[PATCH] Getting started docs: https, and check signature
JF Bastien
jfb at chromium.org
Tue Jun 30 11:34:31 PDT 2015
Hi chandlerc,
Download should be over https, not insecure ftp at least for the signature and key files. The signature should also get verified.
http://reviews.llvm.org/D10845
Files:
docs/GettingStarted.rst
Index: docs/GettingStarted.rst
===================================================================
--- docs/GettingStarted.rst
+++ docs/GettingStarted.rst
@@ -326,7 +326,11 @@
.. code-block:: console
- % wget ftp://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+ % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+ % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2.sig
+ % wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
+ % signature_invalid=`gpg --verify --no-default-keyring --keyring ./gnu-keyring.gpg gcc-4.8.2.tar.bz2.sig`
+ % if [ $signature_invalid ]; then echo "Invalid signature" ; exit 1 ; fi
% tar -xvjf gcc-4.8.2.tar.bz2
% cd gcc-4.8.2
% ./contrib/download_prerequisites
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D10845.28803.patch
Type: text/x-patch
Size: 729 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150630/09f97d91/attachment.bin>
More information about the llvm-commits
mailing list