diff options
Diffstat (limited to 'docs/source/install.rst')
-rw-r--r-- | docs/source/install.rst | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/docs/source/install.rst b/docs/source/install.rst index c5dd8197..c3fe5d16 100644 --- a/docs/source/install.rst +++ b/docs/source/install.rst @@ -12,13 +12,13 @@ Linux ----- There are various ways to install OnionShare for Linux, but the recommended way is to use either the `Flatpak <https://flatpak.org/>`_ or the `Snap <https://snapcraft.io/>`_ package. -Flatpak and Snap ensure that you'll always use the newest version and run OnionShare inside of a sandbox. +Flatpak and Snapcraft ensure that you'll always use the newest version and run OnionShare inside of a sandbox. -Snap support is built-in to Ubuntu and Fedora comes with Flatpak support, but which you use is up to you. Both work in all Linux distributions. +Snapcraft support is built-in to Ubuntu and Fedora comes with Flatpak support, but which you use is up to you. Both work in all Linux distributions. **Install OnionShare using Flatpak**: https://flathub.org/apps/details/org.onionshare.OnionShare -**Install OnionShare using Snap**: https://snapcraft.io/onionshare +**Install OnionShare using Snapcraft**: https://snapcraft.io/onionshare You can also download and install PGP-signed ``.flatpak`` or ``.snap`` packages from https://onionshare.org/dist/ if you prefer. @@ -27,7 +27,7 @@ You can also download and install PGP-signed ``.flatpak`` or ``.snap`` packages Command-line only ----------------- -You can install just the command line version of OnionShare on any operating system using the Python package manager ``pip``. See :ref:`cli` for more information. +You can install just the command-line version of OnionShare on any operating system using the Python package manager ``pip``. :ref:`cli` has more info. .. _verifying_sigs: @@ -40,7 +40,8 @@ For Windows and macOS, this step is optional and provides defense in depth: the Signing key ^^^^^^^^^^^ -Packages are signed by Micah Lee, the core developer, using his PGP public key with fingerprint ``927F419D7EC82C2F149C1BD1403C2657CD994F73``. You can download Micah's key `from the keys.openpgp.org keyserver <https://keys.openpgp.org/vks/v1/by-fingerprint/927F419D7EC82C2F149C1BD1403C2657CD994F73>`_. +Packages are signed by Micah Lee, the core developer, using his PGP public key with fingerprint ``927F419D7EC82C2F149C1BD1403C2657CD994F73``. +You can download Micah's key `from the keys.openpgp.org keyserver <https://keys.openpgp.org/vks/v1/by-fingerprint/927F419D7EC82C2F149C1BD1403C2657CD994F73>`_. You must have GnuPG installed to verify signatures. For macOS you probably want `GPGTools <https://gpgtools.org/>`_, and for Windows you probably want `Gpg4win <https://www.gpg4win.org/>`_. @@ -73,6 +74,6 @@ The expected output looks like this:: gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 927F 419D 7EC8 2C2F 149C 1BD1 403C 2657 CD99 4F73 -If you don't see ``Good signature from``, there might be a problem with the integrity of the file (malicious or otherwise), and you should not install the package. (The ``WARNING:`` shown above, is not a problem with the package, it only means you haven't defined a level of "trust" of Micah's PGP key.) +If you don't see ``Good signature from``, there might be a problem with the integrity of the file (malicious or otherwise), and you should not install the package. (The ``WARNING:`` shown above, is not a problem with the package, it only means you haven't defined a level of "trust" of Micah's (the core developer) PGP key.) If you want to learn more about verifying PGP signatures, the guides for `Qubes OS <https://www.qubes-os.org/security/verifying-signatures/>`_ and the `Tor Project <https://support.torproject.org/tbb/how-to-verify-signature/>`_ may be useful. |