doc: project signature verification in dom0

This commit is contained in:
Ben Grande 2024-01-22 18:49:17 +01:00
parent bd255af41f
commit e1fe461eb8

View File

@ -63,8 +63,8 @@ You current setup needs to fulfill the following requisites:
### DomU Installation
1. Install `git` in the downloader qube, if it is an AppVM, install it it's
the TemplateVM.
1. Install `git` in the qube, if it is an AppVM, install it it's the
TemplateVM and restart the AppVM.
2. Clone this repository:
```sh
@ -73,13 +73,6 @@ You current setup needs to fulfill the following requisites:
If you made a fork, fork the submodule(s) before clone and use your remote
repository instead, the submodules will also be from your fork.
3. Acquire the maintainer signing key by other means and import it.
4. Verify the [commit or tag signature](https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-signatures-on-git-repository-tags-and-commits) and expect a good signature, be surprised otherwise:
```sh
git verify-commit HEAD
```
### Dom0 Installation
Before copying anything to Dom0, read [Qubes OS warning about consequences of
@ -95,9 +88,16 @@ this procedure](https://www.qubes-os.org/doc/how-to-copy-from-dom0/#copying-to-d
"${qube}" /usr/lib/qubes/qfile-agent "${file}"
```
2. Copy the project to the Salt directories:
2. Acquire the maintainer signing key by other means and copy it to Dom0.
3. Verify the [commit or tag signature](https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-signatures-on-git-repository-tags-and-commits) and expect a good signature, be surprised otherwise:
```sh
~/QubesIncoming/<QUBE>/qusal/scripts/setup.sh
git verify-commit HEAD
```
4. Copy the project to the Salt directories:
```sh
~/QubesIncoming/"${qube}"/qusal/scripts/setup.sh
```
## Update