Support.VerifyGPGSignature History

Hide minor edits - Show changes to markup

October 02, 2011, at 02:36 PM by ban - Update for colombanw-pubkey.txt
Changed lines 7-8 from:

http://download.geany.org/ntrel-pubkey.txt

to:

http://download.geany.org/colombanw-pubkey.txt

Changed lines 11-12 from:

gpg --import < ntrel-pubkey.txt

to:

gpg --import < colombanw-pubkey.txt

Changed lines 33-34 from:

wget http://download.geany.org/ntrel-pubkey.txt gpg --import < ntrel-pubkey.txt

to:

wget http://download.geany.org/colombanw-pubkey.txt gpg --import < colombanw-pubkey.txt

February 06, 2011, at 03:23 PM by enrico - add GPG signature verification instructions
Added lines 1-36:

Verifying GPG signatures of Geany and Geany-Plugins releases

First, you need to import the public GPG key used to sign the packages. You can download the used public key from: http://download.geany.org/ntrel-pubkey.txt

To import the key use:

gpg --import < ntrel-pubkey.txt

To actually verify the downloaded archive, use one of the following commands according to the archive you have downloaded:

For tar.bz2:

gpg --verify geany-0.20.tar.bz2.sig geany-0.20.tar.bz2

For tar.gz:

gpg --verify geany-0.20.tar.gz.sig geany-0.20.tar.gz

The command's output should state something like "Good signature" and should return with an exit code of 0. If you get another exit code, something went wrong.

A complete example:

wget http://download.geany.org/ntrel-pubkey.txt
gpg --import < ntrel-pubkey.txt
gpg --verify geany-0.20.tar.bz2.sig geany-0.20.tar.bz2