forked from TrueCloudLab/rclone
Nick Craig-Wood
parent
2a6675cffd
commit
e8879f3e77
5 changed files with 307 additions and 4 deletions
|
|
@ -5,9 +5,10 @@ package selfupdate
|
||||||
|
|
||||||
// Note: "|" will be replaced by backticks in the help string below
|
// Note: "|" will be replaced by backticks in the help string below
|
||||||
var selfUpdateHelp = `
|
var selfUpdateHelp = `
|
||||||
This command downloads the latest release of rclone and replaces
|
This command downloads the latest release of rclone and replaces the
|
||||||
the currently running binary. The download is verified with a hashsum
|
currently running binary. The download is verified with a hashsum and
|
||||||
and cryptographically signed signature.
|
cryptographically signed signature; see [the release signing
|
||||||
|
docs](/release_signing/) for details.
|
||||||
|
|
||||||
If used without flags (or with implied |--stable| flag), this command
|
If used without flags (or with implied |--stable| flag), this command
|
||||||
will install the latest stable release. However, some issues may be fixed
|
will install the latest stable release. However, some issues may be fixed
|
||||||
|
|
@ -40,7 +41,7 @@ your OS) to update these too. This command with the default |--package zip|
|
||||||
will update only the rclone executable so the local manual may become
|
will update only the rclone executable so the local manual may become
|
||||||
inaccurate after it.
|
inaccurate after it.
|
||||||
|
|
||||||
The |rclone mount| command (https://rclone.org/commands/rclone_mount/) may
|
The [rclone mount](/commands/rclone_mount/) command may
|
||||||
or may not support extended FUSE options depending on the build and OS.
|
or may not support extended FUSE options depending on the build and OS.
|
||||||
|selfupdate| will refuse to update if the capability would be discarded.
|
|selfupdate| will refuse to update if the capability would be discarded.
|
||||||
|
|
||||||
|
|
|
||||||
138
docs/content/KEYS
Normal file
138
docs/content/KEYS
Normal file
|
|
@ -0,0 +1,138 @@
|
||||||
|
This file contains the PGP keys that are and have been used to sign
|
||||||
|
rclone releases.
|
||||||
|
|
||||||
|
Users: pgp < KEYS
|
||||||
|
or
|
||||||
|
gpg --import KEYS
|
||||||
|
|
||||||
|
Developers:
|
||||||
|
pgp -kxa <your name> and append it to this file.
|
||||||
|
or
|
||||||
|
(pgpk -ll <your name> && pgpk -xa <your name>) >> this file.
|
||||||
|
or
|
||||||
|
(gpg --list-sigs <your name> && gpg --armor --export <your name>) >> this file.
|
||||||
|
|
||||||
|
pub dsa1024 2001-09-27 [SCA]
|
||||||
|
FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
|
||||||
|
uid [ultimate] Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sig 3 93935E02FF3B54FA 2001-09-27 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sig 3 93935E02FF3B54FA 2020-02-03 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sig 3 93935E02FF3B54FA 2001-09-27 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sig A54E275E4248E016 2019-11-04 [User ID not found]
|
||||||
|
sig CB0DBEBC5F32C81D 2023-09-03 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sub elg2048 2001-09-27 [E]
|
||||||
|
sig 93935E02FF3B54FA 2001-09-27 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
|
||||||
|
pub rsa4096 2022-09-16 [SC]
|
||||||
|
E3B358DC858FB307F48170B9CB0DBEBC5F32C81D
|
||||||
|
uid [ultimate] Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sig 3 CB0DBEBC5F32C81D 2022-09-16 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sig 93935E02FF3B54FA 2023-09-03 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
sub rsa4096 2022-09-16 [E]
|
||||||
|
sig CB0DBEBC5F32C81D 2022-09-16 Nick Craig-Wood <nick@craig-wood.com>
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQGiBDuy3V0RBADVQOAF5aFiCxD3t2h6iAF2WMiaMlgZ6kX2i/u7addNkzX71VU9
|
||||||
|
7NpI0SnsP5YWt+gEedST6OmFbtLfZWCR4KWn5XnNdjCMNhxaH6WccVqNm4ALPIqT
|
||||||
|
59uVjkgf8RISmmoNJ1d+2wMWjQTUfwOEmoIgH6n+2MYNUKuctBrwAACflwCg1I1Q
|
||||||
|
O/prv/5hczdpQCs+fL87DxsD/Rt7pIXvsIOZyQWbIhSvNpGalJuMkW5Jx92UjsE9
|
||||||
|
1Ipo3Xr6SGRPgW9+NxAZAsiZfCX/19knAyNrN9blwL0rcPDnkhdGwK69kfjF+wq+
|
||||||
|
QbogRGodbKhqY4v+cMNkKiemBuTQiWPkpKjifwNsD1fNjNKfDP3pJ64Yz7a4fuzV
|
||||||
|
X1YwBACpKVuEen34lmcX6ziY4jq8rKibKBs4JjQCRO24kYoHDULVe+RS9krQWY5b
|
||||||
|
e0foDhru4dsKccefK099G+WEzKVCKxupstWkTT/iJwajR8mIqd4AhD0wO9W3MCfV
|
||||||
|
Ov8ykMDZ7qBWk1DHc87Ep3W1o8t8wq74ifV+HjhhWg8QAylXg7QlTmljayBDcmFp
|
||||||
|
Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPohXBBMRAgAXBQI7st1dBQsHCgME
|
||||||
|
AxUDAgMWAgECF4AACgkQk5NeAv87VPoPswCfaetrHxFhv6vpjadYWc6tyAZJHD4A
|
||||||
|
n2IfppvFB0vdOFgYBz/+u/6rN4p1iHEEExEIADEFCwcKAwQDFQMCAxYCAQIXgBYh
|
||||||
|
BPv3N+zp+KsYYEvSrJOTXgL/O1T6BQJeODZSAhkBAAoJEJOTXgL/O1T6WaYAniMf
|
||||||
|
kXJQvNK2OKy5O8ctNXPobjh5AJ9pHlAZkU+x56cTmJzZZ5BwFya2gYhXBBMRAgAX
|
||||||
|
BQI7st1dBQsHCgMEAxUDAgMWAgECF4AACgkQk5NeAv87VPoPswCgwDDvPZfRHenT
|
||||||
|
ca1r22pCum0FSlkAniLGFmVYPIcnMMF9OxQ6wBy34oZGiQIzBBABCgAdFiEEje07
|
||||||
|
Kgm0YIzmpewHpU4nXkJI4BYFAl3Ap2EACgkQpU4nXkJI4BYFjw//Y3MtrkqtACWp
|
||||||
|
idlcLHRYpU+e17dhsZBP2afq56/B2zXFvtYnH0QyGN/YDjHMfK6Zi2Xxem7jg8ww
|
||||||
|
qH9s7eBAJUwbM6oAuhvQfdqpLCygAAep1ZKhuguSEUvJjoajqPQNjJE/aqini4Es
|
||||||
|
fnEVuK+y9L+smQvtFFx9U+PV7l6Z9WE3SFYtFvjUBL3FeaIfh36fUyj4xXR17Guj
|
||||||
|
ADtTHiWR4xElJ16NCj2VhfbE2wxoG2/SHDfHpzjW3B/pRJZOCOvJZcrtZRNqruff
|
||||||
|
8JGvLObswTlNiTn9rjc5lCPkMhnEke5i20BIymlPMlaNCE64AkkB/FDFed69b7u8
|
||||||
|
R1E1LivBL0qoXIt1s8E+UW9ADBCxwloFeHroZhDPs6Y00EK+hGSJonB1pzguVc0u
|
||||||
|
MA9v9Gfcx099KQbfuSZefBCzpkktsmulb/59WEfK1Q4oVjdmCUG3/qwmLzAilzs6
|
||||||
|
YaD75V6lp1lCON2jWod5xYSPsuvo2T0Exj4Q5MZcLVwqzH4UnmJPqdRVxWhhJEDE
|
||||||
|
qlsU+t0LCpDt4saVI5A91k5HMqFOJpX2hbLEx5OG3/gksED6FcZd1mwUVWEChjC0
|
||||||
|
L6UNqpQZi+bNAX0CxY9XeqEIMN/EhLDbmLEwUHgMC3G4hX813k23mSWHBRsa0Mik
|
||||||
|
PCXX3tRioqPNF5ALl4gOmnF6ZD+WAQeJAjMEEAEIAB0WIQTjs1jchY+zB/SBcLnL
|
||||||
|
Db68XzLIHQUCZPRnNAAKCRDLDb68XzLIHZSAD/oCk9Z0xJfbpriphTBxFy7bWyPK
|
||||||
|
F1lM1GZZaLKkktGfunf1i0Q7rhwpNu+u1launlOTp6ZoY36Ce2Qa1eSxWAQdjVaj
|
||||||
|
w9kOHXCAewrTREOMY/mb7RVGjajo0Egl8T9iD3JRyaxu2iVtbpZYuqehtGG28CaC
|
||||||
|
zmtqE+EJcx1cGqAGSuuaDWRYlVX8KDip44GQB5Lut30vwSIoZG1CPCR6VE82u4cl
|
||||||
|
3mYZUfcJkCHsiLzoeadVzb+fOd+2ybzBn8Y77ifGgM+dSFSHe03mFfcHPdp0QImF
|
||||||
|
9HQR7XI0UMZmEJsw7c2vDrRa+kRY2A4/amGn4Tahuazq8g2yqgGm3yAj49qGNarA
|
||||||
|
au849lDr7R49j73ESnNVBGJ9ShzU4Ls+S1A5gohZVu2s1fkE3mbAmoTfU4JCrpRy
|
||||||
|
dOuL9xRJk5gbL44sKeuGODNshyTPJzG9DmRHpLsBn59v8mg5tqSfBIGqcqBxxnYH
|
||||||
|
JnkK801MkaLW2m7wDmtz6P3TW86gGukzfIN3/OufLjnpN3Nx376JwWDDIyif7sn6
|
||||||
|
/q+ZMwGz9uLKZkAeM5c3Dh4ygpgliSLoV2bZzDz0iLxKWW7QOVVdWHmlEqbTldpQ
|
||||||
|
7gUEPG7mxpzVo0xd6nHncSq0M91x29It4B3fATx/iJB2eardMzSsbzHiwTg0eswh
|
||||||
|
YYGpSKZLgp4RShnVAbkCDQQ7st2BEAgAjpB0UGDf/FrWAUo9jLWKFX15J0arBZkY
|
||||||
|
m+iRax8K8fLnXzS2P+9Q04sAmt2qCUxK9681Nd7xtPrkPrjbcACwuFyH3Cr9o2qs
|
||||||
|
eiVNgAHPFGKCNxLX/9PKWfmdoZTOVVBcNV+sOTcx382uR04WPuv9jIwXT6JbCkXP
|
||||||
|
aoCMv3mLnB9VnWRYatPYCaK8TXAPWxZP8lrcUMjQ1GRTQ1vP9rRMp7iaXyItW1le
|
||||||
|
lNFvHEII92QddeBLK7V5ng2sX/BMm6/AafXZMnUQX3lpWQfEBTDT4qYsZ1zIEb4g
|
||||||
|
q4dqauyNYgBcZdX//8oDE+BS2FxxDTccyOW0Wyt2Z6flDTfhgzd46wADBQf+MAqI
|
||||||
|
gADwulmZk+e30Znj46VmnbZUB/J8M4WXg6X5xaOQsCCMAWybmCc4pxFIT/1c/GdC
|
||||||
|
qSHDv5nKBi5QyBMMn33/kgzVRAveihL6gWsNoT31Lxst457XuyRx1dwD8rzdWoP2
|
||||||
|
b3etBGdu0P7vnOoqRmf1Y0XIoJeDk/o8U901hG2VAo5zAVH2YdEtSZqlBIAzxjak
|
||||||
|
KAAtnsZWIpBxrz9NPVOBmT18kxlgZ7P4iU4/FMnGOfzT6/LCTj/B0hZKJCP7y7lH
|
||||||
|
NP2yOabvvBsxU0ZGph1b8R6Zb1nP2+LQIi8kaBs8ypy7HDx7/mWe5DoyLe4NHQ/Z
|
||||||
|
E0gCEWt1mlVIwTzFBohGBBgRAgAGBQI7st2BAAoJEJOTXgL/O1T6YsEAoLZx0XLt
|
||||||
|
4tpAC/LNwTZUrodUiOckAKC4DTRvEtC4nj5EImssVk/xmU3ax5kCDQRjJI69ARAA
|
||||||
|
wCCaKZZmZe8mmusRuoHrqeVImFo+JUTNiktszB/l97INgZCSpVGFOcc4l4Weoioy
|
||||||
|
hObJV5wnpFjhadhpiRG1XYzNYi6vNKz8lsUkFxfkIFiXU2kRkwtQShiWf4LmobDQ
|
||||||
|
sY9SXRK2cVEFQwOqK9E0k99ZKoaQ31aqq1zcAzkRlBrJmjgmRJHX3DltA7z676Ap
|
||||||
|
YEJgAkDRBXFe3zViuxZ0/MMYqtwsbePvOMkXlPmQJ8havOjZRa0mEZtDekMt11vv
|
||||||
|
1bG1qFebMFuwYVd7YZ1kzL8NU8gNOtuW0E67Ts5voZdlZiQAbDke9V9uj9+hfae6
|
||||||
|
vICrZ7eriPGVD6BetGNjUNFN+8fwHMycOvvHjZ/JlN8lCfw4ImK4F18ms51pqD74
|
||||||
|
3w0b2VvoQOkkCzEyUReTixh60aMIabx8so4BmFdi7cK9E+4/WU933d+dSEVgr9Hp
|
||||||
|
ast2WoNTo7cPWgIcxSctWvq9AIULLDVytI2BVRbIRL5vZHNIlE839AVbef8SP5Vc
|
||||||
|
V+8xjNRw3bzpxhnu4TqYTrvexvq7YOsMxVc9qqN2w8w+Q6jL/0Hjq2fUouV6JH/u
|
||||||
|
6GY1vo9dCOXMROS/fD3qJfDIb/NZuYqnt2jQArJW2YVxL+4DE7yKvSNaHGY5kwEV
|
||||||
|
BrQCCTb16ANWxUHkBBuSP2+hYKrVQPAisdsovHRgcF0AEQEAAbQlTmljayBDcmFp
|
||||||
|
Zy1Xb29kIDxuaWNrQGNyYWlnLXdvb2QuY29tPokCTgQTAQgAOBYhBOOzWNyFj7MH
|
||||||
|
9IFwucsNvrxfMsgdBQJjJI69AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
|
||||||
|
EMsNvrxfMsgdxW8QAIckFmxogPfLD6kqIoiZerqPRcz5rYBfxa7lgQkuoLaqWhCP
|
||||||
|
QR+e5Ug3bqxexkYQrTyZwqzTTgntTTWt4hSg75mgAujMQh1bsYbxcSHiLSh3Q8bO
|
||||||
|
AaX3o+ewycqKRvaVLYD7m/f8ZHgjRdwtEV3M9tVIOpa/KB51+3PM23Kx7pWP8RnT
|
||||||
|
mLhbxDCQTYE4yiLFPBIoG8NH1raLXonvLHP+wFs2OJ18fkq3DHTKK48dTRs/QyNl
|
||||||
|
/kgmuFUv/SyXDEoe9XdweNnN4N005R7bHW9iJEoV8KBFJi9/K89jokwrrRCUk1Pz
|
||||||
|
p/QXSKYLX59uqufL4LQOCtEhmVJPTQKCd4eUhvCva70efRm1fwqV/PHJDXB2Y84Q
|
||||||
|
oBPyxitFJGvBc1RsB3t1iO9IAuWnfFLYBayVGbpHseO5RdgJT/Q1hWeZTFi3vfXX
|
||||||
|
snuDSl5FcjLhDVe5rrAa/oAGki2fA7YOeK7PB0uwK7O8s2ZErDHnV99zYMVy7hnY
|
||||||
|
LhxDhic4mQ/1uJ/6mcEO+6NU4FM6EA0Bt28WTgRyOM2WnZ8xjBBmHtV4ucvmbQn1
|
||||||
|
CCZUCe6HG06l8/soaMKiCZFS0CKwed9ymhlHPp5nyD3CJw53EKdEDQAjSOxc9sI0
|
||||||
|
L5/P73ijRkOVz5xMtyxXXAnsyVa0yXo/rbzBGjKMcJeuAa1168a3ydu0gMMWiF0E
|
||||||
|
EBEIAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZPRnIgAKCRCTk14C/ztU+nDL
|
||||||
|
AJ99G+k/+uCkMnJuQazlb10HeiF4DwCgx+BNLTMkLduN9F+bqPsKq0oVsCa5Ag0E
|
||||||
|
YySOvQEQALoUUvMMNBKr7xMUVSe/lvBQUhzdthcDARdCf5m/UQoBYdyfYEA7m0x1
|
||||||
|
5fKMl2duZdT9pYTSt60LeRXiC4bJaMCl60Nb2gwPF7ko32TFLpEyRHznVeEw+ExV
|
||||||
|
OU82lOWwI6AOFwHO4hL+wgK5RXV9qgve3n30ccTvKRHpjmQSa2YD3S5pO20KRsJt
|
||||||
|
iU8nm1+e7zXGEqWvR3L4QhJtN4Xtda+Gv95lH22Y+XnHri9MNMYbXrhTrOAig1ne
|
||||||
|
5GF3goG/yps6QyoV2zdY+Zqojpi9sCtRdiwbETbp8izQNV53QBqORIILBuzZpmqJ
|
||||||
|
gSNbbFsAdJkmPfLbjx57BieF2YUvsl0DtVc8KdN6UCrhQF2CNaGdWWpJyKF6AHkE
|
||||||
|
iIt0npvlgAM8ZZ0y0WF5XqefvIEMx7DmpKZ822gvR2aTmDJzPhgFTVhelVHDJ6NS
|
||||||
|
l5FUhA+DB1U7SwFULc2VFJdDa2zrnM0T+bz5cc8mi1zazzcBklzLNpRoT0Iex2LC
|
||||||
|
+KPFmsBbObKGffvDwQkEJgBJ9FweRGLfiHOo1V4E+QwIZhoch/H5u9+2J3Hp0S/r
|
||||||
|
H6Jn97AjYZMUVZBC4rICBaIevqaIuP/Qno2hRSkccF388lLBWRW/qa8vaRpk9Xgt
|
||||||
|
8umvLmnumEKmmWxF6rHZu34ijgnaWfuunydfiu/v0kd6H5tO8h9NABEBAAGJAjYE
|
||||||
|
GAEIACAWIQTjs1jchY+zB/SBcLnLDb68XzLIHQUCYySOvQIbDAAKCRDLDb68XzLI
|
||||||
|
HcZpD/oCT20Tufzh3YvRqd7+nAziHzPoz15bkd0Y2B9wAQ4kkT4o6/vSSqpQeBAL
|
||||||
|
UVh54cTaMkyFUTr53U5rK0QyEFrwa1j6wQvHSbOhaCAVacii9n8eyELI0755eCAN
|
||||||
|
7w7mRsS05hTgKdQwn4TKnb9FvST+TMyyBcL8IPnHcmYbiX1repRlUZ5VvyWtQDO2
|
||||||
|
Z3BISWtOnMJjItQ9N8zj3KkeLVtWennroYpDEJo2qpb5Ga320Mijoh0Mm8r3uM7o
|
||||||
|
rarpfnEsUGiko++elHVbgv7iTxyfxV+ny14ROAcY6VtF8a6MUflKYnAJytD9fwGt
|
||||||
|
2+Of7CB72b3Zq47XLh7FXozqWL2zCVrU5u55NXKGaSRXmPec54RrtAF0BfGpkbHZ
|
||||||
|
W4xOS2E4IzBNf3rhh7Nj+4MCGmx7RuRzHvlkltS38ktXQmUfch8pFhLKW8byxFhu
|
||||||
|
Je3QS3vnKmA2dQzHKZDQj8uyHUUD0WQlBtaY2p7G4zFhuC+xNHDs8Xbo+NCgsmg7
|
||||||
|
8qSub42rXViT0kK9xeAKr3qKbumQqIfXHWQvamFHJeIpvrLEffhWKZc83PXpL9wY
|
||||||
|
JP/Rm0jTtKJeqD8w7rnafOi9qKyE2FgpltdWzsUSPDjqMlCgCrggqtUzTgKYl1S/
|
||||||
|
6jXcPGkEadKE/t3kelkupnlwlyVLxF7NaIrb8fAqCau0MWIh4g==
|
||||||
|
=Iv9u
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
@ -29,6 +29,9 @@ See also [Android builds](https://beta.rclone.org/{{% version %}}/testbuilds/).
|
||||||
These are built as part of the official release, but haven't been
|
These are built as part of the official release, but haven't been
|
||||||
adopted as first class builds yet.
|
adopted as first class builds yet.
|
||||||
|
|
||||||
|
See [the release signing docs](/release_signing/) for how to verify
|
||||||
|
signatures on the release.
|
||||||
|
|
||||||
## Script download and install ##
|
## Script download and install ##
|
||||||
|
|
||||||
To install rclone on Linux/macOS/BSD systems, run:
|
To install rclone on Linux/macOS/BSD systems, run:
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,9 @@ run `rclone -h`.
|
||||||
Already installed rclone can be easily updated to the latest version
|
Already installed rclone can be easily updated to the latest version
|
||||||
using the [rclone selfupdate](/commands/rclone_selfupdate/) command.
|
using the [rclone selfupdate](/commands/rclone_selfupdate/) command.
|
||||||
|
|
||||||
|
See [the release signing docs](/release_signing/) for how to verify
|
||||||
|
signatures on the release.
|
||||||
|
|
||||||
## Script installation
|
## Script installation
|
||||||
|
|
||||||
To install rclone on Linux/macOS/BSD systems, run:
|
To install rclone on Linux/macOS/BSD systems, run:
|
||||||
|
|
|
||||||
158
docs/content/release_signing.md
Normal file
158
docs/content/release_signing.md
Normal file
|
|
@ -0,0 +1,158 @@
|
||||||
|
---
|
||||||
|
title: "Release Signing"
|
||||||
|
description: "How the release is signed and how to check the signature."
|
||||||
|
---
|
||||||
|
|
||||||
|
# Release signing
|
||||||
|
|
||||||
|
The hashes of the binary artefacts of the rclone release are signed
|
||||||
|
with a public PGP/GPG key. This can be verified manually as described
|
||||||
|
below.
|
||||||
|
|
||||||
|
The same mechanism is also used by [rclone selfupdate](/commands/rclone_selfupdate/)
|
||||||
|
to verify that the release has not been tampered with before the new
|
||||||
|
update is installed. This checks the SHA256 hash and the signature
|
||||||
|
with a public key compiled into the rclone binary.
|
||||||
|
|
||||||
|
## Release signing key
|
||||||
|
|
||||||
|
You may obtain the release signing key from:
|
||||||
|
|
||||||
|
- From [KEYS](/KEYS) on this website - this file contains all past signing keys also.
|
||||||
|
- The git repository hosted on GitHub - https://github.com/rclone/rclone/blob/master/docs/content/KEYS
|
||||||
|
- `gpg --keyserver hkps://keys.openpgp.org --search nick@craig-wood.com`
|
||||||
|
- `gpg --keyserver hkps://keyserver.ubuntu.com --search nick@craig-wood.com`
|
||||||
|
- https://www.craig-wood.com/nick/pub/pgp-key.txt
|
||||||
|
|
||||||
|
After importing the key, verify that the fingerprint of one of the
|
||||||
|
keys matches: `FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA` as this key is used for signing.
|
||||||
|
|
||||||
|
We recommend that you cross-check the fingerprint shown above through
|
||||||
|
the domains listed below. By cross-checking the integrity of the
|
||||||
|
fingerprint across multiple domains you can be confident that you
|
||||||
|
obtained the correct key.
|
||||||
|
|
||||||
|
- The [source for this page on GitHub](https://github.com/rclone/rclone/blob/master/docs/content/release_signing.md).
|
||||||
|
- Through DNS `dig key.rclone.org txt`
|
||||||
|
|
||||||
|
If you find anything that doesn't not match, please contact the
|
||||||
|
developers at once.
|
||||||
|
|
||||||
|
## How to verify the release
|
||||||
|
|
||||||
|
In the release directory you will see the release files and some files called `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS`.
|
||||||
|
|
||||||
|
```
|
||||||
|
$ rclone lsf --http-url https://downloads.rclone.org/v1.63.1 :http:
|
||||||
|
MD5SUMS
|
||||||
|
SHA1SUMS
|
||||||
|
SHA256SUMS
|
||||||
|
rclone-v1.63.1-freebsd-386.zip
|
||||||
|
rclone-v1.63.1-freebsd-amd64.zip
|
||||||
|
...
|
||||||
|
rclone-v1.63.1-windows-arm64.zip
|
||||||
|
rclone-v1.63.1.tar.gz
|
||||||
|
version.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
The `MD5SUMS`, `SHA1SUMS` and `SHA256SUMS` contain hashes of the
|
||||||
|
binary files in the release directory along with a signature.
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ rclone cat --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS
|
||||||
|
-----BEGIN PGP SIGNED MESSAGE-----
|
||||||
|
Hash: SHA1
|
||||||
|
|
||||||
|
f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113 rclone-v1.63.1-freebsd-386.zip
|
||||||
|
7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e rclone-v1.63.1-freebsd-amd64.zip
|
||||||
|
...
|
||||||
|
66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73 rclone-v1.63.1-windows-amd64.zip
|
||||||
|
bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0 rclone-v1.63.1-windows-arm64.zip
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iF0EARECAB0WIQT79zfs6firGGBL0qyTk14C/ztU+gUCZLVKJQAKCRCTk14C/ztU
|
||||||
|
+pZuAJ0XJ+QWLP/3jCtkmgcgc4KAwd/rrwCcCRZQ7E+oye1FPY46HOVzCFU3L7g=
|
||||||
|
=8qrL
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
|
```
|
||||||
|
|
||||||
|
### Download the files
|
||||||
|
|
||||||
|
The first step is to download the binary and SUMs file and verify that
|
||||||
|
the SUMs you have downloaded match. Here we download
|
||||||
|
`rclone-v1.63.1-windows-amd64.zip` - choose the binary (or binaries)
|
||||||
|
appropriate to your architecture. We've also chosen the `SHA256SUMS`
|
||||||
|
as these are the most secure. You could verify the other types of hash
|
||||||
|
also for extra security. `rclone selfupdate` verifies just the
|
||||||
|
`SHA256SUMS`.
|
||||||
|
|
||||||
|
```
|
||||||
|
$ mkdir /tmp/check
|
||||||
|
$ cd /tmp/check
|
||||||
|
$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:SHA256SUMS .
|
||||||
|
$ rclone copy --http-url https://downloads.rclone.org/v1.63.1 :http:rclone-v1.63.1-windows-amd64.zip .
|
||||||
|
```
|
||||||
|
|
||||||
|
### Verify the signatures
|
||||||
|
|
||||||
|
First verify the signatures on the SHA256 file.
|
||||||
|
|
||||||
|
Import the key. See above for ways to verify this key is correct.
|
||||||
|
|
||||||
|
```
|
||||||
|
$ gpg --keyserver keyserver.ubuntu.com --receive-keys FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
|
||||||
|
gpg: key 93935E02FF3B54FA: public key "Nick Craig-Wood <nick@craig-wood.com>" imported
|
||||||
|
gpg: Total number processed: 1
|
||||||
|
gpg: imported: 1
|
||||||
|
```
|
||||||
|
|
||||||
|
Then check the signature:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ gpg --verify SHA256SUMS
|
||||||
|
gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
|
||||||
|
gpg: using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
|
||||||
|
gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
|
||||||
|
```
|
||||||
|
|
||||||
|
Verify the signature was good and is using the fingerprint shown above.
|
||||||
|
|
||||||
|
Repeat for `MD5SUMS` and `SHA1SUMS` if desired.
|
||||||
|
|
||||||
|
### Verify the hashes
|
||||||
|
|
||||||
|
Now that we know the signatures on the hashes are OK we can verify the
|
||||||
|
binaries match the hashes, completing the verification.
|
||||||
|
|
||||||
|
```
|
||||||
|
$ sha256sum -c SHA256SUMS 2>&1 | grep OK
|
||||||
|
rclone-v1.63.1-windows-amd64.zip: OK
|
||||||
|
```
|
||||||
|
|
||||||
|
Or do the check with rclone
|
||||||
|
|
||||||
|
```
|
||||||
|
$ rclone hashsum sha256 -C SHA256SUMS rclone-v1.63.1-windows-amd64.zip
|
||||||
|
2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 0
|
||||||
|
2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 1
|
||||||
|
2023/09/11 10:53:58 NOTICE: SHA256SUMS: improperly formatted checksum line 49
|
||||||
|
2023/09/11 10:53:58 NOTICE: SHA256SUMS: 4 warning(s) suppressed...
|
||||||
|
= rclone-v1.63.1-windows-amd64.zip
|
||||||
|
2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 0 differences found
|
||||||
|
2023/09/11 10:53:58 NOTICE: Local file system at /tmp/check: 1 matching files
|
||||||
|
```
|
||||||
|
|
||||||
|
### Verify signatures and hashes together
|
||||||
|
|
||||||
|
You can verify the signatures and hashes in one command line like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ gpg --decrypt SHA256SUMS | sha256sum -c --ignore-missing
|
||||||
|
gpg: Signature made Mon 17 Jul 2023 15:03:17 BST
|
||||||
|
gpg: using DSA key FBF737ECE9F8AB18604BD2AC93935E02FF3B54FA
|
||||||
|
gpg: Good signature from "Nick Craig-Wood <nick@craig-wood.com>" [ultimate]
|
||||||
|
gpg: aka "Nick Craig-Wood <nick@memset.com>" [unknown]
|
||||||
|
rclone-v1.63.1-windows-amd64.zip: OK
|
||||||
|
```
|
||||||
Loading…
Add table
Reference in a new issue