Hash verification
You may want to verify the authenticity and integrity of the application, deployed on IPFS.
It can be done by CID (hash) verifying. In order to do so, you will need to download the source code of the application and build it locally.
See the detailed instructions below.
Steps
Lido Ethereum Staking Widget is taken as example here.
Prerequisites
You will need these tools installed in your system:
- Node.js 20+
- Yarn package manager v1 (classic)
Alternatively, you can use Docker to set up a building environment; read the sections below for the instructions.
1. Clone the repository
The repo for Ethereum Staking Widget is here: https://github.com/lidofinance/ethereum-staking-widget
2. Git checkout a commit, matching the IPFS version
You need to git checkout
the specific commit, matching the release of an app you want to verify.
This way, you can be sure that the app will not include any other changes, which affect the CID.
There are several ways to do it.
Method 1 – using git tags
Each released version has its own git tag, one can use it for git checkout.
- Open the app in your browser and check the right side of its footer. There will be a version number, which is actually a link to a Releases page on GitHub.
- Run
git fetch --all --tags --prune
to fetch all tags. - Run
git checkout tags/<version>
, where<version>
is the version from step 1.
Method 2 – searching on the GitHub Release page
- Open the Releases page of the project's repository on GitHub. For Ethereum Staking Widget it is here.
- Search manually for the latest release, where IPFS pinning happened.
- Look for the commit hash near the release information.
- Run
git checkout <hash>
, where<hash>
is the commit hash from the previous step.