Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update links; fix typo

Browse Source
This commit is contained in:
Andrew David Wong 2021-07-20 03:27:51 -07:00
parent 05dcacd7b5
commit 54525b2e09
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
5 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
developer/building/qubes-iso-building.md
View File

@ -52,7 +52,7 @@ gpg --import qubes-developers-keys.asc
~~~ ~~~
**Note** In the above process, we do *not* rely on the security of our server (keys.qubes-os.org) nor the connection (ssl, cert) -- we only rely on you getting the Qubes Master Signing Key fingerprint *somehow* and ensuring they match! **Note** In the above process, we do *not* rely on the security of our server (keys.qubes-os.org) nor the connection (ssl, cert) -- we only rely on you getting the Qubes Master Signing Key fingerprint *somehow* and ensuring they match!
See [Verifying Signatures](/security/verifying-signatures/#1-get-the-qubes-master-signing-key-and-verify-its-authenticity) for verification sources. See [verifying signatures](/security/verifying-signatures/#how-to-import-and-authenticate-the-qubes-master-signing-key) for verification sources.
Now let's bootstrap the builder. Unfortunately, the builder cannot verify itself (the classic Chicken and Egg problem), so we need to verify the signature manually: Now let's bootstrap the builder. Unfortunately, the builder cannot verify itself (the classic Chicken and Egg problem), so we need to verify the signature manually:

2
introduction/faq.md
View File

@ -281,7 +281,7 @@ This website is hosted on [GitHub Pages](https://pages.github.com/) ([why?](#why
Therefore, it is largely outside of our control. Therefore, it is largely outside of our control.
We don't consider this a problem, however, since we explicitly [distrust the infrastructure](#what-does-it-mean-to-distrust-the-infrastructure). We don't consider this a problem, however, since we explicitly [distrust the infrastructure](#what-does-it-mean-to-distrust-the-infrastructure).
For this reason, we don't think that anyone should place undue trust in the live version of this site on the Web. For this reason, we don't think that anyone should place undue trust in the live version of this site on the Web.
Instead, if you want to obtain your own trustworthy copy of this website in a secure way, you should clone our [website repo](https://github.com/QubesOS/qubesos.github.io), [verify the PGP signatures on the commits and/or tags](/security/verifying-signatures/#how-to-verify-qubes-repos) signed by the [doc-signing keys](https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing) (which indicates that the content has undergone [review](/doc/how-to-edit-the-documentation/#security)), then either [render the site on your local machine](https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions) or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason](/doc/documentation-style-guide/#markdown-conventions). Instead, if you want to obtain your own trustworthy copy of this website in a secure way, you should clone our [website repo](https://github.com/QubesOS/qubesos.github.io), [verify the PGP signatures on the commits and/or tags](/security/verifying-signatures/#how-to-verify-signatures-on-git-repository-tags-and-commits) signed by the [doc-signing keys](https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing) (which indicates that the content has undergone [review](/doc/how-to-edit-the-documentation/#security)), then either [render the site on your local machine](https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions) or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason](/doc/documentation-style-guide/#markdown-conventions).
We've gone to special effort to set all of this up so that no one has to trust the infrastructure and so that the contents of this website are maximally available and accessible. We've gone to special effort to set all of this up so that no one has to trust the infrastructure and so that the contents of this website are maximally available and accessible.
### What does it mean to "distrust the infrastructure"? ### What does it mean to "distrust the infrastructure"?

2
project-security/verifying-signatures.md
View File

@ -374,7 +374,7 @@ Before we proceed, you must first complete the following prerequisite steps:
1. [Import and authenticate the Qubes Master Signing Key.](#how-to-import-and-authenticate-the-qubes-master-signing-key) 1. [Import and authenticate the Qubes Master Signing Key.](#how-to-import-and-authenticate-the-qubes-master-signing-key)
2. [Import and authenticate your release signing key.](#how-to-import-and-authenticate-release-signing-keys) 2. [Import and authenticate your release signing key.](#how-to-import-and-authenticate-release-signing-keys)
Each Qubes ISO is accompanied by a set of **cyrptographic hash values** Each Qubes ISO is accompanied by a set of **cryptographic hash values**
contained in a plain text file ending in `.DIGESTS`, which can find on the contained in a plain text file ending in `.DIGESTS`, which can find on the
[downloads](/downloads/) page alongside the ISO. This file contains the output [downloads](/downloads/) page alongside the ISO. This file contains the output
of running several different cryptographic hash functions on the ISO (a process of running several different cryptographic hash functions on the ISO (a process

14
user/how-to-guides/backup-emergency-restore-v4.md
View File

@ -37,12 +37,12 @@ Here are instructions for obtaining a compiled `scrypt` binary. This example
uses an RPM-based system (Fedora), but the same general procedure should work uses an RPM-based system (Fedora), but the same general procedure should work
on any GNU/Linux system. on any GNU/Linux system.
1. If you're not on Qubes 4.X, [get and verify the Release 4 Signing Key](/security/verifying-signatures/#2-get-the-release-signing-key). 1. If you're not on Qubes 4.X, [import and authenticate the Release 4 Signing
2. If you're not on Qubes 4.X, import the Release 4 Signing Key. Key](/security/verifying-signatures/#how-to-import-and-authenticate-release-signing-keys).
[user@restore ~]$ sudo rpm --import qubes-release-4-signing-key.asc [user@restore ~]$ sudo rpm --import qubes-release-4-signing-key.asc
3. Download the `scrypt` RPM. 2. Download the `scrypt` RPM.
[user@restore ~]$ dnf download scrypt [user@restore ~]$ dnf download scrypt
@ -50,7 +50,7 @@ on any GNU/Linux system.
[user@restore ~]$ curl -O https://yum.qubes-os.org/r4.0/current/vm/fc28/rpm/scrypt-1.2.1-1.fc28.x86_64.rpm [user@restore ~]$ curl -O https://yum.qubes-os.org/r4.0/current/vm/fc28/rpm/scrypt-1.2.1-1.fc28.x86_64.rpm
4. Verify the signature on the `scrypt` RPM. 3. Verify the signature on the `scrypt` RPM.
[user@restore ~]$ rpm -K scrypt-*.rpm [user@restore ~]$ rpm -K scrypt-*.rpm
scrypt-*.rpm: digests signatures OK scrypt-*.rpm: digests signatures OK
@ -58,15 +58,15 @@ on any GNU/Linux system.
The message `digests signatures OK` means that both the digest (i.e., the The message `digests signatures OK` means that both the digest (i.e., the
output of a hash function) and PGP signature verification were successful. output of a hash function) and PGP signature verification were successful.
5. Install `rpmdevtools`. 4. Install `rpmdevtools`.
[user@restore ~]$ sudo dnf install rpmdevtools [user@restore ~]$ sudo dnf install rpmdevtools
6. Extract the `scrypt` binary from the RPM. 5. Extract the `scrypt` binary from the RPM.
[user@restore ~]$ rpmdev-extract scrypt-*.rpm [user@restore ~]$ rpmdev-extract scrypt-*.rpm
7. (Optional) Create an alias for the new binary. 6. (Optional) Create an alias for the new binary.
[user@restore ~]$ alias scrypt="scrypt-*/usr/bin/scrypt" [user@restore ~]$ alias scrypt="scrypt-*/usr/bin/scrypt"

2
user/troubleshooting/installation-troubleshooting.md
View File

@ -26,7 +26,7 @@ Note that the Qubes installation image is over 4GB, so it may not fit on a small
If a machine can not boot from a bigger USB, it may be too old to run Qubes. If a machine can not boot from a bigger USB, it may be too old to run Qubes.
* **Verify your Qubes ISO:** * **Verify your Qubes ISO:**
Errors will occur if the Qubes installer is corrupted. Errors will occur if the Qubes installer is corrupted.
Ensure that the installer is correct and complete before writing it to a flash drive by [verifying the ISO](/security/verifying-signatures/#how-to-verify-qubes-iso-signatures). Ensure that the installer is correct and complete before writing it to a flash drive by [verifying the ISO](/security/verifying-signatures/).
* **Change the method you used to [write your ISO to a USB key](/doc/installation-guide/#copying-the-iso-onto-the-installation-medium):** * **Change the method you used to [write your ISO to a USB key](/doc/installation-guide/#copying-the-iso-onto-the-installation-medium):**
Some people use the ``dd`` command (recommended), others use tools like Rufus, balenaEtcher or the GNOME Disk Utility. Some people use the ``dd`` command (recommended), others use tools like Rufus, balenaEtcher or the GNOME Disk Utility.
If installation fails after using one tool, try a different one. If installation fails after using one tool, try a different one.