diff options
| author | Brad Warren <bmw@eff.org> | 2016-05-12 03:24:32 +0300 |
|---|---|---|
| committer | Brad Warren <bmw@eff.org> | 2016-05-12 03:24:32 +0300 |
| commit | 5637c5857ecb75274aa5d5b688e0bdae7808850e (patch) | |
| tree | 1b3eeb2adfb48ae96f0bd9812bbfef3dcaa6e597 | |
| parent | 0fba79806a8b4c3ff0ebd9bb4499761994005c7a (diff) | |
| parent | 5214c56f06c5202dfe2c77c15d2534daba17fd4c (diff) | |
Merge remote-tracking branch 'origin/new-dl' into candidate-0.6.0
| -rw-r--r-- | README.rst | 15 | ||||
| -rwxr-xr-x | tools/release.sh | 6 |
2 files changed, 17 insertions, 4 deletions
diff --git a/README.rst b/README.rst index 385a031ff..20b49083f 100644 --- a/README.rst +++ b/README.rst @@ -40,11 +40,18 @@ Because not all operating systems have packages yet, we provide a temporary solution via the ``certbot-auto`` wrapper script, which obtains some dependencies from your OS and puts others in a python virtual environment:: - user@webserver:~$ git clone https://github.com/certbot/certbot - user@webserver:~$ cd certbot - user@webserver:~/certbot$ ./certbot-auto --help + user@webserver:~$ wget https://dl.eff.org/certbot-auto + user@webserver:~$ chmod a+x ./certbot-auto + user@webserver:~$ ./certbot-auto --help -Or for full command line help, type:: +.. hint:: The certbot-auto download is protected by HTTPS, which is pretty good, but if you'd like to + double check the integrity of the ``certbot-auto`` script, you can use these steps for verification before running it:: + + user@server:~$ wget -N https://dl.eff.org/certbot-auto.asc + user@server:~$ gpg2 --recv-key A2CFB51FA275A7286234E7B24D17C995CD9775F2 + user@server:~$ gpg2 --trusted-key 4D17C995CD9775F2 --verify certbot-auto.asc certbot-auto + +And for full command line help, you can type:: ./certbot-auto --help all diff --git a/tools/release.sh b/tools/release.sh index e6169c5c8..8c2d04cd4 100755 --- a/tools/release.sh +++ b/tools/release.sh @@ -187,6 +187,12 @@ while ! openssl dgst -sha256 -verify $RELEASE_OPENSSL_PUBKEY -signature \ read -p "Please correctly sign letsencrypt-auto with offline-signrequest.sh" done +# This signature is not quite as strong, but easier for people to verify out of band +gpg -u "$RELEASE_GPG_KEY" --detach-sign --armor --sign letsencrypt-auto-source/letsencrypt-auto +# We can't rename the openssl letsencrypt-auto.sig for compatibility reasons, +# but we can use the right name for cerbot-auto.asc from day one +mv letsencrypt-auto-source/letsencrypt-auto.asc letsencrypt-auto-source/certbot-auto.asc + # copy leauto to the root, overwriting the previous release version cp -p letsencrypt-auto-source/letsencrypt-auto certbot-auto cp -p letsencrypt-auto-source/letsencrypt-auto letsencrypt-auto |