I am very new to linux platform and I want to extract gnutls for ubuntu. If I do,
$ls
then, it will show these files below.
gnutls-3.2.1.tar.lz
gnutls-3.2.1.tar.lz.sig
gnutls-3.2.1.tar.xz
gnutls-3.2.1.tar.xz.sig
When I give command,
$ tar -xvf gnutls-3.2.1.tar.xz
I get output,
tar: xz: Cannot exec: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Exiting with failure status due to previous errors
I want to extract these files.
- Why there are two types of formats given? - xz and lz
- Why there are signature files? - .sig
How to verify it? I tried to verification by
gpgv <filename>.sig
command, it says public key is not found.
- I need a separate utility package? I saw one, 'xz-utils_4.999' but it is beta.
http://manpages.ubuntu.com/manpages/lucid/man1/xz.1.html
- Any other stable utility package? From where and how can I download it?
Why there are two types of formats given? - xz and lz
Only for convenience, so that people can download the one for which they have appropriate tools available/installed. Remember that most 'linux' libraries are intended for use on other unix-like platforms also (e.g. the BSDs, Solaris, AIX, OSX even). It cannot be assumed that more recent tools like xz are readily available in every platform.
I need a separate utility package?
Yes, the error message from tar is telling you that it cannot find the xz command:
tar: xz: Cannot exec: No such file or directory
You identified correctly the package to install, xz-utils
. If you tried to extract the .lz archive, it would comlain that it cannot find lzip
instead (and you would install the lzip package).
There's not much difference, lzip is the older LZMA standard, xz is the newer LZMA2. The label 'beta' is always subjective. In this context I would not worry!
Why there are signature files?
So that people can be sure the archive they downloaded was published by the person they expect. It is to guard against the possibility that a hacker could gain access to the site (or a mirror) then add some malicious code to the sources in the archive.
How to verify it?
You got that command fine, but what you need to understand is that you have to tell GnuPG which keys you trust. Typically, you would take the public key (usually .asc or .txt) files published by the author(s) and import them to your gpg keyring. On the GnuTLS downloads page:
All the releases are signed with Nikos' or Simon's OpenPGP key.
So you could do something like:
wget -O- http://josefsson.org/key.txt | gpg --import
wget -O- http://members.hellug.gr/nmav/pgpkeys.asc | gpg --import
Another way is when people publish only their RSA Key ID, which can be imported from commonly known gpg keyservers. For example, you could import my public key like this:
gpg --recv-key 15C4D63E
For most default gpg configurations, that should obtain the specified key from a public keyserver (probably keys.gnupg.net).
Afterwards, gpg should report a 'good signature' from either of those authors, but expect it still to show a warning:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
This just means that there exists no chain of trust (based on the keys you have marked as trusted in your keyring) to say that this is the correct key for the named person. It could be the key of a hacker instead.
At some point you have to be confident that the key you obtain came from the right person, but exactly what to trust and when is something for each person to research and decide for themselves, based on your own level of paranoia, or current purposes.
Personally, I do not bother to verify source archives unless I am planning to redistribute something built from them.
tar --lzip -xvf gmp-5.1.2.tar.lz
Worked for me
As mentioned below in the comments, you might have to install the library before the command will work:
sudo apt-get install lzip
You can resolve with:
# The lzip page is: http://lzip.nongnu.org/lzip.html
# Download the lzip:
wget http://download.savannah.gnu.org/releases/lzip/lzip-1.15.tar.gz
# decompress:
tar xvf lzip-1.15.tar.gz
cd lzip-1.15
# configure / build
./configure --prefix=/usr
make
# install
sudo make install
# now you can unzip with
tar xvf gmp-5.1.3.tar.lz
First to extract xz files, you need install xz-utils. If are in debian or ubuntu:
sudo apt-get install xz-utils
Now you can extract files using:
tar -xJf file_name.xz
LZIP is available in Cygwin. You may install lzip (from Archive branch in cygwin's setup) and tar (from Base branch). After that you can do
tar --lzip -xvf your_file.tar.lz
Worked for me.
For tar.lz, if your tar doesn't support --lzip
tar xf filename.tar.lz --use-compress-program lrunzip