diff options
Diffstat (limited to 'deps/uv/README.md')
-rw-r--r-- | deps/uv/README.md | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/deps/uv/README.md b/deps/uv/README.md index f9a7a1e62e..0ce2669971 100644 --- a/deps/uv/README.md +++ b/deps/uv/README.md @@ -89,6 +89,42 @@ also serve as API specification and usage examples. These resources are not handled by libuv maintainers and might be out of date. Please verify it before opening new issues. +## Downloading + +libuv can be downloaded either from the +[GitHub repository](https://github.com/libuv/libuv) +or from the [downloads site](http://dist.libuv.org/dist/). + +Starting with libuv 1.7.0, binaries for Windows are also provided. This is to +be considered EXPERIMENTAL. + +Before verifying the git tags or signature files, importing the relevant keys +is necessary. Key IDs are listed in the +[MAINTAINERS](https://github.com/libuv/libuv/blob/master/MAINTAINERS.md) +file, but are also available as git blob objects for easier use. + +Importing a key the usual way: + + $ gpg --keyserver pool.sks-keyservers.net \ + --recv-keys AE9BC059 + +Importing a key from a git blob object: + + $ git show pubkey-saghul | gpg --import + +### Verifying releases + +Git tags are signed with the developer's key, they can be verified as follows: + + $ git verify-tag v1.6.1 + +Starting with libuv 1.7.0, the tarballs stored in the +[downloads site](http://dist.libuv.org/dist/) are signed and an accomanying +signature file sit alongside each. Once both the release tarball and the +signature file are downloaded, the file can be verified as follows: + + $ gpg --verify libuv-1.7.0.tar.gz.sign + ## Build Instructions For GCC there are two build methods: via autotools or via [GYP][]. |