forked from ungleich-public/cdist
Docs: install from source, verify signature
Add chapter for installing from source with signature verification. Resolves #795.
This commit is contained in:
Darko Poljak
parent
839e7a408e
commit
d5ac9ea348
2 changed files with 26 additions and 2 deletions
|
|
@ -7,6 +7,7 @@ next:
|
||||||
* Documentation: Embed config skeleton instead of rewriting it (Darko Poljak)
|
* Documentation: Embed config skeleton instead of rewriting it (Darko Poljak)
|
||||||
* Documentation: Remove cdist-type prefix and man page reference from type list in html (Darko Poljak)
|
* Documentation: Remove cdist-type prefix and man page reference from type list in html (Darko Poljak)
|
||||||
* Documentation: PreOS english nitpicking (Evil Ham)
|
* Documentation: PreOS english nitpicking (Evil Ham)
|
||||||
|
* Documentation: Add installing from source with signature verification (Darko Poljak)
|
||||||
|
|
||||||
6.2.0: 2019-11-30
|
6.2.0: 2019-11-30
|
||||||
* Core: Redefine/reimplement/fix CDIST_ORDER_DEPENDENCY (Darko Poljak)
|
* Core: Redefine/reimplement/fix CDIST_ORDER_DEPENDENCY (Darko Poljak)
|
||||||
|
|
|
||||||
|
|
@ -23,8 +23,6 @@ Target Hosts
|
||||||
Install cdist
|
Install cdist
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
You can install cdist either from git or as a python package.
|
|
||||||
|
|
||||||
From git
|
From git
|
||||||
~~~~~~~~
|
~~~~~~~~
|
||||||
|
|
||||||
|
|
@ -42,6 +40,7 @@ To install cdist, execute the following commands:
|
||||||
|
|
||||||
From version 4.2.0 cdist tags and releases are signed.
|
From version 4.2.0 cdist tags and releases are signed.
|
||||||
You can get GPG public key used for signing `here <_static/pgp-key-EFD2AE4EC36B6901.asc>`_.
|
You can get GPG public key used for signing `here <_static/pgp-key-EFD2AE4EC36B6901.asc>`_.
|
||||||
|
It is assumed that you are familiar with *git* ways of signing and verification.
|
||||||
|
|
||||||
You can also get cdist from `github mirror <https://github.com/ungleich/cdist>`_.
|
You can also get cdist from `github mirror <https://github.com/ungleich/cdist>`_.
|
||||||
|
|
||||||
|
|
@ -157,3 +156,27 @@ Cdist is available as a python package at
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
pip install cdist
|
pip install cdist
|
||||||
|
|
||||||
|
Installing from source with signature verification
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
If you want to install cdist from signed source and verify it, first you need to
|
||||||
|
download cdist archive and its detached signature.
|
||||||
|
|
||||||
|
Get both, *cdist-x.y.z.tar.gz* and *cdist-x.y.z.tar.gz.asc* from release
|
||||||
|
notes of the desired tag *x.y.z* at
|
||||||
|
`cdist git repository <https://code.ungleich.ch/ungleich-public/cdist/-/tags>`_.
|
||||||
|
|
||||||
|
Get GPG public key used for signing `here <_static/pgp-key-EFD2AE4EC36B6901.asc>`_
|
||||||
|
and import it into GPG.
|
||||||
|
|
||||||
|
Now cdist source archive can be verified using `gpg`, e.g. to verify `cdist-6.2.0`:
|
||||||
|
|
||||||
|
.. code-block:: sh
|
||||||
|
|
||||||
|
$ gpg --verify cdist-6.2.0.tar.gz.asc cdist-6.2.0.targ.gz
|
||||||
|
gpg: Signature made Sat Nov 30 23:14:19 2019 CET
|
||||||
|
gpg: using RSA key 69767822F3ECC3C349C1EFFFEFD2AE4EC36B6901
|
||||||
|
gpg: Good signature from "ungleich GmbH (ungleich FOSS) <foss@ungleich.ch>" [ultimate]
|
||||||
|
|
||||||
|
Further steps are the same as for `installing from git <cdist-install.html#from-git>`_.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue