mirror of
https://github.com/EnterpriseDB/repmgr.git
synced 2026-03-23 15:16:29 +00:00
38 lines
1.5 KiB
Plaintext
38 lines
1.5 KiB
Plaintext
<appendix id="appendix-signatures" xreflabel="Verifying digital signatures">
|
|
<title>Verifying digital signatures</title>
|
|
|
|
<sect1 id="repmgr-source-key" xreflabel="repmgr source key">
|
|
<title>repmgr source code signing key</title>
|
|
<para>
|
|
The signing key ID used for <application>repmgr</application> source code bundles is:
|
|
<ulink url="http://packages.2ndquadrant.com/repmgr/SOURCE-GPG-KEY-repmgr">
|
|
<literal>0x297F1DCC</literal></ulink>.
|
|
</para>
|
|
|
|
<para>
|
|
To download the <application>repmgr</application> source key to your computer:
|
|
<programlisting>
|
|
curl -s http://packages.2ndquadrant.com/repmgr/SOURCE-GPG-KEY-repmgr | gpg --import
|
|
gpg --fingerprint 0x297F1DCC
|
|
</programlisting>
|
|
then verify that the fingerprint is the expected value:
|
|
<programlisting>
|
|
085A BE38 6FD9 72CE 6365 340D 8365 683D 297F 1DCC</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
For checking tarballs, first download and import the <application>repmgr</application>
|
|
source signing key as shown above. Then download both source tarball and the detached
|
|
key (e.g. <filename>repmgr-4.0beta1.tar.gz</filename> and
|
|
<filename>repmgr-4.0beta1.tar.gz.asc</filename>) from
|
|
<ulink url="https://repmgr.org/download/">https://repmgr.org/download/</ulink>
|
|
and use <application>gpg</application> to verify the key, e.g.:
|
|
<programlisting>
|
|
gpg --verify repmgr-4.0beta1.tar.gz.asc</programlisting>
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
|
|
</appendix>
|