diff options
| author | Slack Coder <slackcoder@server.ky> | 2023-09-15 16:31:12 -0500 |
|---|---|---|
| committer | Slack Coder <slackcoder@server.ky> | 2023-09-15 16:31:36 -0500 |
| commit | 874ab067f29b5c06dd06a871e096c2cd402f5c40 (patch) | |
| tree | 87e1adc38c6a31c3237df80e061f5c9f05f4d3a9 | |
| parent | cdf7fe9418d09eab90428ab54dd75ca8c8151d61 (diff) | |
| download | pkgtools-go-874ab067f29b5c06dd06a871e096c2cd402f5c40.tar.xz | |
README: Help user verify source code
| -rw-r--r-- | README.md | 49 |
1 files changed, 34 insertions, 15 deletions
@@ -35,21 +35,6 @@ influence the direction and speed of project development, while matching other's contributions. For more information, take a look the site's '[about](https://funding.server.ky/project/pkgtools-go/about)' page. -## Install - -The recommended way to build these tools is to call this command from within -the directory. The additional parameters are recommended to minimize external -dependencies. - -You likely want to set the GOBIN environment variable to your preferred install -location. - -``` - go install \ - -ldflags="-linkmode external -extldflags -static" \ - -a ./cmd/... -``` - ## Whats included? The commands 'installpkg' and 'removepkg' are included. @@ -65,6 +50,40 @@ These tools will likely not be included: - pkgdiff - pkgtool +## Verifying source code + +The latest project commit will be signed by the maintainer's GPG key. You will +need to retreive the his key first. Pay extra attention to the key fingerprint +which should remain the same. + +``` + gpg2 --auto-key-locate=wkd --locate-keys slackcoder@server.ky + # gpg: key 0x8D147EEA19EFF029: public key "Slack Coder <slackcoder@server.ky>" imported + # [..] + # sub cv25519/0xDCA6C34C0A95B957 2022-07-17 [E] [expires: 2024-07-16] + + git -c gpg.program=gpg2 verify-commit HEAD + # [..] + # gpg: Good signature from "Slack Coder <slackcoder@server.ky>" [unknown] + # [..] + # Primary key fingerprint: D0CF FD10 75CA B8DA 3299 7507 8D14 7EEA 19EF F029 +``` + +## Install + +The recommended way to build these tools is to call this command from within +the directory. The additional parameters are recommended to minimize external +dependencies. + +You likely want to set the GOBIN environment variable to your preferred install +location. + +``` + go install \ + -ldflags="-linkmode external -extldflags -static" \ + -a ./cmd/... +``` + ## Operation Notes ### Unsupported tar attributes |