The hash
This is the SHA-256 digest of the install.sh that wirken.ai/install.sh serves:
73e678196ea073608e902c8ab11a01ede07e0d37fddccaa20c43fa5d62bd52f5Run the check
Before piping the installer to sh, run:
curl -fsSL https://wirken.ai/install.sh | sha256sumThe output should match the hash above. If it does, the script you are about to run is the script we shipped. If it does not, do not run it.
What this checks
The verify command hashes the bytes wirken.ai sends you, before any shell interprets them. TLS already proves the transport is intact; the hash on this page gives you a value to compare the bytes against. The two together close the loop: the network delivered what we shipped, and what we shipped is what you are reading.
This check does not say anything about who controls wirken.ai or whether install.sh itself is well-written. It says the script you are reading and the script you are running are the same script. The installer then takes over and verifies the binaries it downloads from GitHub against an Ed25519-signed checksums file. The two checks compose: this page verifies the installer; the installer verifies the binary.
If the hash differs
Either install.sh has been updated and this page has not caught up yet, or something is wrong. The response is the same in both cases: do not pipe the script to sh. Open wirken.ai/install.sh in a browser tab and read it. The shipped install.sh is short and self-contained; you can audit it by eye in a few minutes.
Run the install
Once the hashes match:
curl -fsSL https://wirken.ai/install.sh | sh