![]() ![]() Now, let’s import the public key into our system’s keyring: $ sudo apt-key add /path/to/public/key/file Gpg: key 12345678: public key "Package Maintainer " imported Let’s check the output: Executing: /tmp/apt-key-gpghome.1Cv7PGfoeL/gpg.1.sh -keyserver -recv-keys 12345678 ![]() We can find this key ID on the package maintainer’s website or other trusted sources. In the above command, we replace 12345678 with the actual key ID of the package maintainer. $ sudo apt-key adv -keyserver -recv-keys 12345678 This means the checksum values don’t match, and we should stop installing the package to investigate further. We can then proceed with installing the package. If we don’t have any output, that means the two checksum values match, and verification is successful. Let’s compare the calculated SHA-256 checksum value with the value in the file .sha256: $ diff <(sha256sum | awk '') .sha256 We can use the diff command to compare the two checksum values. If they match, the package is legitimate. The checksum value is a long string of characters that uniquely identifies the package.įinally, we compare the calculated checksum value of the package with the checksum value in the checksum file. Let’s calculate the SHA-256 checksum of the package :Ħb172a535540f30d90f7e70b0aa193d61ce15b9d8cbf23614f34bf5e5f5b5e8d Īs we can see, the output consists of two parts: the checksum value and the filename. To calculate the checksum value of the downloaded package, we use a tool like sha256sum or md5sum. In this case, our checksum file is named .sha256. Let’s use the ls command to list the files in the current directory and look for the checksum file: $ ls This file contains the checksum value of the package. Next, we need to look for the checksum file that’s usually available alongside the source code. Let’s download the source code of the package named mypackage from the repository at : $ wget We start by downloading the source code of the package from the repository using the wget command. Let’s see how to verify the package using a checksum. It is a unique value generated based on a file’s contents. A checksum is a mathematical calculation used to verify the integrity of a file. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |