Add install.md

src/install.md

@@ -0,0 +1,33 @@
+#### HardenedBSD installers
+
+**15-CURRENT**
+
+git: 
+<pre>
+git clone --single-branch --branch hardened/current/master https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git hardenedbsd-current
+</pre>
+
+installers: [https://installers.hardenedbsd.org/pub/current/](https://installers.hardenedbsd.org/pub/current/)
+
+#### Verifying Build Artifacts
+
+The HardenedBSD build artifacts are signed with an SSH key. SSH keys are used so that artifacts can be validated using only tools included in the base operating system.
+
+First, download the SSH public key:
+
+<pre>
+$ fetch https://installers.hardenedbsd.org/pub/keys/ssh.pub.txt
+</pre>
+
+Then download the build artifact. For purposes of this documentation, the compressed memstick installation image for HardenedBSD 14-STABLE will be used.
+
+<pre>$ fetch https://installers.hardenedbsd.org/pub/14-stable/amd64/amd64/installer/LATEST/memstick.img.xz
+$ fetch https://installers.hardenedbsd.org/pub/14-stable/amd64/amd64/installer/LATEST/memstick.img.xz.sig</pre>
+
+Next, generate an `allowed_signers` file which contains the SSH public key:
+
+<pre>$ echo "hbsd-os-build-01 $(cat ssh.pub.txt)" > allowed_signers</pre>
+
+Now the signature file can be verified:
+
+<pre>$ ssh-keygen -Y verify -f allowed_signers -I hbsd-os-build-01 -n file -s memstick.img.xz.sig < memstick.img.xz</pre>