum: WARNING: 20 lines are improperly formatted
john@mylaptop:~/Downloads$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 01EA5486DE18A882D4C2684590C8019E36C2E964
gpg: key 90xxxxxxxxxxxxxx: 3 duplicate signatures removed
gpg: key 90xxxxxxxxxxxxxx: 69 signatures not checked due to missing keys
gpg: key 90xxxxxxxxxxxxxx: public key "Wladimir J. van der Laan (Bitcoin Core binary release signing key) " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
john@mylaptop:~/Downloads$ gpg --verify SHA256SUMS.asc
gpg: Signature made Fri 09 Aug 2019 03:08:43 AM EDT
gpg:                using RSA key 90xxxxxxxxxxxxxx
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964
john@mylaptop:~/Downloads$

Am I correct to assume the tarball file I downloaded has not failed the hash matching test based on the line I read below?

Code:
gpg: Good signature from "Wladimir J. van der Laan

In short, do I have an authentic legitimate tarball file?  If yes, what line from the Terminal output is that decision based on?

Additionally, does my tarball file not failing this hash matching mean using the PPA installation method is now risk free?