小贝子编程

安装wget:如何验证wget源代码没有被修改



我无法找到md5或sha-1代码来验证http://www.gnu.org/software/wget/上的wget下载。在http://ftp.gnu.org/gnu/wget/:

的下载旁边有一个。sig文件。
...
wget-1.16.tar.gz
wget-1.16.tar.gz.sig
...

所以我下载了这两个,但我无法打开。sig文件。

为了使用.sig文件来验证wget源代码下载,我安装了GPGSuite(用于Mac OSX 10.10.2),然后我做了:

$ gpg ~/Downloads/wget-1.16.tar.gz.sig 
gpg: assuming signed data in '/Users/7stud/Downloads/wget-1.16.tar.gz'
gpg: Signature made Mon Oct 27 03:04:05 2014 MDT using RSA key ID E163E1EA
gpg: requesting key E163E1EA from hkps server hkps.pool.sks-keyservers.net
gpg: key E163E1EA: public key "Giuseppe Scrivano <giuseppe@scrivano.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2018-08-19
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: Good signature from "Giuseppe Scrivano <giuseppe@scrivano.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gnu.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivan@redhat.com>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC40 4C1C 0BF7 35C6 3FF4  D562 263D 6DF2 E163 E1EA

但是这个警告让我觉得我没有验证任何东西。

是不是有md5或sha-1代码?

对评论的回应:

~/Downloads$ gpg --verify wget-1.16.tar.gz.sig wget-1.16.tar.gz
gpg: Signature made Mon Oct 27 03:04:05 2014 MDT using RSA key ID E163E1EA
gpg: Good signature from "Giuseppe Scrivano <giuseppe@scrivano.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gnu.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivan@redhat.com>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC40 4C1C 0BF7 35C6 3FF4  D562 263D 6DF2 E163 E1EA

我已经在这里发布了我的GPG密钥:http://pgp.mit.edu/pks/lookup?op=vindex&search=0x263D6DF2E163E1EA

遗憾的是它还没有很多签名,因为我已经更改了我多年来用于签名版本的旧签名(1024位):http://pgp.mit.edu/pks/lookup?op=vindex&search=0x0791AF8CC03363F4

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium