Added the software page.

_pages/about.md

@@ -66,3 +66,6 @@ look at [Linux Difficile](https://linuxdifficile.wordpress.com/).
 
 [PGP public key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)
 
+## Software
+
+See the [software]({{ site.baseurl }}/software/) page

_pages/software.md

@@ -0,0 +1,136 @@
+---
+layout: page
+title: Software
+permalink: /software/
+---
+
+## Table of contents
+
+<!--TOC-->
+
+- [Table of contents](#table-of-contents)
+- [Introduction](#introduction)
+- [Methods](#methods)
+  - [Upload](#upload)
+    - [Create an archive](#create-an-archive)
+    - [Signing](#signing)
+    - [Checksums](#checksums)
+  - [Download](#download)
+    - [Get the public key](#get-the-public-key)
+    - [Download the repository](#download-the-repository)
+    - [Check the signature](#check-the-signature)
+    - [Run the checksums](#run-the-checksums)
+- [Software](#software)
+  - [fpyutils](#fpyutils)
+    - [Repository](#repository)
+    - [Releases](#releases)
+  - [md-toc](#md-toc)
+    - [Repository](#repository-1)
+    - [Releases](#releases-1)
+
+<!--TOC-->
+
+## Introduction
+
+This page is the only *real* trusted source of some of my software.
+
+Here you will find methods to assert the authenticity of the presented software packages. You may contact me directly
+to obtain a copy of the public key(s) used for the signatures.
+
+The following extract is from a [post by Mike Gerwitz](https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits#trust):
+
+> Git Host
+>>
+>>    Git hosting providers are probably the most easily overlooked trustees—providers like Gitorious, GitHub, Bitbucket, SourceForge, Google Code, etc. Each provides hosting for your repository and “secures” it by allowing only you, or other authorized users, to push to it, often with the use of SSH keys tied to an account. By using a host as the primary holder of your repository—the repository from which most clone and push to—you are entrusting them with the entirety of your project; you are stating, “Yes, I trust that my source code is safe with you and will not be tampered with”. This is a dangerous assumption. Do you trust that your host properly secures your account information? Furthermore, bugs exist in all but the most trivial pieces of software, so what is to say that there is not a vulnerability just waiting to be exploited in your host’s system, completely compromising your repository?
+>>
+>>    It was not too long ago (March 4th, 2012) that a public key security vulnerability at GitHub was exploited by a Russian man named Egor Homakov, allowing him to successfully commit to the master branch of the Ruby on Rails framework repository hosted on GitHub. Oops.
+
+    Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. 
+
+## Methods
+
+### Upload
+
+What follow are the steps I use to upload the software on this page.
+
+#### Create an archive
+
+    cd /tmp
+    git -C ${project_dir} archive --format=tar.gz --output=/tmp/${project}-${tag}.tar.gz --prefix=${project}-${tag}/ ${tag}
+
+#### Signing
+
+    gpg --armor --output ${project}-${tag}.tar.gz.sig --detach-sig ${project}-${tag}.tar.gz
+
+#### Checksums
+
+    sha512sum ${project}-${tag}.tar.gz > ${project}-${tag}.tar.gz.SHA512SUM.txt
+    sha256sum ${project}-${tag}.tar.gz > ${project}-${tag}.tar.gz.SHA256SUM.txt
+
+### Download
+
+Run the following to download and verify the software.
+
+#### Get the public key
+
+If the public key is unknown you must import it from a trusted source:
+
+    cd /tmp
+    wget "${public_key_url}"
+    gpg --import "${public_key_file}"
+
+
+#### Download the repository
+
+    cd /tmp
+    wget ${project}-${tag}.tar.gz.sig
+
+#### Check the signature
+
+    wget ${project}-${tag}.tar.gz
+    gpg --verify ${project}-${tag}.tar.gz.sig
+
+#### Run the checksums
+
+    sha512sum --check ${project}-${tag}.tar.gz.SHA512SUM.txt
+    sha256sum --check ${project}-${tag}.tar.gz.SHA256SUM.txt
+
+#### Extract
+
+    tar -xvzf ${project}-${tag}.tar.gz
+
+## Software
+
+### fpyutils
+
+#### Repository
+
+- [homepage](https://github.com/frnmst/fpyutils)
+- [mirror](https://gitlab.com/frnmst-mirrors/fpyutils)
+
+#### Releases
+
+- `1.2.0`
+  - [fpyutils-1.2.0.tar.gz]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz)
+  - [SHA512SUM.txt]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz.SHA512SUM.txt)
+  - [SHA256SUM.txt]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz.SHA256SUM.txt)
+  - [signature]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz.sig)
+  - [signing key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)
+
+
+### md-toc
+
+#### Repository
+
+- [homepage](https://github.com/frnmst/md-toc)
+- [mirror](https://gitlab.com/frnmst-mirrors/md-toc)
+
+#### Releases
+
+- `7.0.3`
+  - [md-toc-7.0.3.tar.gz]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz)
+  - [SHA512SUM.txt]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz.SHA512SUM.txt)
+  - [SHA256SUM.txt]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz.SHA256SUM.txt)
+  - [signature]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz.sig)
+  - [signing key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)
+

software/fpyutils-1.2.0.tar.gz.SHA256SUM.txt

@@ -0,0 +1 @@
+da08aacac74d7d304aafb74dab42abe25d11ca842c12517e788524809737da4c  fpyutils-1.2.0.tar.gz

software/fpyutils-1.2.0.tar.gz.SHA512SUM.txt

@@ -0,0 +1 @@
+7f2fba593c5b05b84f631626b67d71bda85692813f6743d35e33fcb4b8bca0ed7093eacd783d068b4e531a79be6e0da7bd10d617e61fabed89611028711c2436  fpyutils-1.2.0.tar.gz

software/fpyutils-1.2.0.tar.gz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEECQ7wtO7QEmICo89RJBFu2FZmeAoFAl70hdsACgkQJBFu2FZm
+eAplvw//dN4Wg24uxFBBsKe5LqZ9FLySBmsSCxdLM4VXwPW9wCP3+hfGoItRqsaZ
+j1Y5uIoGCVWkeS1eDO10fUxMrc7GV7ammxbBJQvAf9yr+KbmLK9v1W5+xKfh7Q/h
+5nmXfsB5K+n8MTs0XakY11EDEZdQK6iD0kxsiQP3aJ4nQtudBQ2/2h+Ev8GIq+Pn
+EY/l5+XrR6WqCVKO8TN+Lc85TzkqP43qoRCQD0OaHEy2j8HggRJPzIeA9Ps8qpY2
+ihVkHmgtCmfsrC3Hn/kRBYzX9sjiUBqgJF9hydZIWxWRGlTBsXDPdVKgBXqZXrxa
+u9ZKE0LDTi5r+1oYJfM60A7BkrOj/olKRu0T1T24i2WV9dEfnYf+XUEoBeu1/evm
+Ug+nTU0CKyKtBbrHo4uZQI0/oscJqq8B+jq8milvU7XryMkugtXrx9XDOiRZxGPE
+yKiUTkX0Mzxro2AMjGVMKrKI69jXKe/KOsDY5qnDg/MtbOAoUlBElWAk5IbGaEGB
+1xxQde65QrbQS2kYdnbgCxxtCEK0E0G83Mk/9hggJKBBfAKe7J5HDZatf07smwea
+mdS9j6CLeLbcoJalFe4ewJDof8N1Vq9cR67zGP4Md5A0EMfIbAXWIDIPeFPo+fE3
+D4s/JKYnPJF3b1nJqxzC9lU1R8sDDV05LQZbVYFcXnp0g6QJZQ4=
+=cndI
+-----END PGP SIGNATURE-----

software/md-toc-7.0.3.tar.gz.SHA256SUM.txt

@@ -0,0 +1 @@
+154f8c99271180adeda58c9a306cfa631edeaa175f4041783aef61cc9aa5cce7  md-toc-7.0.3.tar.gz

software/md-toc-7.0.3.tar.gz.SHA512SUM.txt

@@ -0,0 +1 @@
+3de39887c282d5808288469c97efc537a8dbd1412b54abe9130f3c3e41c2d08d05aabffaa2b3e5dbea75e18c47c0dc0cf82c15ebebe3b7b820d7176e14eced69  md-toc-7.0.3.tar.gz

software/md-toc-7.0.3.tar.gz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEECQ7wtO7QEmICo89RJBFu2FZmeAoFAl70hnoACgkQJBFu2FZm
+eAp6gRAAwA4AS7QHcfNS9MpuUp++BloyxA7ar2uUWNlp+4XDsU8lwowh41wqgxez
+NY1YUWmEVwvF93XXtd2Xfc3oJPsJOmdPtpCuOpT7KWc9ysTyW9tCX2rUvltDji6A
+vvY/vbMzgK6LMOaADoX4g2oMjr8pZvUQG8ckt+2xuHPC4sB7cs5wi6WD1FeUe6E1
+Yk+YQghsVzc1VHpKYDacoJyOGNzxmS6pkyRd02ZprpPgYngxIFIAD7faXFhgn+9f
+RPhbNvRZr1M6Co4gZcUvM4ZL3KDAYwYNEaqvvaoeKLJlc1gym9LxBjkvPPpVstrT
+PccT1pl43OXb+b/sb8OhyeKpjFUG0PDPtGYjriJhd8IsnH1Jxu6I7P8o4/iy9aTX
+536SisPl1k8jWXu/KdLRLHT3PjjVB5Y3QDU/2plLl6HLcwJewUWbR3qH3+LsC5we
+KnJMVMzrqwnl6Aa/a9z4d2pLvkBm0od4prIvO+O7SlMyqp6Oa9Bz1UfprxDvm4Dd
+fxS8l8I2huMg/bA+6vuKCcH19ZOHyqfUA9m87fhz46+tCFNueFkkXkZXtIqVMx8I
+ZvdhIR5YPWbvwaLi9Q9yOfACZ9wztyloZcQ8G/xaGCY2w0wPhVYl93lCpSE/nskm
+u1k8RpDCpxgF+9HNp3koQ+DbWzBqn7LoaQwWpXkg5VfeRZnJLa0=
+=MZiF
+-----END PGP SIGNATURE-----