Verify Linux 7.1+ Install Files

The Linux 7.1+ sensor includes the ability to verify the sensor install files before the sensor installation.

Manifest files are added as part of CarbonBlackClientSetup-linux-<version>.tgz and CarbonBlackSensorUpgrader-linux-<version>.tar.gz. These packages come with manifest.sha256 and manifest.sha256.asc.

Procedure

Copy the following text to a file named public.asc:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQENBFMsJ4kBCACp93MIPVj1NVY7HEZm+gFtRU7lihQr+7lYIXCL59nXSaoniI/T
eihTlGTjWoJ7fTqzstA2Syt+Mmq7VecOVoR0mJgBjw1CFXlzApZI1tTnq9Iio6Xs
2fxP08n1kKXQFlG7x62Y7EjJaFAF1fcMVrHPc43CTM455tRW9V5ODETGyt9DByf3
R2w11NZgGUzonElwIKib2zUJ+XSIvIU5Go60t+BDfmJMdTtAxoyZ79b+sTl//lcq
Be0WhSX48Fn6CfFzeH84/lCPcf/i1MB5qE9Vjk6iR2Z9M4xB1YKGUZT/Z1L9yurt
bs3tpp5kSajgYrkCYaYkHY/so+E01zbQa99vABEBAAG0JWJpdDlidWlsZCAoYml0
OWNzKSA8c3VwcG9ydEBiaXQ5LmNvbT6JATgEEwECACIFAlMsJ4kCGwMGCwkIBwMC
BhUIAgkKCwQWAgMBAh4BAheAAAoJEEhbsN9qxXcER9IH/i8dg4q4cK1lLLFr8vEi
30Il/kokNCacNdBH0gPVlCiGaVRcmgC1pAZuO8HjyEhFplrWU7rRPFhdLgupN95I
rFY5CJ9r+FO99SJTkhJY7vM/4rSOVTat+ZAJgJ/lk3Q148jUK+vOhKa/9I2lys5N
g7OR0EST7fLBNigKIXgy44Zb5GjzJBAQ1vbGNuErduldrR4lIueFjk6QdbVp8SN1
kD/SgqH1rmBiCeX2YMFcudDT6YQ7DnKfzC+GtKp+Lbs2ZyYH96bIeSNKA008x95f
y0dWEsxYvrsoAvl9zIml5mg2mnLHNXiDV54ABvtPk27TKeZBxlQPWBu3TZCmNkdn
umy5AQ0EUywniQEIALtfcwslAk9pyfgj0GqznkalLrln8KsznYAtUCQUl8odtHLP
QW4puA713glzLLk+IU69SFUHYdUIl0I2VP3M9gRWuQQ7NNXaniPXF0xTCrLPPYH7
Y4d7VlK7q/Fu+qP+pobT9RV9Z0hINmm5mYeeNneCqWzFdmdOYqMp592gdqsKA9E6
M70jSZzYbL9ZVCENiCM11q+CqciddZkAN0MrOP78w7sMXpQiJ6oRTBDy43GcHf1Z
BwClePknHQ1tXrCxY4nS/+nbhNgx5U0CtZMk034Cj75+Auyen2sbsgFj889Gjxoj
SzZ2elWzKbjiC9sZJjI++ENDsH79Vi84u98tplMAEQEAAYkBHwQYAQIACQUCUywn
iQIbDAAKCRBIW7DfasV3BBYBCACMw7aKV2vsVVVQ8GSfe6gjnR5iYc+aoFpoMSRf
5keGk0Tw1s7Qx1H4CEJTBJRuSol+KHKkR+S2rqc3FfU97WnODx3xPIZlguL2+MUi
LENm8W37QIr3G3vC7Lxens+67Fr367P0clC7irJxo6I8s5R//eiUaU5y3CzrTYOz
eyS3ZaG3Bmax7EinfR0kcdGE0PuKEJ+qUPoOQPEDgqnwCrPtxou7ihzGPbWg75en
B6HS7k++N1yRGXQwRKlP2XHZjCUpkcFHZJQJwDpnphTqq+2DqJ89+wBf2cvKCfgO
v7EXr1qie7DcHDHpc1M7ZcSCqTCjbrQTb6KetUJK+WM/Uotx
=0gTd
-----END PGP PUBLIC KEY BLOCK-----

Verify manifest.sha256 by running the following command:
```
gpg --verify manifest.sha256.asc manifest.sha256
```

Use sha256sum to check each package and compare it with the checksum in manifest.sha256. For example, the content of manifest.sha256 of CarbonBlackSensorUpgrader-linux-v7.1.0.98326.tar.gz is:

ed53fa7a980342af5fcad5a5e8f2bfbdbf2f1c30fe3f8d4b8a93d8465a563bee pkgs/cbsensor-7.1.0.98326.x86_64.rpm
873c9e00fa713c8b242ef1aa8ae0316c75794980db81bc9161f17af4bf208770 pkgs/cbsysd-7.1.0.98326.x86_64.rpm
6220d0fd87bb92dd562148244948b43ec7d0de00bab68abb82caadcaaf5b41bf pkgs/cbsensor-7.1.0.98326.amd64.deb
38f7df9087a530b103d245a9b88c7b7648f934f0be98542ef677ebedc4cebe63 pkgs/cbsysd-7.1.0.98326.amd64.deb
a70bac0e80e51ffbe6386deb62754064af0560c4a0fda233a91fe736d475c4c9 upgrade.sh

Run the following command:

sha256sum pkgs/cbsensor-7.1.0.98326.x86_64.rpm

to achieve the following result:

ed53fa7a980342af5fcad5a5e8f2bfbdbf2f1c30fe3f8d4b8a93d8465a563bee pkgs/cbsensor-7.1.0.98326.x86_64.rpm