Browse code

rerender css

traumschule authored on04/09/2018 18:22:04
Showing1 changed files
... ...
@@ -163,7 +163,7 @@
163 163
   <div>
164 164
    <input id="ac-2-1" name="accordion-2" type="radio" checked />
165 165
    <article class="ac-os">
166
-    <h3>Import OpenPGP keys on Windows</h3>
166
+    <h3>Import OpenPGP key on Windows</h3>
167 167
     <p>
168 168
     First of all you need to have GnuPG installed before you can verify
169 169
     signatures.
... ...
@@ -180,7 +180,9 @@
180 180
     The Tor Browser team signs Tor Browser releases. Import its key
181 181
     (0x4E2C6E8793298290) by starting <i>cmd.exe</i> and typing:
182 182
     </p>
183
-    <pre>gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290</pre>
183
+    <pre>
184
+    > gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
185
+    </pre>
184 186
     <p>
185 187
    </article>
186 188
   </div>
... ...
@@ -188,7 +190,7 @@
188 190
   <div>
189 191
    <input id="ac-2-2" name="accordion-2" type="radio" />
190 192
    <article class="ac-os">
191
-    <h3>Import OpenPGP keys on Mac OS</h3>
193
+    <h3>Import OpenPGP key on Mac OS</h3>
192 194
     <p>
193 195
     You need to have GnuPG installed before you can verify
194 196
     signatures. Install it from
... ...
@@ -199,7 +201,9 @@
199 201
     your package. The Tor Browser team signs Tor Browser releases. Import its
200 202
     key (0x4E2C6E8793298290) by starting the terminal under "Applications"
201 203
     and typing:</p>
202
-    <pre>gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290</pre>
204
+    <pre>
205
+    $ gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
206
+    </pre>
203 207
     <p>
204 208
    </article>
205 209
   </div>
... ...
@@ -207,7 +211,7 @@
207 211
   <div>
208 212
    <input id="ac-2-3" name="accordion-2" type="radio" />
209 213
    <article class="ac-os">
210
-    <h3>Import OpenPGP keys on Linux</h3>
214
+    <h3>Import OpenPGP key on Linux</h3>
211 215
     <p>
212 216
     You need to have GnuPG installed before you can verify
213 217
     signatures. It's probably GnuPG is alreadyy installed on your
... ...
@@ -218,7 +222,9 @@
218 222
     The next step is to use GnuPG to import the key that signed
219 223
     your package. The Tor Browser team signs Tor Browser releases. Import its
220 224
     key (0x4E2C6E8793298290) by starting the terminal and typing:</p>
221
-    <pre>gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290</pre>
225
+    <pre>
226
+    $ gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
227
+    </pre>
222 228
     <p>
223 229
    </article>
224 230
   </div>
... ...
@@ -227,7 +233,9 @@
227 233
     After importing the key, you can verify that the fingerprint
228 234
     is correct:
229 235
     </p>
230
-    <pre>gpg --fingerprint 0x4E2C6E8793298290</pre>
236
+    <pre>
237
+    gpg --fingerprint 0x4E2C6E8793298290
238
+    </pre>
231 239
     <p>You should see:</p>
232 240
     <pre>
233 241
 pub   rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24]
... ...
@@ -248,7 +256,7 @@ sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
248 256
  <input id="ac-3" name="accordion-3" type="checkbox" />
249 257
  <label for="ac-3">
250 258
     <a class="nav" title="link here" href="#VerifySignature">&#9668;</a>
251
-    <h3><a name="VerifySignature">Step 2: Verification with OpenGPG signatures</a></h3>
259
+    <h3><a name="VerifySignature">Step 2: Verification with OpenGPG signature</a></h3>
252 260
     <hr>
253 261
     <p>This section explains how to verify the downloaded file's digital
254 262
     signature on different operating systems. Please notice that a signature is
... ...
@@ -272,13 +280,16 @@ sub   rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
272 280
   <div>
273 281
    <input id="ac-3-1" name="accordion-3" type="radio" checked />
274 282
    <article class="ac-os">
275
-    <h3>Verify with an OpenPGP signature on Windows</h3>
283
+    <h3>Verify with OpenPGP signature on Windows</h3>
276 284
     <p>
277 285
     To verify the signature of the package you downloaded, you will need
278 286
     to download the ".asc" file as well. Assuming you downloaded the
279 287
     package and its signature to your Desktop, run:
280 288
     </p>
281
-    <pre>gpg.exe --verify C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe.asc</pre>
289
+    <pre>
290
+    > gpg.exe --verify C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe.asc
291
+    </pre>
292
+
282 293
     <p>Please substitute "Alice" with your own username.</p>
283 294
     <p>The output should say "Good signature":</p>
284 295
     <pre>
... ...
@@ -297,14 +308,16 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
297 308
   <div>
298 309
    <input id="ac-3-2" name="accordion-3" type="radio" />
299 310
    <article class="ac-os">
300
-    <h3>Verify with an OpenPGP signature on Mac OS</h3>
311
+    <h3>Verify with OpenPGP signature on Mac OS</h3>
301 312
     <p>
302 313
     To verify the signature of the package you downloaded, you will need
303 314
     to download the ".asc" file as well. Assuming you downloaded the
304 315
     package and its signature to your Downloads folder, run:
305 316
     </p>
306 317
 
307
-    <pre>gpg --verify ~/Downloads/TorBrowser-<version-torbrowserbundleosx64>_en-US.dmg{.asc*,}</pre>
318
+    <pre>
319
+    $ gpg --verify ~/Downloads/TorBrowser-<version-torbrowserbundleosx64>_en-US.dmg{.asc*,}
320
+    </pre>
308 321
 
309 322
     <p>The output should say "Good signature":</p>
310 323
 
... ...
@@ -324,7 +337,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
324 337
   <div>
325 338
    <input id="ac-3-3" name="accordion-3" type="radio" />
326 339
    <article class="ac-os">
327
-    <h3>Verify with an OpenPGP signature on Linux</h3>
340
+    <h3>Verify with OpenPGP signature on Linux</h3>
328 341
     <p>
329 342
     To verify the signature of the package you downloaded, you will need
330 343
     to download the ".asc" file as well. Assuming you downloaded the
... ...
@@ -333,7 +346,9 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
333 346
 
334 347
     <p>Change 64 to 32 if you have the 32-bit package:</p>
335 348
 
336
-    <pre>gpg --verify tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz.asc</pre>
349
+    <pre>
350
+    $ gpg --verify tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz.asc
351
+    </pre>
337 352
 
338 353
     <p>The output should say "Good signature":</p>
339 354
 
... ...
@@ -389,7 +404,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
389 404
   <input id="ac-4" name="accordion-4" type="checkbox" />
390 405
    <label for="ac-4">
391 406
     <a class="nav" title="link here" href="#ChecksumVerification">&#9668;</a>
392
-    <h3><a id="Checksumerification">Step 3: Verify the file integrity</a></h3>
407
+    <h3><a id="ChecksumVerification">Step 3: Verify the file integrity by sha256 checksum</a></h3>
393 408
     <hr>
394 409
     <p>
395 410
     Build reproducibility is a
... ...
@@ -420,11 +435,14 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
420 435
       for Tor Browser <version-torbrowserbundlelinux64>.
421 436
       </li>
422 437
       <li>
423
-      Retrieve the signers' GPG keys with this id like described above<br/>
424
-      (Other developers' key IDs can be found on
425
-      <a href="<page docs/signing-keys>">this page)</a>:    
426
-      <pre id="ttb-key">0x4E2C6E8793298290</pre></li>
438
+      Retrieve the signers' GPG key with following ID with the method <a href="#ImportKey">described above</a>:<br/>
439
+      (Other developers' key IDs can be found
440
+      <a href="<page docs/signing-keys>">here)</a>
441
+      </li>
427 442
      </ul>
443
+     <pre>
444
+     0x4E2C6E8793298290
445
+     </pre>
428 446
   </article>
429 447
   <article class="ac-box">
430 448
   
... ...
@@ -444,14 +462,18 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
444 462
 
445 463
 <!-- Windows -->
446 464
   <div>
447
-    <input id="ac-4-1" name="accordion-4" type="radio" />
465
+    <input id="ac-4-1" name="accordion-4" type="radio" checked />
448 466
    <article class="ac-os">
467
+    <!--<pre id="ttb-key">
468
+    > gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
469
+    </pre>-->
449 470
     <h3>Verififcation with a checksum on Windows</h3>
450 471
     <h4>Verify the signature of the checksum file</h4>
451 472
     <p>
452 473
     Verify the sha256sums-unsigned-build.txt file by executing this command:
453 474
     </p>
454
-    <pre>gpg.exe --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt
475
+    <pre>
476
+    > gpg.exe --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt
455 477
     </pre>
456 478
 
457 479
     <p>
... ...
@@ -461,23 +483,25 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
461 483
     </p>
462 484
 
463 485
     <h4>Verify the file integrity of Tor Browser</h4>
464
-     <ul>
465
-      <li>If you want to verify a Windows Tor Browser package you need to first
466
-      strip off the authenticode signature of it.<br/>
467
-      Tools that can be used for this purpose are
468
-      <a href="http://osslsigncode.sourceforge.net">osslsigncode</a> and
469
-      <a href="http://forum.xda-developers.com/showthread.php?t=416175">delcert.exe</a>.
470
-      Assuming you have built e.g. <tt>osslsigncode</tt> on a Linux computer you can enter
471
-      </li>
472
-      <pre>C:\path\to\osslsigncode remove-signature &#92;
473
-      C:\path\to\your\&lt;TOR BROWSER FILE NAME&gt;.exe &lt;TOR BROWSER FILE NAME&gt;.exe
474
-      </pre>
486
+    <p>
487
+    If you want to verify a Windows Tor Browser package you need to first
488
+    strip off the authenticode signature of it.<br/>
489
+    Tools that can be used for this purpose are
490
+    <a href="http://osslsigncode.sourceforge.net">osslsigncode</a> and
491
+    <a href="http://forum.xda-developers.com/showthread.php?t=416175">delcert.exe</a>.
492
+    Assuming you have built e.g. <tt>osslsigncode</tt> on a Linux computer you can enter
493
+    </p>
494
+    <pre>
495
+    > C:\path\to\osslsigncode remove-signature &#92;
496
+        where\you\saved\\&lt;TOR BROWSER FILE NAME&gt;.exe &lt;TOR BROWSER FILE NAME&gt;.exe
497
+    </pre>
475 498
 
476
-      <li>Now use the sha256sum of the Tor Browser package with the
477
-      <a href="http://md5deep.sourceforge.net/">hashdeep utility</a> and run
478
-      </li>
479
-      <pre>C:\location\where\you\saved\hashdeep -c sha256sum &lt;TOR BROWSER FILE NAME&gt;.exe</pre>
480
-     </ul>
499
+    <p>Now use the sha256sum of the Tor Browser package with the
500
+    <a href="http://md5deep.sourceforge.net/">hashdeep utility</a> and run
501
+    </p>
502
+    <pre>
503
+    C:\location\of\hashdeep -c sha256sum &lt;TOR BROWSER FILE NAME&gt;.exe
504
+    </pre>
481 505
    </article>
482 506
   </div>
483 507
 <!-- Mac OS --><!--
... ...
@@ -489,38 +513,40 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
489 513
 -->
490 514
 
491 515
 <!-- Linux -->
492
-    <input id="ac-4-3" name="accordion-4" type="radio" />
516
+  <div>
517
+   <input id="ac-4-3" name="accordion-4" type="radio" />
493 518
    <article class="ac-os ac-4-3">
519
+    <!--<pre id="ttb-key">
520
+    $ gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
521
+    </pre>-->
494 522
     <h3>Verififcation with a checksum on Linux</h3>
495 523
     <h4>Verify the signature of the checksum file</h4>
496 524
     <ul>
497 525
      <li>Verify the sha256sums-unsigned-build.txt with this command:</li>
498
-     <pre>gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt
499
-     </pre>
526
+     <pre>$ gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt</pre>
500 527
 
501
-     <li>><!-- TODO which OSs are meant here? -->
528
+     <li><!-- TODO which OSs are meant here? -->
502 529
      In case your operating system is adding the .txt extension automatically
503 530
      to the SHA256 sums signature file strip it again by running
504
-     </li>>
505
-     <pre>mv sha256sums-unsigned-build.txt.asc.txt sha256sums-unsigned-build.txt.asc</pre>
531
+     </li>
532
+     <pre>$ mv sha256sums-unsigned-build.txt.asc.txt sha256sums-unsigned-build.txt.asc</pre>
506 533
 
507
-     <li>>
534
+     <li>
508 535
      Verify the sha256sums-unsigned-build.txt file by executing this command:
509 536
      </li>
510
-     <pre>gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt
511
-     </pre>
537
+     <pre>$ gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt</pre>
512 538
 
513 539
      <li>
514
-     You should see a message like
515
-     <pre>"Good signature from &lt;DEVELOPER NAME&gt;"</pre>.
516
-     If you don't, there is a problem. Try these steps again.
540
+     If you don't see a message like this, there is a problem
541
+     and you should try these steps again:
517 542
      </li>
543
+     <pre>"Good signature from &lt;DEVELOPER NAME&gt;"</pre>.
518 544
     </ul>
519 545
 
520 546
     <h4>Verify the file integrity of Tor Browser</h4>
521 547
     <ul>
522 548
      <li>Calculate the SHA-256 checksum of Tor Browser:</li>
523
-     <pre>sha256sum &lt;TOR BROWSER FILE NAME&gt;.tar.gz</pre>
549
+     <pre>$ sha256sum &lt;TOR BROWSER FILE NAME&gt;.tar.gz</pre>
524 550
 
525 551
      <li>You will see a string of letters and numbers.</li>
526 552
 
... ...
@@ -534,7 +560,8 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
534 560
      If they match, you've successfully verified the build.
535 561
      </li>
536 562
     </ul>
537
-   </article>
563
+    </article>
564
+   </div>
538 565
    <a class="nav" href="#TOC" title="go up">&uarr;</a>
539 566
   </article>
540 567
  </div>
... ...
@@ -560,10 +587,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
560 587
     directory to remove the embedded signature(s). The steps to get the unsigned
561 588
     MAR file on a 64 bit Linux are</p>
562 589
     <pre>
563
-    cd /path/to/MAR/file
564
-    unzip /path/to/gitian-builder/inputs/mar-tools-linux64.zip
565
-    export LD_LIBRARY_PATH=/path/to/MAR/file/mar-tools
566
-    mar-tools/signmar -r your-signed-mar-file.mar your-unsigned-mar-file.mar</pre>
590
+    $ cd /path/to/MAR/file
591
+    $ unzip /path/to/gitian-builder/inputs/mar-tools-linux64.zip
592
+    $ export LD_LIBRARY_PATH=/path/to/MAR/file/mar-tools
593
+    $ mar-tools/signmar -r your-signed-mar-file.mar your-unsigned-mar-file.mar</pre>
567 594
     <p>Now you can compare the SHA256 sum of <tt>your-unsigned-mar-file.mar</tt>
568 595
     with the one provided in the <tt>sha265sums-unsigned-build.txt</tt> or
569 596
     <tt>sha256sums-unsigned-build.incremental.txt</tt> as outlined in
... ...
@@ -583,7 +610,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
583 610
     <a href="<page about/contact>#support">Reach out to us</a>!</p>
584 611
    </label>
585 612
    <article class="ac-small">
586
-   
613
+    <p>Send us your question!</p>
587 614
     <a class="nav" href="#TOC" title="go up">&uarr;</a>
588 615
   </article>
589 616
  </div>
... ...
@@ -601,6 +628,9 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
601 628
     them yourself with the latest Tor Browser filename.</p>
602 629
    </label>
603 630
    <article class="ac-small">
631
+    <p>
632
+    This needs to be explained. <a href="<page getinvolved/volunteer>">Help!</a>
633
+    </p>
604 634
     <a class="nav" href="#TOC" title="go up">&uarr;</a>
605 635
   </article>
606 636
  </div>