diff options
| author | Cem Keylan <cem@ckyln.com> | 2021-04-07 10:36:48 +0300 |
|---|---|---|
| committer | Cem Keylan <cem@ckyln.com> | 2021-04-07 10:36:48 +0300 |
| commit | 0b743b56f0eb468db58a80a5d8822ac076de78ff (patch) | |
| tree | edc19cebeae24a2a663dd29e90e881433f2a3e20 | |
| parent | 7f93e6102a3720b21cdaee1278437382b2900857 (diff) | |
| download | docs-0b743b56f0eb468db58a80a5d8822ac076de78ff.tar.gz | |
carbslinux.txt: update
| -rw-r--r-- | carbslinux.txt | 43 |
1 files changed, 40 insertions, 3 deletions
diff --git a/carbslinux.txt b/carbslinux.txt index a969c74..1451ef2 100644 --- a/carbslinux.txt +++ b/carbslinux.txt @@ -138,6 +138,7 @@ with the info reader. It is divided into sections and easier to read. URL variable so that we don't have to write it every time. ,---- + | URL=https://dl.carbslinux.org/releases/x86_64 | wget $URL/carbs-rootfs.tar.xz.sha256 | sha256sum -c carbs-rootfs.tar.xz.sha256 `---- @@ -147,14 +148,50 @@ with the info reader. It is divided into sections and easier to read. ---------------------------- It is highly recommended to verify the signature of the tarball. You - will need GPG for this. + will need the OpenBSD tool `signify(1)' for this. Many distributions + provide a package for it, if you are using a Carbs Linux host, you can + also install the package `otools' which provides `signify'. Download + the signature first. ,---- | wget $URL/carbs-rootfs.tar.xz.sig - | gpg --recv-keys FF484BDFEFCEF8FF - | gpg --verify carbs-rootfs.tar.xz.sig `---- + The signature file should say something similar to + + ,---- + | untrusted comment: verify with carbslinux-2021.04.pub + | RWTBBPDVQ+aHB3dme2Kerf8XY+vWkIISp7Za2ufKghtlnRXPyObAQQyvEJYrwMVTaCBlPEnSWcnHQz8Nka06YVOIeextNKZY3AQ= + `---- + + + Grab the key (which probably should be the latest one) that is written + on the file from <https://dl.carbslinux.org/keys/> so you can verify + the signature. The latest Signify public key is also available on the + [package repository], so you can check the validity of the public key + from multiple locations, or just copy paste that portion to a file and + use that instead. + + ,---- + | PUBKEY=carbslinux-2021.04.pub + | wget https://dl.carbslinux.org/keys/$PUBKEY + `---- + + You can now verify the distribution tarball with signify. + + ,---- + | signify -V -m carbs-rootfs.tar.xz -p $PUBKEY + `---- + + If everything went alright, this should output: + + ,---- + | Signature Verified + `---- + + +[package repository] <https://git.carbslinux.org/repository> + 2.1.3 Extracting the tarball ---------------------------- |