Merge pull request #559 from Bilb/sha-verify-readme

Add SHA Verification Instructions to README
This commit is contained in:
Niels Andriesse 2021-05-24 12:54:34 +10:00 committed by GitHub
commit a168e56db7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -20,6 +20,39 @@ Please search for any [existing issues](https://github.com/oxen-io/session-andro
Build instructions can be found in [BUILDING.md](BUILDING.md).
## Verifing signatures
Get Kee's key and import it:
```
wget https://raw.githubusercontent.com/oxen-io/oxen-core/master/utils/gpg_keys/KeeJef.asc
gpg --import KeeJef.asc
```
Get the signed hash for this release, the SESSION_VERSION needs to be updated for the release you want to verify
```
export SESSION_VERSION=1.10.4
wget https://github.com/oxen-io/session-android/releases/download/$SESSION_VERSION/signatures.asc
```
Verify the signature of the hashes of the files
```
gpg --verify signatures.asc 2>&1 |grep "Good signature from"
```
The command above should print "`Good signature from "Kee Jefferys...`"
If it does, the hashes are valid but we still have to make the sure the signed hashes matches the downloaded files.
Make sure the two commands below returns the same hash.
If they do, files are valid.
```
sha256sum session-$SESSION_VERSION-universal.apk
grep universal.apk signatures.asc
```
## License
Copyright 2011 Whisper Systems