2023-03-15
https://nodejs.org/en/download/ Latest LTS Version: 18.15.0 (includes npm 9.5.0)
https://github.com/nodejs/node/releases/tag/v18.15.0
https://nodejs.org/dist/v18.15.0/ SHASUMS for release files
How to verify https://github.com/nodejs/node#verifying-binaries
C:\Temp\DevTools>curl -O https://nodejs.org/dist/v18.15.0/SHASUMS256.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
C:\Temp\DevTools>curl -O https://nodejs.org/dist/v18.15.0/SHASUMS256.txt.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
C:\Downloads>CertUtil -hashfile node-v18.15.0-x64.msi sha256
SHA256 hash of node-v18.15.0-x64.msi:
36de8d8fecd0920175ed6e61266934f3469888990f0cc54238e50437490515d5
CertUtil: -hashfile command completed successfully.
Search the hashsum result from CertUtil against the value in SHASUMS256.txt
%USERPROFILE%\Downloads>gpg --keyserver hkps://keys.openpgp.org --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C
gpg: key D7062848A1AB005C: public key "Beth Griggs <bethanyngriggs@gmail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
%USERPROFILE%\Downloads>gpg --list-key
%USERPROFILE%\AppData\Roaming\gnupg\pubring.kbx
------------------------------------------------
pub rsa4096 2015-04-06 [SC]
7ED10B6531D7C8E1BC296021FC624643487034E5
uid [ unknown] Steve Dower (Python Release Signing) <steve.dower@microsoft.com>
sub rsa4096 2015-04-06 [E]
pub rsa2048 2018-03-26 [SC] [expires: 2025-12-31]
4ED778F539E3634C779C87C6D7062848A1AB005C
uid [ unknown] Beth Griggs <bethanyngriggs@gmail.com>
uid [ unknown] Beth Griggs <Bethany.Griggs@uk.ibm.com>
uid [ unknown] Beth Griggs <bgriggs@redhat.com>
sub rsa2048 2018-03-26 [E] [expires: 2025-03-09]
%USERPROFILE%\Downloads>gpg --verify SHASUMS256.txt.sig SHASUMS256.txt
gpg: Signature made 3/7/2023 12:01:57 PM Pacific Standard Time
gpg: using RSA key 4ED778F539E3634C779C87C6D7062848A1AB005C
gpg: Good signature from "Beth Griggs <bethanyngriggs@gmail.com>" [unknown]
gpg: aka "Beth Griggs <Bethany.Griggs@uk.ibm.com>" [unknown]
gpg: aka "Beth Griggs <bgriggs@redhat.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4ED7 78F5 39E3 634C 779C 87C6 D706 2848 A1AB 005C
No comments:
Post a Comment