Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-01-12 07:59:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: inform how to verify the maintainer's key

Browse Source 
For: https://github.com/ben-grande/qusal/issues/37
This commit is contained in:
Ben Grande 2024-03-23 22:22:31 +01:00
parent fcc155f5c7
commit cc2d547589
No known key found for this signature in database
GPG Key ID: 00C64E14F51F9E56
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -74,6 +74,9 @@ You current setup needs to fulfill the following requisites:
If you made a fork, fork the submodule(s) before clone and use your remote If you made a fork, fork the submodule(s) before clone and use your remote
repository instead, the submodules will also be from your fork. repository instead, the submodules will also be from your fork.
3. Copy the [maintainer's signing key](https://github.com/ben-grande/ben-grande/raw/main/DF3834875B65758713D93E91A475969DE4E371E3.asc)
to your text editor and save the file to `/home/user/ben-code.asc`.
### Dom0 Installation ### Dom0 Installation
Before copying anything to Dom0, read [Qubes OS warning about consequences of Before copying anything to Dom0, read [Qubes OS warning about consequences of
@ -91,15 +94,33 @@ this procedure](https://www.qubes-os.org/doc/how-to-copy-from-dom0/#copying-to-d
"${qube}" /usr/lib/qubes/qfile-agent "${file}" "${qube}" /usr/lib/qubes/qfile-agent "${file}"
``` ```
2. Acquire the maintainer signing key by other means and copy it to Dom0. 2. Pass the maintainer's key from the qube to Dom0:
```sh
qvm-run --pass-io "${qube}" -- "cat /home/user/ben-code.asc" | tee /tmp/ben-code.asc
```
3. Verify the [commit or tag signature](https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-signatures-on-git-repository-tags-and-commits) and expect a good signature, be surprised otherwise: 3. Verify that the key fingerprint matches
`DF38 3487 5B65 7587 13D9 2E91 A475 969D E4E3 71E3`. You can use
Sequoia-PGP or GnuPG for the fingerprint verification:
```sh
gpg --show-keys /tmp/ben-code.asc
# or
#sq inspect ben-code.asc
```
4. Import the verified key to your keyring:
```sh
gpg --import /tmp/ben-code.asc
```
5. Verify the [commit or tag signature](https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-signatures-on-git-repository-tags-and-commits)
and expect a good signature, be surprised otherwise:
```sh ```sh
git verify-commit HEAD git verify-commit HEAD
git submodule foreach git verify-commit HEAD git submodule foreach git verify-commit HEAD
``` ```
4. Copy the project to the Salt directories: 6. Copy the project to the Salt directories:
```sh ```sh
~/QubesIncoming/"${qube}"/qusal/scripts/setup.sh ~/QubesIncoming/"${qube}"/qusal/scripts/setup.sh
``` ```