+ Verifying AdGuard Home Releases

Squashed commit of the following: commit 3e566ff88f58ebe8d8f06650c6d2eb45d3a4667d Author: Simon Zolin <s.zolin@adguard.com> Date: Thu Aug 13 14:07:29 2020 +0300 add to sidebar commit 85b888e12a3916929286c5f08010d3192d096436 Author: Simon Zolin <s.zolin@adguard.com> Date: Thu Aug 13 11:50:52 2020 +0300 minor commit 8b26f498f88205a93376f45091d78d49b2a8cf56 Author: Simon Zolin <s.zolin@adguard.com> Date: Thu Aug 13 11:11:22 2020 +0300 minor commit 0bb1f5ec89dabb07053b5538caee8dcc0454c90d Author: Simon Zolin <s.zolin@adguard.com> Date: Thu Aug 13 11:08:09 2020 +0300 update commit 1d838f037a13519699cbcbbc47f9fdf17676bc6f Author: Simon Zolin <s.zolin@adguard.com> Date: Tue Aug 4 19:42:43 2020 +0300 + Signatures for AdGuard Home binary files
2020-08-13 16:06:24 +03:00 · 2020-08-13 16:06:24 +03:00 · 35978b8a31
parent 2ea0b1c58d
commit 35978b8a31
3 changed files with 52 additions and 1 deletions
--- a/Home.md
+++ b/Home.md
@ -33,3 +33,4 @@ The wiki was just recently created, so there isn't much content (yet).
 * [How to install and run AdGuard Home on a Virtual Private Server](VPS)
 * [OpenRC service-script](OpenRC)
 * [How to write hosts blocklists](Hosts-Blocklists)
+* [Verifying Releases](Verify-Releases)
--- a/Verify-Releases.md
+++ b/Verify-Releases.md
@ -0,0 +1,49 @@
+# Verifying AdGuard Home Releases
+
+Since AdGuard Home v0.103.4 we sign the executable files we build so you can verify they are really created by us and no one else.
+Inside an archive file there's a small file with `.sig` extension which contains the signature data.
+In a hypothetic situation when the binary file inside an archive is replaced by someone, you'll know that it isn't an official release from AdGuard.
+
+
+## How to verify that the executable file was built by AdGuard?
+
+1. Unpack AdGuard Home archive file
+2. Import AdGuard Home public key from keyserver:
+
+        gpg --keyserver pgp.key-server.io --recv-key 1222CCA0
+
+    The above command will print:
+
+        gpg: key 9A6F0EB91222CCA0: public key "AdGuard <devteam@adguard.com>" imported
+
+3. Verify (for UNIX):
+
+        gpg --verify AdGuardHome/AdGuardHome.sig
+
+    or for Windows:
+
+        gpg --verify AdGuardHome/AdGuardHome.exe.sig
+
+    You'll see something like this:
+
+        gpg: assuming signed data in 'AdGuardHome/AdGuardHome'
+        gpg: Signature made Wed 12 Aug 2020 11:06:44 PM +03
+        gpg:                using RSA key 58D6AD46BC509C6181A22C5F9A6F0EB91222CCA0
+        gpg:                issuer "devteam@adguard.com"
+        gpg: Good signature from "AdGuard <devteam@adguard.com>" [unknown]
+
+    Check:
+    * RSA key - must be "58D6AD46BC509C6181A22C5F9A6F0EB91222CCA0"
+    * name - must be "AdGuard"
+    * email address - must be "devteam@adguard.com"
+
+> Note Windows users: you need to install PGP software.
+
+
+## Reproducing AdGuard Home releases
+
+    git clone --branch "v0.103.3" --depth=1 "https://github.com/AdguardTeam/AdGuardHome" /tmp/adguard
+    cd /tmp/adguard
+    docker run --volume $(pwd):/build --rm --env CHANNEL=release --net=host adguard/golang-ubuntu make release
+
+where "v0.103.3" is the AdGuard Home version you want to build.
--- a/__Sidebar.md
+++ b/__Sidebar.md
@ -9,4 +9,5 @@
 * [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi)
 * [How to install and run AdGuard Home on a Virtual Private Server](VPS)
 * [OpenRC service-script](OpenRC)
-* [How to write hosts blocklists](Hosts-Blocklists)
+* [How to write hosts blocklists](Hosts-Blocklists)
+* [Verifying Releases](Verify-Releases)