mirror of
https://github.com/Anon-Planet/thgtoa.git
synced 2026-06-10 15:52:29 +02:00
chore(lint): commitizen passes
Passed a couple times through the automatic linter to fix some markdown Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
This commit is contained in:
nopeitsnothing
@@ -0,0 +1,9 @@
|
||||
[tool.commitizen]
|
||||
name = "cz_conventional_commits"
|
||||
version_scheme = "semver"
|
||||
tag_format = "v$version"
|
||||
update_changelog_on_bump = false
|
||||
major_version_zero = false
|
||||
|
||||
[tool.commitizen.customize]
|
||||
schema_pattern = '^(feat|feature|add|fix|bugfix|revert|security|perf|refactor|change|chore|ci|docs|style|test|build)(\(.+\))?(!)?: .{1,72}(\n.*)*$'
|
||||
@@ -10,14 +10,13 @@ repos:
|
||||
- id: check-added-large-files
|
||||
- id: check-merge-conflict
|
||||
- id: check-symlinks
|
||||
- id: detect-private-key
|
||||
- id: end-of-file-fixer
|
||||
- id: trailing-whitespace
|
||||
- id: mixed-line-ending
|
||||
args: [--fix=lf]
|
||||
|
||||
- repo: https://github.com/igorshubovych/markdownlint-cli
|
||||
rev: v0.41.0
|
||||
- repo: https://github.com/commitizen-tools/commitizen
|
||||
rev: v4.8.3
|
||||
hooks:
|
||||
- id: markdownlint
|
||||
- id: markdownlint-fix
|
||||
- id: commitizen
|
||||
stages: [commit-msg]
|
||||
|
||||
@@ -49,7 +49,7 @@ You also need **Google Chrome** or **Microsoft Edge** installed for the light-mo
|
||||
|
||||
## Repository layout
|
||||
|
||||
```
|
||||
```bash
|
||||
.github/
|
||||
workflows/
|
||||
build.yml ← builds PDFs, uploads artifact
|
||||
@@ -120,7 +120,7 @@ Opens at `http://127.0.0.1:8000`.
|
||||
|
||||
The pipeline triggers automatically when you push to `main` — no manual steps are needed for normal contributions.
|
||||
|
||||
```
|
||||
```bash
|
||||
push to main
|
||||
│
|
||||
▼
|
||||
@@ -294,7 +294,7 @@ b2sum -c b2sums.txt
|
||||
|
||||
A successful verify looks like:
|
||||
|
||||
```
|
||||
```bash
|
||||
gpg: Signature made ...
|
||||
gpg: Good signature from "Anonymous Planet (Release) ..."
|
||||
```
|
||||
|
||||
+1
-12
@@ -10043,28 +10043,17 @@ Again, regarding the PDFs of this guide and as explained in the README of my rep
|
||||
|
||||
- Run "python pdfid.py file-to-check.pdf" and you should see these at 0 in the case of the PDF files in this repository:
|
||||
|
||||
```
|
||||
|
||||
```text
|
||||
/JS 0 #This indicates the presence of Javascript
|
||||
|
||||
/JavaScript 0 #This indicates the presence of Javascript
|
||||
|
||||
/AA 0 #This indicates the presence of automatic action on opening
|
||||
|
||||
/OpenAction 0 #This indicates the presence of automatic action on opening
|
||||
|
||||
/AcroForm 0 #This indicates the presence of AcroForm which could contain JavaScript
|
||||
|
||||
/JBIG2Decode 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content
|
||||
|
||||
/RichMedia 0 #This indicates the presence of rich media within the PDF such as Flash
|
||||
|
||||
/Launch 0 #This counts the launch actions
|
||||
|
||||
/EmbeddedFile 0 #This indicates there are embedded files within the PDF
|
||||
|
||||
/XFA 0 #This indicates the presence of XML Forms within the PDF
|
||||
|
||||
```
|
||||
|
||||
Now, what if you think the PDF is still suspicious? Fear not ... there are more things you can do to ensure it is not malicious:
|
||||
|
||||
+11
-2
@@ -36,12 +36,14 @@ python scripts/verify_pdf.py --vt
|
||||
#### 1. Verify SHA256 Hash
|
||||
|
||||
**Linux/macOS:**
|
||||
|
||||
```bash
|
||||
cd /path/to/repo
|
||||
sha256sum -c sha256sum-light.txt
|
||||
```
|
||||
|
||||
**Windows (PowerShell):**
|
||||
|
||||
```powershell
|
||||
Get-FileHash -Algorithm SHA256 export\thgtoa.pdf | Select-Object Hash
|
||||
# Compare with the hash in thgtoa.pdf.sha256
|
||||
@@ -50,18 +52,21 @@ Get-FileHash -Algorithm SHA256 export\thgtoa.pdf | Select-Object Hash
|
||||
#### 2. Verify GPG Signature
|
||||
|
||||
First, import the public key:
|
||||
|
||||
```bash
|
||||
gpg --import pgp/anonymousplanet-master.asc
|
||||
```
|
||||
|
||||
Then verify the signature:
|
||||
|
||||
```bash
|
||||
gpg --verify export/thgtoa.pdf.sig export/thgtoa.pdf
|
||||
gpg --verify export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf
|
||||
```
|
||||
|
||||
Expected output for successful verification:
|
||||
```
|
||||
|
||||
```text
|
||||
gpg: Signature made Mon 20 Apr 2026 01:46:40 AM EDT
|
||||
gpg: using EDDSA key 9FA5436D0EE360985157382517ECA05F768DEDF6
|
||||
gpg: Good signature from "Anonymous Planet Master Signing Key" [unknown]
|
||||
@@ -77,6 +82,7 @@ Visit the VirusTotal report links (automatically generated in release notes):
|
||||
- Dark mode: `https://www.virustotal.com/gui/file/[hash]`
|
||||
|
||||
Or use the Python script with API key:
|
||||
|
||||
```bash
|
||||
export VT_API_KEY=your_vt_api_key
|
||||
python scripts/verify_pdf.py --vt
|
||||
@@ -103,15 +109,18 @@ The GitHub Actions workflows automatically:
|
||||
## Troubleshooting
|
||||
|
||||
### "Good signature" but wrong owner?
|
||||
|
||||
- Ensure you imported the correct public key
|
||||
- Check the key fingerprint matches the official one from the repository
|
||||
|
||||
### Hash mismatch?
|
||||
|
||||
- Re-download the file (corruption during transfer)
|
||||
- Verify you're checking against the correct hash file
|
||||
- Check for disk errors on your system
|
||||
|
||||
### GPG not found?
|
||||
|
||||
- Install GPG: `sudo apt install gnupg` (Debian/Ubuntu) or `brew install gnupg` (macOS)
|
||||
- On Windows, use [Gpg4win](https://www.gpg4win.org/)
|
||||
|
||||
@@ -123,4 +132,4 @@ The GitHub Actions workflows automatically:
|
||||
|
||||
---
|
||||
|
||||
*For questions or issues with verification, please open an issue on GitHub.*
|
||||
_For questions or issues with verification, please open an issue on GitHub._
|
||||
|
||||
Reference in New Issue
Block a user