Update GPG instructions for packages.

[homepage.git] / lib / project-readme.rb

diff --git a/lib/project-readme.rb b/lib/project-readme.rb
index 3338e8a436558759a81a129abdc937d1d2142506..ffe3e3f3679b9e1f2dbd187d057007a87ac6c5a6 100644 (file)
--- a/lib/project-readme.rb
+++ b/lib/project-readme.rb
@@ -1,6 +1,6 @@
 # Nick's web site: Generate a project page from a submodule README.md
 #
-# Copyright © 2021 Nick Bowler
+# Copyright © 2021-2022 Nick Bowler
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -82,21 +82,25 @@ def project_readme(item = @item)
             obtaining += line.lstrip
         end
 
+        gpg_uid = "nbowler@draconx.ca"
         obtaining += "\n\n" + <<~EOF
             [gpg]: https://gnupg.org/
+            [keyring]: /pubring/#{gpg_uid}.asc
 
             Use the signature file to verify that the corresponding source
             bundle is intact.  After downloading both files, if [GnuPG][gpg]
             is installed, the signature can be verified with a command like:
 
-            <kbd>gpg --verify #{targz}.sig</kbd>
+            <kbd>gpg --verify #{targz}.sig #{targz}</kbd>
 
             If the verification fails because you don't have the required
             public key, that key can be imported with a command such as:
 
-            <kbd>gpg --keyserver keys.gnupg.net --recv-keys 5B45D3D185B8E1F6</kbd>
+            <kbd>gpg --locate-external-keys #{gpg_uid}</kbd>
 
-            Then run the verify command again.
+            Then run the verify command again.  Alternatively, you can
+            [download the public keyring][keyring] manually and import it
+            using `gpg --import`.
         EOF
     end