Getting started docs: https, and check signature

Summary: Download should be over https, not insecure ftp at least for the signature and key files. The signature should also get verified. Test Plan: None Reviewers: chandlerc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D10845 llvm-svn: 241138
author: JF Bastien <jfb@google.com> 2015-07-01 03:32:08 +0000
committer: JF Bastien <jfb@google.com> 2015-07-01 03:32:08 +0000
commit: fa31f9f89f32dd24402212277ce3a2537f7de371 (patch)
tree: a2426b39f705f8cdd995eae8d6a8c6e0b9769551 /llvm/docs
parent: 2aedca340c84eafdc7285eb68145e55213324185 (diff)
download: bcm5719-llvm-fa31f9f89f32dd24402212277ce3a2537f7de371.tar.gz
bcm5719-llvm-fa31f9f89f32dd24402212277ce3a2537f7de371.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/llvm/docs/GettingStarted.rst b/llvm/docs/GettingStarted.rst
index 212fa0b5833..75f0e60c41f 100644
--- a/llvm/docs/GettingStarted.rst
+++ b/llvm/docs/GettingStarted.rst
@@ -326,7 +326,11 @@ Easy steps for installing GCC 4.8.2:
 
 .. code-block:: console
 
-  % wget ftp://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2.sig
+  % wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
+  % signature_invalid=`gpg --verify --no-default-keyring --keyring ./gnu-keyring.gpg gcc-4.8.2.tar.bz2.sig`
+  % if [ $signature_invalid ]; then echo "Invalid signature" ; exit 1 ; fi
   % tar -xvjf gcc-4.8.2.tar.bz2
   % cd gcc-4.8.2
   % ./contrib/download_prerequisites
author	JF Bastien <jfb@google.com>	2015-07-01 03:32:08 +0000
committer	JF Bastien <jfb@google.com>	2015-07-01 03:32:08 +0000
commit	fa31f9f89f32dd24402212277ce3a2537f7de371 (patch)
tree	a2426b39f705f8cdd995eae8d6a8c6e0b9769551 /llvm/docs
parent	2aedca340c84eafdc7285eb68145e55213324185 (diff)
download	bcm5719-llvm-fa31f9f89f32dd24402212277ce3a2537f7de371.tar.gz bcm5719-llvm-fa31f9f89f32dd24402212277ce3a2537f7de371.zip