Lightning Terminal v0.5.0-alpha

Release Notes

This release of Lightning Terminal (LiT) includes some minor bug fixes, and updates the version of lnd package in the integrated mode to the latest version (v0.13.0).

We'll be continuously working to improve the user experience based on feedback from the community.

This release packages LND v0.13.0-beta, Loop v0.14.1-beta, Pool v0.5.0-alpha, and Faraday v0.2.6-alpha.

Installation and configuration instructions can be found in the README.

Changelog

1. Update lnd related dependancies to latest major releases.
2. Add link in README to more detailed installation instructions.
3. Pool UI: bug fix to ensure input numbers isn't being truncated
4. A new issue template has been added for the project.
5. The Go standard library is now used to embed the static assets instead of statik.
6. The default admin macaroon location should now be working again.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import roasbeef's key from keybase:

curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-roasbeef-v0.5.0-alpha.sig and manifest-v0.5.0-alpha.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.5.0-alpha.sig manifest-v0.5.0-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Mon Jun 21 15:14:50 2021 PDT
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.4.1-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.5.0-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-roasbeef-v0.5.0-alpha.sig.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-roasbeef-v0.5.0-alpha.sig.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Jamal James
Justin O'Brien
Olaoluwa Osuntokun
Oliver Gugger
keblek

Lightning Terminal v0.4.1-alpha

Release Notes

This release of Lightning Terminal (LiT) includes a couple of UI bug fixes as well as the long-awaited remote modes for the faraday, loopd and poold daemons.

We'll be continuously working to improve the user experience based on feedback from the community.

This release packages LND v0.12.1-beta, Loop v0.11.4-beta, Pool v0.4.4-alpha, and Faraday v0.2.3-alpha.

Installation and configuration instructions can be found in the README.

Changelog

1. Loop UI: Fix dismiss swap icon not working (#194)
2. Loop UI: Display swap failure reason on History page (#193)
3. Pool UI: Display trader key and close button in account panel (#191)
4. Pool UI: Display warning if user has no channels (#190)
5. Fix main lnd port usage bug introduced in #179 (#189)
6. Bump lnd to v0.12.1-beta, Loop to v0.11.4-beta and Pool to v0.4.4-alpha, bump Docker files to compile with go v1.16.0 (#186)
7. Fix duplicate phrasing in UI text (#182)
8. Add remote modes for the faraday, loopd and poold daemons (#179)

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-guggero-v0.4.1-alpha.sig and manifest-v0.4.1-alpha.txt are in the current directory) with:

gpg --verify manifest-guggero-v0.4.1-alpha.sig manifest-v0.4.1-alpha.txt

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.4.1-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.4.1-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-guggero-v0.4.1-alpha.sig.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-guggero-v0.4.1-alpha.sig.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Alex Bosworth
Jamal James
Oliver Gugger

Lightning Terminal v0.4.0-alpha

Release Notes

This release of Lightning Terminal (LiT) includes an early preview release of our new UI for Pool. With it, you can easily see the history of batches in a chart or list view. You can create, fund and renew your account, as well as submit and cancel your orders with just a few clicks. We'll be continuously working to improve the user experience based on feedback from the community.

This release packages LND v0.12.0-beta, Loop v0.11.2-beta, Pool v0.4.3-alpha, and Faraday v0.2.3-alpha.

Installation and configuration instructions can be found in the README.

Changelog

1. Add lnd v0.12.0-beta compatibility, allow single macaroon (#172)
2. Docs: multiple small fixes (#173)
3. GitHub: use vendored actions for steps with sensitive info (#174)
4. Pool UI (preview) (#175)
5. Add Pool user agent (#176)

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.4.0-alpha.txt.asc is in the current directory) with:

gpg --verify manifest-v0.4.0-alpha.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.4.0-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.4.0-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.4.0-alpha.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.4.0-alpha.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Jamal James
Oliver Gugger

Lightning Terminal v0.3.4-alpha

Release Notes

This is a minor update of Lightning Terminal (LiT) with updates to the packaged Loop client and new ARM 64bit docker images.

This release packages LND v0.11.1-beta, Loop v0.11.2-beta, Pool v0.3.4-alpha, and Faraday v0.2.2-alpha.

Installation and configuration instructions can be found in the README.

Changelog

1. Allow an additional non-TLS listening address to be specified for use with Tor hidden services: #163.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.3.4-alpha.txt.asc is in the current directory) with:

gpg --verify manifest-v0.3.4-alpha.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.3.4-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.3.4-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.3.4-alpha.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.3.4-alpha.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Oliver Gugger

Lightning Terminal v0.3.3-alpha

Release Notes

This is a minor update of Lightning Terminal (LiT) with updates to the packaged Loop client and new ARM 64bit docker images.

This release packages LND v0.11.1-beta, Loop v0.11.2-beta, Pool v0.3.4-alpha, and Faraday v0.2.2-alpha.

Installation and configuration instructions can be found in the README.

Changelog

1. Update Loop to version v0.11.2-beta which includes updates to autoloop: #161
2. Update automated docker image build to also build ARM 64bit compatible images: #158
3. Update proto file compilation to pull in proto definitions from GitHub: #159

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.3.3-alpha.txt.asc is in the current directory) with:

gpg --verify manifest-v0.3.3-alpha.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.3.3-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.3.3-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.3.3-alpha.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.3.3-alpha.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Jamal James
Oliver Gugger

Lightning Terminal v0.3.2-alpha

Release Notes

This is a minor update of Lightning Terminal (LiT) with some bug fixes and updates to the packaged projects!

This release packages LND v0.11.1-beta, Loop v0.11.1-beta, Pool v0.3.4-alpha, and Faraday v0.2.2-alpha.

Installation and configuration instructions can be found in the README.

Changelog

1. Update Pool to version v0.3.4-alpha which includes important bug fixes: #157
2. Update Dockerfile to use go v1.15 which includes security fixes: #151
3. Add production Dockerfile and build every release on GitHub, pushing official images to Docker Hub: #153
4. Update JavaScript build dependency lodash: #149

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.3.2-alpha.txt.asc is in the current directory) with:

gpg --verify manifest-v0.3.2-alpha.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.3.2-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.3.2-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.3.2-alpha.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.3.2-alpha.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Oliver Gugger
Stefan Lesicnik

Lightning Terminal v0.3.1-alpha

Release Notes

This is a minor update of Lightning Terminal (LiT) with some bug fixes and updates to the packaged projects!

This release packages LND v0.11.1-beta, Loop v0.11.1-beta, Pool v0.3.3-alpha, and Faraday v0.2.2-alpha.

Installation and configuration instructions can be found in the README.

Changelog

1. Update Loop to version v0.11.1-beta.
2. Update Pool to version v0.3.3-alpha.
3. Mention the new lnd-mode=integrated flag in the docs where we describe the upgrade process from pre-0.3.0 versions.
4. Fix a connection timeout issue (#140 and #144 that caused long-running calls or streaming responses to be cut off after 10 seconds.
5. Build release binaries with go1.15.5 to patch recent security issue.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.3.1-alpha.txt.asc is in the current directory) with:

gpg --verify manifest-v0.3.1-alpha.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.3.1-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.3.1-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.3.1-alpha.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.3.1-alpha.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Duck Nebuchadnezzar
Oliver Gugger
Stefan Lesicnik

Lightning Terminal v0.3.0-alpha

Release Notes

This is the third major update of Lightning Terminal (LiT)!

This release packages LND v0.11.1-beta, Loop v0.11.0-beta, Pool v0.3.2-alpha, and Faraday v0.2.2-alpha.

Installation and configuration instructions can be found in the README.

Integration of the Lightning Pool trader daemon

With this release we integrate the Lightning Pool trader daemon to be run alongside Loop, Faraday and the UI.

There is no GUI functionality for Pool available yet (though this is being worked on) but if you're already running LiT then upgrading to this version is the
easiest way to get Pool running as no additional configuration is needed to start trading channel leases!

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.3.0-alpha.txt.asc is in the current directory) with:

gpg --verify manifest-v0.3.0-alpha.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.3.0-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.3.0-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.3.0-alpha.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.3.0-alpha.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Oliver Gugger

Lightning Terminal v0.2.0-alpha

Release Notes

This is the second major update of Lightning Terminal (LiT)!

This release packages LND v0.11.1-beta, Loop v0.10.0-beta, and Faraday v0.2.1-alpha.

Installation and configuration instructions can be found in the README.

Remote lnd support

This is the main new feature of this release: We now support connecting LiT to an existing lnd node that's either running on a remote or local host.

Users of LiT now have two main modes to run the terminal in: The "integrated lnd" or the "remote lnd" mode. Depending on that decision, the command line flags or configuration options that need to be set are substantially different.

Breaking changes

LiT now always uses its own configuration file, by default located in ~/.lit/lit.conf. If you used a previous version of LiT, please move the adjusted lnd.conf (where you added all the lnd. prefixes) to that file.

Also please take a look at the configuration examples and explanations here.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.2.0-alpha.txt.asc is in the current directory) with:

gpg --verify manifest-v0.2.0-alpha.txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.0-alpha.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.0-alpha

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.2.0-alpha.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.2.0-alpha.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Jamal James
Justin O'Brien
Oliver Gugger

Lightning Terminal v0.2.0-alpha RC4

Release Notes

This is the second public release candidate of the first major update of Lightning Terminal (LiT)!

This release packages LND v0.11.1-beta, Loop v0.9.0-beta, and Faraday v0.2.1-alpha.

Installation and configuration instructions can be found in the README.

Changes since RC3

• The default mode is now set to "remote".
• In "remote" mode, LiT now assumes default settings to connect to lnd. That allows LiT to be started with minimal configuration settings or command line flags if the lnd node it should connect to is running on the same host and uses default settings.
• LiT now shows useful information about the lnd node it is connected to on startup as well as the address where the UI can be reached at.

Remote lnd support

This is the main new feature of this release: We now support connecting LiT to an existing lnd node that's either running on a remote or local host.

Users of LiT now have two main modes to run the terminal in: The "integrated lnd" or the "remote lnd" mode. Depending on that decision, the command line flags or configuration options that need to be set are substantially different.

Breaking changes

LiT now always uses its own configuration file, by default located in ~/.lit/lit.conf. If you used a previous version of LiT, please move the adjusted lnd.conf (where you added all the lnd. prefixes) to that file.

Also please take a look at the configuration examples and explanations here.

Testers

Note that this is a pre-release of a branch that is not yet merged into the master branch and hasn't been fully reviewed. The goal of this pre-release is to get feedback on the user friendliness of the new command line flags/config options for the remote mode is appreciated.

Please take a look at the docs and examples linked above and also the full output of litd --help and let us know if you are able to operate LiT in the desired mode with the documentation that is available.

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import guggero's key from keybase:

curl https://keybase.io/guggero/pgp_keys.asc | gpg --import

Once you have his PGP key you can verify the release (assuming manifest-v0.2.0-alpha.rc3.txt.asc is in the current directory) with:

gpg --verify manifest-v0.2.0-alpha.rc34txt.asc

You should see the following if the verification was successful:

gpg: Signature made Mi 29 Jul 2020 14:59:19 CEST
gpg:                using RSA key 6E01EEC9656903B0542B8F1003DB6322267C373B
gpg: Good signature from "Oliver Gugger <[email protected]>" [ultimate]

That will verify the signature on the main manifest page which ensures integrity and authenticity of the binaries you've downloaded locally. Next, depending on your operating system you should then re-calculate the sha256 sum of the binary, and compare that with the following hashes:

cat manifest-v0.2.0-alpha.rc4.txt

One can use the shasum -a 256 <file name here> tool in order to re-compute the sha256 hash of the target binary for your operating system. The produced hash should be compared with the hashes listed above and they should match exactly.

Finally, you can also verify the tag itself with the following command:

git verify-tag v0.2.0-alpha.rc4

Verifying the Release Timestamp

From this new version onwards we'll also now timestamp the manifest file with OpenTimeStamps along with its signature. A new file is now included along with the rest of our release artifacts: manifest-v0.2.0-alpha.rc4.txt.asc.ots.

Assuming you have the opentimestamps client installed locally, the timestamps can be verified with the following command:

ots verify manifest-v0.2.0-alpha.rc4.txt.asc.ots

These timestamps should give users confidence in the integrity of this release even after the key that signed the release expires.

Contributors (Alphabetical Order)

Jamal James
Oliver Gugger