# 使用 Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper 安装 minisign

查看 minisign 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

## 安装

```sh
sudo av install brew:minisign
```

其他安装命令:

### macOS

- Homebrew (100%):

```sh
brew install minisign
```

  证据: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install minisign
```

  证据: MacPorts ports tree: security/minisign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add minisign
```

  证据: Alpine Linux edge package indexes: minisign from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install minisign
```

  证据: Debian stable package indexes: minisign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install minisign
```

  证据: Fedora Rawhide package metadata: minisign from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#minisign
```

  证据: nixpkgs package indexes: pkgs/by-name/mi/minisign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S minisign
```

  证据: Arch Linux sync databases: minisign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install minisign
```

  证据: openSUSE Tumbleweed package metadata: minisign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Scoop (92%):

```sh
scoop install main/minisign
```

  证据: Scoop official bucket manifest trees: bucket/minisign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id jedisct1.minisign -e
```

  证据: Windows Package Manager source index: jedisct1.minisign from https://cdn.winget.microsoft.com/cache/source.msix

## 软件包事实

- **软件包键:** brew:minisign
- **软件包管理器:** Homebrew
- **软件包管理器页面:** <https://formulae.brew.sh/formula/minisign>
- **版本:** 0.12
- **来源摘要:** Sign files & verify signatures. Works with signify in OpenBSD
- **主页:** <https://jedisct1.github.io/minisign/>
- **仓库:** <https://github.com/jedisct1/minisign>
- **上游文档:** <https://jedisct1.github.io/minisign>
- **许可证:** ISC
- **源码归档:** <https://github.com/jedisct1/minisign/archive/refs/tags/0.12.tar.gz>
- **已生成:** 2026-07-08T18:08:21+00:00

## 可执行文件

- minisign (cli)
- minisign (别名)

## 依赖

- libsodium

## 构建依赖

- cmake
- pkgconf

## 安装行为

- post-install 钩子: 未定义
- Bottle: 可用 于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## 版本和新鲜度

- 页面生成时间: 2026-07-08
- 管理器版本: 0.12
- 本地数据: OK
- 上游仓库: https://github.com/jedisct1/minisign
- 检测到的最新版本: 0.12 (当前)
- 信息: No package-manager update timestamp was available.
## 项目历史与用法

Minisign is Frank Denis's portable file-signing and signature-verification tool. It follows the same broad idea as OpenBSD signify: keep release signing small, scriptable, and based on public-key signatures rather than a large certificate or web-of-trust system. The project page describes it as lightweight and built around Ed25519 keys; Homebrew summarizes the package as a tool to sign files and verify signatures that works with OpenBSD signify.

### 项目历史

Operationally, minisign creates a key pair, signs one or more files into .minisig signature files, and verifies a file using either a public-key file or a public key supplied directly on the command line. A notable part of its format is the trusted comment, which can bind metadata such as filenames, resource identifiers, timestamps, or version numbers to the signature and helps prevent downgrade-style mistakes. Its documented signature format moved toward pre-hashed Ed25519 signatures using Blake2b-512, while retaining awareness of a legacy non-prehashed format.

### 使用方式

Minisign's ecosystem role is release-integrity plumbing: projects can publish a small public key and detached signatures without adopting a heavier package-signing infrastructure. Its packaging footprint in the input record spans Homebrew, Alpine, Debian, Fedora, MacPorts, Nix, Arch, Scoop, Ubuntu, WinGet, and openSUSE, which fits that role as a small security utility expected to be present across many operating systems.

### 来源

- <https://formulae.brew.sh/formula/minisign>
- <https://jedisct1.github.io/minisign/>


## 安全说明

narrow executable package without higher-risk signals.

- **Geiger 风险:** 绿色 / 低
- narrow executable package without higher-risk signals

## 源数据库详情

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** minisign
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## 其他软件包管理器记录

- Debian apt - minisign - 0.12-1: normalized package name match | Debian stable package indexes: minisign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Dead simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- Nix - minisign: normalized package name match | nixpkgs package indexes: pkgs/by-name/mi/minisign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - minisign - 0.11-1: normalized package name match | Ubuntu 24.04 LTS package indexes: minisign from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Dead simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- apk - minisign - 0.12-r2: normalized package name match | Alpine Linux edge package indexes: minisign from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- apk - minisign-doc - 0.12-r2: normalized package name match | Alpine Linux edge package indexes: minisign-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Simple tool to sign files and verify signatures (documentation) | https://jedisct1.github.io/minisign/
- dnf - minisign - 0.12-3.fc44: normalized package name match | Fedora Rawhide package metadata: minisign from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | A dead simple tool to sign files and verify digital signatures | https://github.com/jedisct1/minisign
- pacman - minisign - 0.12-2: normalized package name match | Arch Linux sync databases: minisign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | A dead-simple tool to sign files and verify digital signatures | https://github.com/jedisct1/minisign
- zypper - minisign - 0.12-2.3: normalized package name match | openSUSE Tumbleweed package metadata: minisign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | A dead simple tool to sign files and verify signatures | https://jedisct1.github.io/minisign/
- MacPorts - minisign: normalized package name match | MacPorts ports tree: security/minisign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/minisign: normalized package name match | Scoop official bucket manifest trees: bucket/minisign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- winget - jedisct1.minisign: normalized package name match | Windows Package Manager source index: jedisct1.minisign from https://cdn.winget.microsoft.com/cache/source.msix


## 相关链接

- [Source-control packages](https://www.automicvault.com/zh-hans/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/zh-hans/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/zh-hans/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/zh-hans/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [cmake](https://www.automicvault.com/zh-hans/pkg/brew/cmake/) - Build dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/zh-hans/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [minizign](https://www.automicvault.com/zh-hans/pkg/brew/minizign/) - Shares av.db curated category or tags: cli, cryptography, digital-signatures, security, signature-verification.
- [sequoia-chameleon-gnupg](https://www.automicvault.com/zh-hans/pkg/brew/sequoia-chameleon-gnupg/) - Shares av.db curated category or tags: cli, cryptography, security, signature-verification.
- [sequoia-sqv](https://www.automicvault.com/zh-hans/pkg/brew/sequoia-sqv/) - Shares av.db curated category or tags: cli, cryptography, security, signature-verification.
- [aescrypt](https://www.automicvault.com/zh-hans/pkg/brew/aescrypt/) - Shares av.db curated category or tags: cli, cryptography, security.
- [aespipe](https://www.automicvault.com/zh-hans/pkg/brew/aespipe/) - Shares av.db curated category or tags: cli, cryptography, security.
- [age](https://www.automicvault.com/zh-hans/pkg/brew/age/) - Shares av.db curated category or tags: cli, cryptography, security.
- [age-plugin-se](https://www.automicvault.com/zh-hans/pkg/brew/age-plugin-se/) - Shares av.db curated category or tags: cli, cryptography, security.
- [age-plugin-yubikey](https://www.automicvault.com/zh-hans/pkg/brew/age-plugin-yubikey/) - Shares av.db curated category or tags: cli, cryptography, security.
- [minisign](https://www.automicvault.com/zh-hans/pkg/npm/minisign/) - Same normalized package name appears in another local ecosystem. Shared terms: cli, cryptography, minisign, security, signatures.
- [signify-osx](https://www.automicvault.com/zh-hans/pkg/brew/signify-osx/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, cryptography, files, openbsd, security.
- [minisign](https://www.automicvault.com/zh-hans/pkg/npm/minisign/) - Same normalized package name in another local ecosystem.

## Combined YAML source

View the package source record on GitHub. [combined/minisign.yml](https://github.com/automic-vault/db/blob/main/combined/minisign.yml)


## 来源

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
