Mercurial > hg > nginx-site
comparison xml/en/linux_packages.xml @ 932:774505846a54
Section about packages' and repositories' signatures added.
| author | Sergey Budnevitch <sb@waeme.net> |
|---|---|
| date | Tue, 18 Jun 2013 14:19:23 +0400 |
| parents | 893d36b6d013 |
| children | f297382b1d63 |
comparison
equal
deleted
inserted
replaced
| 931:c58617c41153 | 932:774505846a54 |
|---|---|
| 5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> | 5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> |
| 6 | 6 |
| 7 <article name="nginx: Linux packages" | 7 <article name="nginx: Linux packages" |
| 8 link="/en/linux_packages.html" | 8 link="/en/linux_packages.html" |
| 9 lang="en" | 9 lang="en" |
| 10 rev="2" | 10 rev="3" |
| 11 toc="no"> | 11 toc="no"> |
| 12 | 12 |
| 13 <section id="distributions"> | 13 <section id="distributions"> |
| 14 | 14 |
| 15 <para> | 15 <para> |
| 271 </programlisting> | 271 </programlisting> |
| 272 </para> | 272 </para> |
| 273 | 273 |
| 274 </section> | 274 </section> |
| 275 | 275 |
| 276 | |
| 277 <section name="Signatures" id="signatures"> | |
| 278 | |
| 279 <para> | |
| 280 Both RPM packages and Debian/Ubuntu repositories use digital signatures | |
| 281 to verify the integrity and origin of the downloaded package. | |
| 282 In order to check a signature it is necessary to download | |
| 283 <link url="http://nginx.org/keys/nginx_signing.key">nginx signing key</link> | |
| 284 and import it to the <command>rpm</command> or <command>apt</command> | |
| 285 program’s keyring: | |
| 286 | |
| 287 <list type="bullet"> | |
| 288 | |
| 289 <listitem> | |
| 290 On Debian/Ubuntu: | |
| 291 <programlisting>sudo apt-key add nginx_signing.key</programlisting> | |
| 292 </listitem> | |
| 293 | |
| 294 <listitem> | |
| 295 On RHEL/CentOS: | |
| 296 <programlisting>sudo rpm --import nginx_signing.key</programlisting> | |
| 297 </listitem> | |
| 298 | |
| 299 </list> | |
| 300 </para> | |
| 301 | |
| 302 <para> | |
| 303 On Debian/Ubuntu signatures are checked by default, but | |
| 304 on RHEL/CentOS it is necessary to set | |
| 305 <programlisting>gpgcheck=1</programlisting> in the | |
| 306 <path>/etc/yum.repos.d/nginx.repo</path> file. | |
| 307 </para> | |
| 308 | |
| 309 <para> | |
| 310 Since our <link doc="../en/pgp_keys.xml">PGP keys</link> | |
| 311 and packages are located on the same server, | |
| 312 they are equally trusted. | |
| 313 It is highly advised to additionally verify | |
| 314 the authenticity of the downloaded PGP key. | |
| 315 PGP has the “Web of Trust” concept, | |
| 316 when a key is signed by someone else’s key, | |
| 317 that in turn is signed by another key and so on. | |
| 318 It often makes possible to build a chain from an arbitrary key | |
| 319 to someone’s key who you know and trust personally, | |
| 320 thus verify the authenticity of the first key in a chain. | |
| 321 This concept is described in details in | |
| 322 <link url="http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html"> | |
| 323 GPG Mini Howto</link>. | |
| 324 Our keys have enough signatures, | |
| 325 and their authenticity is relatively easy to check. | |
| 326 </para> | |
| 327 | |
| 328 </section> | |
| 329 | |
| 276 </article> | 330 </article> |