aboutsummaryrefslogtreecommitdiffstats
path: root/en
diff options
context:
space:
mode:
authorfilip <filip.komar@gmail.com>2016-05-15 22:23:30 +0200
committerfilip <filip.komar@gmail.com>2016-05-15 22:23:30 +0200
commit28bce0ac703d14465da57d579af90341f90b043c (patch)
treeb17a66303ae708b11e4253907369cf6a40256d45 /en
parent8710f94c9f038c81e9ad89a0a2a20cc693247a96 (diff)
downloadwww-28bce0ac703d14465da57d579af90341f90b043c.tar
www-28bce0ac703d14465da57d579af90341f90b043c.tar.gz
www-28bce0ac703d14465da57d579af90341f90b043c.tar.bz2
www-28bce0ac703d14465da57d579af90341f90b043c.tar.xz
www-28bce0ac703d14465da57d579af90341f90b043c.zip
adding a gpg test to the DL page
Diffstat (limited to 'en')
-rw-r--r--en/downloads/get/index.php29
1 files changed, 27 insertions, 2 deletions
diff --git a/en/downloads/get/index.php b/en/downloads/get/index.php
index 21e9bed86..1e1a286fe 100644
--- a/en/downloads/get/index.php
+++ b/en/downloads/get/index.php
@@ -235,8 +235,33 @@ if (array_key_exists('sha512', $product)) {
}
?>
</pre>
- <p><?php _g('If checksums do not match, <strong>DO NOT use this ISO</strong>. Double-check and try to download again.'); ?></p>
- <!-- TODO (rda): add direct download links to checksum and signature files as a backup. -->
+<p><?php _g('If checksums do not match, <strong>DO NOT use this ISO</strong>. Double-check and try to download again.'); ?></p>
+<p><?php _g('You can also verify the signature of an ISO.', null, ' ');
+_g('First you need to import the key from a MIT PGP Public Key Server:'); ?></p>
+<pre class="term">
+$ gpg --keyserver pgp.mit.edu --recv-keys EDCA7A90
+</pre>
+<p><?php _g('In response there should be one of the following lines:'); ?></p>
+<pre class="term">
+gpg: key EDCA7A90: public key "Mageia Release &lt;release&#x40;mageia.org&gt;" imported
+
+<?php _g('or if you already imported the key before:'); echo PHP_EOL; ?>
+
+gpg: key EDCA7A90: "Mageia Release &lt;release&#x40;mageia.org&gt;" not changed
+</pre>
+<p><?php _g('Then you need to verify the signature for the ISO.'); ?></p>
+<pre class="term">
+$ gpg --verify /your/download/location/<?php echo basename($download); ?>.md5.gpg
+</pre>
+<p><?php _g('In response there should be a lines like:'); ?></p>
+<pre class="term">
+gpg: Good signature from "Mageia Release &lt;release&#x40;mageia.org&gt;"
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg: There is no indication that the signature belongs to the owner.
+Primary key fingerprint: B210 76A0 CBE4 D93D 66A9 D08D 835E 41F4 EDCA 7A90
+</pre>
+<p><?php _g('The warning about uncertified signature is expected.'); ?></p>
+<!-- TODO (rda): add direct download links to checksum and signature files as a backup. -->
</div>
<?php endif; ?>
<p><?php