From fc1d9629c61a6beb4afc92aee2c34292a919a1c3 Mon Sep 17 00:00:00 2001 From: Norwin Date: Thu, 1 Jul 2021 14:14:09 +0000 Subject: [PATCH] Clarify GPG binary check (#14832) fixes #14817 Co-authored-by: techknowlogick --- docs/content/doc/installation/from-binary.en-us.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/content/doc/installation/from-binary.en-us.md b/docs/content/doc/installation/from-binary.en-us.md index 9d8864956b..aa075bb239 100644 --- a/docs/content/doc/installation/from-binary.en-us.md +++ b/docs/content/doc/installation/from-binary.en-us.md @@ -32,13 +32,17 @@ chmod +x gitea ``` ## Verify GPG signature -Gitea signs all binaries with a [GPG key](https://keys.openpgp.org/search?q=teabot%40gitea.io) to prevent against unwanted modification of binaries. To validate the binary, download the signature file which ends in `.asc` for the binary you downloaded and use the gpg command line tool. +Gitea signs all binaries with a [GPG key](https://keys.openpgp.org/search?q=teabot%40gitea.io) to prevent against unwanted modification of binaries. +To validate the binary, download the signature file which ends in `.asc` for the binary you downloaded and use the gpg command line tool. ```sh gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2 gpg --verify gitea-{{< version >}}-linux-amd64.asc gitea-{{< version >}}-linux-amd64 ``` +Look for the text `Good signature from "Teabot "` to assert a good binary, +despite warnings like `This key is not certified with a trusted signature!`. + ## Recommended server configuration **NOTE:** Many of the following directories can be configured using [Environment Variables]({{< relref "doc/advanced/environment-variables.en-us.md" >}}) as well!