Add gpg signature files (.asc) to binary downloads

[RubenKelevra]

Is there an existing issue for this?

• I have searched the existing issues

Berty product

Desktop app

Feature request

Hey guys,

I'm the maintainer for the AUR packages for ArchLinux:

• https://aur.archlinux.org/packages/berty-gui-bin
• https://aur.archlinux.org/packages/berty-bin

I was wondering if it's possible to add an signature to the downloads, so I can add the valid GPG key ID and the user downloading/installing the binaries can thus verify automatically that the files are valid.

Context

AUR packages are “just” the instructions which files the user needs to fetch and have either a checksum or a GPG key ID – instead of a prebundled binary package which just needs to be extracted, like a .deb, .rpm, .pkg.tar.

If a GPG key ID is supplied, the AUR-helper (basically just an extended package manager), will fetch the GPG key from the key servers and check the files with it.

Possible implementation

No response

[jefft0]

We have various requests for alternative distribution channels. Put this in the backlog until we have to time to review.