mirror of
https://github.com/Anon-Planet/thgtoa.git
synced 2026-05-06 11:34:18 +02:00
nopeitsnothing
50 lines
1.6 KiB
Markdown
50 lines
1.6 KiB
Markdown
# Development
|
|
|
|
??? Note "How the pipeline works"
|
|
|
|
**Automatic PDF Generation:** - Builds both light and dark mode PDFs from MkDocs source
|
|
**SHA256 Hash Generation:** - Creates hash files for integrity verification
|
|
**GPG Signature Signing:** - Signs all PDFs and hash files with repository GPG key
|
|
**VirusTotal Scanning:** - Automatically scans PDFs and updates release notes
|
|
**Release Automation:** - Packages everything into GitHub releases
|
|
|
|
## Workflow Architecture
|
|
|
|
### Build PDF Workflow (`build-sign-release.yml`)
|
|
|
|
??? Note "Steps"
|
|
|
|
- Checkout repository
|
|
- Set up Python and MkDocs Material
|
|
- Install Chromium browser
|
|
- Generate both light and dark mode PDFs with `scripts\build_guide_pdf.py`
|
|
- Create SHA256 and blake2 hash files in `export/`
|
|
- Sign all files with GPG in `export/`
|
|
- Upload artifacts to GitHub Actions **manually**
|
|
|
|
### SHA256 Hash Verification
|
|
|
|
!!! Note "**How it works**"
|
|
|
|
- Each PDF gets a unique SHA256 hash calculated at build time
|
|
- Hash stored in `.sha256` files alongside the PDFs
|
|
- Combined `sha256sum.txt` for batch verification
|
|
### GPG Signature Verification
|
|
|
|
**Purpose:** Verify authenticity and prevent tampering
|
|
|
|
??? Note "How it works"
|
|
|
|
- Detached signatures created for each PDF and hash file
|
|
- Public keys available in `/pgp/` directory
|
|
|
|
**Verification command:**
|
|
```bash
|
|
gpg --import pgp/anonymousplanet-master.asc
|
|
gpg --verify export/thgtoa.pdf.sig export/thgtoa.pdf
|
|
```
|
|
|
|
---
|
|
|
|
*This workflow is designed for security-conscious users who need to verify the authenticity and integrity of downloaded documents.*
|