OpenSSH signature support

[goredo.git] / doc / install.texi

diff --git a/doc/install.texi b/doc/install.texi
index d5743d7c6d453aa9519193b66fad57308b8b253b..50d0ff643068c39aa202adce41be262764598df2 100644 (file)
--- a/doc/install.texi
+++ b/doc/install.texi
@@ -41,8 +41,8 @@ Preferable way is to download tarball with the signature from website:
 
 @example
 $ [fetch|wget] http://www.goredo.cypherpunks.ru/download/goredo-@value{VERSION}.tar.zst
-$ [fetch|wget] http://www.goredo.cypherpunks.ru/download/goredo-@value{VERSION}.tar.zst.asc
-$ gpg --verify goredo-@value{VERSION}.tar.zst.asc goredo-@value{VERSION}.tar.zst
+$ [fetch|wget] http://www.goredo.cypherpunks.ru/download/goredo-@value{VERSION}.tar.zst.@{asc,sig@}
+[verify signature]
 $ zstd -d < goredo-@value{VERSION}.tar.zst | tar xf -
 $ cd goredo-@value{VERSION}/src
 $ go build -mod=vendor
@@ -51,36 +51,9 @@ $ export PATH=`pwd`:$PATH   # let your system know about goredo
 @end example
 
 @include download.texi
+@include integrity.texi
 
-You @strong{have to} verify downloaded tarballs integrity and
-authenticity to be sure that you retrieved trusted and untampered
-software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
-for that purpose.
-
-For the very first time it is necessary to get signing public key and
-import it. It is provided below, but you should check alternative
-resources.
-
-@verbatim
-pub   ed25519/0x3A528DDE952C7E93 2021-01-09 [SC]
-      7531BB84FAF0BF35960C63B93A528DDE952C7E93
-uid   goredo releases <goredo@cypherpunks.ru>
-@end verbatim
-
-@itemize
-
-@item
-@example
-$ gpg --auto-key-locate dane --locate-keys goredo at cypherpunks dot ru
-$ gpg --auto-key-locate  wkd --locate-keys goredo at cypherpunks dot ru
-@end example
-
-@item
-@verbatiminclude ../PUBKEY.asc
-
-@end itemize
-
-It is also @command{go install}-able:
+@command{goredo} is also @command{go install}-able:
 
 @example
 $ go install go.cypherpunks.ru/goredo