Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-11-2010, 04:32 AM
|
#1
|
Member
Registered: Aug 2009
Location: India
Distribution: open suse, fedora
Posts: 33
Rep:
|
what is public key and how to use it ?
hi everybody,
i want to install gfortran compiler,for that i downloaded two files.
1) gcc-fortran-4.3.3.tar.gz
2) gcc-fortran-4.3.3.tar.gz.sig
i used the gpg command as >
/Desktop> gpg --verify gcc-fortran-4.3.3.tar.gz.sig gcc-fortran-4.3.3.tar.gz
gpg: Signature made Sat 24 Jan 2009 07:03:07 PM IST using RSA key ID FC26A641
gpg: Can't check signature: No public key
1)i don't know what is public key?
2)why do we need it?
3)how can i get this public key and then install gfortran?
with due regards,
Kilam
|
|
|
01-11-2010, 04:41 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
Purely in the context of GPG, and not other uses of public key cryptography:
1) it's a metaphorical "key" that you'd obtain from the publisher which identifies their signature.
2) to verify that the file you have is as the author released it. if someone modifed the main file, then the signature check would fail.
3) here I think. http://mirror.anl.gov/pub/gnu/gnu-keyring.gpg but maybe I'm trying to trick you and give you a fake key... who do you trust??
In general though i'd wonder why you're trying to install from source code this in the first place from the questions you're asking. Is there not a prebuilt RPM / DEB / PKG / Something else that you could drop in much easier?
|
|
1 members found this post helpful.
|
01-11-2010, 08:59 AM
|
#3
|
Senior Member
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,796
Rep:
|
As long as the source code has not been modified by anyone, you should be able to (build and) install the package, anyway.
The key verification is to check that no one modified the package since the author signed it. This signing happens by taking a cryptographically string hash of the original file package, and encrypting that hash using the author's private key. The public key can decrypt it only if the private key encrypted it (it's a "key pair" system).
Someone might try to trick you by modifying the package. Verification would fail because the hash you make during verification won't be the same (because this is a hash of modified data) as the one created by the original author. If the trickster re-signed the package, then the hash would match, but he would be identified differently via a different public key. If you have the public key of the real author, that one won't work if the trickster re-signed the package. As long as the trickster cannot trick you into using his public key as the author's public key (this is where the trust matter comes into play ... you have to trust that you have the real author's real public key), you can determine if the software you have is genuine or not.
This does not exclude people making improvements to packages. If I wanted to improve a package someone else wrote and signed, I would include their original package unchanged, plus my patches and other changes, package that all together, and sign it myself. You would then verify that I provided the outer package, and also verify that the inner package I included is an exact unchanged copy of what the original author write. If you have my public key then you can know I'm the one who wrote the patches and repackaged it.
|
|
1 members found this post helpful.
|
01-13-2010, 12:44 AM
|
#4
|
Member
Registered: Aug 2009
Location: India
Distribution: open suse, fedora
Posts: 33
Original Poster
Rep:
|
Quote:
Originally Posted by acid_kewpie
Purely in the context of GPG, and not other uses of public key cryptography:
1) it's a metaphorical "key" that you'd obtain from the publisher which identifies their signature.
2) to verify that the file you have is as the author released it. if someone modifed the main file, then the signature check would fail.
3) here I think. http://mirror.anl.gov/pub/gnu/gnu-keyring.gpg but maybe I'm trying to trick you and give you a fake key... who do you trust??
In general though i'd wonder why you're trying to install from source code this in the first place from the questions you're asking. Is there not a prebuilt RPM / DEB / PKG / Something else that you could drop in much easier?
|
hi acid_kewpie,
actually i have installed SLED-11(suse linux enterprise-11)operating system.
and it doesn't contain gfortran compiler and i need it.
for that i downloaded gfortran psckage form following: ftp://ftp.gnu.org/gnu/gcc/
but that contains a .sig file also. and i don't know what to do with that?
so to get away from .sig file, i downloaded a rpm package from http://rpm.pbone.net/index.php3/stat...c12.x86_64.rpm
but it gives errors
~/Desktop> rpm -ivh gcc-gfortran-4.4.2-14.fc12.x86_64.rpm
warning: gcc-gfortran-4.4.2-14.fc12.x86_64.rpm: Header V3 RSA/SHA256 signature: NOKEY, key ID 57bbccba
error: Failed dependencies:
gcc = 4.4.2-14.fc12 is needed by gcc-gfortran-4.4.2-14.fc12.x86_64
libc.so.6(GLIBC_2.11)(64bit) is needed by gcc-gfortran-4.4.2-14.fc12.x86_64
libgfortran = 4.4.2-14.fc12 is needed by gcc-gfortran-4.4.2-14.fc12.x86_64
libgfortran.so.3()(64bit) is needed by gcc-gfortran-4.4.2-14.fc12.x86_64
rpmlib(FileDigests) <= 4.6.0-1 is needed by gcc-gfortran-4.4.2-14.fc12.x86_64
rpmlib(PayloadIsXz) <= 5.2-1 is needed by gcc-gfortran-4.4.2-14.fc12.x86_64.
can anyone help me how can i install gfortran?
My operating system is SLED 11, should i use gfortran provided by suse site or can i use gfortran provided by other sites like from fedora sites?
thank you very much
kilam orez
Last edited by Kilam orez; 01-13-2010 at 12:45 AM.
|
|
|
All times are GMT -5. The time now is 03:54 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|