Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-01-11 23:39:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for install doc

Browse Source
This commit is contained in:
Allan Nordhøy 2022-02-13 12:47:52 +00:00 committed by GitHub
parent b19e68139b
commit 902d5dca64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/source/install.rst
View File

@ -12,13 +12,13 @@ Linux
-----
There are various ways to install OnionShare for Linux, but the recommended way is to use either the `Flatpak <https://flatpak.org/>`_ or the `Snap <https://snapcraft.io/>`_ package.
Flatpak and Snap ensure that you'll always use the newest version and run OnionShare inside of a sandbox.
Flatpak and Snapcraft ensure that you'll always use the newest version and run OnionShare inside of a sandbox.
Snap support is built-in to Ubuntu and Fedora comes with Flatpak support, but which you use is up to you. Both work in all Linux distributions.
Snapcraft support is built-in to Ubuntu and Fedora comes with Flatpak support, but which you use is up to you. Both work in all Linux distributions.
**Install OnionShare using Flatpak**: https://flathub.org/apps/details/org.onionshare.OnionShare
**Install OnionShare using Snap**: https://snapcraft.io/onionshare
**Install OnionShare using Snapcraft**: https://snapcraft.io/onionshare
You can also download and install PGP-signed ``.flatpak`` or ``.snap`` packages from https://onionshare.org/dist/ if you prefer.
@ -27,7 +27,7 @@ You can also download and install PGP-signed ``.flatpak`` or ``.snap`` packages
Command-line only
-----------------
You can install just the command line version of OnionShare on any operating system using the Python package manager ``pip``. See :ref:`cli` for more information.
You can install just the command-line version of OnionShare on any operating system using the Python package manager ``pip``. :ref:`cli` has more info.
.. _verifying_sigs:
@ -40,7 +40,8 @@ For Windows and macOS, this step is optional and provides defense in depth: the
Signing key
^^^^^^^^^^^
Packages are signed by Micah Lee, the core developer, using his PGP public key with fingerprint ``927F419D7EC82C2F149C1BD1403C2657CD994F73``. You can download Micah's key `from the keys.openpgp.org keyserver <https://keys.openpgp.org/vks/v1/by-fingerprint/927F419D7EC82C2F149C1BD1403C2657CD994F73>`_.
Packages are signed by Micah Lee, the core developer, using his PGP public key with fingerprint ``927F419D7EC82C2F149C1BD1403C2657CD994F73``.
You can download Micah's key `from the keys.openpgp.org keyserver <https://keys.openpgp.org/vks/v1/by-fingerprint/927F419D7EC82C2F149C1BD1403C2657CD994F73>`_.
You must have GnuPG installed to verify signatures. For macOS you probably want `GPGTools <https://gpgtools.org/>`_, and for Windows you probably want `Gpg4win <https://www.gpg4win.org/>`_.
@ -73,6 +74,6 @@ The expected output looks like this::
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 927F 419D 7EC8 2C2F 149C 1BD1 403C 2657 CD99 4F73
If you don't see ``Good signature from``, there might be a problem with the integrity of the file (malicious or otherwise), and you should not install the package. (The ``WARNING:`` shown above, is not a problem with the package, it only means you haven't defined a level of "trust" of Micah's PGP key.)
If you don't see ``Good signature from``, there might be a problem with the integrity of the file (malicious or otherwise), and you should not install the package. (The ``WARNING:`` shown above, is not a problem with the package, it only means you haven't defined a level of "trust" of Micah's (the core developer) PGP key.)
If you want to learn more about verifying PGP signatures, the guides for `Qubes OS <https://www.qubes-os.org/security/verifying-signatures/>`_ and the `Tor Project <https://support.torproject.org/tbb/how-to-verify-signature/>`_ may be useful.