From 8418b50d8bb288107592e7badf0ce20647f1a249 Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Sat, 16 May 2015 21:27:06 -0400 Subject: Update the instructions for how to use GPG --- (limited to 'site/download') diff --git a/site/download/index.php b/site/download/index.php index e430346..86af57c 100644 --- a/site/download/index.php +++ b/site/download/index.php @@ -73,9 +73,22 @@ Download the key:
$ gpg --recv-keys

+ +

+ Download the SHA512 manifest and it's corresponding GPG signature + for the release that you are using, and put them in a directory. + Put the src, util and docs archives in the root of that directory, + alongside the SHA512 manifest file. + Put your ROM image archives under rom/ in that directory. + Put your crossgcc tarballs under crossgcc/ in that directory. +

+

+ After you've done this, verify the SHA512 checksums:
+ $ sha512sum -c sha512sum.txt +

- You can verify the downloaded archives as follows:
- $ for signature in $(ls *.sig); do gpg --verify $signature; done + You can verify the downloaded SHA512 manifest as follows:
+ $ gpg --verify sha512sum.txt.gpg

-- cgit v0.9.1