安装wget:如何验证wget源代码是否未被更改?

时间:2015-09-22 22:07:15

标签: wget

我无法找到md5或sha-1代码来验证http://www.gnu.org/software/wget/下的wget下载。在http://ftp.gnu.org/gnu/wget/下载旁边有一个.sig文件:

...
wget-1.16.tar.gz
wget-1.16.tar.gz.sig
...

所以我下载了这两个,但我无法打开.sig文件。

为了使用.sig文件来验证wget源代码下载,我安装了GPGSuite(适用于Mac OSX 10.10.2),然后我做了:

$ gpg ~/Downloads/wget-1.16.tar.gz.sig 
gpg: assuming signed data in '/Users/7stud/Downloads/wget-1.16.tar.gz'
gpg: Signature made Mon Oct 27 03:04:05 2014 MDT using RSA key ID E163E1EA
gpg: requesting key E163E1EA from hkps server hkps.pool.sks-keyservers.net
gpg: key E163E1EA: public key "Giuseppe Scrivano <giuseppe@scrivano.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2018-08-19
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: Good signature from "Giuseppe Scrivano <giuseppe@scrivano.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gnu.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivan@redhat.com>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC40 4C1C 0BF7 35C6 3FF4  D562 263D 6DF2 E163 E1EA

但警告让我觉得我没有验证任何东西。

某处是不是有md5或sha-1代码?

对评论的回应: 

~/Downloads$ gpg --verify wget-1.16.tar.gz.sig wget-1.16.tar.gz
gpg: Signature made Mon Oct 27 03:04:05 2014 MDT using RSA key ID E163E1EA
gpg: Good signature from "Giuseppe Scrivano <giuseppe@scrivano.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gnu.org>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivan@redhat.com>" [unknown]
gpg:                 aka "Giuseppe Scrivano <gscrivano@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC40 4C1C 0BF7 35C6 3FF4  D562 263D 6DF2 E163 E1EA

1 个答案:

答案 0 :(得分:0)

我已在此处发布了我的GPG密钥:http://pgp.mit.edu/pks/lookup?op=vindex&search=0x263D6DF2E163E1EA

可悲的是,它还没有很多签名,因为我已经更改了我多年来用于签署版本的旧签名:http://pgp.mit.edu/pks/lookup?op=vindex&search=0x0791AF8CC03363F4

相关问题
最新问题