From db394a3b5ad365b29ad6cbc285015b4a59b55569 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sat, 3 Sep 2016 21:06:58 +0300
Subject: [PATCH] More ways of releases signing key obtaining

---
 doc/.well-known/openpgpkey/hu/.gitignore      |  1 +
 .../hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc   | 20 +++++++++++
 doc/Makefile                                  |  1 +
 doc/contacts.texi                             |  3 +-
 doc/download.texi                             |  3 +-
 doc/integrity.texi                            | 34 +++++++++++++++---
 doc/pubkey.txt                                | 36 -------------------
 utils/makedist.sh                             |  5 +--
 8 files changed, 58 insertions(+), 45 deletions(-)
 create mode 100644 doc/.well-known/openpgpkey/hu/.gitignore
 create mode 100644 doc/.well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
 delete mode 100644 doc/pubkey.txt

diff --git a/doc/.well-known/openpgpkey/hu/.gitignore b/doc/.well-known/openpgpkey/hu/.gitignore
new file mode 100644
index 0000000..3a1ab10
--- /dev/null
+++ b/doc/.well-known/openpgpkey/hu/.gitignore
@@ -0,0 +1 @@
+i4cdqgcarfjdjnba6y4jnf498asg8c6p
diff --git a/doc/.well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc b/doc/.well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
new file mode 100644
index 0000000..764cde0
--- /dev/null
+++ b/doc/.well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
@@ -0,0 +1,20 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFT/H6cBCADTf/oqoTTBAA/CCQuYtzg8vrXxyjXj9yy4lTWqMSwgLXMm8br/
+kG0Jnk63oP3hggI3hm2mpuiNwpwrJiORLBZCe8JgZW71zG4LfhVpQeWd7fu8WxDx
+0uUZWByz5KcK8c/kNWNDpSkMmmqdE/8v0YDFbsz5U+ytp/Kki/gj3BCeIX3jYOL1
+fxczkv2okoU+aGYXt9z50VzheLUSRLzkkX8yNSpszqfB0LEEmUk8HO2fSS/bXwaY
+ZXX5//suH8V5hwq8vB8dHHCquZW6blyzcTa2KGIh6g2CmpypIQp/i5QAbzOCHKTM
+A1F7A1r0kYF2WfZOrycCfjUx3GA5B7sytuA3ABEBAAG0JEdvVlBOIHJlbGVhc2Vz
+IDxyZWxlYXNlc0Bnb3Zwbi5pbmZvPokBQAQTAQgAKgUCV8sB0wIbAwwLCgkNCAwH
+CwMEAQIHFQoJCAsDAgUWAgEDAAIeAQIXgAAKCRDy9ZBF/+L0oTYyCADJJl4+7Px1
+baF9s1n9EoNsSLTd0QiModJ2bRdX8TBpCeOHIPIOZAKre3Ys3ox6MOcnZyApO141
+7NS557WNcmLyk+f274HqZurveZr/sc3MMdFvkPJ78LOueI6ttx9WlhXAingGR3ax
++m1ZY7vSfkrGJ7gwUE6ZVZKE1MbM1UIKqazRzTeu7wiiyXEpLYDWgNXSmg9Gl6oF
+EecChlcDp5VDQIaDzHyibUgBdwt32BX07AZcGHB7vIyPUavQJBqhg68hHjGoyFYA
+N+OHCAoqaIfHJUW2xYmvfa0cy3wd02NJWsiw4htxdI+JzcbRnE/XKPIeOr6L0oFB
+LoTku6Vg75g8iF4EEBEIAAYFAlfLAzQACgkQrhqBCeSYV+82HAD9HSVRIV8Li0MD
+pNNLMK6G9SLkvsBVOIBau5Oj1LEWeXcA/3vMiAtypumglnfEhBsa5OLFHgznsBJ2
+JJjYFGQMjWTG
+=RI3T
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/doc/Makefile b/doc/Makefile
index 1d1032d..6e2b0db 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -15,3 +15,4 @@ govpn.html: *.texi handshake.utxt
 		--set-customization-variable SHOW_TITLE=0 \
 		--set-customization-variable DATE_IN_HEADER=1 \
 		-o govpn.html index.texi
+	cp -r .well-known govpn.html/
diff --git a/doc/contacts.texi b/doc/contacts.texi
index 8a6412b..15e5235 100644
--- a/doc/contacts.texi
+++ b/doc/contacts.texi
@@ -5,6 +5,7 @@ Please send questions regarding the use of GoVPN, bug reports and patches to
 @url{https://lists.cypherpunks.ru/pipermail/govpn-devel/, govpn-devel}
 mailing list. Announcements also go to this mailing list.
 
-Official website is @url{http://www.govpn.info/}, also available as
+Official website is @url{http://www.govpn.info/}, also available via
+@url{https://www.govpn.info/, HTTPS} and as
 @url{https://www.torproject.org/, Tor} hidden service:
 @url{http://2wir2p7ibeu72jk3.onion/}.
diff --git a/doc/download.texi b/doc/download.texi
index d641352..6fe34f2 100644
--- a/doc/download.texi
+++ b/doc/download.texi
@@ -2,7 +2,8 @@
 @section Prepared tarballs
 
 You can obtain releases source code prepared tarballs from the links below
-(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}):
+(or use @url{https://sourceforge.net/projects/govpn/files/, Sourceforge mirror}).
+Do not forget to check tarball @ref{Integrity, integrity}.
 
 @multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
 @headitem Version @tab Size @tab Tarball @tab SHA256 checksum
diff --git a/doc/integrity.texi b/doc/integrity.texi
index ea5e59e..ff692ff 100644
--- a/doc/integrity.texi
+++ b/doc/integrity.texi
@@ -7,9 +7,33 @@ software. For integrity and authentication of downloaded binaries
 @url{https://www.gnupg.org/, The GNU Privacy Guard} is used. You must
 download signature (@file{.sig}) provided with the tarball.
 
-For the very first time you need to import signing public keys. They
-are provided below, but be sure that you are reading them from the
-trusted source. Alternatively check this page from
-@ref{Contacts, other sources} and look for the mailing list announcements.
+For the very first time you need to import signing public key. It is
+provided below, but it is better to check alternative resources with it.
 
-@verbatiminclude pubkey.txt
+@verbatim
+pub   rsa2048/0xF2F59045FFE2F4A1 2015-03-10
+      D269 9B73 3C41 2068 D8DA  656E F2F5 9045 FFE2 F4A1
+uid   GoVPN releases <releases at govpn dot info>
+@end verbatim
+
+@itemize
+
+@item This website @ref{Contacts, alternates} and maillist containing
+public key fingerprint.
+
+@item
+@verbatim
+% gpg --auto-key-locate pka --locate-keys releases at govpn dot info
+% gpg --auto-key-locate dane --locate-keys releases at govpn dot info
+% gpg --auto-key-locate wkd --locate-keys releases at govpn dot info
+@end verbatim
+
+@item
+@verbatiminclude .well-known/openpgpkey/hu/i4cdqgcarfjdjnba6y4jnf498asg8c6p.asc
+
+@end itemize
+
+Then you could verify tarballs signature:
+@verbatim
+% gpg --verify govpn-2.3.tar.xz.sig govpn-2.3.tar.xz
+@end verbatim
diff --git a/doc/pubkey.txt b/doc/pubkey.txt
deleted file mode 100644
index 34183c9..0000000
--- a/doc/pubkey.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-pub   rsa2048/0xF2F59045FFE2F4A1 2015-03-10
-uid   Sergey Matveev (GoVPN release signing key) <stargrave@stargrave.org>
-sub   rsa2048/0x3128EE3F8A6C750A 2015-03-10
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQENBFT/H6cBCADTf/oqoTTBAA/CCQuYtzg8vrXxyjXj9yy4lTWqMSwgLXMm8br/
-kG0Jnk63oP3hggI3hm2mpuiNwpwrJiORLBZCe8JgZW71zG4LfhVpQeWd7fu8WxDx
-0uUZWByz5KcK8c/kNWNDpSkMmmqdE/8v0YDFbsz5U+ytp/Kki/gj3BCeIX3jYOL1
-fxczkv2okoU+aGYXt9z50VzheLUSRLzkkX8yNSpszqfB0LEEmUk8HO2fSS/bXwaY
-ZXX5//suH8V5hwq8vB8dHHCquZW6blyzcTa2KGIh6g2CmpypIQp/i5QAbzOCHKTM
-A1F7A1r0kYF2WfZOrycCfjUx3GA5B7sytuA3ABEBAAG0RFNlcmdleSBNYXR2ZWV2
-IChHb1ZQTiByZWxlYXNlIHNpZ25pbmcga2V5KSA8c3RhcmdyYXZlQHN0YXJncmF2
-ZS5vcmc+iQE8BBMBCAAmBQJU/x+nAhsDCAsKCQgHBAMCBxUKCQgLAwIFFgIBAwAC
-HgECF4AACgkQ8vWQRf/i9KEZ/AgAqYF/RRNwwhgLgFqTLfw3ha0FeiSso7H9ITDo
-cdJ/domLHaFvmwFIDQQKV8Zd1Rnj6xTCs2bq2O5hYMLrFZg85A9i5tLwkgFc9J5G
-+8K3K/dh9Y4pArbM+craO+xydrwLyg1zlXCezthWbL0iXO/CuGiuBBCZJqRJ9HV4
-cZr4TRA3Znm5nt96rRsR86XqOgr0iOEDtYKfKW/IzDqOEgXUN5o2bUwuQawe9Y8d
-CngXzJcfb2eJ/TqSP9CxVWscjz4sAmD3/ECrHSjX7xsusIs46F2+VMlEXFuST52r
-zamfiGKlol8XvimUjKhlMWjqfdcJ0+jvFftsa7HXQUwRoQ1vJYheBBARCAAGBQJU
-/x/VAAoJEK4agQnkmFfvqn8A/ReK2ZZrnI9s0rzTsF1jrTZ1o5YowuINOzVMmLbE
-aYuGAP4iGwPgwVbANu4dWaP2N03oL4xFtmdaeNn3sB9ZqJOOyrkBDQRU/x+nAQgA
-uYBRyJVwhlE2SRIEmMggwr4gq1JBM2Ge5O46usf+YPUjCJKWoAj+MpQoq7r+oA/s
-E/6kGvWgngwV9prCdNkvcdwEWbb+n9PcMc2ZuIGRV3iOKYlYEBFV0bfM9zEV2jar
-1YQ+J/48UX7R00cYJuXel7Dy77V9eNd+Ukyowm93fggFlBDBGBjVbNtfIorHNYjB
-01CCu3i/8yxrMyFRvMKyAVEGp3obgmlam4DNkNIhFMv3du0tFnDFBsZf7N0kbLWI
-xEEJoc/jxaezDytQpUr3RhlMsLV6N/jjIZuy36QO1sbFeOe2to0E7ixaFzNCWsqY
-cxUfnJ3wi7hOiOwE2PF3tQARAQABiQEfBBgBCAAJBQJU/x+nAhsMAAoJEPL1kEX/
-4vShrVcIAKLUwMn7WgK6thmwPjdwP5V/jTlsWLWk2O/LEN4W/R0mw2hRsgRG/8Sz
-qlAP6vfl7ERaWuyL+fp72rKnGTGU9CEvn6PKmaG7bi4tGEvWXscNc10r0leIAP63
-pkQOa6Nyx2axJlJdSuTsYetd1ZgNpHNng+lxSUBlkPMOhPd/P/Ok7DShZjd2jhQ1
-jUbjWn+P7ARGEvgdd5utNjy/RaSwrLG8NXj3I+XuksG0/TPeG0zu9NOPzWZq9sCc
-5VbDNJTYtsMFs1etHE95Efmx6yUquQyB+g/HgvkH/LzthBawVVHxZNzzHgc6KN5w
-E0itJPXMaQL+juUfiNM0i2R1O8nJo14=
-=LJzj
------END PGP PUBLIC KEY BLOCK-----
diff --git a/utils/makedist.sh b/utils/makedist.sh
index 2236640..7c1240a 100755
--- a/utils/makedist.sh
+++ b/utils/makedist.sh
@@ -45,6 +45,7 @@ You can obtain releases source code prepared tarballs on
 @url{http://www.govpn.info/}.
 EOF
 make -C doc
+rm -r doc/.well-known doc/govpn.html/.well-known
 
 rm utils/makedist.sh
 find . -name .git -type d | xargs rm -fr
@@ -104,7 +105,7 @@ Source code and its signature for that version can be found here:
     http://www.govpn.info/download/govpn-${release}.tar.xz.sig
 
 SHA256 hash: $hash
-GPG key ID: 0xF2F59045FFE2F4A1 GoVPN release signing key
+GPG key ID: 0xF2F59045FFE2F4A1 GoVPN releases <releases@govpn.info>
 Fingerprint: D269 9B73 3C41 2068 D8DA  656E F2F5 9045 FFE2 F4A1
 
 Please send questions regarding the use of GoVPN, bug reports and patches
@@ -151,7 +152,7 @@ $(git cat-file -p $release | sed -n '6,/^.*BEGIN/p' | sed '$d')
     http://www.govpn.info/download/govpn-${release}.tar.xz.sig
 
 SHA256 ÑÑÑ: $hash
-ÐÐ´ÐµÐ½ÑÐ¸ÑÐ¸ÐºÐ°ÑÐ¾Ñ GPG ÐºÐ»ÑÑÐ°: 0xF2F59045FFE2F4A1 GoVPN release signing key
+ÐÐ´ÐµÐ½ÑÐ¸ÑÐ¸ÐºÐ°ÑÐ¾Ñ GPG ÐºÐ»ÑÑÐ°: 0xF2F59045FFE2F4A1 GoVPN releases <releases@govpn.info>
 ÐÑÐ¿ÐµÑÐ°ÑÐ¾Ðº: D269 9B73 3C41 2068 D8DA  656E F2F5 9045 FFE2 F4A1
 
 ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð²ÑÐµ Ð²Ð¾Ð¿ÑÐ¾ÑÑ ÐºÐ°ÑÐ°ÑÑÐ¸ÐµÑÑ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ GoVPN, Ð¾ÑÑÑÑÑ Ð¾Ð± Ð¾ÑÐ¸Ð±ÐºÐ°Ñ
-- 
2.44.0