以 nginx 下载作为范例
也可以参考mongodb文档
下载nginx 和 patch 包
wget http://nginx.org/download/nginx-1.25.3.tar.gz
wget http://nginx.org/download/nginx-1.25.3.tar.gz.asc.
wget https://nginx.org/keys/nginx_signing.key
wget https://nginx.org/keys/mdounin.key
wget https://nginx.org/keys/maxim.key
wget https://nginx.org/keys/sb.key
wget https://nginx.org/keys/thresh.key
nginx 公钥文件下载地址: https://nginx.org/en/pgp_keys.html
5个公钥都要下载,因为不知道是哪位作者的签名。
校验
1. 初始化
[sysadmin@VM-102-6-centos ~]$ gpg --list-keys
gpg: directory `/home/sysadmin/.gnupg' created
gpg: new configuration file `/home/sysadmin/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/sysadmin/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/sysadmin/.gnupg/pubring.gpg' created
gpg: /home/sysadmin/.gnupg/trustdb.gpg: trustdb created
[sysadmin@VM-102-6-centos ~]$ gpg --list-keys
[sysadmin@VM-102-6-centos ~]$ gpg --fingerprint
[sysadmin@VM-102-6-centos ~]$
2. 导入公钥
gpg --import nginx_signing.key
gpg --import maxim.key
gpg --import mdounin.key
gpg --import sb.key
gpg --import thresh.key
如下范例:
[sysadmin@VM-102-6-centos ~]$ gpg --import nginx_signing.key
gpg: keyring `/home/sysadmin/.gnupg/secring.gpg' created
gpg: key 7BD9BF62: public key "nginx signing key <signing-key@nginx.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
查看公钥
[sysadmin@VM-102-6-centos ~]$ gpg --list-keys
/home/sysadmin/.gnupg/pubring.gpg
---------------------------------
pub 2048R/7BD9BF62 2011-08-19 [expires: 2024-06-14]
uid nginx signing key <signing-key@nginx.com>
pub 4096R/F54977D4 2020-01-06 [expires: 2027-01-02]
uid Maxim Konovalov <maxim@nginx.com>
uid Maxim Konovalov <maxim@FreeBSD.org>
sub 4096R/E4EDC4DD 2020-01-06 [expires: 2027-01-02]
pub 2048R/A1C052F8 2011-11-27
uid Maxim Dounin <mdounin@mdounin.ru>
sub 2048R/D345AB09 2011-11-27
pub 2048R/7ADB39A8 2011-08-12 [expired: 2016-08-10]
uid Sergey Budnevitch <sb@waeme.net>
uid Sergey Budnevitch <sb@nginx.com>
pub 3072R/66B0D967 2018-05-07 [expires: 2027-05-17]
uid Konstantin Pavlov <thresh@nginx.com>
uid Konstantin Pavlov <k.pavlov@f5.com>
sub 3072R/1281B785 2018-05-07 [expires: 2027-05-17]
查看水印
[sysadmin@VM-102-6-centos ~]$ gpg --fingerprint
/home/sysadmin/.gnupg/pubring.gpg
---------------------------------
pub 2048R/7BD9BF62 2011-08-19 [expires: 2024-06-14]
Key fingerprint = 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62
uid nginx signing key <signing-key@nginx.com>
pub 4096R/F54977D4 2020-01-06 [expires: 2027-01-02]
Key fingerprint = 41DB 9271 3D3B F4BF F3EE 9106 9C5E 7FA2 F549 77D4
uid Maxim Konovalov <maxim@nginx.com>
uid Maxim Konovalov <maxim@FreeBSD.org>
sub 4096R/E4EDC4DD 2020-01-06 [expires: 2027-01-02]
pub 2048R/A1C052F8 2011-11-27
Key fingerprint = B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8
uid Maxim Dounin <mdounin@mdounin.ru>
sub 2048R/D345AB09 2011-11-27
pub 2048R/7ADB39A8 2011-08-12 [expired: 2016-08-10]
Key fingerprint = 7338 9730 69ED 3F44 3F4D 37DF A64F D5B1 7ADB 39A8
uid Sergey Budnevitch <sb@waeme.net>
uid Sergey Budnevitch <sb@nginx.com>
pub 3072R/66B0D967 2018-05-07 [expires: 2027-05-17]
Key fingerprint = 13C8 2A63 B603 5761 56E3 0A4E A0EA 981B 66B0 D967
uid Konstantin Pavlov <thresh@nginx.com>
uid Konstantin Pavlov <k.pavlov@f5.com>
sub 3072R/1281B785 2018-05-07 [expires: 2027-05-17]
3. 校验下载文件
[sysadmin@VM-102-6-centos ~]$ gpg --verify nginx-1.25.3.tar.gz.asc nginx-1.25.3.tar.gz
gpg: Signature made Tue 24 Oct 2023 11:42:51 PM CST using RSA key ID 66B0D967
gpg: Good signature from "Konstantin Pavlov <thresh@nginx.com>"
gpg: aka "Konstantin Pavlov <k.pavlov@f5.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 13C8 2A63 B603 5761 56E3 0A4E A0EA 981B 66B0 D967
网友评论