Lack in installation documentation - Verify integrity and signature


#1

Problem

While installing a new Yunohost on a raspberry, I found what I believe is a “hole” in the installation documentation. There is no instruction on how to verify download with sha256sum and gpg

Proposal

  1. On page https://yunohost.org/#/install_on_raspberry/preview, it could be nice to add a new step like this

  1. Especially that checksums and gpg are already shown on the download page


Some examples instructions to verify the download:


Feel free to move the topic or give pointers of a better place to handle this.

Edit #1
Also missing step : unzip the file


#2

Yes indeed. Imho the best way to do this would be to add a tip at the top of the “Pre-installed images” page, such as “When downloading these images, it is recommended to check the integrity and authenticity of the image with ~link to procedure~”

and have a dedicated page explaining how to use md5sum and gpg (both on Linux and Windows …)

Feel free to suggest something : you can edit directly the pages with the ‘Edit’ button and/or git clone the doc repo if you are familiar with git :wink: