C Crash Course A Fast-Paced Introduction by Josh Lospinoso
sudo apt update && sudo apt upgrade 3. From one of the available mirrors at https://gcc.gnu.org/mirrors.html,
download the files gcc-8.1.0.tar.gz and gcc-8.1.0.tar.gz.sig. These files
can be found in releases/gcc-8.1.0.
4. (Optional) Verify the integrity of the package. First, import the rel-
evant GnuPG keys. You can find these listed on the mirrors site. For
example:
$
gpg --keyserver keyserver.ubuntu.com --recv C3C45C06 gpg: requesting key C3C45C06 from hkp server keyserver.ubuntu.com
gpg: key C3C45C06: public key "Jakub Jelinek " imported
gpg: key C3C45C06: public key "Jakub Jelinek " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 2
gpg: imported: 2 (RSA: 1)
Verify what you downloaded:
$
gpg --verify gcc-8.1.0.tar.gz.sig gcc-8.1.0.tar.gz gpg: Signature made Wed 02 May 2018 06:41:51 AM DST using DSA key ID
C3C45C06
gpg: Good signature from "Jakub Jelinek "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 33C2 35A3 4C46 AA3F FB29 3709 A328 C3A2 C3C4
5C06
The warnings you see mean that I haven’t marked the signer’s cer-
tificate as trusted on my machine. To verify that the signature belongs
to the owner, you’ll need to verify the signing key using some other
means (for example, by meeting the owner in person or by verifying
the primary key fingerprint out of band). For more information about
GNU Privacy Guard (GPG), refer to PGP & GPG: Email for the Practical Paranoid by Michael W. Lucas or browse to https://gnupg.org/download /integrity_check.html for specific information about GPG’s integrity-
checking facilities.
5. Decompress the package (this command might take a few minutes):
$