Added the software page.

dev
Franco Masotti 2 years ago
parent 8402e7afa5
commit 7c6762051d
Signed by: frnmst
GPG Key ID: 24116ED85666780A
  1. 3
      _pages/about.md
  2. 136
      _pages/software.md
  3. BIN
      software/fpyutils-1.2.0.tar.gz
  4. 1
      software/fpyutils-1.2.0.tar.gz.SHA256SUM.txt
  5. 1
      software/fpyutils-1.2.0.tar.gz.SHA512SUM.txt
  6. 16
      software/fpyutils-1.2.0.tar.gz.sig
  7. BIN
      software/md-toc-7.0.3.tar.gz
  8. 1
      software/md-toc-7.0.3.tar.gz.SHA256SUM.txt
  9. 1
      software/md-toc-7.0.3.tar.gz.SHA512SUM.txt
  10. 16
      software/md-toc-7.0.3.tar.gz.sig

@ -66,3 +66,6 @@ look at [Linux Difficile](https://linuxdifficile.wordpress.com/).
[PGP public key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)
## Software
See the [software]({{ site.baseurl }}/software/) page

@ -0,0 +1,136 @@
---
layout: page
title: Software
permalink: /software/
---
## Table of contents
<!--TOC-->
- [Table of contents](#table-of-contents)
- [Introduction](#introduction)
- [Methods](#methods)
- [Upload](#upload)
- [Create an archive](#create-an-archive)
- [Signing](#signing)
- [Checksums](#checksums)
- [Download](#download)
- [Get the public key](#get-the-public-key)
- [Download the repository](#download-the-repository)
- [Check the signature](#check-the-signature)
- [Run the checksums](#run-the-checksums)
- [Software](#software)
- [fpyutils](#fpyutils)
- [Repository](#repository)
- [Releases](#releases)
- [md-toc](#md-toc)
- [Repository](#repository-1)
- [Releases](#releases-1)
<!--TOC-->
## Introduction
This page is the only *real* trusted source of some of my software.
Here you will find methods to assert the authenticity of the presented software packages. You may contact me directly
to obtain a copy of the public key(s) used for the signatures.
The following extract is from a [post by Mike Gerwitz](https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits#trust):
> Git Host
>>
>> Git hosting providers are probably the most easily overlooked trustees—providers like Gitorious, GitHub, Bitbucket, SourceForge, Google Code, etc. Each provides hosting for your repository and “secures” it by allowing only you, or other authorized users, to push to it, often with the use of SSH keys tied to an account. By using a host as the primary holder of your repository—the repository from which most clone and push to—you are entrusting them with the entirety of your project; you are stating, “Yes, I trust that my source code is safe with you and will not be tampered with”. This is a dangerous assumption. Do you trust that your host properly secures your account information? Furthermore, bugs exist in all but the most trivial pieces of software, so what is to say that there is not a vulnerability just waiting to be exploited in your host’s system, completely compromising your repository?
>>
>> It was not too long ago (March 4th, 2012) that a public key security vulnerability at GitHub was exploited by a Russian man named Egor Homakov, allowing him to successfully commit to the master branch of the Ruby on Rails framework repository hosted on GitHub. Oops.
Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
## Methods
### Upload
What follow are the steps I use to upload the software on this page.
#### Create an archive
cd /tmp
git -C ${project_dir} archive --format=tar.gz --output=/tmp/${project}-${tag}.tar.gz --prefix=${project}-${tag}/ ${tag}
#### Signing
gpg --armor --output ${project}-${tag}.tar.gz.sig --detach-sig ${project}-${tag}.tar.gz
#### Checksums
sha512sum ${project}-${tag}.tar.gz > ${project}-${tag}.tar.gz.SHA512SUM.txt
sha256sum ${project}-${tag}.tar.gz > ${project}-${tag}.tar.gz.SHA256SUM.txt
### Download
Run the following to download and verify the software.
#### Get the public key
If the public key is unknown you must import it from a trusted source:
cd /tmp
wget "${public_key_url}"
gpg --import "${public_key_file}"
#### Download the repository
cd /tmp
wget ${project}-${tag}.tar.gz.sig
#### Check the signature
wget ${project}-${tag}.tar.gz
gpg --verify ${project}-${tag}.tar.gz.sig
#### Run the checksums
sha512sum --check ${project}-${tag}.tar.gz.SHA512SUM.txt
sha256sum --check ${project}-${tag}.tar.gz.SHA256SUM.txt
#### Extract
tar -xvzf ${project}-${tag}.tar.gz
## Software
### fpyutils
#### Repository
- [homepage](https://github.com/frnmst/fpyutils)
- [mirror](https://gitlab.com/frnmst-mirrors/fpyutils)
#### Releases
- `1.2.0`
- [fpyutils-1.2.0.tar.gz]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz)
- [SHA512SUM.txt]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz.SHA512SUM.txt)
- [SHA256SUM.txt]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz.SHA256SUM.txt)
- [signature]({{ site.baseurl }}/software/fpyutils-1.2.0.tar.gz.sig)
- [signing key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)
### md-toc
#### Repository
- [homepage](https://github.com/frnmst/md-toc)
- [mirror](https://gitlab.com/frnmst-mirrors/md-toc)
#### Releases
- `7.0.3`
- [md-toc-7.0.3.tar.gz]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz)
- [SHA512SUM.txt]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz.SHA512SUM.txt)
- [SHA256SUM.txt]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz.SHA256SUM.txt)
- [signature]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz.sig)
- [signing key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)

Binary file not shown.

@ -0,0 +1 @@
da08aacac74d7d304aafb74dab42abe25d11ca842c12517e788524809737da4c fpyutils-1.2.0.tar.gz

@ -0,0 +1 @@
7f2fba593c5b05b84f631626b67d71bda85692813f6743d35e33fcb4b8bca0ed7093eacd783d068b4e531a79be6e0da7bd10d617e61fabed89611028711c2436 fpyutils-1.2.0.tar.gz

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEECQ7wtO7QEmICo89RJBFu2FZmeAoFAl70hdsACgkQJBFu2FZm
eAplvw//dN4Wg24uxFBBsKe5LqZ9FLySBmsSCxdLM4VXwPW9wCP3+hfGoItRqsaZ
j1Y5uIoGCVWkeS1eDO10fUxMrc7GV7ammxbBJQvAf9yr+KbmLK9v1W5+xKfh7Q/h
5nmXfsB5K+n8MTs0XakY11EDEZdQK6iD0kxsiQP3aJ4nQtudBQ2/2h+Ev8GIq+Pn
EY/l5+XrR6WqCVKO8TN+Lc85TzkqP43qoRCQD0OaHEy2j8HggRJPzIeA9Ps8qpY2
ihVkHmgtCmfsrC3Hn/kRBYzX9sjiUBqgJF9hydZIWxWRGlTBsXDPdVKgBXqZXrxa
u9ZKE0LDTi5r+1oYJfM60A7BkrOj/olKRu0T1T24i2WV9dEfnYf+XUEoBeu1/evm
Ug+nTU0CKyKtBbrHo4uZQI0/oscJqq8B+jq8milvU7XryMkugtXrx9XDOiRZxGPE
yKiUTkX0Mzxro2AMjGVMKrKI69jXKe/KOsDY5qnDg/MtbOAoUlBElWAk5IbGaEGB
1xxQde65QrbQS2kYdnbgCxxtCEK0E0G83Mk/9hggJKBBfAKe7J5HDZatf07smwea
mdS9j6CLeLbcoJalFe4ewJDof8N1Vq9cR67zGP4Md5A0EMfIbAXWIDIPeFPo+fE3
D4s/JKYnPJF3b1nJqxzC9lU1R8sDDV05LQZbVYFcXnp0g6QJZQ4=
=cndI
-----END PGP SIGNATURE-----

Binary file not shown.

@ -0,0 +1 @@
154f8c99271180adeda58c9a306cfa631edeaa175f4041783aef61cc9aa5cce7 md-toc-7.0.3.tar.gz

@ -0,0 +1 @@
3de39887c282d5808288469c97efc537a8dbd1412b54abe9130f3c3e41c2d08d05aabffaa2b3e5dbea75e18c47c0dc0cf82c15ebebe3b7b820d7176e14eced69 md-toc-7.0.3.tar.gz

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEECQ7wtO7QEmICo89RJBFu2FZmeAoFAl70hnoACgkQJBFu2FZm
eAp6gRAAwA4AS7QHcfNS9MpuUp++BloyxA7ar2uUWNlp+4XDsU8lwowh41wqgxez
NY1YUWmEVwvF93XXtd2Xfc3oJPsJOmdPtpCuOpT7KWc9ysTyW9tCX2rUvltDji6A
vvY/vbMzgK6LMOaADoX4g2oMjr8pZvUQG8ckt+2xuHPC4sB7cs5wi6WD1FeUe6E1
Yk+YQghsVzc1VHpKYDacoJyOGNzxmS6pkyRd02ZprpPgYngxIFIAD7faXFhgn+9f
RPhbNvRZr1M6Co4gZcUvM4ZL3KDAYwYNEaqvvaoeKLJlc1gym9LxBjkvPPpVstrT
PccT1pl43OXb+b/sb8OhyeKpjFUG0PDPtGYjriJhd8IsnH1Jxu6I7P8o4/iy9aTX
536SisPl1k8jWXu/KdLRLHT3PjjVB5Y3QDU/2plLl6HLcwJewUWbR3qH3+LsC5we
KnJMVMzrqwnl6Aa/a9z4d2pLvkBm0od4prIvO+O7SlMyqp6Oa9Bz1UfprxDvm4Dd
fxS8l8I2huMg/bA+6vuKCcH19ZOHyqfUA9m87fhz46+tCFNueFkkXkZXtIqVMx8I
ZvdhIR5YPWbvwaLi9Q9yOfACZ9wztyloZcQ8G/xaGCY2w0wPhVYl93lCpSE/nskm
u1k8RpDCpxgF+9HNp3koQ+DbWzBqn7LoaQwWpXkg5VfeRZnJLa0=
=MZiF
-----END PGP SIGNATURE-----
Loading…
Cancel
Save