X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fintegrity.texi;h=fcc114a9da97e21850ac339870599a0bee8aa7a6;hb=18de9cc50e2f08382295f7a44b5668262a19ec4b;hp=a88f1b2744de8abbee0e6e05d330db1563ad29ca;hpb=a794fa86795cc4fb8bb318da3f7306477497e9b5;p=nncp.git diff --git a/doc/integrity.texi b/doc/integrity.texi index a88f1b2..fcc114a 100644 --- a/doc/integrity.texi +++ b/doc/integrity.texi @@ -1,10 +1,16 @@ @node Integrity +@cindex integrity check +@cindex authenticity check +@cindex OpenPGP +@cindex gpg +@cindex GnuPG +@cindex WKD @section Tarballs integrity check You @strong{have to} check downloaded archives integrity and verify their signature to be sure that you have got trusted, untampered software. For integrity and authentication of downloaded binaries -@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must +@url{https://www.gnupg.org/, GNU Privacy Guard} is used. You must download signature (@file{.sig}) provided with the tarball. For the very first time you need to import signing public key. It is @@ -19,19 +25,18 @@ uid NNCP releases @itemize @item -@verbatim -% gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0x2B25868E75A1A953 -% gpg --auto-key-locate dane --locate-keys releases at nncpgo dot org -% gpg --auto-key-locate wkd --locate-keys releases at nncpgo dot org -% gpg --auto-key-locate pka --locate-keys releases at nncpgo dot org -@end verbatim +@example +$ gpg --auto-key-locate dane --locate-keys releases at nncpgo dot org +$ gpg --auto-key-locate wkd --locate-keys releases at nncpgo dot org +@end example @item -@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc +@verbatiminclude .well-known/openpgpkey/nncpgo.org/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc @end itemize Then you could verify tarballs signature: -@verbatim -% gpg --verify nncp-0.1.tar.xz.sig nncp-0.1.tar.xz -@end verbatim + +@example +$ gpg --verify nncp-@value{VERSION}.tar.xz.sig nncp-@value{VERSION}.tar.xz +@end example