Installazione¶

Windows o macOS¶

Puoi scaricare OnionShare per Windows e macOS dal sito web di OnionShare.

Linux¶

There are various ways to install OnionShare for Linux, but the recommended way is to use either the Flatpak or the Snap package. Flatpak and Snap ensure that you’ll always use the newest version and run OnionShare inside of a sandbox.

Snap support is built-in to Ubuntu and Fedora comes with Flatpak support, but which you use is up to you. Both work in all Linux distributions.

Installa OnionShare usando Flatpak: https://flathub.org/apps/details/org.onionshare.OnionShare

Install OnionShare using Snap: https://snapcraft.io/onionshare

You can also download and install PGP-signed .flatpak or .snap packages from https://onionshare.org/dist/ if you prefer.

Command-line only¶

You can install just the command line version of OnionShare on any operating system using the Python package manager pip. See Interfaccia della riga di comando for more information.

Verifica delle firme PGP¶

Puoi verificare che il pacchetto scaricato sia legittimo e non sia stato manomesso verificando la sua firma PGP. Per Windows e macOS, questo passaggio è facoltativo e fornisce una difesa maggiore: i file binari di OnionShare includono firme specifiche del sistema operativo e se lo vuoi puoi semplicemente fare affidamento solo su quelle.

Signing key¶

I pacchetti sono firmati da Micah Lee, lo sviluppatore principale, utilizzando la sua chiave pubblica PGP con impronta digitale 927F419D7EC82C2F149C1BD1403C2657CD994F73. Puoi scaricare la chiave di Micah dal server delle chiavi keys.openpgp.org.

Per verificare le firme, è necessario che tu abbia installato GnuPG. Per macOS è probabilmente necessario GPGTools, e per Windows è probabilmente necessario Gpg4win.

Firme¶

You can find the signatures (as .asc files), as well as Windows, macOS, Flatpak, Snap, and source packages, at https://onionshare.org/dist/ in the folders named for each version of OnionShare. You can also find them on the GitHub Releases page.

Verifica in corso¶

Once you have imported Micah’s public key into your GnuPG keychain, downloaded the binary and and .asc signature, you can verify the binary for macOS in a terminal like this:

gpg --verify OnionShare-2.2.pkg.asc OnionShare-2.2.pkg

Oppure, per Windows, in un prompt dei comandi come questo:

gpg.exe --verify onionshare-2.2-setup.exe.asc onionshare-2.2-setup.exe

Il risultato atteso somiglia a questo:

gpg: Signature made Tue 19 Feb 2019 09:25:28 AM AEDT using RSA key ID CD994F73
gpg: Good signature from "Micah Lee <micah@micahflee.com>"
gpg:                 aka "Micah Lee <micah@firstlook.org>"
gpg:                 aka "Micah Lee <micah@freedom.press>"
gpg:                 aka "Micah Lee <micah.lee@firstlook.org>"
gpg:                 aka "Micah Lee <micah.lee@theintercept.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 927F 419D 7EC8 2C2F 149C  1BD1 403C 2657 CD99 4F73

If you don’t see Good signature from, there might be a problem with the integrity of the file (malicious or otherwise), and you should not install the package. (The WARNING: shown above, is not a problem with the package, it only means you haven’t defined a level of «trust» of Micah’s PGP key.)

If you want to learn more about verifying PGP signatures, the guides for Qubes OS and the Tor Project may be useful.