The following files are available for download. You can use the checksum and signatures files to verify the integrity of the files.
Download the files you want, import the PGP key, and verify the downloads. You can use the following script.
#!/bin/bash set -euo pipefail trap "echo 'Something went wrong! Download not verified!'" EXIT for file in riot-medicine.pdf riot-medicine.pdf.sig; do wget "https://riotmedicine.net/static/downloads/$file" done wget -O - https://riotmedicine.net/static/hakan.gpg.asc | gpg2 --import # on success, the output will include the text # Good signature from "Håkan Geijer <firstname.lastname@example.org>" gpg2 --verify-files riot-medicine.pdf.sig echo '' echo 'Download successfully verified.' echo '' trap - EXIT