On 05/09/2016 11:11 AM, Konrad Kleine wrote: > ADD https://cmake.org/files/v3.5/cmake-3.5.2-Linux-x86_64.tar.gz /tmp > ADD https://cmake.org/files/v3.5/cmake-3.5.2-SHA-256.txt /tmp > ADD https://cmake.org/files/v3.5/cmake-3.5.2-SHA-256.txt.asc /tmp [snip] > # Verify the integrity of the downloaded cmake tarball against Brad > King's key > RUN gpg --verbose --verify /tmp/cmake*.asc /tmp/cmake*.tar.gz
The "cmake-3.5.2-SHA-256.txt.asc" file is a signature of the SHA-256 summary file "cmake-3.5.2-SHA-256.txt". You need to check that signature: $ curl -O https://cmake.org/files/v3.5/cmake-3.5.2-SHA-256.txt $ curl -O https://cmake.org/files/v3.5/cmake-3.5.2-SHA-256.txt.asc $ gpg --verbose --verify cmake-3.5.2-SHA-256.txt.asc cmake-3.5.2-SHA-256.txt ... gpg: Good signature from "Brad King" ... Then check that the SHA-256 matches the binary: $ curl -O https://cmake.org/files/v3.5/cmake-3.5.2-Linux-x86_64.tar.gz $ grep "$(shasum -a 256 cmake-3.5.2-Linux-x86_64.tar.gz)" cmake-3.5.2-SHA-256.txt 5f7aeaebe33521647625e0411467de71a2886743e4aa2c179e04c9e141c6c8cd cmake-3.5.2-Linux-x86_64.tar.gz -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake
