From 3b550119a8f70129096774b3303278b50fed1529 Mon Sep 17 00:00:00 2001 From: nopeitsnothing Date: Sun, 24 May 2026 07:44:51 -0400 Subject: [PATCH] chore(lint): commitizen passes Passed a couple times through the automatic linter to fix some markdown Signed-off-by: nopeitsnothing --- .cz.toml | 9 +++++++++ .pre-commit-config.yaml | 9 ++++----- docs/code/develop.md | 6 +++--- docs/guide/index.md | 13 +------------ docs/verify/index.md | 13 +++++++++++-- 5 files changed, 28 insertions(+), 22 deletions(-) create mode 100644 .cz.toml diff --git a/.cz.toml b/.cz.toml new file mode 100644 index 0000000..aa31110 --- /dev/null +++ b/.cz.toml @@ -0,0 +1,9 @@ +[tool.commitizen] +name = "cz_conventional_commits" +version_scheme = "semver" +tag_format = "v$version" +update_changelog_on_bump = false +major_version_zero = false + +[tool.commitizen.customize] +schema_pattern = '^(feat|feature|add|fix|bugfix|revert|security|perf|refactor|change|chore|ci|docs|style|test|build)(\(.+\))?(!)?: .{1,72}(\n.*)*$' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f2efafd..206545e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,14 +10,13 @@ repos: - id: check-added-large-files - id: check-merge-conflict - id: check-symlinks - - id: detect-private-key - id: end-of-file-fixer - id: trailing-whitespace - id: mixed-line-ending args: [--fix=lf] - - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.41.0 + - repo: https://github.com/commitizen-tools/commitizen + rev: v4.8.3 hooks: - - id: markdownlint - - id: markdownlint-fix + - id: commitizen + stages: [commit-msg] diff --git a/docs/code/develop.md b/docs/code/develop.md index 7ef68d1..509a0de 100644 --- a/docs/code/develop.md +++ b/docs/code/develop.md @@ -49,7 +49,7 @@ You also need **Google Chrome** or **Microsoft Edge** installed for the light-mo ## Repository layout -``` +```bash .github/ workflows/ build.yml ← builds PDFs, uploads artifact @@ -120,7 +120,7 @@ Opens at `http://127.0.0.1:8000`. The pipeline triggers automatically when you push to `main` — no manual steps are needed for normal contributions. -``` +```bash push to main │ ▼ @@ -294,7 +294,7 @@ b2sum -c b2sums.txt A successful verify looks like: -``` +```bash gpg: Signature made ... gpg: Good signature from "Anonymous Planet (Release) ..." ``` diff --git a/docs/guide/index.md b/docs/guide/index.md index 84a7a64..47729b6 100644 --- a/docs/guide/index.md +++ b/docs/guide/index.md @@ -10043,28 +10043,17 @@ Again, regarding the PDFs of this guide and as explained in the README of my rep - Run "python pdfid.py file-to-check.pdf" and you should see these at 0 in the case of the PDF files in this repository: -``` - +```text /JS 0 #This indicates the presence of Javascript - /JavaScript 0 #This indicates the presence of Javascript - /AA 0 #This indicates the presence of automatic action on opening - /OpenAction 0 #This indicates the presence of automatic action on opening - /AcroForm 0 #This indicates the presence of AcroForm which could contain JavaScript - /JBIG2Decode 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content - /RichMedia 0 #This indicates the presence of rich media within the PDF such as Flash - /Launch 0 #This counts the launch actions - /EmbeddedFile 0 #This indicates there are embedded files within the PDF - /XFA 0 #This indicates the presence of XML Forms within the PDF - ``` Now, what if you think the PDF is still suspicious? Fear not ... there are more things you can do to ensure it is not malicious: diff --git a/docs/verify/index.md b/docs/verify/index.md index 17b2aa5..422eee4 100644 --- a/docs/verify/index.md +++ b/docs/verify/index.md @@ -36,12 +36,14 @@ python scripts/verify_pdf.py --vt #### 1. Verify SHA256 Hash **Linux/macOS:** + ```bash cd /path/to/repo sha256sum -c sha256sum-light.txt ``` **Windows (PowerShell):** + ```powershell Get-FileHash -Algorithm SHA256 export\thgtoa.pdf | Select-Object Hash # Compare with the hash in thgtoa.pdf.sha256 @@ -50,18 +52,21 @@ Get-FileHash -Algorithm SHA256 export\thgtoa.pdf | Select-Object Hash #### 2. Verify GPG Signature First, import the public key: + ```bash gpg --import pgp/anonymousplanet-master.asc ``` Then verify the signature: + ```bash gpg --verify export/thgtoa.pdf.sig export/thgtoa.pdf gpg --verify export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf ``` Expected output for successful verification: -``` + +```text gpg: Signature made Mon 20 Apr 2026 01:46:40 AM EDT gpg: using EDDSA key 9FA5436D0EE360985157382517ECA05F768DEDF6 gpg: Good signature from "Anonymous Planet Master Signing Key" [unknown] @@ -77,6 +82,7 @@ Visit the VirusTotal report links (automatically generated in release notes): - Dark mode: `https://www.virustotal.com/gui/file/[hash]` Or use the Python script with API key: + ```bash export VT_API_KEY=your_vt_api_key python scripts/verify_pdf.py --vt @@ -103,15 +109,18 @@ The GitHub Actions workflows automatically: ## Troubleshooting ### "Good signature" but wrong owner? + - Ensure you imported the correct public key - Check the key fingerprint matches the official one from the repository ### Hash mismatch? + - Re-download the file (corruption during transfer) - Verify you're checking against the correct hash file - Check for disk errors on your system ### GPG not found? + - Install GPG: `sudo apt install gnupg` (Debian/Ubuntu) or `brew install gnupg` (macOS) - On Windows, use [Gpg4win](https://www.gpg4win.org/) @@ -123,4 +132,4 @@ The GitHub Actions workflows automatically: --- -*For questions or issues with verification, please open an issue on GitHub.* +_For questions or issues with verification, please open an issue on GitHub._