Mithril v2306.0

What's Changed

• Fix API version sent in wrong header by @jpraynaud in #712
• Update dependencies by @jpraynaud in #715
• Create Era Checker by @jpraynaud in #711
• Reorganize mithril-stm multi_sig.rs by @curiecrypt in #719
• Add security policy by @jpraynaud in #728
• Update Cardano node to 1.35.5 by @jpraynaud in #726
• add era reader by @ghubertpalo in #720
• Add new signer in 'testing-preview' by @jpraynaud in #731
• Implement Era Reader on chain adapter by @jpraynaud in #721

Full Changelog: 2304.1...2306.0

Crates Versions

Crate	Version
mithril-aggregator	0.2.12
mithril-client	0.2.7
mithril-common	0.2.12
mithril-signer	0.2.9
mithril-stm	0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2306.0-prerelease

What's Changed

• Fix API version sent in wrong header by @jpraynaud in #712
• Update dependencies by @jpraynaud in #715
• Create Era Checker by @jpraynaud in #711
• Reorganize mithril-stm multi_sig.rs by @curiecrypt in #719
• Add security policy by @jpraynaud in #728
• Update Cardano node to 1.35.5 by @jpraynaud in #726
• add era reader by @ghubertpalo in #720
• Add new signer in 'testing-preview' by @jpraynaud in #731
• Implement Era Reader on chain adapter by @jpraynaud in #721

Full Changelog: 2304.1...2306.0-prerelease

Crates Versions

Crate	Version
mithril-aggregator	0.2.12
mithril-client	0.2.7
mithril-common	0.2.12
mithril-signer	0.2.9
mithril-stm	0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2304.1

What's Changed

• Mithril Network Update ADR by @ghubertpalo in #676
• Update PR template by @jpraynaud in #680
• Upgrade devnet to Cardano 1.35.4 by @jpraynaud in #667
• Fix make build portable by @jpraynaud in #685
• Update build documentation by @jpraynaud in #682
• Update docs current version by @jpraynaud in #686
• Update dependencies by @jpraynaud in #683
• Fix make errors from root by @jpraynaud in #684
• Accelerate end to end test execution by @jpraynaud in #692
• 689 Signer Register Message by @ghubertpalo in #691
• Fix make errors from root v2 by @jpraynaud in #687
• [693] register signature message by @ghubertpalo in #694
• [695] add epoch settings message & adapter by @ghubertpalo in #700
• Add snapshot message and adapter by @jpraynaud in #702
• Add certificate message and adapter by @jpraynaud in #701
• [705] Api version enforcement update by @Alenar in #706
• Greg/696/certificate pending message by @ghubertpalo in #704
• Add snapshot list message and adapter by @jpraynaud in #703
• Add link to the Mithril explorer by @Proxiweb in #713
• Fix clippy warnings from Rust 1.67.0 by @jpraynaud in #714
• Fix signer unable to sign with 2304.0 prerelease by @jpraynaud in #717

New Contributors

• @Proxiweb made their first contribution in #713

Full Changelog: 2302.0...2304.1

Crates Versions

Crate	Version
mithril-aggregator	0.2.10
mithril-client	0.2.6
mithril-common	0.2.9
mithril-signer	0.2.7
mithril-stm	0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2304.1-prerelease

What's Changed

• Mithril Network Update ADR by @ghubertpalo in #676
• Update PR template by @jpraynaud in #680
• Upgrade devnet to Cardano 1.35.4 by @jpraynaud in #667
• Fix make build portable by @jpraynaud in #685
• Update build documentation by @jpraynaud in #682
• Update docs current version by @jpraynaud in #686
• Update dependencies by @jpraynaud in #683
• Fix make errors from root by @jpraynaud in #684
• Accelerate end to end test execution by @jpraynaud in #692
• 689 Signer Register Message by @ghubertpalo in #691
• Fix make errors from root v2 by @jpraynaud in #687
• [693] register signature message by @ghubertpalo in #694
• [695] add epoch settings message & adapter by @ghubertpalo in #700
• Add snapshot message and adapter by @jpraynaud in #702
• Add certificate message and adapter by @jpraynaud in #701
• [705] Api version enforcement update by @Alenar in #706
• Greg/696/certificate pending message by @ghubertpalo in #704
• Add snapshot list message and adapter by @jpraynaud in #703
• Add link to the Mithril explorer by @Proxiweb in #713
• Fix clippy warnings from Rust 1.67.0 by @jpraynaud in #714
• Fix signer unable to sign with 2304.0 prerelease by @jpraynaud in #717

New Contributors

• @Proxiweb made their first contribution in #713

Full Changelog: 2302.0...2304.1-prerelease

Crates Versions

Crate	Version
mithril-aggregator	0.2.10
mithril-client	0.2.6
mithril-common	0.2.9
mithril-signer	0.2.7
mithril-stm	0.2.2

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2304.0-prerelease

What's Changed

• Mithril Network Update ADR by @ghubertpalo in #676
• Update PR template by @jpraynaud in #680
• Upgrade devnet to Cardano 1.35.4 by @jpraynaud in #667
• Fix make build portable by @jpraynaud in #685
• Update build documentation by @jpraynaud in #682
• Update docs current version by @jpraynaud in #686
• Update dependencies by @jpraynaud in #683
• Fix make errors from root by @jpraynaud in #684
• Accelerate end to end test execution by @jpraynaud in #692
• 689 Signer Register Message by @ghubertpalo in #691
• Fix make errors from root v2 by @jpraynaud in #687
• [693] register signature message by @ghubertpalo in #694
• [695] add epoch settings message & adapter by @ghubertpalo in #700
• Add snapshot message and adapter by @jpraynaud in #702
• Add certificate message and adapter by @jpraynaud in #701
• [705] Api version enforcement update by @Alenar in #706
• Greg/696/certificate pending message by @ghubertpalo in #704
• Add snapshot list message and adapter by @jpraynaud in #703

Full Changelog: 2302.0...2304.0-prerelease

Crates Versions

Crate	Version
mithril-aggregator	0.2.8
mithril-client	0.2.5
mithril-common	0.2.8
mithril-signer	0.2.6
mithril-stm	0.2.1

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2302.0

What's Changed

• Extract signer registration from muti-signer in Aggregator by @jpraynaud in #655
• Fix clippy warnings from Rust 1.66.0 by @jpraynaud in #657
• Update dependencies by @jpraynaud in #659
• check API version by @ghubertpalo in #641
• Optimize snapshot digest computation by @Alenar in #652
• Simplify epoch offset computations by @Alenar in #661
• Remove test lab monitor & aggregator-server by @Alenar in #660
• Decommission signer registration with declarative PoolId by @jpraynaud in #653
• Fix badge workflow CI status in README by @jpraynaud in #664
• Deactivate uncertified signers in networks by @jpraynaud in #666
• Add MithrilFixture builder by @Alenar in #670
• Batch verify by @iquerejeta in #531
• Update kes by @iquerejeta in #674
• Update crates version 2302 by @jpraynaud in #679

Full Changelog: 2250.1...2302.0

Crates Versions

Crate	Version
mithril-aggregator	0.2.1
mithril-client	0.2.1
mithril-common	0.2.1
mithril-signer	0.2.1
mithril-stm	0.2.1

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2302.0-prerelease

What's Changed

• Extract signer registration from muti-signer in Aggregator by @jpraynaud in #655
• Fix clippy warnings from Rust 1.66.0 by @jpraynaud in #657
• Update dependencies by @jpraynaud in #659
• check API version by @ghubertpalo in #641
• Optimize snapshot digest computation by @Alenar in #652
• Simplify epoch offset computations by @Alenar in #661
• Remove test lab monitor & aggregator-server by @Alenar in #660
• Decommission signer registration with declarative PoolId by @jpraynaud in #653
• Fix badge workflow CI status in README by @jpraynaud in #664
• Deactivate uncertified signers in networks by @jpraynaud in #666
• Add MithrilFixture builder by @Alenar in #670
• Batch verify by @iquerejeta in #531
• Update kes by @iquerejeta in #674
• Update crates version 2302 by @jpraynaud in #679

Full Changelog: 2250.1...2302.0-prerelease

Crates Versions

Crate	Version
mithril-aggregator	0.2.1
mithril-client	0.2.1
mithril-common	0.2.1
mithril-signer	0.2.1
mithril-stm	0.2.1

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2250.1

What's Changed

• Update dependencies by @jpraynaud in #634
• Add test-client workflow by @Alenar in #632
• Remove certificate creation responsability from the multi-signer by @Alenar in #639
• Start blog post describing release process by @abailly-iohk in #533
• Add a verified signer to 'pre-release-preview' by @jpraynaud in #640
• GPG sign distribution artifacts by @jpraynaud in #630
• Fix sign distribution CI by @jpraynaud in #644
• Fix sign distribution CI v2 by @jpraynaud in #645
• Fix verify signature links in release notes by @jpraynaud in #646
• Add a verified signer to 'release-preprod' by @jpraynaud in #647
• Fix Cardano relay node topology configuration by @jpraynaud in #649
• Add query KES period info for test SPOs by @jpraynaud in #648
• Simplify signature by @iquerejeta in #620
• Update crates version 2250 by @jpraynaud in #654
• Fix protocol parameters transition by @jpraynaud in #650
• Upgrade instances capacity infrastructure by @jpraynaud in #656

Full Changelog: 2248.1...2250.1

Crates Versions

Crate	Version
mithril-aggregator	0.2.0
mithril-client	0.2.0
mithril-common	0.2.0
mithril-signer	0.2.0
mithril-stm	0.2.0

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2250.1-prerelease

What's Changed

• Update dependencies by @jpraynaud in #634
• Add test-client workflow by @Alenar in #632
• Remove certificate creation responsability from the multi-signer by @Alenar in #639
• Start blog post describing release process by @abailly-iohk in #533
• Add a verified signer to 'pre-release-preview' by @jpraynaud in #640
• GPG sign distribution artifacts by @jpraynaud in #630
• Fix sign distribution CI by @jpraynaud in #644
• Fix sign distribution CI v2 by @jpraynaud in #645
• Fix verify signature links in release notes by @jpraynaud in #646
• Add a verified signer to 'release-preprod' by @jpraynaud in #647
• Fix Cardano relay node topology configuration by @jpraynaud in #649
• Add query KES period info for test SPOs by @jpraynaud in #648
• Simplify signature by @iquerejeta in #620
• Update crates version 2250 by @jpraynaud in #654
• Fix protocol parameters transition by @jpraynaud in #650
• Upgrade instances capacity infrastructure by @jpraynaud in #656

Full Changelog: 2248.1...2250.1-prerelease

Crates Versions

Crate	Version
mithril-aggregator	0.2.0
mithril-client	0.2.0
mithril-common	0.2.0
mithril-signer	0.2.0
mithril-stm	0.2.0

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️

Mithril v2250.0-prerelease

What's Changed

• Update dependencies by @jpraynaud in #634
• Add test-client workflow by @Alenar in #632
• Remove certificate creation responsability from the multi-signer by @Alenar in #639
• Start blog post describing release process by @abailly-iohk in #533
• Add a verified signer to 'pre-release-preview' by @jpraynaud in #640
• GPG sign distribution artifacts by @jpraynaud in #630
• Fix sign distribution CI by @jpraynaud in #644
• Fix sign distribution CI v2 by @jpraynaud in #645
• Fix verify signature links in release notes by @jpraynaud in #646
• Add a verified signer to 'release-preprod' by @jpraynaud in #647
• Fix Cardano relay node topology configuration by @jpraynaud in #649
• Add query KES period info for test SPOs by @jpraynaud in #648
• Simplify signature by @iquerejeta in #620
• Update crates version 2250 by @jpraynaud in #654

Full Changelog: 2248.1...2250.0-prerelease

Crates Versions

Crate	Version
mithril-aggregator	0.2.0
mithril-client	0.2.0
mithril-common	0.2.0
mithril-signer	0.2.0
mithril-stm	0.2.0

Verify the authenticity of a downloaded asset

Detailed procedure to verify an asset

• Step 1: Identify the downloaded asset on your computer YOUR_ASSET_FILE
• Step 2: Download the signed checksum file from this link CHECKSUM.asc and save it in the same folder as the asset
• Step 3: In your terminal, go to the asset folder by running:

cd ***YOUR_ASSET_FOLDER***

• Step 4: Then verify the checksum of the asset by running:

sha256sum -c ./CHECKSUM.asc 2>/dev/null | grep ***YOUR_ASSET_FILE***

You must see:

./***YOUR_ASSET_FILE***: OK

• Step 5: Download the public key file from this link gpg-public.key and save it in the same folder as the asset
• Step 6: Then import the GPG public key:

gpg --import ./gpg-public.key

You must see something like:

gpg: key : public key "Input Output / Mithril <mithril@iohk.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

• Step 7: Then verify the GPG signature of the checksum file:

gpg --verify ./gpg-public.key ./CHECKSUM.asc

You must see something like:

gpg: Signature made Mon 05 Dec 2022 04:53:54 PM CET
gpg:                using RSA key 35EDE9D47BBA62A2F388E655899ACD26B8BCA0D2
gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 35ED E9D4 7BBA 62A2 F388  E655 899A CD26 B8BC A0D2

The signature is valid if and only if:

• there is a line with gpg: Good signature from "Input Output / Mithril <mithril@iohk.io>"
• there is a line with Primary key fingerprint: 2AC0 7B11 8B23 1443 F544 2D0C 6E2C 1160 3E79 0021

• Step 8:
  If you successfully validated all the steps of this process, then you have successfully verified the authenticity of the asset ✔️
  If not, contact us at [mithril@iohk.io] and let us know of the outcome of your run of this process ⚠️