On Mon, 8 Mar 2021 at 11:19, Alex Bennée <alex.ben...@linaro.org> wrote:
>
> At the moment we mention the signature but don't actually say what it
> is or how to check it. Lets surface the fingerprint on the information
> along with a guide of how to verify the download.
>
> Signed-off-by: Alex Bennée <alex.ben...@linaro.org>
> Cc: Michael Roth <mdr...@linux.vnet.ibm.com>
> Cc: Stefan Hajnoczi <stefa...@redhat.com>
> ---
> _download/source.html | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/_download/source.html b/_download/source.html
> index 35fd156..6c2f6f6 100644
> --- a/_download/source.html
> +++ b/_download/source.html
> @@ -8,14 +8,21 @@
> <div id="releases">
> {% include releases.html %}
> </div>
> - <p>or stay on the bleeding edge with the
> - <a href="https://gitlab.com/qemu-project/qemu";>git
> repository!</a></p>
> -
> + <p>
> + Our source code tarballs are signed with the release
> + managers key, fingerprint:
"manager's"
> + <pre><code>CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108
> B584</code></pre>.
> + Alternatively stay on the bleeding edge with the
> + <a href="https://gitlab.com/qemu-project/qemu";>git
> repository!</a></p>
> <h2>Build instructions</h2>
>
> {% for release in site.data.releases offset: 0 limit: 1 %}
> <p>To download and build QEMU
> {{release.branch}}.{{release.patch}}:</p>
> <pre>wget
> https://download.qemu.org/qemu-{{release.branch}}.{{release.patch}}.tar.xz
> +# optional verify signature
"optionally"
thanks
-- PMM
