README.source: Add instructions to verify upstream tag and file signatures
This commit is contained in:
parent
c4460bf84d
commit
e4a0845da3
|
@ -12,6 +12,30 @@ unifdef packages installed.
|
||||||
* git://kernel.ubuntu.com/ubuntu/linux.git
|
* git://kernel.ubuntu.com/ubuntu/linux.git
|
||||||
|
|
||||||
However, it is also possible to use upstream tarball and patch releases.
|
However, it is also possible to use upstream tarball and patch releases.
|
||||||
|
Both tags and files should be signed by the relevant maintainer, which
|
||||||
|
you *must* verify using commands such as:
|
||||||
|
|
||||||
|
$ git tag -v v4.5
|
||||||
|
$ xzcat linux-4.5.tar.xz | gpg --verify linux-4.5.tar.sign -
|
||||||
|
$ xzcat patch-4.5.1.xz | gpg --verify patch-4.5.1.sign -
|
||||||
|
|
||||||
|
The upstream maintainers' key fingerprints are:
|
||||||
|
|
||||||
|
pub 2048R/00411886 2011-09-20
|
||||||
|
Key fingerprint = ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
|
||||||
|
uid Linus Torvalds <torvalds@linux-foundation.org>
|
||||||
|
sub 2048R/012F54CA 2011-09-20
|
||||||
|
|
||||||
|
pub 4096R/6092693E 2011-09-23
|
||||||
|
Key fingerprint = 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
|
||||||
|
uid Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
|
||||||
|
sub 4096R/76D54749 2011-09-23
|
||||||
|
|
||||||
|
pub 4096R/FDCE24FC 2011-12-10
|
||||||
|
Key fingerprint = D4E1 E317 4470 9144 B0F8 101A DB74 AEB8 FDCE 24FC
|
||||||
|
uid Luis Henriques <luis.henriques@canonical.com>
|
||||||
|
uid Luis Henriques <henrix@camandro.org>
|
||||||
|
sub 4096R/EFBC394A 2011-12-10
|
||||||
|
|
||||||
2) Run: ./debian/bin/genorig.py <repository>
|
2) Run: ./debian/bin/genorig.py <repository>
|
||||||
or: ./debian/bin/genorig.py <tarball> [patch]
|
or: ./debian/bin/genorig.py <tarball> [patch]
|
||||||
|
|
Loading…
Reference in New Issue