Linux system offers two different ways to view the diff command output i.e. Context mode and unified mode.c (context): To view differences in context mode, use the -c option. Lets try to understand this with example, we have two files file1.txt and file2.txt.
Insofar I tried git diff. kompare. This does the trick but the context shown is only what is available from the.diff, not full file content. It probably would be better to be able to see full file content in the diff visualizer. I can check out a Git repository twice, export twice, and compare with a GUI diff tool (such as Kompare). The diff utility was developed in the early 1970s on the Unix operating system. Typically, diff is used to show the changes between two versions of the same file. Modern implementations also support binary files. Linux has many good GUI tools that enable you to clearly see the difference between two files or two versions of the same file.
Verification of the Monero binary files should be done prior to extracting, installing, or using the Monero software. This is the only way to ensure that you are using the official Monero software. If you receive a fake Monero binary (eg. phishing, MITM, etc.), following this guide will protect you from being tricked into using it.
To protect the integrity of the binaries the Monero team provides a cryptographically signed list of all the SHA256 hashes. If your downloaded binary has been tampered with it will be produce a different hash than the one in the file.
This is an advanced guide for Linux, Mac, or Windows operating systems and will make use of the command line. It will walk you through the process of installing the required software, importing the signing key, downloading the necessary files, and finally verifying that your binary is authentic.
Table of Contents:
1. Install GnuPG
2. Verify & Import Signing Key
- 2.3. Import Signing key
3. Download & Verify Hash File
- 3.2. Verify Hash File
4. Download & Verify Binary
Linux Binary Diff Tool
1. Installing GnuPG
- On Windows, go to the Gpg4win download page and follow the instructions for installation.
- On Mac, go to the Gpgtools download page and follow the instructions for installation.
- On Linux, GnuPG is installed by default.
2. Verify and Import Signing Key
This section will cover getting the Monero signing key, making sure it is correct, and importing the key to GnuPG.
2.1. Get Signing Key
On Windows or Mac, go to binaryFate's GPG key, which he uses to sign the Monero binaries, and save the page as
binaryfate.asc
to your home directory.On Linux, you can download binaryFate's signing key by issuing the following command:
2.2. Verify Signing Key
On all operating systems, check the fingerprint of
binaryfate.asc
by issuing the following command in a terminal:Verify the fingerprint matches:
If the fingerprint DOES match, then you may proceed.
Colt challenger serial numbers. If the fingerprint DOES NOT match, DO NOT CONTINUE. Instead delete the file
binaryfate.asc
and go back to section 2.1.2.3. Import Signing Key
From a terminal, import the signing key:
If this is the first time you have imported the key, the output will look like this:
If you have imported the key previously, the output will look like this:
Linux Compare Binary
3. Download and Verify Hash File
This section will cover downloading the hash file and verifying its authenticity.
3.1. Get Hash File
On Windows or Mac, go to the hashes file on getmonero.org and save the page as
hashes.txt
to your home directory.On Linux, you can download the signed hashes file by issuing the following command:
3.2. Verify Hash File
The hash file is signed with key
81AC 591F E9C4 B65C 5806 AFC3 F0AF 4D46 2A0B DF92
, as reflected in the output below.On all operating systems, verify the signature of the hash file by issuing the following command in a terminal:
If the file is authentic, the output will look like this:
If your output shows Good signature, as in the example, then you may proceed.
If you see BAD signature in the output, DO NOT CONTINUE. Instead delete the file
hashes.txt
and go back to section 3.1.4. Download and Verify Binary
This section will cover downloading the Monero binary for your operating system, getting the
SHA256
hash of your download, and verifying that it is correct.4.1. Get Monero binary
On Windows or Mac, go to getmonero.org and download the correct file for your operating system. Save the file to your home directory. Do not extract the files yet.
On Linux, you can download the command line tools by issuing the following command:
4.2. Binary Verification on Linux or Mac
The steps for both Linux and Mac are the same. From a terminal, get the
SHA256
hash of your downloaded Monero binary. As an example this guide will use the Linux, 64bit
GUI binary. Substitute monero-gui-linux-x64-v0.15.0.1.tar.bz2
with the name of the binary that you downloaded in section 4.1.The output will look like this, but will be different for each binary file. Your
SHA256
hash should match the one listed in the hashes.txt
file for your binary file.If your hash DOES match, then you are finished with the guide! You can extract the files and install.
If your hash DOES NOT match, DO NOT CONTINUE. Instead delete the binary you downloaded and go back to section 4.1.
4.3. Binary Verification on Windows
From a terminal, get the
SHA256
hash of your downloaded Monero binary. As an example this guide will use the Windows, 64bit
GUI binary. Substitute monero-gui-win-x64-v0.15.0.1.zip
with the name of the binary that you downloaded in section 4.1.The output will look like this, but will be different for each binary file. Your
SHA256
hash should match the one listed in the hashes.txt
file for your binary file.If your hash DOES match, then you are finished with the guide! You can extract the files and install.
If your hash DOES NOT match, DO NOT CONTINUE. Instead delete the binary you downloaded and go back to section 4.1.
A Binary diff security update has been released for Gentoo Linux.Ubuntu Diff Gui
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-44
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Binary diff: Heap-based buffer overflow
Date: March 19, 2020
Bugs: #701848
ID: 202003-44
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
A heap-based buffer overflow in Binary diff might allow remote
attackers to execute arbitrary code.
Background
bsdiff and bspatch are tools for building and applying patches to
binary files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-util/bsdiff < 4.3-r4 >= 4.3-r4
Description
It was discovered that the implementation of bspatch did not check for
a negative value on numbers of bytes read from the diff and extra
streams.
Impact
A remote attacker could entice a user to apply a specially crafted
patch using bspatch, possibly resulting in execution of arbitrary code
with the privileges of the process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Binary diff users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-util/bsdiff-4.3-r4'
References
[ 1 ] CVE-2014-9862
https://nvd.nist.gov/vuln/detail/CVE-2014-9862
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-44
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5