From c0e4c8611eae9f662163669522f78bdafe74aed3 Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Wed, 13 Jan 2021 00:52:34 -0500 Subject: doc/install/prokit: Git commits are signed --- (limited to 'doc/install') diff --git a/doc/install/prokit.mdwn b/doc/install/prokit.mdwn index 05043e8..828075c 100644 --- a/doc/install/prokit.mdwn +++ b/doc/install/prokit.mdwn @@ -50,12 +50,33 @@ Adjust where necessary if you don't use **sudo**(8). Downloading the ProteanOS Development Kit ========================================= +prokit release archives since version 1.1.0 and Git commits since +2.0.1-55-g545e082 are signed with the maintainer's OpenPGP 4096-bit RSA key. +Import the key from a key server (available on the SKS network and on +keys.openpgp.org). Finding a signature path from trusted keys in your keyring +to this key is recommended if possible. + + $ gpg --recv-keys 0x225031F047FFE51663ED516F1A459ECDE4D604BE + The current released version (2.0.1) of prokit lacks features now used by the ProteanOS package archive. Clone prokit from the [Git repository][prokit-git]: $ git clone git://git.proteanos.com/prokit/prokit.git $ cd prokit/ +Check for signatures on the recent commits. Either run: + + $ git log --show-signature + +Or configure Git to always show signatures in the log (requires Git 2.10 or +later): + + $ git config log.showSignature true + $ git log + +Either way, look for a `Good signature` made `using RSA key +225031F047FFE51663ED516F1A459ECDE4D604BE` in at least the top-most commits. + [prokit-git]: http://git.proteanos.com/prokit/prokit.git/ -- cgit v0.9.1