@@ -25,29 +25,29 @@ signatures for your project dependencies at build time and/or runtime,
2525there are Maven plugins (e.g.
2626[ Verify PGP signatures] ( https://www.simplify4u.org/pgpverify-maven-plugin/ ) ).
2727Gradle even has this feature
28- ( out-of-the-box) [ https://docs.gradle.org/current/userguide/dependency_verification.html ] .
28+ [ out-of-the-box] ( https://docs.gradle.org/current/userguide/dependency_verification.html ) .
2929
3030## Examples
3131
32- Assuming that you want to see the signature of a jar with coordinates 'org.leplus:ristretto:1 .0.0':
32+ Assuming that you want to see the signature of a jar with coordinates 'org.leplus:ristretto:2 .0.0':
3333
3434``` bash
35- docker run --rm leplusorg/pgp-verify-jar org.leplus:ristretto:1 .0.0
35+ docker run --rm leplusorg/pgp-verify-jar org.leplus:ristretto:2 .0.0
3636```
3737
3838You can put several sets in coordinates in arguments to verify
3939multiple artifacts. You can also use the ` KEYSERVER ` environment
4040variable to choose a different keyserver (default is keyserver.ubuntu.com):
4141
4242``` bash
43- docker run --rm -e KEYSERVER=pgp.mit.edu leplusorg/pgp-verify-jar org.leplus:ristretto:1 .0.0
43+ docker run --rm -e KEYSERVER=pgp.mit.edu leplusorg/pgp-verify-jar org.leplus:ristretto:2 .0.0
4444```
4545
4646Alternatively you can use the ` --keyserver ` option to achieve the same
4747result:
4848
4949``` bash
50- docker run --rm leplusorg/pgp-verify-jar --keyserver=pgp.mit.edu org.leplus:ristretto:1 .0.0
50+ docker run --rm leplusorg/pgp-verify-jar --keyserver=pgp.mit.edu org.leplus:ristretto:2 .0.0
5151```
5252
5353Note that this will show you the jar's signature information but if
@@ -66,14 +66,14 @@ keys to be trusted from the server (private or public). `ONLINE_KEYS`
6666should contain a coma-separated list of public key IDs:
6767
6868``` bash
69- docker run --rm -e ONLINE_KEYS=6B1B9BE54C155617,85911F425EC61B51 leplusorg/pgp-verify-jar org.leplus:ristretto:1 .0.0 junit:junit:4.13.1
69+ docker run --rm -e ONLINE_KEYS=6B1B9BE54C155617,85911F425EC61B51 leplusorg/pgp-verify-jar org.leplus:ristretto:2 .0.0 junit:junit:4.13.1
7070```
7171
7272Alternatively you can use the ` --online-keys ` option to achieve the
7373same result:
7474
7575``` bash
76- docker run --rm leplusorg/pgp-verify-jar --online-keys=6B1B9BE54C155617,85911F425EC61B51 org.leplus:ristretto:1 .0.0 junit:junit:4.13.1
76+ docker run --rm leplusorg/pgp-verify-jar --online-keys=6B1B9BE54C155617,85911F425EC61B51 org.leplus:ristretto:2 .0.0 junit:junit:4.13.1
7777```
7878
7979If the keys downloaded from the server are themselves signed by
@@ -91,14 +91,14 @@ and setting the `VERIFICATION_MODE` environment variable to `offline`
9191(default value is ` online ` ):
9292
9393``` bash
94- docker run --rm -e VERIFICATION_MODE=offline -v " /path/to/.gnupg:/root/.gnupg" 1 .0.0
94+ docker run --rm -e VERIFICATION_MODE=offline -v " /path/to/.gnupg:/root/.gnupg" 2 .0.0
9595```
9696
9797Alternatively you can use the ` --verification-mode ` option to achieve
9898the same result:
9999
100100``` bash
101- docker run --rm -v " /path/to/.gnupg:/root/.gnupg" 1 .0.0
101+ docker run --rm -v " /path/to/.gnupg:/root/.gnupg" 2 .0.0
102102```
103103
104104In ` offline ` mode, all the keys present in the keyring can be used to
0 commit comments