+ Verifying AdGuard Home Releases

Squashed commit of the following:

commit 3e566ff88f58ebe8d8f06650c6d2eb45d3a4667d
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Aug 13 14:07:29 2020 +0300

    add to sidebar

commit 85b888e12a3916929286c5f08010d3192d096436
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Aug 13 11:50:52 2020 +0300

    minor

commit 8b26f498f88205a93376f45091d78d49b2a8cf56
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Aug 13 11:11:22 2020 +0300

    minor

commit 0bb1f5ec89dabb07053b5538caee8dcc0454c90d
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Aug 13 11:08:09 2020 +0300

    update

commit 1d838f037a13519699cbcbbc47f9fdf17676bc6f
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Aug 4 19:42:43 2020 +0300

    + Signatures for AdGuard Home binary files
Simon Zolin 2020-08-13 16:06:24 +03:00
parent 2ea0b1c58d
commit 35978b8a31
3 changed files with 52 additions and 1 deletions

@ -33,3 +33,4 @@ The wiki was just recently created, so there isn't much content (yet).
* [How to install and run AdGuard Home on a Virtual Private Server](VPS) * [How to install and run AdGuard Home on a Virtual Private Server](VPS)
* [OpenRC service-script](OpenRC) * [OpenRC service-script](OpenRC)
* [How to write hosts blocklists](Hosts-Blocklists) * [How to write hosts blocklists](Hosts-Blocklists)
* [Verifying Releases](Verify-Releases)

49
Verify-Releases.md Normal file

@ -0,0 +1,49 @@
# Verifying AdGuard Home Releases
Since AdGuard Home v0.103.4 we sign the executable files we build so you can verify they are really created by us and no one else.
Inside an archive file there's a small file with `.sig` extension which contains the signature data.
In a hypothetic situation when the binary file inside an archive is replaced by someone, you'll know that it isn't an official release from AdGuard.
## How to verify that the executable file was built by AdGuard?
1. Unpack AdGuard Home archive file
2. Import AdGuard Home public key from keyserver:
gpg --keyserver pgp.key-server.io --recv-key 1222CCA0
The above command will print:
gpg: key 9A6F0EB91222CCA0: public key "AdGuard <devteam@adguard.com>" imported
3. Verify (for UNIX):
gpg --verify AdGuardHome/AdGuardHome.sig
or for Windows:
gpg --verify AdGuardHome/AdGuardHome.exe.sig
You'll see something like this:
gpg: assuming signed data in 'AdGuardHome/AdGuardHome'
gpg: Signature made Wed 12 Aug 2020 11:06:44 PM +03
gpg: using RSA key 58D6AD46BC509C6181A22C5F9A6F0EB91222CCA0
gpg: issuer "devteam@adguard.com"
gpg: Good signature from "AdGuard <devteam@adguard.com>" [unknown]
Check:
* RSA key - must be "58D6AD46BC509C6181A22C5F9A6F0EB91222CCA0"
* name - must be "AdGuard"
* email address - must be "devteam@adguard.com"
> Note Windows users: you need to install PGP software.
## Reproducing AdGuard Home releases
git clone --branch "v0.103.3" --depth=1 "https://github.com/AdguardTeam/AdGuardHome" /tmp/adguard
cd /tmp/adguard
docker run --volume $(pwd):/build --rm --env CHANNEL=release --net=host adguard/golang-ubuntu make release
where "v0.103.3" is the AdGuard Home version you want to build.

@ -9,4 +9,5 @@
* [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi) * [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi)
* [How to install and run AdGuard Home on a Virtual Private Server](VPS) * [How to install and run AdGuard Home on a Virtual Private Server](VPS)
* [OpenRC service-script](OpenRC) * [OpenRC service-script](OpenRC)
* [How to write hosts blocklists](Hosts-Blocklists) * [How to write hosts blocklists](Hosts-Blocklists)
* [Verifying Releases](Verify-Releases)