diff options
author | currite <sll@disroot.org> | 2019-08-01 20:20:57 +0200 |
---|---|---|
committer | currite <sll@disroot.org> | 2019-08-01 20:20:57 +0200 |
commit | 0e1aa9a5f0a5d6c803bf572d87309a036805d1f6 (patch) | |
tree | 84ce57dbc4620884a610482b299c1248801ce597 | |
parent | 2354effbc4a1643faa4d2d01b3ee983def7574f0 (diff) | |
download | vyos-documentation-0e1aa9a5f0a5d6c803bf572d87309a036805d1f6.tar.gz vyos-documentation-0e1aa9a5f0a5d6c803bf572d87309a036805d1f6.zip |
clarify how to get image signatures
-rw-r--r-- | docs/install.rst | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/docs/install.rst b/docs/install.rst index 4aeb40b6..6fcd0a58 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -16,8 +16,8 @@ Download The latest ISO image for VyOS can be downloaded from https://vyos.io/ -Verifying digital signatures ----------------------------- +Preparing software verification +-------------------------------- We sign our packages with our private key. So, if you have our public key, you will be able to verify the authenticity of the package. @@ -25,9 +25,7 @@ First you need to install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default because package managers use it to verify package signatures. On other systems you may need to find and install the package. -Then you need our public key. - -If you don't have it yet, you can get it from a key server. +Then you need our public key. If you already have it, you can jump to :ref:`gpg-verification`. If you don't have it yet, you can get it from a key server. ``gpg --recv-keys FD220285A0FE6D7E`` @@ -96,7 +94,7 @@ Or from this block below. Then you can paste that text in a new file, and import the file into GPG: -``gpg --import your_file_with_our_public_key`` +``gpg --import file_with_the_public_key`` You can now check your GPG software has our public key. @@ -111,7 +109,16 @@ You can now check your GPG software has our public key. sub rsa4096 2015-08-12 [E] -And finally verify signatures. The signature is that little .asc file you should download along with your chosen VyOS software. +.. _gpg-verification: + +GPG verification +---------------- + +As you have our public key, you just need the signature of the software you want to verify. + +.. note:: **In order to get the signature, go to your web browser and append *.asc* to the URL of your dowloaded VyOS image**. You will download a small *.asc* file, that's the signature of your image. + +So finally you can verify the authenticity of your image. .. code-block:: sh |