diff --git a/1_file_verification/7.png b/1_file_verification/7.png new file mode 100644 index 0000000..3a360e0 Binary files /dev/null and b/1_file_verification/7.png differ diff --git a/1_file_verification/index.md b/1_file_verification/index.md index e4d954f..4eef13f 100644 --- a/1_file_verification/index.md +++ b/1_file_verification/index.md @@ -1,6 +1,6 @@ --- author: Doctor Dev -date: 2025-05-17 +date: 2025-05-22 gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/310" xmr: 89g3MMq1mo9C5C4vDisyAoCU5GuukXJ2FedUwyLXJWpmTsKHdi1rCPZaeT1d9V4NViTTXyaL9qtKzSbVdKGdEghhCH5oRiT --- @@ -202,7 +202,7 @@ In this game its all about who has the better chances, no such thing as 100%, th - Key Transparency - This basically mean publishing your key so others will know exactly what key belongs to who, protects against social engineering, phishing, etc. -- building projects - Taking the source code and building your own program, this is completely the best zero thrust policy existing for software(especially if you know programming languages). +- building projects - Taking the source code and building your own program, this is completely the best zero trust policy existing for software(especially if you know programming languages). check this post to know more diff --git a/compilation/index.md b/compilation/index.md index d76db70..166b92e 100644 --- a/compilation/index.md +++ b/compilation/index.md @@ -190,42 +190,4 @@ Then we can click the "save" icon to save the image somewhere: ![](7.png) -## **How to verify software integrity** - -Now Bob isn't going to compile everything, he doesn't have that patience. the next best thing is to download the pre-compiled binaries and to check the hash: - -![](8.png) - -Here in this case, the appimage flameshot binary has been released along with the sha256 algorithm hash, so Bob downlads both: - - - [ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest] - → wget https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage - --2024-06-28 14:31:09-- https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage - - [ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest] - → wget https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage.sha256sum - --2024-06-28 14:32:26-- https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage.sha256sum - - - -Next, to check the integrity of the appimage file, we check the hash that we've downloaded: - - - [ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest] - → cat Flameshot-12.1.0.x86_64.AppImage.sha256sum - c30634c84161f09e8dde74c76367b1ce848414bb1cc269c2a2715f6803220738 Flameshot-12.1.0.x86_64.AppImage - - - -and compare it to the hash we get when using the sha256sum command on the flameshot appimage: - - - [ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest] - → sha256sum Flameshot-12.1.0.x86_64.AppImage - c30634c84161f09e8dde74c76367b1ce848414bb1cc269c2a2715f6803220738 Flameshot-12.1.0.x86_64.AppImage - - - -Here we see that the sha256 hash we get from the flameshot appimage binary is the same as the hash that was put online by the flameshot developers. This means that the binary didn't get tampered with from the original release, to having it inside Bob's debian VM. Hence, Bob can now use the flameshot appimage binary with peace of mind! - +More about file and software verification can be found in this post \ No newline at end of file