Browse code

verification: add TOC

traumschule authored on26/08/2018 10:59:54
Showing1 changed files
... ...
@@ -10,6 +10,18 @@
10 10
   </div>
11 11
   <div id="maincol">
12 12
     <h1>How to verify signatures for packages</h1>
13
+
14
+<!-- START TOC -->
15
+    <ol>
16
+      <li><a href="#Why">What is a signature and why should I check it?</a></li>
17
+      <li><a href="#Where">Where do I get the signatures and the keys that made them?</a></li>
18
+      <li><a href="#Windows">Windows</a></li>
19
+      <li><a href="#MacosLinux">Mac OS X and Linux</a></li>
20
+      <li><a href="#BuildVerification">Verifying sha256sums (advanced)</a></li>
21
+      <li><a href="#Scripts">Scripts</a></li>
22
+      <li><a href="#MARVerification">Verifying MAR files we ship (advanced)</a></li>
23
+    </ol>
24
+<!-- END TOC -->
13 25
     <hr>
14 26
 
15 27
     <p>Digital signature is a process ensuring that a certain package was
... ...
@@ -21,6 +33,7 @@
21 33
     about how it works see <a href="https://en.wikipedia.org/wiki/Digital_signature">
22 34
     https://en.wikipedia.org/wiki/Digital_signature</a>.</p>
23 35
 
36
+    <a name="Why"></a>
24 37
     <h3>What is a signature and why should I check it?</h3>
25 38
     <hr>
26 39
 
... ...
@@ -74,6 +87,7 @@
74 87
     attacker. The better question to answer is: "Is this file that I
75 88
     just downloaded the file that Tor intended me to get?"</p>
76 89
 
90
+    <a name="Where"></a>
77 91
     <h3>Where do I get the signatures and the keys that made them?</h3>
78 92
     <hr>
79 93
     <p>Each file on <a href="<page download/download>">our download
... ...
@@ -92,6 +106,7 @@
92 106
     signature you should not worry that the reported date may vary.
93 107
     </p>
94 108
 
109
+    <a name="Windows"></a>
95 110
     <h3>Windows</h3>
96 111
     <hr>
97 112
     <p>First of all you need to have GnuPG installed before you can verify signatures.
... ...
@@ -143,6 +158,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
143 158
     exchange key fingerprints.
144 159
     </p>
145 160
 
161
+    <a name="MacosLinux"></a>
146 162
     <h3>Mac OS X and Linux</h3>
147 163
     <hr>
148 164
 
... ...
@@ -288,6 +304,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
288 304
       build.</li>
289 305
     </ul>
290 306
 
307
+    <a id="Scripts"></a>
291 308
     <p><a href="https://github.com/isislovecruft/scripts/blob/master/verify-gitian-builder-signatures">Scripts</a>
292 309
     to <a href="https://tor.stackexchange.com/questions/648/how-to-verify-tor-browser-bundle-tbb-3-x">automate</a>
293 310
     these steps have been written, but to use them you will need to modify