As we move towards the first binary release of the project, I’d like to propose standardizing the artifacts layout of Grin releases to enable automated secure verification of new releases and in turn automated secure upgrades of Grin nodes. A good example of what would be nice to see can be found in the btcd/decred projects.
Basically:
- a public gpg key needs to be distributed via a channel (or multiple), eg. a key server
- a txt file with the hashes of all binary artifacts that comprise a grin release is included in the release tarball. The content of the txt file needs to use a standard format eg. hash binary-name\n for every binary.
- a txt.asc file which is signed with the gpg private key that corresponds to the public key in 1.
- a tarball that includes all grin binaries + txt file with hashes + txt.asc is released on github
A user who wants to verify the release needs to:
- import the gpg key
- download the tarball
- check that the hashes match
- verify the txt.asc signature
If the names of the files in the tarball and the format of the txt file are stable, install and upgrade of Grin can be easily automated and eventually the whole process above can be hidden away from end users via an installer/sidecar process.