ipfs://bafybeia7cu2axyyxsarmaemvlpdpofa4q23lzpltbl4jbrnfixdn573h4y
If you don't yet have an IPFS enabled browser then you can use one of the following instead (not recommended): https://bafybeia7cu2axyyxsarmaemvlpdpofa4q23lzpltbl4jbrnfixdn573h4y.ipfs.tornadocash.is https://bafybeia7cu2axyyxsarmaemvlpdpofa4q23lzpltbl4jbrnfixdn573h4y.ipfs.cf-ipfs.com
- Navigate to ipfs://bafybeia7cu2axyyxsarmaemvlpdpofa4q23lzpltbl4jbrnfixdn573h4y
- When prompted, choose "Use a Brave local IPFS node".
- Wait for it to setup/install.
- Verify
Tornado.cash version: e502259
at the bottom of the page once it loads. - Securely access IPFS websites without needing to trust any third party gateway or centralized service!
- Install IPFS Desktop
- Install IPFS Companion (browser extension)
- Navigate to ipfs://bafybeia7cu2axyyxsarmaemvlpdpofa4q23lzpltbl4jbrnfixdn573h4y
- Verify
Tornado.cash version: e502259
at the bottom of the page once it loads. - Stand proud as a 1337 h4x0 fighting against the chromium browser hegemony!
- Install Brave.
- See instructions for Brave above.
- Rejoice in being part of the solution, rather than the problem.
Browse with IPFS and look to your trust network for verification that the IPFS hash above is legitimate.
- Create a
Dockerfile
in some directory with the following contents:
# FROM node:14.20.0-bullseye-slim
FROM node@sha256:bc3ba9f44ea24daa94dfecb8e3aec9ea58229e5cb6610b7739162a07f5995ee7
# install wget, git and necessary certificates so we can install IPFS below
RUN apt update && apt install --yes --no-install-recommends wget git apt-transport-https ca-certificates && rm -rf /var/lib/apt/lists/*
# install IPFS
WORKDIR /home/root
RUN wget -qO - https://dist.ipfs.tech/kubo/v0.14.0/kubo_v0.14.0_linux-amd64.tar.gz | tar -xvzf - \
&& cd kubo \
&& ./install.sh \
&& cd .. \
&& rm -rf kubo
RUN ipfs init
# clone the repository
ARG GIT_REPOSITORY
RUN git clone $GIT_REPOSITORY /app/
WORKDIR /app
ARG GIT_COMMIT_HASH
RUN git fetch --all
RUN git reset $GIT_COMMIT_HASH --hard
# install, build and prep for deployment
RUN yarn install --frozen-lockfile --ignore-scripts
RUN yarn build
RUN yarn generate
# add the build output to IPFS and write the hash to a file
RUN ipfs add --cid-version 1 --quieter --only-hash --recursive ./dist > ipfs_hash.txt
# print the hash for good measure in case someone is looking at the build logs
RUN cat ipfs_hash.txt
# this entrypoint file will execute `ipfs add` of the build output to the docker host's IPFS API endpoint, so we can easily extract the IPFS build out of the docker image
RUN printf '#!/bin/sh\nipfs --api /ip4/`getent ahostsv4 host.docker.internal | grep STREAM | head -n 1 | cut -d \ -f 1`/tcp/5001 add --cid-version 1 -r ./dist' >> entrypoint.sh
RUN chmod u+x entrypoint.sh
ENTRYPOINT [ "./entrypoint.sh" ]
- Run the following command:
docker image build --file Dockerfile.ipfs --build-arg GIT_REPOSITORY=https://development.tornadocash.community/tornadocash/classic-ui.git --build-arg GIT_COMMIT_HASH=e502259cdb1d1a8556a24cd618d24cac14040a72 --progress plain --tag tornado-classic-ui .
- Look for the IPFS hash printed out on step 17, or run the following command to print it out from an already built image:
docker container run --rm -it --entrypoint cat tornado-classic-ui /app/ipfs_hash.txt
- Verify that the hash printed matches the one in the links above.
- If you have IPFS installed with default configuration (e.g., IPFS Desktop) on the Docker host then run the following command to add it to that host's IPFS node:
docker container run --rm tornado-classic-ui
- Review the diff from the previous deployment at https://development.tornadocash.community/tornadocash/classic-ui/compare/a83fae0772c8da084c0e76b3a756b456f5b9f5bb...e502259cdb1d1a8556a24cd618d24cac14040a72 and make sure nothing nefarious is included.
- Tell all of your friends that the build appears to be legitimate!
- Use https://app.ens.domains (or tool of your choice) to verify that
tornadocash.eth
points atbafybeicu2anhh7cxbeeakzqjfy3pisok2nakyiemm3jxd66ng35ib6y5ri
. - Navigate to ipfs://bafybeicu2anhh7cxbeeakzqjfy3pisok2nakyiemm3jxd66ng35ib6y5ri and verify that the footer says
Tornado.cash version: a83fae0
(this is the git commit hash of this deployment). git clone https://development.tornadocash.community/tornadocash/classic-ui.git
- Check the changes between the commit hash
a83fae0772c8da084c0e76b3a756b456f5b9f5bb
(build pointed to by tornadocash.eth) and the commit hashe502259cdb1d1a8556a24cd618d24cac14040a72
(the build that is used to generated the IPFS hash referenced at the top of this page). - Upon noticing that one dependency has changed (websnark) review the changes for that dependency by cloning https://development.tornadocash.community/tornadocash/websnark.git and comparing the hashes listed in
package.json
of theclassic-ui
repository. docker image pull node:14.20.0-bullseye-slim
and make sure it matchessha256:bc3ba9f44ea24daa94dfecb8e3aec9ea58229e5cb6610b7739162a07f5995ee7
.- Verify that dist.ipfs.tech is a legitimate source for IPFS binary distributions.
- Create a
Dockerfile
in a folder somewhere with theDockerfile
found in the As a Developer section above. - Review the contents of the Dockerfile to make sure there is no funny business. Bonus points if you can figure out WTF the
entrypoint.sh
is doing! - Verify URL/commit hash in the following command and then run it:
docker image build --file Dockerfile.ipfs --build-arg GIT_REPOSITORY=https://development.tornadocash.community/tornadocash/classic-ui.git --build-arg GIT_COMMIT_HASH=e502259cdb1d1a8556a24cd618d24cac14040a72 --progress plain --tag tornado-classic-ui .
- Follow instructions 3 through 5 in the As a Developer section above.
- Flex your auditing superpowers on all of your social networks by telling people that you have thoroughly reviewed the content of ipfs://bafybeia7cu2axyyxsarmaemvlpdpofa4q23lzpltbl4jbrnfixdn573h4y and can confirm that it is as legitimate as the deployment found at ipfs://tornadocash.eth!