Mention CACert, GOPRIVATE and go.mod-replace during installation

[gogost.git] / INSTALL

diff --git a/INSTALL b/INSTALL
index 25590009a2bae07bf76acdc6102ec10fc141e735..06e6e6725fdd95162c57937c42cfb042b720a63a 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -1,17 +1,45 @@
 Preferable way is to download tarball with the signature from official
 website and, for example, run tests with benchmarks:
 
 Preferable way is to download tarball with the signature from official
 website and, for example, run tests with benchmarks:
 

-    % wget http://www.cypherpunks.ru/gogost/gogost-1.1.tar.xz
-    % wget http://www.cypherpunks.ru/gogost/gogost-1.1.tar.xz.sig
-    % gpg --verify gogost-1.1.tar.xz.sig gogost-1.1.tar.xz
-    % xz -d < gogost-1.1.tar.gz | tar xf -
-    % make -C gogost-1.1 bench
+    $ wget http://gogost.cypherpunks.ru/gogost-4.1.0.tar.xz
+    $ wget http://gogost.cypherpunks.ru/gogost-4.1.0.tar.xz.sig
+    $ gpg --verify gogost-4.1.0.tar.xz.sig gogost-4.1.0.tar.xz
+    $ xz -d < gogost-4.1.0.tar.xz | tar xf -
+    $ make -C gogost-4.1.0 all bench
+    $ echo hello world | ./gogost-4.1.0/streebog256
+    f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d
+
+And then you can include its source code in your project for example
+like this:
+
+    $ mkdir -p myproj/src
+    $ cp -r gogost-4.1.0/src/go.cypherpunks.ru myproj/src
+    $ export GOPATH=$PWD/myproj
+    $ cd myproj/src
+    $ cat > main.go <<EOF
+    package main
+
+    import (
+        "encoding/hex"
+        "fmt"
+
+        "go.cypherpunks.ru/gogost/v4/gost34112012256"
+    )
+
+    func main() {
+        h := gost34112012256.New()
+        h.Write([]byte("hello world\n"))
+        fmt.Println(hex.EncodeToString(h.Sum(nil)))
+    }
+    EOF
+    $ go run main.go
+    f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d

 
 You have to verify downloaded tarballs integrity and authenticity to be
 sure that you retrieved trusted and untampered software. GNU Privacy
 Guard is used for that purpose.
 
 
 You have to verify downloaded tarballs integrity and authenticity to be
 sure that you retrieved trusted and untampered software. GNU Privacy
 Guard is used for that purpose.
 

-For the very first time it it necessary to get signing public key and
+For the very first time it is necessary to get signing public key and

 import it. It is provided below, but you should check alternative
 resources.
 
 import it. It is provided below, but you should check alternative
 resources.
 


@@ -20,7 +48,21 @@ resources.
     uid   GoGOST releases <gogost at cypherpunks dot ru>
 
     Look in PUBKEY.asc file.
     uid   GoGOST releases <gogost at cypherpunks dot ru>
 
     Look in PUBKEY.asc file.

-    % gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0x82343436696FC85A
-    % gpg --auto-key-locate dane --locate-keys gogost at cypherpunks dot ru
-    % gpg --auto-key-locate wkd --locate-keys gogost at cypherpunks dot ru
-    % gpg --auto-key-locate pka --locate-keys gogost at cypherpunks dot ru
+    $ gpg --auto-key-locate dane --locate-keys gogost at cypherpunks dot ru
+    $ gpg --auto-key-locate wkd --locate-keys gogost at cypherpunks dot ru
+
+GoGOST is also go-get-able. For example to use streebog256 utility:
+
+    $ go get go.cypherpunks.ru/gogost/cmd/streebog256
+
+go.cypherpunks.ru uses CACert.org certificate authority, that is not
+included by default in some operating system distributions and probably
+you have to install it in your system, because "go get" uses HTTPS
+connections. If you have issues using either sum.golang.org or
+proxy.golang.org, then you can disable their usage with
+GOPRIVATE=go.cypherpunks.ru/gogost environment variable.
+
+Also you can use "replace" feature inside your go.mod, like:
+
+    require go.cypherpunks.ru/gogost/v4 v4.1.0
+    replace go.cypherpunks.ru/gogost/v4 => /home/stargrave/gogost-4.1.0/src/go.cypherpunks.ru/gogost/v4