From 35978b8a31f584a9ac22c382212ae373aa4c324c Mon Sep 17 00:00:00 2001 From: Simon Zolin Date: Thu, 13 Aug 2020 16:06:24 +0300 Subject: [PATCH] + Verifying AdGuard Home Releases Squashed commit of the following: commit 3e566ff88f58ebe8d8f06650c6d2eb45d3a4667d Author: Simon Zolin Date: Thu Aug 13 14:07:29 2020 +0300 add to sidebar commit 85b888e12a3916929286c5f08010d3192d096436 Author: Simon Zolin Date: Thu Aug 13 11:50:52 2020 +0300 minor commit 8b26f498f88205a93376f45091d78d49b2a8cf56 Author: Simon Zolin Date: Thu Aug 13 11:11:22 2020 +0300 minor commit 0bb1f5ec89dabb07053b5538caee8dcc0454c90d Author: Simon Zolin Date: Thu Aug 13 11:08:09 2020 +0300 update commit 1d838f037a13519699cbcbbc47f9fdf17676bc6f Author: Simon Zolin Date: Tue Aug 4 19:42:43 2020 +0300 + Signatures for AdGuard Home binary files --- Home.md | 1 + Verify-Releases.md | 49 ++++++++++++++++++++++++++++++++++++++++++++++ __Sidebar.md | 3 ++- 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 Verify-Releases.md diff --git a/Home.md b/Home.md index 3e198db..9cdf994 100644 --- a/Home.md +++ b/Home.md @@ -33,3 +33,4 @@ The wiki was just recently created, so there isn't much content (yet). * [How to install and run AdGuard Home on a Virtual Private Server](VPS) * [OpenRC service-script](OpenRC) * [How to write hosts blocklists](Hosts-Blocklists) +* [Verifying Releases](Verify-Releases) diff --git a/Verify-Releases.md b/Verify-Releases.md new file mode 100644 index 0000000..9a430a0 --- /dev/null +++ b/Verify-Releases.md @@ -0,0 +1,49 @@ +# Verifying AdGuard Home Releases + +Since AdGuard Home v0.103.4 we sign the executable files we build so you can verify they are really created by us and no one else. +Inside an archive file there's a small file with `.sig` extension which contains the signature data. +In a hypothetic situation when the binary file inside an archive is replaced by someone, you'll know that it isn't an official release from AdGuard. + + +## How to verify that the executable file was built by AdGuard? + +1. Unpack AdGuard Home archive file +2. Import AdGuard Home public key from keyserver: + + gpg --keyserver pgp.key-server.io --recv-key 1222CCA0 + + The above command will print: + + gpg: key 9A6F0EB91222CCA0: public key "AdGuard " imported + +3. Verify (for UNIX): + + gpg --verify AdGuardHome/AdGuardHome.sig + + or for Windows: + + gpg --verify AdGuardHome/AdGuardHome.exe.sig + + You'll see something like this: + + gpg: assuming signed data in 'AdGuardHome/AdGuardHome' + gpg: Signature made Wed 12 Aug 2020 11:06:44 PM +03 + gpg: using RSA key 58D6AD46BC509C6181A22C5F9A6F0EB91222CCA0 + gpg: issuer "devteam@adguard.com" + gpg: Good signature from "AdGuard " [unknown] + + Check: + * RSA key - must be "58D6AD46BC509C6181A22C5F9A6F0EB91222CCA0" + * name - must be "AdGuard" + * email address - must be "devteam@adguard.com" + +> Note Windows users: you need to install PGP software. + + +## Reproducing AdGuard Home releases + + git clone --branch "v0.103.3" --depth=1 "https://github.com/AdguardTeam/AdGuardHome" /tmp/adguard + cd /tmp/adguard + docker run --volume $(pwd):/build --rm --env CHANNEL=release --net=host adguard/golang-ubuntu make release + +where "v0.103.3" is the AdGuard Home version you want to build. diff --git a/__Sidebar.md b/__Sidebar.md index 0c3cc7f..976b44c 100644 --- a/__Sidebar.md +++ b/__Sidebar.md @@ -9,4 +9,5 @@ * [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi) * [How to install and run AdGuard Home on a Virtual Private Server](VPS) * [OpenRC service-script](OpenRC) -* [How to write hosts blocklists](Hosts-Blocklists) \ No newline at end of file +* [How to write hosts blocklists](Hosts-Blocklists) +* [Verifying Releases](Verify-Releases)