From ad9d0e2bdfe3c9548d2463d2314e093a8284c4bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20FIDRY?=
 <5175937+theofidry@users.noreply.github.com>
Date: Thu, 2 Nov 2023 23:35:49 +0100
Subject: [PATCH] doc: Add a doc entry for downloading the PHAR from GitHub
 (#885)

---
 README.md            |  2 +-
 docs/installation.md | 23 ++++++++++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c49cba7b8..47f3b0bf6 100644
--- a/README.md
+++ b/README.md
@@ -30,8 +30,8 @@ potentially very difficult to debug due to dissimilar or unsupported package ver
 
 - [Installation](docs/installation.md#installation)
     - [Phive](docs/installation.md#phive)
-    - [PHAR](docs/installation.md#phar)
     - [Composer](docs/installation.md#composer)
+    - [GitHub](docs/installation.md#github)
 - [Usage](#usage)
 - [Configuration](docs/configuration.md#configuration)
     - [Prefix](docs/configuration.md#prefix)
diff --git a/docs/installation.md b/docs/installation.md
index 5881a1317..1225d3bef 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -45,6 +45,27 @@ $ composer bin php-scoper require --dev humbug/php-scoper
 $ vendor/bin/php-scoper
 ```
 
+## GitHub
+
+You may download the Box PHAR directly from the [GitHub release][releases] directly.
+You should however beware that it is not as secure as downloading it from the other mediums.
+Hence, it is recommended to check the signature when doing so:
+
+```shell
+# Do adjust the URL based on the latest release
+wget -O box.phar "https://github.com/humbug/php-scoper/releases/download/0.18.4/php-scoper.phar"
+wget -O box.phar.asc "https://github.com/humbug/php-scoper/releases/download/0.18.4/php-scoper.phar.asc"
+
+# Check that the signature matches
+gpg --verify php-scoper.phar.asc php-scoper.phar
+
+# Check the issuer (the ID can also be found from the previous command)
+gpg --keyserver hkps://keys.openpgp.org --recv-keys 74A754C9778AA03AA451D1C1A000F927D67184EE
+
+rm php-scoper.phar.asc
+chmod +x php-scoper.phar
+```
+
 
 <br />
 <hr />
@@ -52,7 +73,7 @@ $ vendor/bin/php-scoper
 « [Table of Contents](../README.md#table-of-contents) • [Configuration](configuration.md#configuration) »
 
 
-[releases]: https://github.com/humbug/php-scoper/releases
 [composer]: https://getcomposer.org
 [bamarni/composer-bin-plugin]: https://github.com/bamarni/composer-bin-plugin
 [phive]: https://github.com/phar-io/phive
+[releases]: https://github.com/humbug/php-scoper/releases