From 184b615e8a727958c57cc572fd9e8f7ebfa80f76 Mon Sep 17 00:00:00 2001
From: Manuel Hiebel <leuhmanu@mageia.org>
Date: Tue, 9 Jul 2019 23:13:12 +0200
Subject: fix how to checksum and gpg (mga#24685)

also switch to a pool of gpg key server
---
 en/downloads/get/index.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'en')

diff --git a/en/downloads/get/index.php b/en/downloads/get/index.php
index ecb5f22cf..9b655177f 100644
--- a/en/downloads/get/index.php
+++ b/en/downloads/get/index.php
@@ -255,7 +255,7 @@ $sig_links = array();
 foreach ($checksums as $checksum) {
     if (isset($product[$checksum])) {
         $sum_links[] = "<a href=\"$download.$checksum\">" . basename($download) . ".$checksum</a>";
-        $chksm_cmd .= '$ ' . $checksum . 'sum ' . basename($download) . "\n<strong>" . $product[$checksum] . "</strong>\n" . PHP_EOL;
+        $chksm_cmd .= '$ ' . $checksum . 'sum -c ' . basename($download) . '.' . $checksum .  ' # '. sprintf(_r('You need both iso and checksum file in the same folder')) . "\n<strong>" . basename($download) . ": OK </strong>\n" . PHP_EOL;
         if (isset($product["$checksum.gpg"])) {
             $sig_links[] = "<a href=\"$download.$checksum.gpg\">" . basename($download) . ".$checksum.gpg</a>";
         }
@@ -267,23 +267,23 @@ $num_checksums = count($sum_links);
 // only output for nontorrent DL and if there are any checksums files present
 if ($num_checksums > 0 && !$torrent) {
     _g('As soon as your download is complete, you should check that the checksums match:', null, 'p');
+    $checksum_links = array_to_list($sum_links, ' ' . _r('and', ' '), _r(',', ' '));
+    _g('Checksums are available for download as files:', null, ' ');
+    echo "$checksum_links.</p>";
     echo PHP_EOL . '<div id="check-signs">' . PHP_EOL;
     echo '<pre class="term pre-scrollable">' . PHP_EOL;
     echo $chksm_cmd;
     echo '</pre>' . PHP_EOL . '<p>';
     _g('If checksums do not match, <strong>DO NOT use this ISO</strong>. Double-check and try to download again.', null, ' ');
-    $checksum_links = array_to_list($sum_links, ' ' . _r('and', ' '), _r(',', ' '));
     $signature_links = array_to_list($sig_links, ' ' . _r('and', ' '), _r(',', ' '));
-    _g('Checksums are available for download as files:', null, ' ');
-    echo "$checksum_links.</p>";
 ?>
 <?php if (count($sig_links) > 0) { // only output if there are any signatures files present ?>
 <p><?php _g('You can also verify the signature of an ISO.', null, ' ');
 _g('They are also available for download as files:', null, ' ');
 echo "$signature_links. ";
-echo sprintf(_r('First you need to import the "Mageia Release" key from a <a href="%s">MIT PGP Public Key Server</a>:'), 'https://pgp.mit.edu/'); ?></p>
+echo sprintf(_r('First you need to import the "Mageia Release" key from a <a href="%s">MIT PGP Public Key Server</a>:'), 'https://pool.sks-keyservers.net/'); ?></p>
 <pre class="term pre-scrollable">
-$ gpg --keyserver pgp.mit.edu --recv-keys EDCA7A90
+$ gpg --keyserver pool.sks-keyservers.net --recv-keys EDCA7A90
 </pre>
 <p><?php _g('In response there should be one of the following lines:'); ?></p>
 <pre class="term pre-scrollable">
@@ -295,7 +295,7 @@ $ gpg --keyserver pgp.mit.edu --recv-keys EDCA7A90
 </pre>
 <p><?php _g('Then you need to verify the signature for the ISO.'); ?></p>
 <pre class="term">
-$ gpg --verify /your/download/location/<?php echo basename($download); ?>.md5.gpg
+$ gpg --verify <?php echo sprintf(basename($download)). '.sha512.gpg '. sprintf(basename($download)).'.sha512';?>
 </pre>
 <p><?php _g('In response there should be lines like:'); ?></p>
 <pre class="term pre-scrollable">
-- 
cgit v1.2.1