projects / oota-llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 327cfdf)
Getting started docs: https, and check signature
authorJF Bastien <jfb@google.com>
Wed, 1 Jul 2015 03:32:08 +0000 (03:32 +0000)
committerJF Bastien <jfb@google.com>
Wed, 1 Jul 2015 03:32:08 +0000 (03:32 +0000)
Summary: Download should be over https, not insecure ftp at least for the signature and key files. The signature should also get verified.

Test Plan: None

Reviewers: chandlerc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10845

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@241138 91177308-0d34-0410-b5e6-96231b3b80d8

docs/GettingStarted.rst patch | blob | history

diff --git a/docs/GettingStarted.rst b/docs/GettingStarted.rst
index 212fa0b58335af6f2000ba847605eac9d743cf0b..75f0e60c41f370cf56a5759494fad0a846a38627 100644 (file)
--- a/docs/GettingStarted.rst
+++ b/docs/GettingStarted.rst
@@ -326,7 +326,11 @@ Easy steps for installing GCC 4.8.2:
 
 .. code-block:: console
 
 
 .. code-block:: console
 
-  % wget ftp://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2.sig
+  % wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
+  % signature_invalid=`gpg --verify --no-default-keyring --keyring ./gnu-keyring.gpg gcc-4.8.2.tar.bz2.sig`
+  % if [ $signature_invalid ]; then echo "Invalid signature" ; exit 1 ; fi
   % tar -xvjf gcc-4.8.2.tar.bz2
   % cd gcc-4.8.2
   % ./contrib/download_prerequisites
   % tar -xvjf gcc-4.8.2.tar.bz2
   % cd gcc-4.8.2
   % ./contrib/download_prerequisites
C/C++ LLVM-based compilers that forbids OOTA behaviors