I would like to download OpenSnitch package from GitHub (.deb file), but I can't seem to find any way to verify that file for authenticity. There is no checksum or .asc files available to check the hash or the signature. How can I verify a downloaded file from GitHub?
https://github.com/evilsocket/opensnitch
GitHub Packages Verification
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: GitHub Packages Verification
GitHub does offer signed commits but the author doesn't seem to be taking advantage of that, which is unfortunate. As such I would recommend cloning the repository and building the .debs locally instead:
Be careful with that --autoremove option though, it might try to uninstall most of your desktop if you've been removing metapackages.
Code: Select all
git clone https://github.com/evilsocket/opensnitch
cd opensnitch
apt install devscripts
mk-build-deps --install --remove
rm opensnitch-build-deps*
debuild -us -uc
apt install ../opensnitch*.deb
apt purge --autoremove devscripts opensnitch-build-deps
deadbang
Re: GitHub Packages Verification
When I run , it's looking for a control file | package name. I am executing this command from opensnitch directory. What file or package name should I specify?
Code: Select all
mk-build-deps --install --remove
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: GitHub Packages Verification
Oh dear, my apologies SubZero — I glanced at the page and misread the "daemon" directory as "debian", which is pretty silly. Looks like that repository doesn't contain the Debian packaging details.
deadbang
Re: GitHub Packages Verification
No worries. As always, I appreciate your assistance. Thank you Sir!