文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >安装wget:如何验证wget源代码未被更改?

安装wget:如何验证wget源代码未被更改?
EN

Stack Overflow用户
提问于 2015-09-22 22:07:15
回答 1查看 1K关注 0票数 1

我无法找到md5或沙-1代码来验证wget在http://www.gnu.org/software/wget/上的下载。在.sig下载旁边有一个http://ftp.gnu.org/gnu/wget/文件

代码语言:javascript
复制
...
wget-1.16.tar.gz
wget-1.16.tar.gz.sig
...

所以我下载了这两个文件,但是我不能打开.sig文件。

为了使用.sig文件验证wget的源代码下载,我安装了GPGSuite (对于MacOSX10.10.2),然后我安装了:

代码语言:javascript
复制
$ gpg ~/Downloads/wget-1.16.tar.gz.sig 
gpg: assuming signed data in '/Users/7stud/Downloads/wget-1.16.tar.gz'
gpg: Signature made Mon Oct 27 03:04:05 2014 MDT using RSA key ID E163E1EA
gpg: requesting key E163E1EA from hkps server hkps.pool.sks-keyservers.net
gpg: key E163E1EA: public key "Giuseppe Scrivano <giuseppe@scrivano.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2018-08-19
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: Good signature from "Giuseppe Scrivano <giuseppe@scrivano.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gnu.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivan@redhat.com>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC40 4C1C 0BF7 35C6 3FF4  D562 263D 6DF2 E163 E1EA

但是这个警告让我觉得我没有证实任何事情。

不是有md5或沙-1代码某处吗?

回复评论:

代码语言:javascript
复制
~/Downloads$ gpg --verify wget-1.16.tar.gz.sig wget-1.16.tar.gz
gpg: Signature made Mon Oct 27 03:04:05 2014 MDT using RSA key ID E163E1EA
gpg: Good signature from "Giuseppe Scrivano <giuseppe@scrivano.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gnu.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivan@redhat.com>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC40 4C1C 0BF7 35C6 3FF4  D562 263D 6DF2 E163 E1EA
wget
EN

回答 1

Stack Overflow用户

发布于 2015-09-24 15:47:31

我在这里发布了我的GPG密钥:http://pgp.mit.edu/pks/lookup?op=vindex&search=0x263D6DF2E163E1EA

遗憾的是,它还没有很多签名,因为我更改了多年来用于签名的旧签名(1024位):http://pgp.mit.edu/pks/lookup?op=vindex&search=0x0791AF8CC03363F4

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/32727754

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档