From 8418b50d8bb288107592e7badf0ce20647f1a249 Mon Sep 17 00:00:00 2001
From: Francis Rowe <info@gluglug.org.uk>
Date: Sat, 16 May 2015 21:27:06 -0400
Subject: Update the instructions for how to use GPG

---
(limited to 'site')

diff --git a/site/download/index.php b/site/download/index.php
index e430346..86af57c 100644
--- a/site/download/index.php
+++ b/site/download/index.php
@@ -73,9 +73,22 @@
 					Download the key:<br/>
 					$ <b>gpg --recv-keys <?php echo $lbProjectGpgKeyID; ?></b>
 				</p>
+				
+				<p>
+					Download the SHA512 manifest and it's corresponding GPG signature
+					for the release that you are using, and put them in a directory. 
+					Put the src, util and docs archives in the root of that directory,
+					alongside the SHA512 manifest file.
+					Put your ROM image archives under <i>rom/</i> in that directory. 
+					Put your crossgcc tarballs under <i>crossgcc/</i> in that directory.
+				</p>
+				<p>
+					After you've done this, verify the SHA512 checksums:<br/>
+					$ <b>sha512sum -c sha512sum.txt</b>
+				</p>
 				<p>
-					You can verify the downloaded archives as follows:<br/>
-					$ <b>for signature in $(ls *.sig); do gpg --verify $signature; done</b>
+					You can verify the downloaded SHA512 manifest as follows:<br/>
+					$ <b>gpg --verify sha512sum.txt.gpg</b>
 				</p>
 		
 		</div>
diff --git a/site/index.php b/site/index.php
index a36058f..a65b748 100644
--- a/site/index.php
+++ b/site/index.php
@@ -63,6 +63,11 @@
 					<li><a href="git/crossgcc/">crossgcc</a></li>
 					<li>...based on <a href="<?php echo $lbFirmwareGitwebAddress; ?>;a=commit;h=<?php include "git/commitid"; ?>">this</a> commit</li>
 				</ul>
+				<ul class="ulnav">
+					<li><a href="git/sha512sum.txt">SHA512 manifest</a></li>
+					<li><a href="git/sha512sum.txt.sig">SHA512 manifest (GPG signature)</a></li>
+					<li><a href="download/#gpg">How to use GPG</a></li>
+				</ul>
 				
 				<ul class="ulnav">
 					<li>Other resources:</li>
--
cgit v0.9.1