forked from sparklemotion/nokogiri
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dependencies.yml
41 lines (38 loc) · 2.13 KB
/
dependencies.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
libxml2:
version: "2.10.3"
sha256: "5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c"
# sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.10/libxml2-2.10.3.sha256sum
libxslt:
version: "1.1.37"
sha256: "3a4b27dc8027ccd6146725950336f1ec520928f320f144eb5fa7990ae6123ab4"
# sha-256 hash provided in https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.37.sha256sum
zlib:
version: "1.2.13"
sha256: "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30"
# SHA-256 hash provided on http://zlib.net/
libiconv:
version: "1.17"
sha256: "8f74213b56238c85a50a5329f77e06198771e70dd9a739779f4c02f65d971313"
# signature verified by following this path:
# - release announced at https://savannah.gnu.org/forum/forum.php?forum_id=10175
# - which links to https://savannah.gnu.org/users/haible as the releaser
# - which links to https://savannah.gnu.org/people/viewgpg.php?user_id=1871 as the gpg key
#
# So:
# - wget -q -O - https://savannah.gnu.org/people/viewgpg.php?user_id=1871 | gpg --import
# gpg: key F5BE8B267C6A406D: 1 signature not checked due to a missing key
# gpg: key F5BE8B267C6A406D: public key "Bruno Haible (Open Source Development) <bruno@clisp.org>" imported
# gpg: Total number processed: 1
# gpg: imported: 1
# gpg: marginals needed: 3 completes needed: 1 trust model: pgp
# gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u
# gpg: next trustdb check due at 2024-05-09
# - gpg --verify libiconv-1.17.tar.gz.sig ports/archives/libiconv-1.17.tar.gz
# gpg: Signature made Sun 15 May 2022 11:26:42 AM EDT
# gpg: using RSA key 9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D
# gpg: Good signature from "Bruno Haible (Open Source Development) <bruno@clisp.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9001 B85A F9E1 B83D F1BD A942 F5BE 8B26 7C6A 406D
#
# And this sha256sum is calculated from that verified tarball.