Added GPG signed installer & documentation.

frenck · frenck · commit 809ce4c2d49d · 2016-10-27T14:24:39.000+02:00
diff --git a/README.md b/README.md
@@ -113,17 +113,28 @@ bash <(curl -S https://raw.githubusercontent.com/DealerDirect/php-qa-tools/maste
 
 That's it. This can be put in any instructions, such as a README or someone's blog, since the logic is in the shell
 script. Provided you download the script using https, the file has standard levels of authentication and encryption
-protecting it from manipulation.
+protecting it from manipulation. We also sign the install with a GPG key, this way you can check if the downloaded
+releases signature matches the public key of Dealerdirect.
+
+```bash
+gpg --keyserver hkp://keys.gnupg.net --recv-keys C4133165DF5EB4BAEABDADCACF1E7823C5339B59
+curl -O https://raw.githubusercontent.com/DealerDirect/php-qa-tools/master/bin/install.sh
+curl -O https://raw.githubusercontent.com/DealerDirect/php-qa-tools/master/bin/install.sh.sig
+gpg --verify install.sh.sig
+bash install.sh
+```
 
 This is obviously a shell script, if you're really concerned about the argument that it may contain nefarious
 activities within, you can easily review it before you run it.
 
 ```bash
-curl -o https://raw.githubusercontent.com/DealerDirect/php-qa-tools/master/bin/install.sh
+curl -O https://raw.githubusercontent.com/DealerDirect/php-qa-tools/master/bin/install.sh
 less install.sh
 bash instal.sh
 ```
 
+
+
 If you already have a global Composer setup, you could include the tools manually, without the need for running
 the shell script above.
 
diff --git a/bin/install.sh.sig b/bin/install.sh.sig
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJYEe4zAAoJELY9nlxX4qkVWOgQAJ3X9wfOUgkBmXOzdNby/8sF
+L75nfahYKHgNpK0uoLDp18w3b9QhbNLDRZTAMpKKtykD8rXZ6zG/2GXvc9XObAf+
+QsTs4fEOsACy/PFHmHpnW2/L+loM7bRanRRWgR30NFQP2sj0DPRBQwNFK0321dem
+Cpvp6DKDU+kseAj6yP2qurAmDp8YzwG0qYN+n3dHhhl8XRd6b+hZFcHzqKTLGGpv
+tP13jPprOTC0fNDfGYAXiZrjbiC4f6OvcRZid/Kp8dG/H3aGO+JsDFiRqi4KlBYq
+fz8XrHKh0LztYBgX3x47qRPOeVpeg1N7aNcpJXnIpwP7vlwBidT50i7Vw354yq7n
+HlG0W67W4t3PIE+KoT5bpX3RiIwkyTl9hMVYny2ERmGdeGwiu6OBJb7MtDejElw7
+O6UehVgUqZaJaWV/+luQ/OMsJXHEgFVd64BiXEJT+YUpg/s9zFhmNXH8lKkYxuZz
+Plx46fIY3PCC1oQaYQ/olQtBIiBP4J8IZcR4ZuN+z5ihuR+51yzHLMGhaiRnzIku
+TZfKUkuGdhe4YHng4NIb1weOXzoRaMgYzQkhwCd3zWBli3yhX5atvEi+KD0Wq56Z
+shFO5SjSq6Lgmfv8V6SgAy+okxCN9C1KIyoJTEWh3ciUMuzeG2ehqEiMXs6CSHv8
+UuSQbq19lh2yFxKYkCmE
+=QjAG
+-----END PGP SIGNATURE-----
