From 60085fb9cd9a30653d78b5e717f06341e6e4e009 Mon Sep 17 00:00:00 2001
From: JF Bastien <jfb@google.com>
Date: Wed, 1 Jul 2015 03:32:08 +0000
Subject: [PATCH] Getting started docs: https, and check signature

Summary: Download should be over https, not insecure ftp at least for the signature and key files. The signature should also get verified.

Test Plan: None

Reviewers: chandlerc

Subscribers: llvm-commits

Differential Revision: http://reviews.llvm.org/D10845

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@241138 91177308-0d34-0410-b5e6-96231b3b80d8
---
 docs/GettingStarted.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/GettingStarted.rst b/docs/GettingStarted.rst
index 212fa0b5833..75f0e60c41f 100644
--- a/docs/GettingStarted.rst
+++ b/docs/GettingStarted.rst
@@ -326,7 +326,11 @@ Easy steps for installing GCC 4.8.2:
 
 .. code-block:: console
 
-  % wget ftp://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2
+  % wget https://ftp.gnu.org/gnu/gcc/gcc-4.8.2/gcc-4.8.2.tar.bz2.sig
+  % wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
+  % signature_invalid=`gpg --verify --no-default-keyring --keyring ./gnu-keyring.gpg gcc-4.8.2.tar.bz2.sig`
+  % if [ $signature_invalid ]; then echo "Invalid signature" ; exit 1 ; fi
   % tar -xvjf gcc-4.8.2.tar.bz2
   % cd gcc-4.8.2
   % ./contrib/download_prerequisites