mirror of https://github.com/omar-polo/gmid.git
Compare commits
24 Commits
e371817b34
...
20fa7cded6
Author | SHA1 | Date |
---|---|---|
Omar Polo | 20fa7cded6 | |
Omar Polo | 2865452c40 | |
Omar Polo | 1ee636a45c | |
Omar Polo | eabbdf5a10 | |
Omar Polo | 38a0d7ee8f | |
Omar Polo | ad3bf17681 | |
Omar Polo | 398253f3f5 | |
Omar Polo | d8df67565c | |
Omar Polo | 0d5282b647 | |
Omar Polo | e78e2923ea | |
Omar Polo | a08e0451ed | |
Omar Polo | 89b564c312 | |
Omar Polo | 13f900092d | |
Omar Polo | 84285be948 | |
Omar Polo | 3b9388d8d0 | |
Omar Polo | fa3b459472 | |
Omar Polo | a9092d0ee8 | |
Omar Polo | 8d0573e84a | |
Omar Polo | dd40d59659 | |
Omar Polo | 707ec003e5 | |
Omar Polo | c86654c907 | |
Omar Polo | e3dd9e66af | |
Omar Polo | 14d22e8007 | |
Omar Polo | 432c31e6cc |
|
@ -2,8 +2,10 @@
|
|||
!*.c
|
||||
!*.h
|
||||
!*.y
|
||||
!compat/*.c
|
||||
!compat/*.h
|
||||
!*.[1-9]
|
||||
!compat
|
||||
!have/*.c
|
||||
!Makefile
|
||||
!configure
|
||||
!contrib/Docker.gmid.conf
|
||||
!contrib/gencert
|
||||
|
|
32
Makefile
32
Makefile
|
@ -43,7 +43,7 @@ GG_OBJS = ${GG_SRCS:.c=.o} ${COBJS}
|
|||
TITAN_SRCS = titan.c iri.c log.c utf8.c
|
||||
TITAN_OBJS = ${TITAN_SRCS:.c=.o} ${COBJS}
|
||||
|
||||
SRCS = gmid.h landlock_shim.h log.h parse.y proc.h \
|
||||
SRCS = gmid.h iri.h log.h parse.y proc.h \
|
||||
${GMID_SRCS} ${GEMEXP_SRCS} ${GG_SRCS} ${TITAN_SRCS}
|
||||
|
||||
DISTNAME = gmid-${VERSION}
|
||||
|
@ -78,20 +78,24 @@ install: gmid gg gemexp
|
|||
mkdir -p ${DESTDIR}${MANDIR}/man1
|
||||
mkdir -p ${DESTDIR}${MANDIR}/man5
|
||||
mkdir -p ${DESTDIR}${MANDIR}/man8
|
||||
${INSTALL_PROGRAM} gmid ${DESTDIR}${BINDIR}
|
||||
${INSTALL_PROGRAM} gg ${DESTDIR}${BINDIR}
|
||||
${INSTALL_PROGRAM} gemexp ${DESTDIR}${BINDIR}
|
||||
${INSTALL_MAN} gmid.8 ${DESTDIR}${MANDIR}/man8
|
||||
${INSTALL_MAN} gmid.conf.5 ${DESTDIR}${MANDIR}/man5
|
||||
${INSTALL_PROGRAM} gg ${DESTDIR}${BINDIR}
|
||||
${INSTALL_PROGRAM} gmid ${DESTDIR}${BINDIR}
|
||||
${INSTALL_PROGRAM} titan ${DESTDIR}${BINDIR}
|
||||
${INSTALL_MAN} gemexp.1 ${DESTDIR}${MANDIR}/man1
|
||||
${INSTALL_MAN} gg.1 ${DESTDIR}${MANDIR}/man1
|
||||
${INSTALL_MAN} titan.1 ${DESTDIR}${MANDIR}/man1
|
||||
${INSTALL_MAN} gmid.conf.5 ${DESTDIR}${MANDIR}/man5
|
||||
${INSTALL_MAN} gmid.8 ${DESTDIR}${MANDIR}/man8
|
||||
|
||||
uninstall:
|
||||
rm ${DESTDIR}${BINDIR}/gemexp
|
||||
rm ${DESTDIR}${BINDIR}/gg
|
||||
rm ${DESTDIR}${BINDIR}/gmid
|
||||
rm ${DESTDIR}${BINDIR}/titan
|
||||
rm ${DESTDIR}${MANDIR}/man1/gemexp.1
|
||||
rm ${DESTDIR}${MANDIR}/man1/gg.1
|
||||
rm ${DESTDIR}${MANDIR}/man1/titan.1
|
||||
rm ${DESTDIR}${MANDIR}/man5/gmid.conf.5
|
||||
rm ${DESTDIR}${MANDIR}/man8/gmid.8
|
||||
|
||||
|
@ -127,21 +131,28 @@ y.tab.c: parse.y
|
|||
lint:
|
||||
man -Tlint -Wstyle -l gmid.8 gmid.conf.5 gemexp.1 gg.1 titan.1
|
||||
|
||||
PUBKEY = keys/gmid-${VERSION}.pub
|
||||
PRIVKEY = set-PRIVKEY
|
||||
DISTFILES = .cirrus.yml .dockerignore .gitignore ChangeLog LICENSE \
|
||||
Makefile README.md config.c configure crypto.c dirs.c fcgi.c \
|
||||
ge.c gemexp.1 gg.1 gg.c gmid.8 gmid.c gmid.conf.5 gmid.h \
|
||||
iri.c iri.h landlock_shim.h log.c log.h logger.c mime.c \
|
||||
parse.y proc.c proc.h proxy.c puny.c sandbox.c server.c \
|
||||
titan.1 titan.c utf8.c utils.c y.tab.c
|
||||
iri.c iri.h log.c log.h logger.c mime.c parse.y proc.c \
|
||||
proc.h proxy.c puny.c sandbox.c server.c titan.1 titan.c \
|
||||
utf8.c utils.c y.tab.c
|
||||
|
||||
release:
|
||||
sed -i -e '/^RELEASE=/s/no/yes' configure
|
||||
sed -i -e '/^RELEASE=/s/no/yes/' configure
|
||||
${MAKE} dist
|
||||
sed -i -e '/^RELEASE=/s/yes/no' configure
|
||||
sed -i -e '/^RELEASE=/s/yes/no/' configure
|
||||
signify -S -e -m ${DISTNAME}.sha256 -s ${PRIVKEY}
|
||||
|
||||
verify-release:
|
||||
signify -C -p ${PUBKEY} -x ${DISTNAME}.sha256.sig
|
||||
|
||||
dist: ${DISTNAME}.sha256
|
||||
|
||||
${DISTNAME}.sha256: ${DISTNAME}.tar.gz
|
||||
sha256 ${DISTNAME}.tar.gz > $@
|
||||
|
||||
${DISTNAME}.tar.gz: ${DISTFILES}
|
||||
mkdir -p .dist/${DISTNAME}/
|
||||
|
@ -150,6 +161,7 @@ ${DISTNAME}.tar.gz: ${DISTFILES}
|
|||
${MAKE} -C compat DESTDIR=${PWD}/.dist/${DISTNAME}/compat dist
|
||||
${MAKE} -C contrib DESTDIR=${PWD}/.dist/${DISTNAME}/contrib dist
|
||||
${MAKE} -C have DESTDIR=${PWD}/.dist/${DISTNAME}/have dist
|
||||
${MAKE} -C keys DESTDIR=${PWD}/.dist/${DISTNAME}/keys dist
|
||||
${MAKE} -C regress DESTDIR=${PWD}/.dist/${DISTNAME}/regress dist
|
||||
cd .dist/ && tar zcf ../$@ ${DISTNAME}
|
||||
rm -rf .dist/
|
||||
|
|
19
README.md
19
README.md
|
@ -1,10 +1,5 @@
|
|||
# gmid
|
||||
|
||||
> **Warning**
|
||||
> The `master` branch is WIP: it's what gmid 2.0 will be, with
|
||||
> breaking changes et al. Please use the latest release from the 1.8
|
||||
> branch for a stable and documented experience, thank you.
|
||||
|
||||
gmid is a full-featured Gemini server written with security in mind.
|
||||
It can serve static files, has optional FastCGI and proxying support,
|
||||
and a rich configuration syntax.
|
||||
|
@ -89,9 +84,7 @@ server "example.com" {
|
|||
|
||||
## Building
|
||||
|
||||
gmid depends on libevent2, OpenSSL/LibreSSL and libtls (provided
|
||||
either by LibreSSL or libretls). At build time, yacc (or GNU bison)
|
||||
is also needed.
|
||||
gmid depends on libevent2, LibreSSL or OpenSSL, and yacc or GNU bison.
|
||||
|
||||
The build is as simple as
|
||||
|
||||
|
@ -135,20 +128,20 @@ to the `contrib` directory.
|
|||
## Architecture/Security considerations
|
||||
|
||||
The internal architecture was revisited for the 2.0 release. For
|
||||
previous releases, please refer to previous revision of this file.
|
||||
earlier releases, please refer to previous revision of this file.
|
||||
|
||||
gmid has a privsep design, where the operations done by the daemon are
|
||||
splitted into multiple processes:
|
||||
|
||||
- main: the main process is the only one that keeps the original
|
||||
privileges. It opens the TLS certificates on the behalf of the
|
||||
`server` and `crypto` processes and reloads the configuration upon
|
||||
`SIGHUP`.
|
||||
`server` and `crypto` processes, reloads the configuration upon
|
||||
`SIGHUP` and re-opens the log files upon `SIGUSR1`.
|
||||
|
||||
- logger: handles the logging with syslog and/or local files.
|
||||
|
||||
- server: listen on the binded ports and serves the request. This
|
||||
also include speaking FastCGI and proxying requests.
|
||||
- server: listens for connections and serves the request. It also
|
||||
speaks FastCGI and do the proxying.
|
||||
|
||||
- crypto: holds the TLS private keys to avoid a compromised `server`
|
||||
process to disclose them.
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
set -e
|
||||
|
||||
RELEASE=no
|
||||
VERSION=2.0-alpha1
|
||||
VERSION=2.0-current
|
||||
|
||||
usage()
|
||||
{
|
||||
|
@ -50,6 +50,7 @@ fi
|
|||
|
||||
INSTALL=${INSTALL-install}
|
||||
PREFIX=${PREFIX-/usr/local}
|
||||
SYSCONFDIR=${SYSCONFDIR-/etc}
|
||||
|
||||
CDIAGFLAGS=
|
||||
CDIAGFLAGS="${CDIAGFLAGS} -W -Wall -Wextra -Wpointer-arith -Wuninitialized"
|
||||
|
@ -100,6 +101,7 @@ while [ $# -gt 0 ]; do
|
|||
--bindir) key=BINDIR ;;
|
||||
--mandir) key=MANDIR ;;
|
||||
--prefix) key=PREFIX ;;
|
||||
--sysconfdir) key=SYSCONFDIR ;;
|
||||
--with-libtls) key=LIBTLS ;;
|
||||
esac
|
||||
|
||||
|
@ -120,6 +122,7 @@ while [ $# -gt 0 ]; do
|
|||
LDFLAGS) LDFLAGS="$val" ;;
|
||||
PKG_CONFIG) PKG_CONFIG="$val" ;;
|
||||
PREFIX) PREFIX="$val" ;;
|
||||
SYSCONFDIR) SYSCONFDIR="$val" ;;
|
||||
YACC) YACC="$val" ;;
|
||||
*) usage
|
||||
esac
|
||||
|
@ -437,6 +440,10 @@ cat <<__HEREDOC__
|
|||
#define DISABLE_SANDBOX ${DISABLE_SANDBOX}
|
||||
#define HAVE_LANDLOCK ${HAVE_LANDLOCK}
|
||||
|
||||
#ifndef SYSCONFDIR
|
||||
# define SYSCONFDIR "${SYSCONFDIR}"
|
||||
#endif
|
||||
|
||||
__HEREDOC__
|
||||
|
||||
if [ ${HAVE_ENDIAN_H} -eq 1 ]; then
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
user gmid
|
||||
chroot "/var/gemini"
|
||||
|
||||
server "localhost" {
|
||||
listen on * port 1965
|
||||
cert "/etc/ssl/localhost.pem"
|
||||
key "/etc/ssl/private/localhost.key"
|
||||
root "/"
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
FROM alpine as builder
|
||||
FROM alpine
|
||||
WORKDIR /build
|
||||
RUN apk update && \
|
||||
apk upgrade && \
|
||||
|
@ -6,14 +6,14 @@ RUN apk update && \
|
|||
alpine-sdk \
|
||||
linux-headers \
|
||||
bison \
|
||||
libretls-dev \
|
||||
libretls-static \
|
||||
libevent-dev \
|
||||
libevent-static
|
||||
libevent-dev \
|
||||
openssl-dev
|
||||
COPY . .
|
||||
RUN make static
|
||||
|
||||
FROM alpine
|
||||
RUN apk update && apk upgrade
|
||||
COPY --from=builder /build/gmid /bin/gmid
|
||||
ENTRYPOINT ["gmid"]
|
||||
RUN ./configure && make && make install
|
||||
RUN adduser -H -S -s /sbin/nologin gmid
|
||||
RUN mkdir /var/gemini
|
||||
RUN ./contrib/gencert -e localhost && \
|
||||
mv localhost.pem /etc/ssl && \
|
||||
mv localhost.key /etc/ssl/private
|
||||
RUN mv contrib/Docker.gmid.conf /etc/gmid.conf
|
||||
ENTRYPOINT ["gmid", "-f"]
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
DISTFILES = Makefile \
|
||||
Docker.gmid.conf \
|
||||
Dockerfile \
|
||||
README \
|
||||
gencert \
|
||||
|
|
2
gmid.c
2
gmid.c
|
@ -68,7 +68,7 @@ int pidfd = -1;
|
|||
|
||||
int debug, verbose;
|
||||
|
||||
const char *config_path = "/etc/gmid.conf";
|
||||
const char *config_path = SYSCONFDIR "/gmid.conf";
|
||||
const char *pidfile;
|
||||
|
||||
static void
|
||||
|
|
11
gmid.conf.5
11
gmid.conf.5
|
@ -1,4 +1,4 @@
|
|||
.\" Copyright (c) 2022, 2023 Omar Polo <op@omarpolo.com>
|
||||
.\" Copyright (c) 2022, 2023, 2024 Omar Polo <op@omarpolo.com>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
|
@ -11,7 +11,7 @@
|
|||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.Dd October 20, 2023
|
||||
.Dd January 11, 2024
|
||||
.Dt GMID.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -321,7 +321,10 @@ If not specified defaults to 9000.
|
|||
.It Ic strip Ar number
|
||||
Strip
|
||||
.Ar number
|
||||
leading path components from the
|
||||
leading path components from the request URL before splitting it in
|
||||
.Ev SCRIPT_NAME
|
||||
and
|
||||
.Ev PATH_INFO .
|
||||
.El
|
||||
.Pp
|
||||
The FastCGI handler will be given the following variables by default:
|
||||
|
@ -381,7 +384,7 @@ The port the server is listening on.
|
|||
.Dq GEMINI
|
||||
.It Ev SERVER_SOFTWARE
|
||||
The name and version of the server, i.e.
|
||||
.Dq gmid/1.8.4
|
||||
.Dq gmid/2.0
|
||||
.It Ev REMOTE_USER
|
||||
The subject of the client certificate if provided, otherwise unset.
|
||||
.It Ev TLS_CLIENT_ISSUER
|
||||
|
|
|
@ -6,6 +6,7 @@ DISTFILES = ASN1_time_parse.c \
|
|||
SSL_CTX_use_certificate_chain_mem.c \
|
||||
X509_LOOKUP_mem.c \
|
||||
arc4random.c \
|
||||
arc4random_buf.c \
|
||||
endian_h.c \
|
||||
err.c \
|
||||
explicit_bzero.c \
|
||||
|
@ -19,6 +20,7 @@ DISTFILES = ASN1_time_parse.c \
|
|||
libevent.c \
|
||||
libevent2.c \
|
||||
libtls.c \
|
||||
machine_endian.c \
|
||||
memmem.c \
|
||||
noop.c \
|
||||
openssl.c \
|
||||
|
@ -33,6 +35,7 @@ DISTFILES = ASN1_time_parse.c \
|
|||
strlcat.c \
|
||||
strlcpy.c \
|
||||
strtonum.c \
|
||||
sys_endian_h.c \
|
||||
timingsafe_memcmp.c \
|
||||
tree_h.c \
|
||||
vasprintf.c \
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
DISTFILES = Makefile gmid-1.7.pub gmid-1.8.pub gmid-2.0.pub
|
||||
|
||||
all: false
|
||||
|
||||
dist: ${DISTFILES}
|
||||
mkdir -p ${DESTDIR}
|
||||
${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/
|
||||
|
||||
.PHONY: all dist
|
||||
include ../config.mk
|
|
@ -0,0 +1,2 @@
|
|||
untrusted comment: signify public key
|
||||
RWSK+qgSqgu20CEZZQTAExCxaGaOwGO7AWqru6BKLqQhQDy8Iz1tjXNE
|
|
@ -0,0 +1,2 @@
|
|||
untrusted comment: signify public key
|
||||
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
|
|
@ -0,0 +1,2 @@
|
|||
untrusted comment: signify public key
|
||||
RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te
|
2
parse.y
2
parse.y
|
@ -354,7 +354,7 @@ vhost : SERVER string {
|
|||
fatal("snprintf");
|
||||
|
||||
yywarn("missing `listen on' in server %s,"
|
||||
" assuming %s port %d", $2,
|
||||
" assuming %s port %d", host->domain,
|
||||
default_host ? default_host : "*",
|
||||
default_port);
|
||||
listen_on(default_host, portno);
|
||||
|
|
|
@ -20,9 +20,9 @@ REPOLOGY_BANNER = https://repology.org/badge/vertical-allrepos/gmid.svg
|
|||
REPOLOGY_URL = https://repology.org/project/gmid/versions
|
||||
|
||||
SUBST = ./subst GITHUB=https://github.com/omar-polo/gmid \
|
||||
VERS=1.8.6 \
|
||||
CURV=1.8 \
|
||||
NEXTV=1.9 \
|
||||
SITE=https://ftp.omarpolo.com \
|
||||
VERS=2.0 \
|
||||
PUBKEY=gmid-2.0.pub \
|
||||
TREE=https://github.com/omar-polo/gmid/blob/master
|
||||
|
||||
SUBST_GEM = ${SUBST} MANEXT=txt EXT=gmi REPOLOGY=${REPOLOGY_URL}
|
||||
|
|
|
@ -1,5 +1,46 @@
|
|||
# change log
|
||||
|
||||
## 2024/01/11 - 2.0 “Lady Stardust”
|
||||
|
||||
### New Features
|
||||
|
||||
* added `listen on' to specify per-server the list of addresses from where connections are to be accepted.
|
||||
* added titan(1), a simple titan client.
|
||||
* splitted the "configless" version of gmid as a standalone executable gemexp(1)
|
||||
* added ability to log to files with `log access <path>`
|
||||
* added ability to change the syslog(3) facility with `log syslog facility <facility>`
|
||||
* added ability to change the logging style with `log style <style>`
|
||||
* added `fastcgi strip'
|
||||
* reworked the privsep implementation and added a privsep crypto engine
|
||||
* implemented `SCRIPT_NAME' and `PATH_INFO' splitting for fastcgi
|
||||
|
||||
### Bug fixes
|
||||
|
||||
* fixed handling of TLS handshake failures
|
||||
|
||||
### Improvements
|
||||
|
||||
* contrib/gencert: added -e to generate EC keys
|
||||
* use default prefork (3) in regress
|
||||
* removed the sha256 dependency of the regress suite
|
||||
* parse and log the fastcgi reply
|
||||
* revamped the fastcgi configuration, now it's per-location
|
||||
* attempt to load the TLS certificates, mimes and virtual hosts root as part of the configtest (-n) instead of verifying the syntax only.
|
||||
* synced the parameters with RFC3875 (CGI)
|
||||
* gg: exit with the gemini response code unless it's 2X
|
||||
* gemexp: generate EC certificates too (it's also the new default)
|
||||
* (contrib/vim) added an ALE linter and updated the Vim syntax file; thanks Anna “CyberTailor”
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* removed CGI support
|
||||
* gg now warns when the server doesn't use TLS' close_notify
|
||||
* deprecated the global `ipv6' and `port' settings in favour of the per-server `listen on` directive
|
||||
* removed the already deprecated config options `mime' and `map'
|
||||
* droped seccomp and capsicum support
|
||||
* FastCGI: set REQUEST_METHOD to "GET" instead of the empty string
|
||||
|
||||
|
||||
## 2022/12/02 - 1.8.6 “Lightbulb Sun” bugfix release
|
||||
|
||||
* add tests and compat for setresuid setresgid
|
||||
|
|
|
@ -6,7 +6,7 @@ This directory is for additional contributed files which may be useful.
|
|||
|
||||
=> TREE/contrib/Dockerfile contrib/Dockerfile
|
||||
|
||||
A sample Dockerfile that builds an alpine linux-based image with a statically linked gmid installed as /bin/gmid. To build the image:
|
||||
A sample Dockerfile that builds an alpine linux-based image. To build the image:
|
||||
|
||||
```instructions to build the image
|
||||
# docker build -f contrib/Dockerfile -t gmid .
|
||||
|
@ -15,13 +15,14 @@ A sample Dockerfile that builds an alpine linux-based image with a statically li
|
|||
and then run it with something along the lines of:
|
||||
|
||||
```instruction to run the image
|
||||
# docker run --rm -it -p 1965:1965 \
|
||||
-v gmid.conf:/etc/gmid.conf:ro \
|
||||
-v path/to/keys:/tls:ro \
|
||||
-v /var/gemini:/var/gemini:ro \
|
||||
gmid -c /etc/gmid.conf
|
||||
# docker run --rm -it -p 1965:1965 \
|
||||
-v /var/gemini:/path/to/gemini/root:ro \
|
||||
gmid
|
||||
```
|
||||
|
||||
By default a sample config that serves the content of /var/gemini using a self-signed certificate is included.
|
||||
|
||||
|
||||
## gencert
|
||||
|
||||
=> TREE/contrib/gencert contrib/gencert
|
||||
|
|
|
@ -20,7 +20,7 @@ Some distros provide a package — thanks to the maintainers!
|
|||
|
||||
Otherwise, compile it from source: it’s easy and takes less than a minute on a raspberry pi 3
|
||||
|
||||
=> GITHUB/releases/download/VERS/gmid-VERS.tar.gz gmid-VERS.tar.gz
|
||||
=> SITE/gmid-VERS.tar.gz gmid-VERS.tar.gz
|
||||
|
||||
=> https://git.omarpolo.com/?action=summary&path=gmid.git git repository
|
||||
=> https://codeberg.org/op/gmid/ Codeberg mirror
|
||||
|
@ -35,7 +35,7 @@ The dependencies are:
|
|||
Once all the dependencies are installed, building is as easy as:
|
||||
|
||||
```Example of how to compile from source
|
||||
$ curl -LO GITHUB/releases/download/VERS/gmid-VERS.tar.gz
|
||||
$ curl -LO SITE/gmid-VERS.tar.gz
|
||||
$ tar xzvf gmid-VERS.tar.gz
|
||||
$ cd gmid-VERS
|
||||
$ ./configure
|
||||
|
@ -43,17 +43,21 @@ $ make
|
|||
$ sudo make install # eventually
|
||||
```
|
||||
|
||||
A SHA256 file is available. However, it only checks for accidental corruption. You can use signify (SHA256.sig and the public key gmid-CURV.pub) to cryptographically verify the downloaded tarball. The signify public key for the next release ‘gmid-NEXTV.pub’ is also included.
|
||||
A SHA256 file is available. However, it only checks for accidental corruption. You can use signify (gmid-VERS.sha256.sig) and the public key PUBKEY to cryptographically verify the downloaded tarball. The signify public key for the previous and the next release is included in the tarball.
|
||||
|
||||
=> GITHUB/releases/download/VERS/SHA256 SHA256
|
||||
=> GITHUB/releases/download/VERS/SHA256.sig SHA256.sig
|
||||
=> SITE/gmid-VERS.sha256 gmid-VERS.sha256
|
||||
=> SITE/gmid-VERS.sha256.sig gmid-VERS.sha256.sig
|
||||
|
||||
To verify the signatures with signify(1)
|
||||
To verify the signatures with signify(1):
|
||||
|
||||
```Example of how to verify the signature with signify
|
||||
% signify -C -p gmid-1.8.pub -x SHA256.sig
|
||||
% signify -C -p PUBKEY -x gmid-VERS.sha256.sig
|
||||
Signature Verified
|
||||
gmid-VERS.tar.gz: OK
|
||||
gmid-CURV.pub: OK
|
||||
gmid-NEXTV.pub: OK
|
||||
```
|
||||
|
||||
Git tags are signed with the following ssh key:
|
||||
|
||||
```
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0nD5I8BNVJknT87gnpLIJWK0fXTayDktQOlS38CGj4 op@omarpolo.com
|
||||
```
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 21 KiB |
Loading…
Reference in New Issue