Download and verify Dojo
Continue copying and pasting the following commands in the terminal, then press ENTER.
Download over Tor developer's PGP key, and import locally:
torsocks wget http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion/vks/v1/by-fingerprint/82820715CECC657E81914847E2520B7E41F39962 && gpg --import 82820715CECC657E81914847E2520B7E41F39962
Download over Tor the latest version of Dojo from GitHub:
torsocks wget https://github.com/Dojo-Open-Source-Project/samourai-dojo/archive/refs/tags/v1.25.0.zip
Note: this command will download the latest version of Dojo, which according to according to GitHub is v1.25.0
Download over Tor the Dojo fingerprints file and PGP signed fingerprints file from GitHub:
torsocks wget https://github.com/Dojo-Open-Source-Project/samourai-dojo/releases/download/v1.25.0/samourai-dojo-1.25.0-fingerprints.txt && torsocks wget https://github.com/Dojo-Open-Source-Project/samourai-dojo/releases/download/v1.25.0/samourai-dojo-1.25.0-fingerprints.txt.sig
Verify the PGP signed fingerprints file:
gpg --verify samourai-dojo-1.25.0-fingerprints.txt.sig
✅ Successful result:
Successful verification is confirmed if the following is displayed on screen:
gpg: Signature made [date + time]
gpg: using RSA key 82820715CECC657E81914847E2520B7E41F39962
gpg: Good signature from "pajasevi@samourai.is
" [unknown]
You can safely ignore the following if displayed:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
You may continue to the next step in this guide.
❌ Unsuccessful result:
If you observe a different result to the above, stop immediately. Do not continue following this guide. Do not install Dojo. Seek advice from a community member.
Continue copying and pasting the following commands in the terminal, then press ENTER.
Hash locally the downloaded Dojo .zip file using the SHA256 hash algorithm:
sha256sum v1.25.0.zip
View the contents of the Dojo fingerprints file:
cat samourai-dojo-1.25.0-fingerprints.txt
Compare hashes:
Visually compare the SHA256 hash output carried out locally on the downloaded Dojo .zip file is an exact match of the hash stated in the Dojo fingerprints file.
✅ Successful result:
Verification is successful if the two hashes are identical. This confirms the Dojo .zip file you have downloaded is the same file publicly released by the developer in control of the signing PGP key.
Example:
You may continue to the next step in this guide.
❌ Unsuccessful result:
If these hashes do not match, stop immediately. Do not continue following this guide. Do not install Dojo. Seek advice from a community member.
Continue copying and pasting the following commands in the terminal, then press ENTER.
Unzip the downloaded file:
unzip v1.25.0.zip -d .
Create a directory for your Wallet Server called "dojo-app":
mkdir ~/dojo-app
Move the unzipped files to the new "dojo-app" directory:
mv ~/samourai-dojo-1.25.0/* ~/dojo-app/
Remove the files which are no longer required:
rm -r samourai-dojo-1.25.0 && rm v1.25.0.zip && rm samourai-dojo-1.25.0-fingerprints.txt && rm samourai-dojo-1.25.0-fingerprints.txt.sig && rm 82820715CECC657E81914847E2520B7E41F39962