Download link for 5.14.1 release

[gogost.git] / install.texi

diff --git a/install.texi b/install.texi
index fec94ebcfe5ecdc1ffa32af76d555eafe82e1626..3e72eb0f8adc65e86cbf3f8fdc276a67d7be8a49 100644 (file)
--- a/install.texi
+++ b/install.texi
@@ -6,9 +6,9 @@ website and, for example, run tests with benchmarks:
 
 @example
 $ [fetch|wget] http://www.gogost.cypherpunks.ru/gogost-@value{VERSION}.tar.zst
-$ [fetch|wget] http://www.gogost.cypherpunks.ru/gogost-@value{VERSION}.tar.zst.asc
-$ gpg --verify gogost-@value{VERSION}.tar.zst.asc gogost-@value{VERSION}.tar.zst
-$ zstd --decompress --stdout gogost-@value{VERSION}.tar.zst | tar xf -
+$ [fetch|wget] http://www.gogost.cypherpunks.ru/gogost-@value{VERSION}.tar.zst.@{asc,sig@}
+[verify signature]
+$ tar xf gogost-@value{VERSION}.tar.zst
 $ cd gogost-@value{VERSION}
 $ go build -mod=vendor -o streebog256 ./cmd/streebog256
 $ echo hello world | ./streebog256
@@ -24,7 +24,7 @@ like this:
 $ mkdir -p myproj/vendor/go.cypherpunks.ru/gogost
 $ mv gogost-@value{VERSION} myproj/vendor/go.cypherpunks.ru/gogost/v5
 $ cd myproj
-$ cat > main.go <<EOF
+$ cat >main.go <<EOF
 package main
 
 import (
@@ -44,35 +44,7 @@ $ go run main.go
 f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d
 @end example
 
-You @strong{have to} verify downloaded tarballs integrity and
-authenticity to be sure that you retrieved trusted and untampered
-software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
-for that purpose.
-
-For the very first time it is necessary to get signing public key and
-import it. It is provided below, but you should check alternative
-resources.
-
-@verbatim
-pub   rsa2048/0x82343436696FC85A 2016-09-13 [SC]
-      CEBD 1282 2C46 9C02 A81A  0467 8234 3436 696F C85A
-uid   GoGOST releases <gogost at cypherpunks dot ru>
-@end verbatim
-
-@itemize
-
-@item @url{http://lists.cypherpunks.ru/gost.html, gost} maillist
-
-@item
-@example
-$ gpg --auto-key-locate dane --locate-keys gogost at cypherpunks dot ru
-$ gpg --auto-key-locate  wkd --locate-keys gogost at cypherpunks dot ru
-@end example
-
-@item
-@verbatiminclude PUBKEY.asc
-
-@end itemize
+@include integrity.texi
 
 GoGOST is also @command{go get}-able. For example to install
 @command{streebog256} utility:
@@ -81,8 +53,8 @@ GoGOST is also @command{go get}-able. For example to install
 $ go install go.cypherpunks.ru/gogost/v5/cmd/streebog256@@latest
 @end example
 
-@code{go.cypherpunks.ru} uses @code{ca.cypherpunks.ru} X.509 CA
-authority, that may complicate installation:
+Aware that @code{go.cypherpunks.ru} uses
+@url{//www.ca.cypherpunks.ru, ca.cypherpunks.ru} X.509 certificate authority.
 
 @itemize
 
@@ -91,17 +63,8 @@ services won't be able to verify @code{go.cypherpunks.ru}'s TLS
 authenticity, because there are no common trust anchors. You can skip
 their usage by setting @env{$GOPRIVATE=go.cypherpunks.ru}.
 
-@item You can (temporarily) override CA certificate bundle during installation:
-
-@example
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem.asc
-$ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
-$ gpg --auto-key-locate  wkd --locate-keys stargrave at gnupg dot net
-$ gpg --verify cert.pem.asc
-$ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem go get \
-    go.cypherpunks.ru/gogost/v5
-@end example
+@item You can (temporarily) override CA bundle during installation with
+@env{$SSL_CERT_FILE} environment variable.
 
 @item You can unpack tarball somewhere and use @code{replace} command in
 your local @file{go.mod}: