¶ Verifying RoninOS
Verifying the Operating System you download is important to protect you from malicious actors. The steps below will verify that the RoninOS image you download was produced by the developer you think produced it, and will also ensure the contents of the file you download match exactly the contents of the file produced by the developer.
You will need the list of RoninDojo developer PGP keys. Generally the RoninOS images will be signed by s2l1 or BTCxZelko. If you aren't sure contact us via the RoninDojo Chatroom for clarity.
¶ Linux + Mac
- Download the following, and ensure they are in a single folder (default Downloads folder preferably):
- RoninOS image file
(ending .img.gz) - Signed hash verification file
(ending .asc)
- Image may be signed by either developer Zelko or dev s2l1. Import both developers' public PGP key to your machine.
- Open terminal window. For s2l1's key, enter:
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys A41929893E692B32
- For BTCxZelko's key, enter:
gpg --recv-keys 7805F9879A5D4034F2B2D2F99818F379C1E4B25F
- Open the terminal in the directory of the saved files, then run the following command (amending it as necessary to suit the file name you have downloaded):
cd /$HOME/Downloads && gpg --decrypt RoninOS_2.0.2.img.gz.sha256.asc
- In the output look for:
- Hash value for RoninOS_2.0.2.img.gz
a280a0bf5a4e854329cba7c04b06e27076af29b1ffa6f9b449409e36f81594b6 - gpg: Good signature from s2l1 (or BTCxZelko).
"Good signature" needed before proceeding. This verifies that the key publically shared by s2l1 or BTCxZelko is the same one that has signed the .asc verification file
- If you get BAD signature/mismatched fingerprints do not proceed and contact our Support Service or post about it in the RoninDojo Chatroom.
- Calculate the hash fingerprint of the RoninOS image by running the following command (amending it as necessary to suit the file name you have downloaded):
sha256sum RoninOS_2.0.2.img.gz
- You should get output similar to the example below:
- Compare the output from step 6 with the output from step 4.
- If the hashes match, you have sucessfully verified the downloaded RoninOS file has not been tampered. You can now proceed with your RoninDojo installation, safe in the knowledge that the software you have downloaded is an exact match to the one produced by the RoninDojo developer team.
¶ Windows
- Download the following, and ensure they are in a single folder (default Downloads folder preferably):
- RoninOS image file
(ending .img.gz) - Signed hash verification file
(ending .asc)
- Download GPG4Win and run the install, then open the command prompt.
- Make sure keyring is created by running the command:
gpg --list-keys
- Image may be signed by either developer Zelko or dev s2l1. Import both developers' public PGP key to your machine.
- Open terminal window. For s2l1's key, enter:
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys A41929893E692B32
- For BTCxZelko's key, enter:
gpg --recv-keys 7805F9879A5D4034F2B2D2F99818F379C1E4B25F
- Then run command:
cd C:\Users\%USERNAME%\Downloads && gpg --decrypt RoninOS_2.0.2.img.gz.sha256.asc
- In the output look for:
- Hash value for RoninOS_2.0.2.img.gz
a280a0bf5a4e854329cba7c04b06e27076af29b1ffa6f9b449409e36f81594b6 - gpg: Good signature from s2l1 (or BTCxZelko).
"Good signature" needed before proceeding. This verifies that the key publically shared by s2l1 or BTCxZelko is the same one that has signed the .asc verification file
- If you get BAD signature/mismatched fingerprints do not proceed and contact our Support Service or post about it in the RoninDojo Chatroom.
- Calculate the hash of the original
RoninOS_2.0.2.img.gzfile by running the following command:
certutil -hashfile *.img.gz sha256
- You must replace the
*asterix above with the full name of the file. For example:
certutil -hashfile RoninOS_2.0.2.img.gz sha256
- Compare the output from step 8 with the output from step 6
- Both outputs should match.
- Expected hash is
a280a0bf5a4e854329cba7c04b06e27076af29b1ffa6f9b449409e36f81594b6
- If the hashes match you have sucessfully verified the downloaded RoninOS file has not been tampered. You can now proceed with your RoninDojo installation, safe in the knowledge that the software you have downloaded is an exact match to the one produced by the RoninDojo developer team.
¶ Building RoninOS
If you want to build your own image, then please see our RoninOS Repository along with Armbian build page first for more info.
Requirements:
- Basic command line knowledge
- x86/x64 machine running any OS; at least 4G RAM, SSD, quad core (recommended)
- VirtualBox or similar virtualization software (highly recommended with a minimum of 25GB hard disk space for the virtual disk image)
- The officially supported compilation environment is Ubuntu Jammy 22.04.x amd64
- Ubuntu Focal can be used for building Bionic, Focal and Buster images as well, unsupported though
binfmt_misckernel module (some ubuntu-cloud images do not have this module. Switch to a generic kernel if that is the case.)- Installed basic system, OpenSSH and Samba (optional)
- No spaces in full path to the build script location allowed
- Superuser rights (configured sudo or root shell)
¶ Additional Info
Check out the Troubleshooting page for more info.
Join the RoninDojo Chatroom and engage the community.