当我下载GCC,它也有一个.sig文件,我认为它是提供验证下载的文件。
(我从 here下载GCC)。
(我从 here下载GCC)。
但我不知道如何使用它。我试过gpg,但它抱怨公钥。
[root@localhost src]# gpg --verify gcc-4.7.2.tar.gz.sig gcc-4.7.2.tar.gz gpg: Signature made Thu 20 Sep 2012 07:30:44 PM KST using DSA key ID C3C45C06 gpg: Can't check signature: No public key [root@localhost src]#
您需要导入公钥:C3C45C06
原文链接:https://www.f2er.com/bash/389035.html可以在三个步骤完成。
1)查找公钥ID:
$ gpg gcc-4.7.2.tar.gz.sig gpg: Signature made Čt20.září2012,12:30:44CEST using DSA key ID C3C45C06 gpg: Can't check signature: No public key
2)从密钥服务器导入公钥。通常不需要选择密钥服务器,但可以使用–keyserver< server>来完成。 Keyserver examples.
$ gpg --recv-key C3C45C06 gpg: requesting key C3C45C06 from hkp server keys.gnupg.net gpg: key C3C45C06: public key "Jakub Jelinek <jakub@redhat.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
3)验证签名:
$ gpg gcc-4.7.2.tar.gz.sig gpg: Signature made Čt20.září2012,12:30:44CEST using DSA key ID C3C45C06 gpg: Good signature from "Jakub Jelinek <jakub@redhat.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 33C2 35A3 4C46 AA3F FB29 3709 A328 C3A2 C3C4 5C06
输出应该说“好签名”。
gpg: WARNING: This key is not certified with a trusted signature!
是另一个问题;)
