Skip to content

Commit 7f23b5b

Browse files
committed
Add instruction for release tarballs validation with GPG keys
Fixes: libevent#1691
1 parent 9d735b4 commit 7f23b5b

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

Documentation/Developers.md

+29
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
### How to verify the release archive?
2+
3+
You can download the release archive from the
4+
[libevent.org](https://libevent.org) or from [github
5+
releases](https://github.com/libevent/libevent/releases), but note, for later
6+
you need `*.tar.gz*` files (sicne `Source code` is the archive that is
7+
generated by github and they do not includes pre-configured scripts for
8+
`autoconf`)
9+
10+
```
11+
$ wget https://raw.githubusercontent.com/azat/azat.github.com/master/azatpub.asc
12+
$ gpg --import azatpub.asc
13+
# Or
14+
$ gpg --recv-key 9E3AC83A27974B84D1B3401DB86086848EF8686D
15+
16+
$ wget https://github.com/libevent/libevent/releases/download/release-2.2.1-alpha/libevent-2.2.1-alpha-dev.tar.gz
17+
$ wget https://github.com/libevent/libevent/releases/download/release-2.2.1-alpha/libevent-2.2.1-alpha-dev.tar.gz.asc
18+
$ gpg --verify libevent-2.2.1-alpha-dev.tar.gz.asc
19+
```
20+
21+
*You can find my public key [on github](https://raw.githubusercontent.com/azat/azat.github.com/master/azatpub.asc)*
22+
23+
You may also want to check the key signatures:
24+
25+
```
26+
$ gpg --list-signatures 9E3AC83A27974B84D1B3401DB86086848EF8686D
27+
# Download missing keys and then
28+
$ gpg --check-signatures 9E3AC83A27974B84D1B3401DB86086848EF8686D
29+
```

0 commit comments

Comments
 (0)