diff options
Diffstat (limited to 'downloads/signatures/index.html')
| -rw-r--r-- | downloads/signatures/index.html | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/downloads/signatures/index.html b/downloads/signatures/index.html index 68a5f9b..c53482e 100644 --- a/downloads/signatures/index.html +++ b/downloads/signatures/index.html @@ -13,52 +13,67 @@ nav2-show: true <table class="table table-striped"> <tr> - <th>Key Fingerprint</th> + <th>Key fingerprint</th> + <th>Gentoo package</th> <th>Description</th> <th>Created</th> <th>Expiry</th> </tr> <tr> <td><kbd>13EBBDBEDE7A12775DFDB1BABB572E0E2D182910</kbd></td> + <td>sec-keys/openpgp-keys-gentoo-release</td> <td>Gentoo Linux Release Engineering (Automated Weekly Release Key)</td> <td>2009-08-25</td> - <td>2022-07-01</td> + <td>2026-07-01</td> </tr> <tr> <td><kbd>DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D</kbd></td> + <td>sec-keys/openpgp-keys-gentoo-release</td> <td>Gentoo ebuild repository signing key (Automated Signing Key)</td> <td>2011-11-25</td> - <td>2022-07-01</td> + <td>2026-07-01</td> </tr> <tr> <td><kbd>EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72</kbd></td> - <td><a rel='external' href='https://github.com/gentoo-mirror/'>Gentoo repository mirrors</a> (automated git signing key)</td> + <td>sec-keys/openpgp-keys-gentoo-release</td> + <td><a rel='external' href='https://github.com/gentoo-mirror/'>Gentoo repository mirrors (GitHub)</a> (automated git signing key)</td> <td>2018-05-28</td> - <td>2022-07-01</td> + <td>2026-07-01</td> </tr> <tr> - <td><kbd>D99EAC7379A850BCE47DA5F29E6438C817072058</kbd></td> + <td><kbd>D99EAC7379A850BCE47DA5F29E6438C817072058</kbd></td> <!-- TODO: not in L2 path --> + <td>sec-keys/openpgp-keys-gentoo-release</td> <td>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</td> <td>2004-07-20</td> - <td>2022-01-01</td> + <td>2025-07-01</td> </tr> <tr> <td><kbd>ABD00913019D6354BA1D9A132839FE0D796198B1</kbd></td> + <td>sec-keys/openpgp-keys-gentoo-auth</td> <td>Gentoo Authority Key L1</td> <td>2019-04-01</td> - <td>2022-07-01</td> + <td>2026-07-01</td> </tr> <tr> <td><kbd>18F703D702B1B9591373148C55D3238EC050396E</kbd></td> + <td>sec-keys/openpgp-keys-gentoo-auth</td> <td>Gentoo Authority Key L2 for Services</td> <td>2019-04-01</td> - <td>2022-07-01</td> + <td>2026-07-01</td> </tr> <tr> <td><kbd>2C13823B8237310FA213034930D132FF0FF50EEB</kbd></td> + <td>sec-keys/openpgp-keys-gentoo-auth</td> <td>Gentoo Authority Key L2 for Developers</td> <td>2019-04-01</td> - <td>2022-07-01</td> + <td>2026-07-01</td> + </tr> + <tr> + <td><kbd>ABA5E4E7F4E407ABE9CA7EC7422C9066E21F705A</kbd></td> + <td /> <!-- <td>sec-keys/openpgp-keys-gentoo-auth</td> <!-- coming soon --> + <td>Gentoo Authority Key L2 for Infrastructure</td> + <td>2024-04-19</td> + <td>2026-07-01</td> </tr> </table> @@ -69,25 +84,23 @@ nav2-show: true <h3 class="panel-title"><span class="fa fa-fw fa-check-circle-o"></span> Verifying files</h3> </div> <div class="panel-body"> - <p>To verify downloaded files are not tampered with, you need the <tt>.DIGESTS</tt> file matching your release and the matching key from the table above.</p> + <p>To verify downloaded files are not tampered with, the <tt>.asc</tt> signature file matching the release and the matching key from the table above are needed.</p> <p>Fetch the key:</p> <p><kbd>gpg --keyserver hkps://keys.gentoo.org --recv-keys <key fingerprint></kbd></p> - <p>Alternatively, you can fetch a bundle containing all listed keys:</p> + <p>Alternatively, fetch a bundle containing all listed keys:</p> <p><kbd>wget -O - https://qa-reports.gentoo.org/output/service-keys.gpg | gpg --import</kbd></p> - <p>Verify the <tt>DIGESTS</tt> file:</p> + <p>Alternatively, use the Gentoo <tt>sec-keys/openpgp-keys-gentoo-release</tt> package:</p> - <p><kbd>gpg --verify <foo.DIGESTS.asc></kbd></p> + <p><kbd>gpg --import /usr/share/openpgp-keys/gentoo-release.asc</kbd></p> - <p>Verify the download matches the digests. At least one of the following will exist:</p> + <p>Verify the signature:</p> - <p><kbd>sha512sum -c <foo.DIGESTS.asc></kbd></p> - <p><kbd>sha256sum -c <foo.DIGESTS.asc></kbd></p> - <p><kbd>sha1sum -c <foo.DIGESTS.asc></kbd></p> + <p><kbd>gpg --verify <foo.asc></kbd></p> <br> |