libxml2: version: "2.10.3" sha256: "5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c" # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.10/libxml2-2.10.3.sha256sum libxslt: version: "1.1.37" sha256: "3a4b27dc8027ccd6146725950336f1ec520928f320f144eb5fa7990ae6123ab4" # sha-256 hash provided in https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.37.sha256sum zlib: version: "1.2.13" sha256: "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" # SHA-256 hash provided on http://zlib.net/ libiconv: version: "1.17" sha256: "8f74213b56238c85a50a5329f77e06198771e70dd9a739779f4c02f65d971313" # signature verified by following this path: # - release announced at https://savannah.gnu.org/forum/forum.php?forum_id=10175 # - which links to https://savannah.gnu.org/users/haible as the releaser # - which links to https://savannah.gnu.org/people/viewgpg.php?user_id=1871 as the gpg key # # So: # - wget -q -O - https://savannah.gnu.org/people/viewgpg.php?user_id=1871 | gpg --import # gpg: key F5BE8B267C6A406D: 1 signature not checked due to a missing key # gpg: key F5BE8B267C6A406D: public key "Bruno Haible (Open Source Development) " imported # gpg: Total number processed: 1 # gpg: imported: 1 # gpg: marginals needed: 3 completes needed: 1 trust model: pgp # gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u # gpg: next trustdb check due at 2024-05-09 # - gpg --verify libiconv-1.17.tar.gz.sig ports/archives/libiconv-1.17.tar.gz # gpg: Signature made Sun 15 May 2022 11:26:42 AM EDT # gpg: using RSA key 9001B85AF9E1B83DF1BDA942F5BE8B267C6A406D # gpg: Good signature from "Bruno Haible (Open Source Development) " [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 9001 B85A F9E1 B83D F1BD A942 F5BE 8B26 7C6A 406D # # And this sha256sum is calculated from that verified tarball.