Browse Source
Clarify GPG binary check (#14832)
fixes #14817 Co-authored-by: techknowlogick <techknowlogick@gitea.io>tags/v1.15.0-rc1
Norwin
3 years ago
1 changed files with 5 additions and 1 deletions
+ 5
- 1
docs/content/doc/installation/from-binary.en-us.md
View File
| @@ -32,13 +32,17 @@ chmod +x gitea | |||
| ``` | |||
| ## Verify GPG signature | |||
| Gitea signs all binaries with a [GPG key](https://keys.openpgp.org/search?q=teabot%40gitea.io) to prevent against unwanted modification of binaries. To validate the binary, download the signature file which ends in `.asc` for the binary you downloaded and use the gpg command line tool. | |||
| Gitea signs all binaries with a [GPG key](https://keys.openpgp.org/search?q=teabot%40gitea.io) to prevent against unwanted modification of binaries. | |||
| To validate the binary, download the signature file which ends in `.asc` for the binary you downloaded and use the gpg command line tool. | |||
| ```sh | |||
| gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2 | |||
| gpg --verify gitea-{{< version >}}-linux-amd64.asc gitea-{{< version >}}-linux-amd64 | |||
| ``` | |||
| Look for the text `Good signature from "Teabot <teabot@gitea.io>"` to assert a good binary, | |||
| despite warnings like `This key is not certified with a trusted signature!`. | |||
| ## Recommended server configuration | |||
| **NOTE:** Many of the following directories can be configured using [Environment Variables]({{< relref "doc/advanced/environment-variables.en-us.md" >}}) as well! | |||
Loading…