From 1dce14bb539c7ccbe2787c547a2bce9a29dd3bdb Mon Sep 17 00:00:00 2001 From: 0xLucca <0xlucca.dev@gmail.com> Date: Fri, 13 Dec 2024 16:40:40 -0300 Subject: [PATCH 1/7] Improve download --- .../onboarding-and-offboarding/set-up-validator.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md index 52ff3e559..9027af5bd 100644 --- a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md +++ b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md @@ -83,19 +83,19 @@ You can also download the binaries by using the following direct links and repla === "`polkadot`" ``` text - https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot ``` === "`polkadot-prepare-worker`" ``` text - https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-prepare-worker + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-prepare-worker ``` === "`polkadot-execute-worker`" ``` text - https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-execute-worker + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-execute-worker ``` ### Install with Package Managers @@ -149,8 +149,8 @@ If you prefer using Docker or an OCI-compatible container runtime, the official To pull the latest image, run the following command. Make sure to replace `INSERT_VERSION_NUMBER` with the appropriate version number, e.g. `v1.16.1` -```sh -docker.io/parity/polkadot:INSERT_VERSION_NUMBER +```bash +docker pull parity/polkadot:INSERT_VERSION_NUMBER ``` ### Build from Sources From ec7097e5ceb8672eac783549c1c0ee0a894bc997 Mon Sep 17 00:00:00 2001 From: 0xLucca <95830307+0xLucca@users.noreply.github.com> Date: Mon, 16 Dec 2024 11:53:01 -0300 Subject: [PATCH 2/7] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Nicolás Hussein <80422357+nhussein11@users.noreply.github.com> --- .../onboarding-and-offboarding/set-up-validator.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md index 9027af5bd..a862ecce0 100644 --- a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md +++ b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md @@ -82,19 +82,19 @@ You can also download the binaries by using the following direct links and repla === "`polkadot`" - ``` text + ``` bash curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot ``` === "`polkadot-prepare-worker`" - ``` text + ``` bash curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-prepare-worker ``` === "`polkadot-execute-worker`" - ``` text + ``` bash curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-execute-worker ``` From 1abdd59b226322ae5dd6684a0a55fd320a51fba1 Mon Sep 17 00:00:00 2001 From: 0xLucca <0xlucca.dev@gmail.com> Date: Tue, 14 Jan 2025 15:19:39 -0300 Subject: [PATCH 3/7] Add checksum verification --- .../set-up-validator.md | 23 +++++++++++++++---- variables.yml | 5 +++- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md index a862ecce0..2a4a8b8d4 100644 --- a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md +++ b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md @@ -78,26 +78,41 @@ Depending on your preference and operating system setup, there are multiple meth The preferred, most straightforward method to install the required binaries is downloading the latest versions from the official releases. You can visit the [Github Releases](https://github.com/paritytech/polkadot-sdk/releases){target=\_blank} page for the most current versions of the `polkadot`, `polkadot-prepare-worker`, and `polkadot-execute-worker` binaries. -You can also download the binaries by using the following direct links and replacing `INSERT_VERSION_NUMBER` with the version number, e.g. `v1.16.1` +You can also download the binaries by using the following direct links: === "`polkadot`" ``` bash - curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot + # Download the binary + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot + + # Verify checksum + sha256sum polkadot | diff - <(curl -sL https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot.sha256) ``` === "`polkadot-prepare-worker`" ``` bash - curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-prepare-worker + # Download the binary + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-prepare-worker + + # Verify checksum + sha256sum polkadot-prepare-worker | diff - <(curl -sL https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-prepare-worker.sha256) ``` === "`polkadot-execute-worker`" ``` bash - curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/polkadot-INSERT_VERSION_NUMBER/polkadot-execute-worker + # Download the binary + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-execute-worker + + # Verify checksum + sha256sum polkadot-execute-worker | diff - <(curl -sL https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-execute-worker.sha256) ``` +!!!warning + The checksum verification commands ensure the downloaded binaries have not been tampered with by comparing their hash against the official ones. No output from the verification commands indicates the checksums match, while any output signals a mismatch. + ### Install with Package Managers Users running Debian-based distributions like Ubuntu, or RPM-based distributions such as Fedora or CentOS can install the binaries via package managers. diff --git a/variables.yml b/variables.yml index 5038d7eeb..684374431 100644 --- a/variables.yml +++ b/variables.yml @@ -20,4 +20,7 @@ dependencies: repository_url: https://github.com/paritytech/srtool version: v0.16.0 docker_image_name: paritytech/srtool - docker_image_version: 1.62.0 \ No newline at end of file + docker_image_version: 1.62.0 + polkadot_sdk: + repository_url: https://github.com/paritytech/polkadot-sdk + version: polkadot-stable2412 \ No newline at end of file From e6c9c3f952a1c3c3ead289e6b404328f8b12c2be Mon Sep 17 00:00:00 2001 From: 0xLucca <0xlucca.dev@gmail.com> Date: Wed, 15 Jan 2025 10:38:08 -0300 Subject: [PATCH 4/7] Apply suggestions --- .../onboarding-and-offboarding/set-up-validator.md | 4 ++-- variables.yml | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md index 2a4a8b8d4..ed8871c94 100644 --- a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md +++ b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md @@ -162,10 +162,10 @@ You can also manage Polkadot installations using Ansible. This approach can be b If you prefer using Docker or an OCI-compatible container runtime, the official Polkadot Docker image can be pulled directly from Docker Hub. -To pull the latest image, run the following command. Make sure to replace `INSERT_VERSION_NUMBER` with the appropriate version number, e.g. `v1.16.1` +To pull the latest stable image, run the following command: ```bash -docker pull parity/polkadot:INSERT_VERSION_NUMBER +docker pull parity/polkadot:{{ dependencies.docker_image_version }} ``` ### Build from Sources diff --git a/variables.yml b/variables.yml index 684374431..0397108ab 100644 --- a/variables.yml +++ b/variables.yml @@ -23,4 +23,5 @@ dependencies: docker_image_version: 1.62.0 polkadot_sdk: repository_url: https://github.com/paritytech/polkadot-sdk - version: polkadot-stable2412 \ No newline at end of file + version: polkadot-stable2412 + docker_image_version: stable2412 \ No newline at end of file From 36bc02fc87ac6f1832764bac79a695ab2622e311 Mon Sep 17 00:00:00 2001 From: 0xLucca <0xlucca.dev@gmail.com> Date: Wed, 15 Jan 2025 10:56:42 -0300 Subject: [PATCH 5/7] Fix variable --- .../onboarding-and-offboarding/set-up-validator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md index ed8871c94..ddc3ed0d9 100644 --- a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md +++ b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md @@ -165,7 +165,7 @@ If you prefer using Docker or an OCI-compatible container runtime, the official To pull the latest stable image, run the following command: ```bash -docker pull parity/polkadot:{{ dependencies.docker_image_version }} +docker pull parity/polkadot:{{ dependencies.polkadot_sdk.docker_image_version }} ``` ### Build from Sources From 8332970dd6c10eb6173aaab02ef30ca32d2a05c8 Mon Sep 17 00:00:00 2001 From: 0xLucca <0xlucca.dev@gmail.com> Date: Thu, 16 Jan 2025 08:28:10 -0300 Subject: [PATCH 6/7] Verify signature --- .../set-up-validator.md | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md index ddc3ed0d9..3d0895349 100644 --- a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md +++ b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md @@ -86,8 +86,12 @@ You can also download the binaries by using the following direct links: # Download the binary curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot - # Verify checksum - sha256sum polkadot | diff - <(curl -sL https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot.sha256) + # Verify signature + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot.asc + + gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE + + gpg --verify polkadot.asc ``` === "`polkadot-prepare-worker`" @@ -96,8 +100,12 @@ You can also download the binaries by using the following direct links: # Download the binary curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-prepare-worker - # Verify checksum - sha256sum polkadot-prepare-worker | diff - <(curl -sL https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-prepare-worker.sha256) + # Verify signature + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-prepare-worker.asc + + gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE + + gpg --verify polkadot-prepare-worker.asc ``` === "`polkadot-execute-worker`" @@ -106,8 +114,12 @@ You can also download the binaries by using the following direct links: # Download the binary curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-execute-worker - # Verify checksum - sha256sum polkadot-execute-worker | diff - <(curl -sL https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-execute-worker.sha256) + # Verify signature + curl -LO https://github.com/paritytech/polkadot-sdk/releases/download/{{ dependencies.polkadot_sdk.version }}/polkadot-execute-worker.asc + + gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE + + gpg --verify polkadot-execute-worker.asc ``` !!!warning From 17ee72fd64ed9ff05482d4972b2214c2dfdde9d0 Mon Sep 17 00:00:00 2001 From: 0xLucca <0xlucca.dev@gmail.com> Date: Thu, 16 Jan 2025 08:38:25 -0300 Subject: [PATCH 7/7] Update note --- .../onboarding-and-offboarding/set-up-validator.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md index 3d0895349..7b1be8804 100644 --- a/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md +++ b/infrastructure/running-a-validator/onboarding-and-offboarding/set-up-validator.md @@ -123,7 +123,12 @@ You can also download the binaries by using the following direct links: ``` !!!warning - The checksum verification commands ensure the downloaded binaries have not been tampered with by comparing their hash against the official ones. No output from the verification commands indicates the checksums match, while any output signals a mismatch. + Signature verification cryptographically ensures the downloaded binaries are authentic and have not been tampered with by using GPG signing keys. Polkadot releases use two different signing keys: + + - ParityReleases (release-team@parity.io) with key [`90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE`](https://keyserver.ubuntu.com/pks/lookup?search=9D4B2B6EB8F97156D19669A9FF0812D491B96798&fingerprint=on&op=index){target=\_blank} for current and new releases + - Parity Security Team (security@parity.io) with key [`9D4B2B6EB8F97156D19669A9FF0812D491B96798`](https://keyserver.ubuntu.com/pks/lookup?search=90BD75EBBB8E95CB3DA6078F94A4029AB4B35DAE&fingerprint=on&op=index){target=\_blank} for old releases + + When verifying a signature, a "Good signature" message indicates successful verification, while any other output signals a potential security risk. ### Install with Package Managers