X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fintegrity.texi;h=fcc114a9da97e21850ac339870599a0bee8aa7a6;hb=18de9cc50e2f08382295f7a44b5668262a19ec4b;hp=c597a0f8c34d14a5d4e63cd9d82c20c53d240c9e;hpb=5a70eb101538b11bb4e4a87d00a75505c81a1ebc;p=nncp.git diff --git a/doc/integrity.texi b/doc/integrity.texi index c597a0f..fcc114a 100644 --- a/doc/integrity.texi +++ b/doc/integrity.texi @@ -1,10 +1,16 @@ @node Integrity +@cindex integrity check +@cindex authenticity check +@cindex OpenPGP +@cindex gpg +@cindex GnuPG +@cindex WKD @section Tarballs integrity check You @strong{have to} check downloaded archives integrity and verify their signature to be sure that you have got trusted, untampered software. For integrity and authentication of downloaded binaries -@url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must +@url{https://www.gnupg.org/, GNU Privacy Guard} is used. You must download signature (@file{.sig}) provided with the tarball. For the very first time you need to import signing public key. It is @@ -19,18 +25,18 @@ uid NNCP releases @itemize @item -@verbatim -% gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0x2B25868E75A1A953 -% gpg --auto-key-locate dane --locate-keys releases at nncpgo dot org -% gpg --auto-key-locate wkd --locate-keys releases at nncpgo dot org -@end verbatim +@example +$ gpg --auto-key-locate dane --locate-keys releases at nncpgo dot org +$ gpg --auto-key-locate wkd --locate-keys releases at nncpgo dot org +@end example @item -@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc +@verbatiminclude .well-known/openpgpkey/nncpgo.org/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc @end itemize Then you could verify tarballs signature: -@verbatim -% gpg --verify nncp-3.1.tar.xz.sig nncp-3.1.tar.xz -@end verbatim + +@example +$ gpg --verify nncp-@value{VERSION}.tar.xz.sig nncp-@value{VERSION}.tar.xz +@end example