From 9ce589b07df2d0643e06f4bc2ed7c58a31be144b Mon Sep 17 00:00:00 2001
From: ppom <>
Date: Thu, 4 Jan 2024 12:00:00 +0100
Subject: [PATCH] Now signing release assets. fix #54

---
 .gitignore |  1 +
 Makefile   |  6 +++++-
 README.md  | 10 ++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 235d987..2c1daf4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
 /wiki
 /deb
 *.deb
+*.minisig
diff --git a/Makefile b/Makefile
index 87e212a..458d596 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 all: reaction ip46tables
 
 clean:
-	rm -f reaction ip46tables reaction.deb deb
+	rm -f reaction ip46tables reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig
 
 ip46tables: ip46tables.d/ip46tables.c
 	gcc -static ip46tables.d/ip46tables.c -o ip46tables
@@ -20,3 +20,7 @@ reaction.deb: reaction ip46tables
 	cd deb && dpkg-deb --root-owner-group --build reaction
 	mv deb/reaction.deb reaction.deb
 	rm -rf deb/
+
+signatures: reaction.deb reaction ip46tables
+	minisign -Sm ip46tables reaction reaction.deb
+
diff --git a/README.md b/README.md
index c885379..b6df10c 100644
--- a/README.md
+++ b/README.md
@@ -152,6 +152,16 @@ Executables are provided [here](https://framagit.org/ppom/reaction/-/releases/),
 
 A standard place to put such executables is `/usr/local/bin/`.
 
+#### Signature verification
+
+Starting at v1.0.3, all binaries are signed with public key `RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX`. You can check their authenticity with minisign:
+```bash
+minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m ip46tables
+minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m reaction
+# or
+minisign -VP RWSpLTPfbvllNqRrXUgZzM7mFjLUA7PQioAItz80ag8uU4A2wtoT2DzX -m reaction.deb
+```
+
 #### Debian
 
 The releases also contain a `reaction.deb` file, which packages reaction & ip46tables.