Getting started docs: https, and check signature

Summary: Download should be over https, not insecure ftp at least for the signature and key files. The signature should also get verified. Test Plan: None Reviewers: chandlerc Subscribers: llvm-commits Differential Revision: http://reviews.llvm.org/D10845 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@241138 91177308-0d34-0410-b5e6-96231b3b80d8
author: JF Bastien <jfb@google.com> 2015-07-01 03:32:08 +0000
committer: JF Bastien <jfb@google.com> 2015-07-01 03:32:08 +0000
commit: 60085fb9cd9a30653d78b5e717f06341e6e4e009 (patch)
tree: 0aab214eb2281d5a4b8a38f53e31e5a1daf2a996 /docs/GettingStarted.rst
parent: 327cfdf4fe77a2fc0e005b20bdc5980d476ef218 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/GettingStarted.rst b/docs/GettingStarted.rst
index 212fa0b5833..75f0e60c41f 100644
--- a/docs/GettingStarted.rst
+++ b/docs/GettingStarted.rst
@@ -326,7 +326,11 @@ Easy steps for installing GCC 4.8.2:
 
 .. code-block:: console
 
-  % wget ftp://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2.sig
+  % wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
+  % signature_invalid=`gpg --verify --no-default-keyring --keyring ./gnu-keyring.gpg gcc-4.8.2.tar.bz2.sig`
+  % if [ $signature_invalid ]; then echo "Invalid signature" ; exit 1 ; fi
   % tar -xvjf gcc-4.8.2.tar.bz2
   % cd gcc-4.8.2
   % ./contrib/download_prerequisites
author	JF Bastien <jfb@google.com>	2015-07-01 03:32:08 +0000
committer	JF Bastien <jfb@google.com>	2015-07-01 03:32:08 +0000
commit	60085fb9cd9a30653d78b5e717f06341e6e4e009 (patch)
tree	0aab214eb2281d5a4b8a38f53e31e5a1daf2a996 /docs/GettingStarted.rst
parent	327cfdf4fe77a2fc0e005b20bdc5980d476ef218 (diff)