On May 6, 2021, Maxim Cournoyer <maxim.courno...@gmail.com> wrote: > Alexandre Oliva <lxol...@fsfla.org> writes:
>> recipes as to the possibilities of getting to the GNU Linux-libre >> sources from it, how to verify signatures, etc > I for one have not seen them. Would you mind making them available > somewhere? I'd be interested in having a look. Not as extensive as I thought ;-) unless I found only an early version, but so here it goes: * Download one release as git checkout: git clone -b sources/v$version --single-branch \ git://linux-libre.fsfla.org/releases.git linux-libre-$version/ * Example substitutions: version=5.7-gnu upversion=5.7 prefix=linux-$upversion/ * If you plan on verifying any releases: git archive --remote=git://linux-libre.fsfla.org/releases.git \ --format tar master | tar -x -O keyring.gpg | gpg --import - * If you plan on verifying release $version: git archive --remote=git://linux-libre.fsfla.org/releases.git \ --format tar logs/v$version | tar -x && if test -f linux-libre-$version.git.tar.sign; then prefix=linux-libre-$version/ targit=.git else prefix=linux-$upversion/ targit= fi * Download/archive one release as git tarball: # Use the conditional prefix above to be able to verify. git archive --remote=git://linux-libre.fsfla.org/releases.git \ --format tar.gz --prefix=$prefix sources/v$version \ -o linux-libre-$version$targit.tar.gz * Verify one release in git repo: git archive --format tar --prefix=$prefix sources/v$version | gpg --verify logs/v$version/linux-libre-$version$targit.tar.sign - * Verify one release in a (gzip-compressed) tarball: # Must have used the conditional prefix above to verify. zcat linux-libre-$version$targit.tar.gz | gpg --verify linux-libre-$version$targit.tar.sign - * Download and verify a released compressed tarball: ext=lz comp=lzip # ext=bz2 comp=bzip2 # ext=xz comp=xz wget https://linux-libre.fsfla.org/pub/linux-libre/releases\ /$version/linux-libre-$version.tar.{$ext,sign} && $comp -d < linux-libre-$version.tar.$ext | gpg --verify linux-libre-$version.tar.sign - # no $targit -- Alexandre Oliva, happy hacker https://FSFLA.org/blogs/lxo/ Free Software Activist GNU Toolchain Engineer Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>