debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

README.source: Add instructions to verify upstream tag and file signatures

This commit is contained in:
Ben Hutchings 2016-03-15 00:59:32 +00:00
parent c4460bf84d
commit e4a0845da3
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
debian/README.source vendored
View File

@ -12,6 +12,30 @@ unifdef packages installed.
* git://kernel.ubuntu.com/ubuntu/linux.git * git://kernel.ubuntu.com/ubuntu/linux.git
However, it is also possible to use upstream tarball and patch releases. However, it is also possible to use upstream tarball and patch releases.
Both tags and files should be signed by the relevant maintainer, which
you *must* verify using commands such as:
$ git tag -v v4.5
$ xzcat linux-4.5.tar.xz | gpg --verify linux-4.5.tar.sign -
$ xzcat patch-4.5.1.xz | gpg --verify patch-4.5.1.sign -
The upstream maintainers' key fingerprints are:
pub 2048R/00411886 2011-09-20
Key fingerprint = ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
uid Linus Torvalds <torvalds@linux-foundation.org>
sub 2048R/012F54CA 2011-09-20
pub 4096R/6092693E 2011-09-23
Key fingerprint = 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
uid Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
sub 4096R/76D54749 2011-09-23
pub 4096R/FDCE24FC 2011-12-10
Key fingerprint = D4E1 E317 4470 9144 B0F8 101A DB74 AEB8 FDCE 24FC
uid Luis Henriques <luis.henriques@canonical.com>
uid Luis Henriques <henrix@camandro.org>
sub 4096R/EFBC394A 2011-12-10
2) Run: ./debian/bin/genorig.py <repository> 2) Run: ./debian/bin/genorig.py <repository>
or: ./debian/bin/genorig.py <tarball> [patch] or: ./debian/bin/genorig.py <tarball> [patch]