portmaster
portmaster copied to clipboard
safing
Add Checksums and GPG Signature for Verification for Each Release.
Since Portmaster is about Privacy This makes sense.
-Add SHA1, MD5, SHA256 Signed Checksums.
-GPG Verifcation
-Provide Portmasters Developers key.
-Provide Documentation for Windows/Linux Users on how to verify the signature.
Hey @CyberPunkInterface, thanks for the suggestion.
The Windows installer is already signed with our EV cert, and the Linux installers will be signed with PGP in the future. Updates will also be signed through our internal system in the future.
Progress of that is tracked by the "Cryptographically Sign Updates" Card on the Product Roadmap Backlog.
You can verify the signature of the Windows installer by viewing the file properties.
We will probably add checksums in the future, but we don't have details on this yet.
Assuming the original need was handled, this will be automatically closed now.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Is there any news about including checksums of the installer? I hope it will also include offline installer
@dhaavi we are also signing update now, do we intend on doing checksum checks as well or is it already implemented?
Installer checksums are available at https://github.com/safing/checksums - for installers and other resources.
Currently, we provide checksums and sign binary updates. We might provide PGP support in the future. The signatures files can hold both.
You can check signatures using portmaster-start utility found in the data directory of portmaster: ./portmaster-start verify