Início / unix / Perguntas / 698565
Accepted
showkey
Asked: 2022-04-09 21:00:22 +0800 CST

Como pode suprimir as informações de aviso quando verificar o apache?

  • 772

Informação de aviso "Esta chave não está certificada com uma assinatura confiável!" quando verificar o apache:

wget https://downloads.apache.org/accumulo/1.10.2/accumulo-1.10.2-bin.tar.gz
wget https://downloads.apache.org/accumulo/1.10.2/accumulo-1.10.2-bin.tar.gz.asc 
wget  https://downloads.apache.org/accumulo/KEYS
gpg --import KEYS    
gpg --verify accumulo-1.10.2-bin.tar.gz.asc accumulo-1.10.2-bin.tar.gz

Ocorre uma informação de erro:

gpg: Signature made Tue 08 Feb 2022 11:04:00 PM HKT
gpg:                using RSA key 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D
gpg: Good signature from "Christopher L Tubbs II (Christopher) <[email protected]>" [unknown]
gpg:                 aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg:                 aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8CC4 F8A2 B29C 2B04 0F2B  835D 6F0C DAE7 00B6 899D

Eu quero confiar totalmente:

gpg --edit-key   8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  rsa4096/6F0CDAE700B6899D
     created: 2012-10-13  expires: 2024-01-12  usage: SC  
     trust: full          validity: unknown
sub  rsa4096/2FFC0085C23D3DA9
     created: 2012-10-13  expires: 2024-01-12  usage: E   
sub  rsa4096/4417A0C14245D003
     created: 2013-04-28  expires: 2024-01-12  usage: A   
[ unknown] (1). Christopher L Tubbs II (Christopher) <[email protected]>
[ unknown] (2)  Christopher L Tubbs II (Developer) <[email protected]>
[ unknown] (3)  Christopher L Tubbs II (Developer) <[email protected]>

gpg> trust
pub  rsa4096/6F0CDAE700B6899D
     created: 2012-10-13  expires: 2024-01-12  usage: SC  
     trust: full          validity: unknown
sub  rsa4096/2FFC0085C23D3DA9
     created: 2012-10-13  expires: 2024-01-12  usage: E   
sub  rsa4096/4417A0C14245D003
     created: 2013-04-28  expires: 2024-01-12  usage: A   
[ unknown] (1). Christopher L Tubbs II (Christopher) <[email protected]>
[ unknown] (2)  Christopher L Tubbs II (Developer) <[email protected]>
[ unknown] (3)  Christopher L Tubbs II (Developer) <[email protected]>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 4

pub  rsa4096/6F0CDAE700B6899D
     created: 2012-10-13  expires: 2024-01-12  usage: SC  
     trust: full          validity: unknown
sub  rsa4096/2FFC0085C23D3DA9
     created: 2012-10-13  expires: 2024-01-12  usage: E   
sub  rsa4096/4417A0C14245D003
     created: 2013-04-28  expires: 2024-01-12  usage: A   
[ unknown] (1). Christopher L Tubbs II (Christopher) <[email protected]>
[ unknown] (2)  Christopher L Tubbs II (Developer) <[email protected]>
[ unknown] (3)  Christopher L Tubbs II (Developer) <[email protected]>

gpg> quit

Em seguida, para verificar novamente:

gpg --verify accumulo-1.10.2-bin.tar.gz.asc accumulo-1.10.2-bin.tar.gz  
gpg: Signature made Tue 08 Feb 2022 11:04:00 PM HKT
gpg:                using RSA key 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D
gpg: Good signature from "Christopher L Tubbs II (Christopher) <[email protected]>" [unknown]
gpg:                 aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg:                 aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8CC4 F8A2 B29C 2B04 0F2B  835D 6F0C DAE7 00B6 899D

Como pode suprimir as informações de aviso quando verificar o apache?

gpg verification

1 respostas

  1. Best Answer

    Ou definir trust para ultimate (5), ou assinar a chave, fará o truque ( mas veja a advertência abaixo!).

    Opção 1: defina confiança como final

    $ gpg --edit-key 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D

[...]

gpg> trust

[...]

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

[...]

gpg> quit

    Observe que digitei 5 no prompt de confiança. Agora, quando executo o comando de verificação:

    $ gpg --verify accumulo-1.10.2-bin.tar.gz.asc accumulo-1.10.2-bin.tar.gz

    Não há mais um aviso na saída. Por outro lado, eu menti quando coloquei a confiança no máximo.

    Opção 2: assine a chave

    Como você não confia na chave, é mais correto assiná-la com sua própria chave, em última análise, confiável. Se você quiser fazer alguma diligência primeiro, veja a ressalva. Para assinar a chave:

    $ gpg --sign-key 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D

[...]

Really sign all user IDs? (y/N) y

[...]

Really sign? (y/N) y

    Novamente, não há aviso quando executo o comando de verificação e, desta vez, não precisei mentir.

    Embargo

    Esteja ciente de que o aviso está lá por um bom motivo. Se você quiser se esforçar mais tentando determinar se você confia na chave, antes de assiná-la ou marcá-la como confiável, este tópico security.stackexchange.com é um bom ponto de partida.

    • 1

relate perguntas