Wednesday, March 15, 2023

Node.js JavaScript runtime LTS Version: 18.15.0 (includes npm 9.5.0)

2023-03-15
https://nodejs.org/en/download/ Latest LTS Version: 18.15.0 (includes npm 9.5.0)
https://github.com/nodejs/node/releases/tag/v18.15.0
https://nodejs.org/dist/v18.15.0/ SHASUMS for release files

How to verify https://github.com/nodejs/node#verifying-binaries

C:\Temp\DevTools>curl -O https://nodejs.org/dist/v18.15.0/SHASUMS256.txt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

C:\Temp\DevTools>curl -O https://nodejs.org/dist/v18.15.0/SHASUMS256.txt.asc
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.

C:\Downloads>CertUtil -hashfile node-v18.15.0-x64.msi sha256
SHA256 hash of node-v18.15.0-x64.msi:
36de8d8fecd0920175ed6e61266934f3469888990f0cc54238e50437490515d5
CertUtil: -hashfile command completed successfully.

Search the hashsum result from CertUtil against the value in SHASUMS256.txt

%USERPROFILE%\Downloads>gpg --keyserver hkps://keys.openpgp.org --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C
gpg: key D7062848A1AB005C: public key "Beth Griggs <bethanyngriggs@gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

%USERPROFILE%\Downloads>gpg --list-key
%USERPROFILE%\AppData\Roaming\gnupg\pubring.kbx
------------------------------------------------
pub   rsa4096 2015-04-06 [SC]
      7ED10B6531D7C8E1BC296021FC624643487034E5
uid           [ unknown] Steve Dower (Python Release Signing) <steve.dower@microsoft.com>
sub   rsa4096 2015-04-06 [E]

pub   rsa2048 2018-03-26 [SC] [expires: 2025-12-31]
      4ED778F539E3634C779C87C6D7062848A1AB005C
uid           [ unknown] Beth Griggs <bethanyngriggs@gmail.com>
uid           [ unknown] Beth Griggs <Bethany.Griggs@uk.ibm.com>
uid           [ unknown] Beth Griggs <bgriggs@redhat.com>
sub   rsa2048 2018-03-26 [E] [expires: 2025-03-09]

%USERPROFILE%\Downloads>gpg --verify SHASUMS256.txt.sig SHASUMS256.txt
gpg: Signature made 3/7/2023 12:01:57 PM Pacific Standard Time
gpg:                using RSA key 4ED778F539E3634C779C87C6D7062848A1AB005C
gpg: Good signature from "Beth Griggs <bethanyngriggs@gmail.com>" [unknown]
gpg:                 aka "Beth Griggs <Bethany.Griggs@uk.ibm.com>" [unknown]
gpg:                 aka "Beth Griggs <bgriggs@redhat.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4ED7 78F5 39E3 634C 779C  87C6 D706 2848 A1AB 005C

No comments:

Post a Comment

How to recognize a fake Geek Squad renewal scam | Consumer Advice

Except from  https://consumer.ftc.gov/consumer-alerts/2022/10/how-recognize-fake-geek-squad-renewal-scam Scammers are at it ag...