From 0d551dad36c5d91a93f1a8dd70bee25fb10c42aa Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 14 Oct 2014 14:31:09 -0400 Subject: [PATCH] Better document how to verify PGP signature Add text clarifying our unusual packaging of the PGP signature inside a tar file. (cherry picked from commit fa4138c7853487105ab3c54e6d176c45eaf8b065) ticket: 7927 version_fixed: 1.13 status: resolved --- doc/build/index.rst | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/doc/build/index.rst b/doc/build/index.rst index d89bcbaf4d..3416817e74 100644 --- a/doc/build/index.rst +++ b/doc/build/index.rst @@ -30,16 +30,20 @@ Obtaining the software The source code can be obtained from MIT Kerberos Distribution page, at http://web.mit.edu/kerberos/dist/index.html. -The MIT Kerberos distribution comes in an archive file, generally named -krb5-VERSION.tar, where *VERSION* is a placeholder for the major and minor -versions of MIT Kerberos. (For example, MIT Kerberos 1.9 -has major version "1" and minor version "9".) - -The krb5-VERSION.tar contains a compressed tar file consisting of the -sources for all of Kerberos (generally krb5-VERSION.tar.gz) and -a PGP signature file for this source tree (generally -krb5-VERSION.tar.gz.asc). MIT highly recommends that you verify -the integrity of the source code using this signature. +The MIT Kerberos distribution comes in an archive file, generally +named krb5-VERSION-signed.tar, where *VERSION* is a placeholder for +the major and minor versions of MIT Kerberos. (For example, MIT +Kerberos 1.9 has major version "1" and minor version "9".) + +The krb5-VERSION-signed.tar contains a compressed tar file consisting +of the sources for all of Kerberos (generally named +krb5-VERSION.tar.gz) and a PGP signature file for this source tree +(generally named krb5-VERSION.tar.gz.asc). MIT highly recommends that +you verify the integrity of the source code using this signature, +e.g., by running:: + + tar xf krb5-VERSION-signed.tar + gpg --verify krb5-VERSION.tar.gz.asc Unpack krb5-VERSION.tar.gz in some directory. In this section we will assume that you have chosen the top directory of the distribution the directory -- 2.47.2