Set up environment for verifying downloads; install Scripts directory
To set up the environment for verifying downloaded artifacts, you will need the GnuPG toolkit (which may already be installed, see comments in code block, below).
Each tranSMART Foundation release artifact (see http://library.transmartfoundation.org/release/release16_1_0.html ) will be downloaded and verified by the install Script. Once you made the necessary setup (this code block) and downloaded, verified, and installed the Scripts folder (the next code block), then the scripts will be able to download, verify, and install all of the other artifacts. In particular, to set up for verification, you must declare your trust in one or more of the signers of the tranSMART Foundation key; which was used to sign the signature file (called a 'detached signature') of all of the artifacts. We each generated a personal key, and each signed the tranSMART Foundation key with our personal key: Terry Weymouth, Peter Rice, John O'Hara, Keith Nangle.
In this process (the 'Set up for verification' code block, directly below) you will need to declare your trust in the person/personal-key of one or more of the signers of the tranSMART Foundation key, You will use the following information:
|51771D67||38F7 51E9 9525 32C8 A11D DA8F EA1D 335C 5177 1D67||Personal key: Terry Weymouth|
|B71F5D78||C85D A36B 5E03 4D9C CF5C E270 743B 28C7 B71F 5D78||Personal key: Peter Rice|
|178A3631||7DFD 03EA 25CC A22E 99C5 A55B 4EA6 5167 178A 3631||Personal key: John O'Hara|
|159B600C||FDEC 9561 10D8 3519 B45A F570 6268 396B 159B 600C|
Personal key: Keith Nangle
|ACC50501||79CB 8244 E273 7855 274A 55CE A3EE 8EF2 ACC5 0501||tranSMART Foundation signing key|
The process to declare trust is embodied in the decision to impart trust to these keys. You will be asked to choose one of these options: to trust ultimately, to trust fully, to trust marginally, or not to trust. To fully verify the Foundation's key, you must trust ultimately the tranSMART Foundation signing key (ACC50501), and of the other, supporting keys either trust fully one key or trust marginally at least three keys of the signers. You will use the command gpg --edit-key <key-id> trust to indicate trust; type quit to exit the edit-key option.
Set up for verification
To download and verify the Scripts zip file and install the folder, run the following commands in the home directory of the account that you are going to use to run transmart.