Mercurial > hg > nginx-site
comparison xml/en/linux_packages.xml @ 932:774505846a54
Section about packages' and repositories' signatures added.
author | Sergey Budnevitch <sb@waeme.net> |
---|---|
date | Tue, 18 Jun 2013 14:19:23 +0400 |
parents | 893d36b6d013 |
children | f297382b1d63 |
comparison
equal
deleted
inserted
replaced
931:c58617c41153 | 932:774505846a54 |
---|---|
5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> | 5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> |
6 | 6 |
7 <article name="nginx: Linux packages" | 7 <article name="nginx: Linux packages" |
8 link="/en/linux_packages.html" | 8 link="/en/linux_packages.html" |
9 lang="en" | 9 lang="en" |
10 rev="2" | 10 rev="3" |
11 toc="no"> | 11 toc="no"> |
12 | 12 |
13 <section id="distributions"> | 13 <section id="distributions"> |
14 | 14 |
15 <para> | 15 <para> |
271 </programlisting> | 271 </programlisting> |
272 </para> | 272 </para> |
273 | 273 |
274 </section> | 274 </section> |
275 | 275 |
276 | |
277 <section name="Signatures" id="signatures"> | |
278 | |
279 <para> | |
280 Both RPM packages and Debian/Ubuntu repositories use digital signatures | |
281 to verify the integrity and origin of the downloaded package. | |
282 In order to check a signature it is necessary to download | |
283 <link url="http://nginx.org/keys/nginx_signing.key">nginx signing key</link> | |
284 and import it to the <command>rpm</command> or <command>apt</command> | |
285 program’s keyring: | |
286 | |
287 <list type="bullet"> | |
288 | |
289 <listitem> | |
290 On Debian/Ubuntu: | |
291 <programlisting>sudo apt-key add nginx_signing.key</programlisting> | |
292 </listitem> | |
293 | |
294 <listitem> | |
295 On RHEL/CentOS: | |
296 <programlisting>sudo rpm --import nginx_signing.key</programlisting> | |
297 </listitem> | |
298 | |
299 </list> | |
300 </para> | |
301 | |
302 <para> | |
303 On Debian/Ubuntu signatures are checked by default, but | |
304 on RHEL/CentOS it is necessary to set | |
305 <programlisting>gpgcheck=1</programlisting> in the | |
306 <path>/etc/yum.repos.d/nginx.repo</path> file. | |
307 </para> | |
308 | |
309 <para> | |
310 Since our <link doc="../en/pgp_keys.xml">PGP keys</link> | |
311 and packages are located on the same server, | |
312 they are equally trusted. | |
313 It is highly advised to additionally verify | |
314 the authenticity of the downloaded PGP key. | |
315 PGP has the “Web of Trust” concept, | |
316 when a key is signed by someone else’s key, | |
317 that in turn is signed by another key and so on. | |
318 It often makes possible to build a chain from an arbitrary key | |
319 to someone’s key who you know and trust personally, | |
320 thus verify the authenticity of the first key in a chain. | |
321 This concept is described in details in | |
322 <link url="http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html"> | |
323 GPG Mini Howto</link>. | |
324 Our keys have enough signatures, | |
325 and their authenticity is relatively easy to check. | |
326 </para> | |
327 | |
328 </section> | |
329 | |
276 </article> | 330 </article> |