Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

GitHub Packages Verification

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
SubZero
Posts: 22
Joined: 2022-07-13 04:00

GitHub Packages Verification

#1 Post by SubZero »

I would like to download OpenSnitch package from GitHub (.deb file), but I can't seem to find any way to verify that file for authenticity. There is no checksum or .asc files available to check the hash or the signature. How can I verify a downloaded file from GitHub?

https://github.com/evilsocket/opensnitch

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: GitHub Packages Verification

#2 Post by Head_on_a_Stick »

GitHub does offer signed commits but the author doesn't seem to be taking advantage of that, which is unfortunate. As such I would recommend cloning the repository and building the .debs locally instead:

Code: Select all

git clone https://github.com/evilsocket/opensnitch
cd opensnitch
apt install devscripts
mk-build-deps --install --remove
rm opensnitch-build-deps*
debuild -us -uc
apt install ../opensnitch*.deb
apt purge --autoremove devscripts opensnitch-build-deps
Be careful with that --autoremove option though, it might try to uninstall most of your desktop if you've been removing metapackages.
deadbang

SubZero
Posts: 22
Joined: 2022-07-13 04:00

Re: GitHub Packages Verification

#3 Post by SubZero »

When I run

Code: Select all

mk-build-deps --install --remove
, it's looking for a control file | package name. I am executing this command from opensnitch directory. What file or package name should I specify?

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: GitHub Packages Verification

#4 Post by Head_on_a_Stick »

Oh dear, my apologies SubZero — I glanced at the page and misread the "daemon" directory as "debian", which is pretty silly. Looks like that repository doesn't contain the Debian packaging details.
deadbang

SubZero
Posts: 22
Joined: 2022-07-13 04:00

Re: GitHub Packages Verification

#5 Post by SubZero »

No worries. As always, I appreciate your assistance. Thank you Sir!

Post Reply