repmgr 4.1.1 Documentation | |||
---|---|---|---|
Prev | Up | Appendix B. Verifying digital signatures | Next |
The signing key ID used for repmgr source code bundles is: 0x297F1DCC.
To download the repmgr source key to your computer:
curl -s https://repmgr.org/download/SOURCE-GPG-KEY-repmgr | gpg --import gpg --fingerprint 0x297F1DCC
then verify that the fingerprint is the expected value:
085A BE38 6FD9 72CE 6365 340D 8365 683D 297F 1DCC
For checking tarballs, first download and import the repmgr source signing key as shown above. Then download both source tarball and the detached key (e.g. repmgr-4.0beta1.tar.gz and repmgr-4.0beta1.tar.gz.asc) from https://repmgr.org/download/ and use gpg to verify the key, e.g.:
gpg --verify repmgr-4.0beta1.tar.gz.asc