Difference between revisions of "Downloading and installing"
Line 112: | Line 112: | ||
gpg: can't open 'Bisq-1.6.4.dmg.asc': No such file or directory | gpg: can't open 'Bisq-1.6.4.dmg.asc': No such file or directory | ||
− | In this case you either haven't downloaded the signature file already or you are not in the correct directory. You can run <code>pwd</code> to see the path you are in and switch to the correct directory by typing e.g. <code>cd ~/Downloads</code>(switching to the download directory on macOS). To list all files in the current directory you can enter <code>ls -la</code> in your console. | + | In this case you either haven't downloaded the signature file already or you are not in the correct directory. You can run <code>pwd</code> to see the path you are in. |
+ | If you want to switch to the directory, where the downloaded files are you can use the [https://www.git-tower.com/learn/git/ebook/en/command-line/appendix/command-line-101/#:~:text=It%20will%20return%20the%20path,%24%20cd%20.. `cd` command] and switch to the correct directory by typing e.g. <code>cd ~/Downloads</code>(switching to the download directory on macOS). To list all files in the current directory you can enter <code>ls -la</code> in your console. | ||
gpg: assuming signed data in 'Bisq-1.6.4.dmg' | gpg: assuming signed data in 'Bisq-1.6.4.dmg' |
Revision as of 08:32, 26 May 2021
To use Bisq, you must first download and install it. Unlike most exchanges, Bisq doesn’t run a centralized server for making and taking offers, so trading on a website isn't possible.
Instead, Bisq manages offers to trade using a peer-to-peer network—a global network of people who are also running Bisq on their own computers.
This is good news for you as a user, because centralized services are easy to monitor, block, and shut down, while peer-to-peer networks like BitTorrent, Bitcoin and Bisq are difficult to surveil, censor, and hack.
All of this means that if you want to use the Bisq network, you’ve got to download and run the software too!
Contents
Download Bisq
The most convenient way to install Bisq on your machine is from a pre-built install file from the Bisq website or latest GitHub release.
There's also a community-maintained Snap package for various Linux distributions.
See install notes for various Linux distributions below. |
You can download the installer for your operating system and install Bisq right away, but we strongly recommend that you verify the integrity of your installer file first.
If you have issues, please check the Known issues with installation section in release notes.
Verify installer file
Any software that manages funds, signs transactions, and deals with highly sensitive data is a prime target for malware. Bisq does all 3. Therefore it's highly recommended that you verify the integrity of the installer file you use to install Bisq.
This is just something you should do for the initial Bisq install—afterward, when updates to Bisq are available, you'll be prompted to download and install them through Bisq's interface, and the software will verify the integrity of updates for you.
Bisq installer files are currently built and signed by Christoph Atteneder (ripcurlx). His public key ID is 29CDFD3B
and fingerprint is CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B
, which you can verify through commits on GitHub and on Keybase.
The full public key is available here on the Bisq website.
Obtain signature files for installer files
To verify your installer file is intact and as the developer intended, you'll need the PGP signature file corresponding to the installer file you downloaded.
On the Bisq website's download page, download the PGP signature file for the installer file you downloaded before.
If you'd prefer to download from GitHub instead, you'll see the .asc
file for your installer in the assets section of the release along with the installer file itself.
In either case, the filename for the .asc
you download should be identical to the filename for the installer file, just with .asc
appended (e.g., signature file for Bisq-1.2.7.dmg
would be Bisq-1.2.7.dmg.asc
).
Once you've got the installer file and its corresponding signature file, proceed to the directions for your operating system below.
Windows
Once you've downloaded the installer file and corresponding signature file:
Download ripcurlx's public key
Download ripcurlx's public key here on the Bisq website.
Download and install Gpg4win
Windows doesn't come with GPG software installed by default, so you'll need to install it in order to verify Bisq's installer files.
You can get Gpg4win here.
Double-click the installer file and proceed to install with all default settings.
Import ripcurlx's public key
In Kleopatra, import ripcurlx's public key file 29CDFD3B.asc
. Select No if asked to mark the certificate as valid.
Verify the signature of the binary you downloaded
With the install-file.exe
and signature-file.exe.asc
in the same directory, double-click on the .exe.asc
file.
You should see a Kleopatra window pop up with a green progress bar that says "Verified .exe with .exe.asc". The program will continue to say "The data could not be verified" in bold but you can disregard that message.
This means the installer file we downloaded is intact and as intended! You can proceed to install Bisq by double-clicking the .exe
file.
macOS and Linux
Once you've downloaded the installer file and corresponding signature file:
Import ripcurlx's public key
Run:
curl https://bisq.network/pubkey/29CDFD3B.asc | gpg --import
You might see an ominous-sounding warning along the lines of "This key is not certified with a trusted signature". This basically means that none of the public keys on your machine have signed the key you just imported (and that you haven't explicitly indicated you trust this key yourself). This is not necessarily a bad thing, but please see more about what this means here. In short, you can verify the integrity of this key by cross-referencing ripcurlx's Bisq commit signatures and Keybase profile.
Verify the signature of the binary you downloaded
If you are not familiar with GPG (a free open source version of PGP) you probably need to install GPG command line tools first. Following instructions are taken from https://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line.
The easiest way to install the GPG command line tools on your Mac is to first install Homebrew, a package management system that makes thousands of software packages available for install on your Mac.
Open a Terminal window (Applications > Utilities menu), then enter the following command.
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
When that’s complete, install the GPG software package with the following command.
brew install gnupg
With the installer file and installer signature file in the same directory, run:
gpg --digest-algo SHA256 --verify SIGNATURE-FILE.asc
Where SIGNATURE-FILE.asc
is the filename of the .asc
file you just downloaded.
Common errors
gpg: directory '/Users/bisq/.gnupg' created gpg: keybox '/Users/bisq/.gnupg/pubring.kbx' created gpg: can't open 'SIGNATURE-FILE.asc': No such file or directory gpg: verify signatures failed: No such file or directory
In this case you haven't replaced SIGNATURE-FILE.asc
with the actual signature file you want to use e.g. Bisq-1.6.4.dmg.asc
gpg: can't open 'Bisq-1.6.4.dmg.asc': No such file or directory
In this case you either haven't downloaded the signature file already or you are not in the correct directory. You can run pwd
to see the path you are in.
If you want to switch to the directory, where the downloaded files are you can use the `cd` command and switch to the correct directory by typing e.g. cd ~/Downloads
(switching to the download directory on macOS). To list all files in the current directory you can enter ls -la
in your console.
gpg: assuming signed data in 'Bisq-1.6.4.dmg' gpg: Signature made Thu May 6 13:32:43 2021 EDT gpg: using RSA key CB36D7D2EBB2E35D9B75500BCD5DC1C529CDFD3B gpg: issuer "christoph.atteneder@gmail.com" gpg: Can't check signature: No public key</nowiki>
In this case you haven't imported the public key successfully. Please follow the guide above on how to import the public key for verification.
Successful verification
You should see output that looks something like:
gpg: Signature made Thu 13 Feb 2020 01:38:03 PM EST gpg: using RSA key CB36D7D2EBB2E35D9B75500BCD5DC1C529CDFD3B gpg: issuer ... gpg: Good signature from "Christoph Atteneder ..."
Great—this means the installer file we downloaded is intact and as intended!
Verify jar file after installation
As one last check, you can verify the hash of the jar file after installing Bisq.
On macOS, the default location of the jar file is:
/Applications/Bisq.app/Contents/Java/
On Linux, the default location of the jar file is:
/opt/bisq/bin/Bisq
Get the hash of the jar file with:
shasum -a256 /path/to/jar/file/jar-name.jar
The hash you get should match the hash in the .jar.txt
file in the release assets.
Build from source
Building Bisq from source requires just 1 command once you have the correct JDK installed on your machine.
Finding and installing the correct JDK can sometimes be frustrating, so Bisq's developers have written scripts to make it easier:
OS-specific install notes
Linux (General)
Bisq works with a number of Linux distros, but not all desktop environments are supported.
These are all known working desktop environments (it's a growing list—if you find another one that works, please add it!):
- GNOME
- Mate
- Xfce
- KDE Plasma
- Cinnamon
Bisq might not work properly if you switch from the original desktop environment of your Linux distribution to a different one.
Note: users with discrete GPUs may encounter issues launching Bisq in some desktop environments.
Arch Linux
The Bisq downloads page includes a link to the Arch User Repository (AUR) page for the bisq package.
- From the command line, clone the repository from AUR.
- Then from the cloned directory, run
makepkg -si
. This will read the PKGBUILD file to download, verify, build, and install the various tools necessary to install Bisq.
Please be advised: when you're using AUR, you're responsible for your own safety. Be sure to verify the PKGBUILD file.
Tails
Please see Running Bisq on Tails for details on downloading, installing, and configuring Bisq on Tails.
Qubes
Please see Running Bisq on Qubes for a detailed Qubes setup guide.