diff options
| author | hagbard-01 <39653662+hagbard-01@users.noreply.github.com> | 2019-08-01 11:44:01 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-01 11:44:01 -0700 |
| commit | 7dd382788c45af76a97aa025f947e142d70a199d (patch) | |
| tree | 0a77898a8f00838cbb4ca971a3693cc261f019ae /docs | |
| parent | 259c959c6210248faecf982bcaf12904e0cf5c7a (diff) | |
| parent | 0e1aa9a5f0a5d6c803bf572d87309a036805d1f6 (diff) | |
| download | vyos-documentation-7dd382788c45af76a97aa025f947e142d70a199d.tar.gz vyos-documentation-7dd382788c45af76a97aa025f947e142d70a199d.zip | |
Merge pull request #87 from currite/signatures_comment
clarify how to get image signatures
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/install.rst | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/docs/install.rst b/docs/install.rst index 4aeb40b6..6fcd0a58 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -16,8 +16,8 @@ Download The latest ISO image for VyOS can be downloaded from https://vyos.io/ -Verifying digital signatures ----------------------------- +Preparing software verification +-------------------------------- We sign our packages with our private key. So, if you have our public key, you will be able to verify the authenticity of the package. @@ -25,9 +25,7 @@ First you need to install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default because package managers use it to verify package signatures. On other systems you may need to find and install the package. -Then you need our public key. - -If you don't have it yet, you can get it from a key server. +Then you need our public key. If you already have it, you can jump to :ref:`gpg-verification`. If you don't have it yet, you can get it from a key server. ``gpg --recv-keys FD220285A0FE6D7E`` @@ -96,7 +94,7 @@ Or from this block below. Then you can paste that text in a new file, and import the file into GPG: -``gpg --import your_file_with_our_public_key`` +``gpg --import file_with_the_public_key`` You can now check your GPG software has our public key. @@ -111,7 +109,16 @@ You can now check your GPG software has our public key. sub rsa4096 2015-08-12 [E] -And finally verify signatures. The signature is that little .asc file you should download along with your chosen VyOS software. +.. _gpg-verification: + +GPG verification +---------------- + +As you have our public key, you just need the signature of the software you want to verify. + +.. note:: **In order to get the signature, go to your web browser and append *.asc* to the URL of your dowloaded VyOS image**. You will download a small *.asc* file, that's the signature of your image. + +So finally you can verify the authenticity of your image. .. code-block:: sh |