You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by je...@apache.org on 2010/12/24 21:30:09 UTC

svn commit: r1052592 - /incubator/libcloud/site/downloads.html

Author: jerry
Date: Fri Dec 24 20:30:09 2010
New Revision: 1052592

URL: http://svn.apache.org/viewvc?rev=1052592&view=rev
Log:
Provided basic gpg instructions for KEYS verification; LIBCLOUD-27

Modified:
    incubator/libcloud/site/downloads.html

Modified: incubator/libcloud/site/downloads.html
URL: http://svn.apache.org/viewvc/incubator/libcloud/site/downloads.html?rev=1052592&r1=1052591&r2=1052592&view=diff
==============================================================================
--- incubator/libcloud/site/downloads.html (original)
+++ incubator/libcloud/site/downloads.html Fri Dec 24 20:30:09 2010
@@ -67,6 +67,36 @@
           </ul>
         </li>
       </ul>
+      <p>
+	Quick package verification guide:
+	<ol style="margin-left:3em;">
+	  <li>
+	    Import KEYS file
+<pre>$ <strong>gpg --import KEYS</strong>
+gpg: key 42721F00: public key "Paul Querna &lt;...&gt;" imported
+gpg: Total number processed: 1
+gpg:               imported: 1
+gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+gpg: next trustdb check due at 2011-10-30</pre>
+	  </li>
+	  <li>
+	    Verify package with .asc signature:
+<pre>$ <strong>gpg --verify apache-libcloud-incubating-0.4.0.tar.bz2.asc</strong>
+gpg: Signature made Wed Oct  6 15:31:35 2010 CDT using DSA key ID 42721F00
+<span style="color:green">gpg: Good signature from "Paul Querna &lt;...&gt;"
+gpg:                 aka "Paul Querna &lt;...&gt;"
+gpg:                 ...</span>
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: 39F6 691A 0ECF 0C50 E8BB  849C F788 75F6 4272 1F00</pre>
+            Example bad signature:
+<pre>$ <strong>gpg --verify apache-libcloud-incubating-0.4.0.tar.bz2.asc</strong>
+gpg: Signature made Wed Oct  6 15:31:35 2010 CDT using DSA key ID 42721F00
+<span style="color:red">gpg: BAD signature from "Paul Querna &lt;...&gt;"</span></pre>
+	  </li>
+	</ol>
+      </p>
       <p>See the <a href="devinfo.html">developer 
       information</a> for how to get libcloud from source control.</p>