From 46730ed606fbffb914445f969e1d41abd381ab10 Mon Sep 17 00:00:00 2001 From: M66B Date: Tue, 23 Jul 2024 07:48:05 +0200 Subject: [PATCH] Updated FAQ --- FAQ.md | 5 +++++ index.html | 2 ++ 2 files changed, 7 insertions(+) diff --git a/FAQ.md b/FAQ.md index fcfaf8607d..d20b586d3e 100644 --- a/FAQ.md +++ b/FAQ.md @@ -6033,6 +6033,11 @@ This feature is experimental and requires version 1.2171 or later for the GitHub **(205) How do I check the integrity of an APK file?** +"*Artifact attestations enable you to create unfalsifiable provenance and integrity guarantees for the software you build.* +*In turn, people who consume your software can verify where and how your software was built.*" + +Please [see here](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) for details. + You can verify in this way that an APK file was built and signed by a GitHub workflow: 1. Install the [GitHub CLI](https://cli.github.com/) diff --git a/index.html b/index.html index 50807b43a1..6f458eef10 100644 --- a/index.html +++ b/index.html @@ -3007,6 +3007,8 @@ adb install /path/to/FairEmail-xxx.apk

This feature is experimental and requires version 1.2171 or later for the GitHub version and version 1.2182 or later for the Play Store version.


(205) How do I check the integrity of an APK file?

+

Artifact attestations enable you to create unfalsifiable provenance and integrity guarantees for the software you build. In turn, people who consume your software can verify where and how your software was built.

+

Please see here for details.

You can verify in this way that an APK file was built and signed by a GitHub workflow:

  1. Install the GitHub CLI