PUBKEY-CM.pub.asc | 8 ++++++++ doc/Integrity | 24 ++++++++++++++++++------ makedist | 16 ++++++++++++++++ diff --git a/PUBKEY-CM.pub b/PUBKEY-CM.pub new file mode 100644 index 0000000000000000000000000000000000000000..39bbca07dc6ec6447195ca2b32c89c33072647abb9fb250eb7798075d00d43ec Binary files /dev/null and b/PUBKEY-CM.pub differ diff --git a/PUBKEY-CM.pub.asc b/PUBKEY-CM.pub.asc new file mode 100644 index 0000000000000000000000000000000000000000..f001024d4475b9ceabf338fbd1abac1e37e5aff0b217bee634af5306da2abe36 --- /dev/null +++ b/PUBKEY-CM.pub.asc @@ -0,0 +1,8 @@ +-----BEGIN PGP SIGNATURE----- + +iJEEABYKADkWIQTbL/jtRAp+lJhvt3bSI36ECQhstwUCadY+3BsUgAAAAAAEAA5t +YW51MiwyLjUrMS4xMiwyLDMACgkQ0iN+hAkIbLejBQD/cDlUYi0DuFNBgS7E6/LN +ohp1BY7C2zwhhHG8699xTU8A/0Al6M7Qd/wpsTsA2VCyO2b1KpYufuB4PTn/neFW +PW4N +=Gkcw +-----END PGP SIGNATURE----- diff --git a/doc/Integrity b/doc/Integrity index c4e3f4971a2db6827d76d2248e3af1d382041a6486963207619ab5514d48bc9f..965d2a70a901087a9006906808406a99c05bcfca40cbb3c26b2370aad3b0c79d 100644 --- a/doc/Integrity +++ b/doc/Integrity @@ -1,11 +1,23 @@ You "have to" verify downloaded tarballs authenticity to be sure that -you retrieved trusted and untampered software. +you retrieved trusted and untampered software. There are two options: + +=> https://www.openssh.com/ OpenSSH + .sig ed25519 signature. + => PUBKEY-SSH.pub public key + => PUBKEY-SSH.pub.asc its LibrePGP signature + Fingerprint: SHA256:Akj/MCtxCjPphrgWub2BeChqHDhLMABTYLL/MzqTN+s $ ssh-keygen -Y verify -f PUBKEY-SSH.pub -I gocheese@stargrave.org -n file \ -s gocheese-$v.tar.zst.sig https://www.openssh.com/ OpenSSH .sig signature -=> PUBKEY-SSH.pub its public key -=> PUBKEY-SSH.pub.asc its LibrePGP signature -Its fingerprint: SHA256:Akj/MCtxCjPphrgWub2BeChqHDhLMABTYLL/MzqTN+s +=> http://www.keks.stargrave.org/cm/index.html KEKS/CM + .cm quantum resistant SLH-DSA signature. + => PUBKEY-CM.pub public key + => PUBKEY-CM.pub.asc its LibrePGP signature + + $ fpr=$(kekspp -v -p /data/id gocheese-$release.tar zstd -22 --ultra -v gocheese-$release.tar tarball=gocheese-$release.tar.zst ssh-keygen -Y sign -f ~/.ssh/sign/gocheese@stargrave.org -n file $tarball +cmsigtool -d ~/.cm/sign/gocheese@stargrave.org.pub <$tarball >$tarball.cm meta4ra-create -fn $tarball -mtime $tarball -sig-ssh $tarball.sig \ "1|ru|http://www.gocheese.stargrave.org/download/$tarball" \ "2|ru|http://msk.www.gocheese.stargrave.org/download/$tarball" \ @@ -34,7 +35,22 @@ "5|ru|http://[322:3bd:cc26:9545:b00b:8841:126e:8b7e]/download/$tarball" \ "6|ru|sftp://anonwww@msk.www.stargrave.org/gocheese.stargrave.org/download/$tarball" \ "6|ru|sftp://anonwww@spb.www.stargrave.org/gocheese.stargrave.org/download/$tarball" \ <$tarball >$tarball.meta4 +meta4ra-create -add $tarball.meta4 -fn $tarball.cm -hashers "" \ + -id "KEKS/CM detached signature" \ + "1|ru|http://www.gocheese.stargrave.org/download/$tarball.cm" \ + "2|ru|http://msk.www.gocheese.stargrave.org/download/$tarball.cm" \ + "2|ru|http://spb.www.gocheese.stargrave.org/download/$tarball.cm" \ + "3|ru|https://www.gocheese.stargrave.org/download/$tarball.cm" \ + "4|ru|https://msk.www.gocheese.stargrave.org/download/$tarball.cm" \ + "4|ru|https://spb.www.gocheese.stargrave.org/download/$tarball.cm" \ + "5|ru|http://y.www.gocheese.stargrave.org/download/$tarball.cm" \ + "5|ru|http://[322:3bd:cc26:9545:b00b:8841:126e:8b7e]/download/$tarball.cm" \ + "6|ru|sftp://anonwww@msk.www.stargrave.org/gocheese.stargrave.org/download/$tarball.cm" \ + "6|ru|sftp://anonwww@spb.www.stargrave.org/gocheese.stargrave.org/download/$tarball.cm" \ + <$tarball.cm >$tarball.meta4_ +mv $tarball.meta4_ $tarball.meta4 meta4ra-create -add $tarball.meta4 -fn $tarball.sig -hashers "" \ + -id "OpenSSH signature" \ "1|ru|http://www.gocheese.stargrave.org/download/$tarball.sig" \ "2|ru|http://msk.www.gocheese.stargrave.org/download/$tarball.sig" \ "2|ru|http://spb.www.gocheese.stargrave.org/download/$tarball.sig" \