Add missing source verification to builder instruction

Additionally use long keyid for Qubes master key
This commit is contained in:
Marek Marczykowski-Górecki 2015-10-15 14:01:53 +02:00
parent b219addad5
commit 59a101e2ba

View File

@ -51,18 +51,21 @@ It is also recommended to use an empty passphrase for the private key used for s
So, to build Qubes one would do: So, to build Qubes one would do:
# Import the Qubes master key # Import the Qubes master key
gpg --recv-keys 0x36879494 gpg --recv-keys 0xDDFA1A3E36879494
# Verify its fingerprint, set as 'trusted'. # Verify its fingerprint, set as 'trusted'.
# This is described here: # This is described here:
# https://www.qubes-os.org/doc/VerifyingSignatures # https://www.qubes-os.org/doc/VerifyingSignatures
wget http://keys.qubes-os.org/keys/qubes-developers-keys.asc wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
gpg --import qubes-developers-keys.asc gpg --import qubes-developers-keys.asc
git clone git://github.com/QubesOS/qubes-builder.git qubes-builder git clone git://github.com/QubesOS/qubes-builder.git qubes-builder
cd qubes-builder cd qubes-builder
# Verify its integrity:
git tag -v `git describe`
cp example-configs/qubes-os-master.conf builder.conf cp example-configs/qubes-os-master.conf builder.conf
# edit the builder.conf file and set the following variables: # edit the builder.conf file and set the following variables:
# NO_SIGN="1" # NO_SIGN="1"