Update fedora installation / release instructions

Changes instructions from the packagecloud setup to packages.freedom.press Delegates the key import to .repo configuration, following the example of docker's install instructions [1]. [1]: https://docs.docker.com/engine/install/fedora/#install-docker-engine
2025-04-28 18:02:38 +02:00 · 2023-04-06 09:49:18 +01:00 · 2023-04-06 09:49:18 +01:00 · 78959100a8
commit 78959100a8
parent 1c0dfb45f5
2 changed files with 59 additions and 5 deletions
--- a/INSTALL.md
+++ b/INSTALL.md
@ -53,17 +53,39 @@ sudo apt install -y dangerzone

 ### Fedora

-Add our repository following [these instructions](https://packagecloud.io/firstlookmedia/code/install#manual-rpm), or by running this script:
+Type the following commands in a terminal:

 ```
-curl -s https://packagecloud.io/install/repositories/firstlookmedia/code/script.rpm.sh | sudo bash
+sudo dnf config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo
+sudo dnf install dangerzone
 ```

-Install Dangerzone:
+<details>
+<summary>Importing GPG key 0x22604281: ... Is this ok [y/N]:</summary>

+After some minutes of running the above command (depending on your internet speed) you'll be asked to confirm the fingerprint of our signing key. This is to make sure that in the case our servers are compromized your computer stays safe. It should look like this:
+
+```console
+--------------------------------------------------------------------------------
+Total                                           389 kB/s | 732 MB     32:07
+Dangerzone repository                           3.8 MB/s | 3.8 kB     00:00
+Importing GPG key 0x22604281:
+ Userid     : "Dangerzone Release Key <dangerzone-release-key@freedom.press>"
+ Fingerprint: DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281
+ From       : /etc/pki/rpm-gpg/RPM-GPG-dangerzone.pub
+Is this ok [y/N]:
 ```
-sudo dnf install -y dangerzone
-```
+
+> **Note**: If it does not show this fingerprint confirmation or the fingerprint does not match, it is possible that our servers were compromized. Be distrustful and reach out to us.
+
+The `Fingerprint` should be `DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281`. For extra security, you should confirm it matches the one at the bottom of our website ([dangerzone.rocks](https://dangerzone.rocks)) and our [Mastodon account](https://fosstodon.org/@dangerzone) bio.
+
+After confirming that it matches, type `y` (for yes) and the installation should proceed.
+
+
+</details>
+
+

 ## Build from source

--- a/RELEASE.md
+++ b/RELEASE.md
@ -212,6 +212,38 @@ Rename `Dangerzone.msi` to `Dangerzone-$VERSION.msi`.

 Linux binaries are automatically built and deployed to repositories when a new tag is pushed.

+### Fedora
+
+> **NOTE**: This procedure will have to be done for every supported Fedora version.
+>
+> In this example, we'll use Fedora 37 as an example.
+
+Create a Fedora development environment. You can [follow the
+instructions in our build section](https://github.com/freedomofpress/dangerzone/blob/main/BUILD.md#fedora),
+or create your own locally with:
+
+```sh
+./dev_scripts/env.py --distro fedora --version 37 build-dev
+./dev_scripts/env.py --distro fedora --version 37 run --dev bash
+cd dangerzone
+```
+
+Build the latest container:
+
+```sh
+./install/linux/build-image.sh
+```
+
+Create a .rpm:
+
+```sh
+./install/linux/build-rpm.py
+```
+
+Publish the .rpm under `./dist` to the
+[`freedomofpress/yum-tools-prod`](https://github.com/freedomofpress/yum-tools-prod) repo, by sending a PR. Follow the instructions in that repo on how to do so.
+
+
 ## Publishing the release

 To publish the release: