mirror of
https://github.com/EnterpriseDB/repmgr.git
synced 2026-03-23 15:16:29 +00:00
10425d6967
As they are now XML files. In PostgreSQL itself they remain with the .sgml suffix for backwards compatibility, but that's not important for us.
38 lines
1.4 KiB
XML
38 lines
1.4 KiB
XML
<appendix id="appendix-signatures" xreflabel="Verifying digital signatures">
|
|
<title>Verifying digital signatures</title>
|
|
|
|
<sect1 id="repmgr-source-key" xreflabel="repmgr source key">
|
|
<title>repmgr source code signing key</title>
|
|
<para>
|
|
The signing key ID used for <application>repmgr</application> source code bundles is:
|
|
<ulink url="https://repmgr.org/download/SOURCE-GPG-KEY-repmgr">
|
|
<literal>0x297F1DCC</literal></ulink>.
|
|
</para>
|
|
|
|
<para>
|
|
To download the <application>repmgr</application> source key to your computer:
|
|
<programlisting>
|
|
curl -s https://repmgr.org/download/SOURCE-GPG-KEY-repmgr | gpg --import
|
|
gpg --fingerprint 0x297F1DCC
|
|
</programlisting>
|
|
then verify that the fingerprint is the expected value:
|
|
<programlisting>
|
|
085A BE38 6FD9 72CE 6365 340D 8365 683D 297F 1DCC</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
For checking tarballs, first download and import the <application>repmgr</application>
|
|
source signing key as shown above. Then download both source tarball and the detached
|
|
key (e.g. <filename>repmgr-4.0beta1.tar.gz</filename> and
|
|
<filename>repmgr-4.0beta1.tar.gz.asc</filename>) from
|
|
<ulink url="https://repmgr.org/download/">https://repmgr.org/download/</ulink>
|
|
and use <application>gpg</application> to verify the key, e.g.:
|
|
<programlisting>
|
|
gpg --verify repmgr-4.0beta1.tar.gz.asc</programlisting>
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
|
|
</appendix>
|