Skip to content

Extended FAQ zh HK

ArchiBot edited this page Aug 31, 2021 · 21 revisions

ๅธธ่ฆ‹ๅ•้กŒๆ“ดๅฑ•

ๆˆ‘ๅ€‘็š„ๅธธ่ฆ‹ๅ•้กŒๆ“ดๅฑ•ๆถต่“‹ไบ†ๆ‚จๅฏ่ƒฝ้‡ๅˆฐ็š„ไธ€ไบ›ไธๅธธ่ฆ‹็š„ๅ•้กŒๅ’Œ็ญ”ๆกˆใ€‚ ๆœ‰้—œๆ›ดๅธธ่ฆ‹็š„ไบ‹้ …๏ผŒ่ซ‹่จชๅ•ๆˆ‘ๅ€‘็š„**ๅธธ่ฆ‹ๅ•้กŒๅŸบ็คŽ**ใ€‚


่ชฐๅ‰ต้€ ไบ† ASF๏ผŸ

ASFไบŽ2015ๅนด10ๆœˆ็”ฑ Archi ๅ‰ต้€ ใ€‚ ๅฆ‚ๆžœๆ‚จๅฅฝๅฅ‡็š„่ฉฑ๏ผŒๆˆ‘ๅ’Œๆ‚จไธ€ๆจฃ๏ผŒๆ˜ฏๅ€‹**Steam็”จๆˆถ**ใ€‚ ๅฆ‚ๆ‚จๆ‰€่ฆ‹๏ผŒ้™คไบ†็Žฉ้Šๆˆฒ๏ผŒๆˆ‘ไนŸๅ–œๆญกๅฐ‡ๆˆ‘็š„ๆŠ€่ƒฝๅ’Œๆฑบๅฟƒไป˜่ซธ่กŒๅ‹•๏ผŒๆญก่ฟŽๆŽข็ดขๆˆ‘็š„ไฝœๅ“๏ผ ้€™่ฃๆฒ’ๆœ‰ๅคงๅ…ฌๅธๅƒ่ˆ‡๏ผŒๆฒ’ๆœ‰้–‹็™ผๅ•†ๅœ˜้šŠ๏ผŒไนŸๆฒ’ๆœ‰100่ฌ็พŽๅ…ƒ็š„้ ็ฎ—ไพ†ๆ”ฏๆด๏ผŒๅชๆœ‰ๆˆ‘่‡ชๅทฑ๏ผŒๅœจ็ถญ่ญทไธฆๅ„ชๅŒ–้€™ไบ›้ …็›ฎใ€‚

็„ถ่€Œ๏ผŒASFๆ˜ฏ้–‹ๆบ้ …็›ฎ๏ผŒๆ‚จๅœจ้€™่ฃ็œ‹ๅˆฐ็š„ไธ€ๅˆ‡ไธฆ้žๅฎŒๅ…จๅ‡บ่‡ชๆˆ‘ๆ‰‹ใ€‚ ๆˆ‘ๅ€‘ๆœ‰ไธ€ไบ› ๅ…ถไป– ASF้ …็›ฎ๏ผŒๅฎƒๅ€‘ๅนพไนŽๅฎŒๅ…จ็”ฑๅ…ถไป–้–‹็™ผไบบๅ“ก้–‹็™ผใ€‚ ๅณไฝฟๆ˜ฏๆ ธๅฟƒ ASF ้ …็›ฎ๏ผŒไนŸๆœ‰ๅพˆๅคš ่ฒข็ป่€… ๅนซๅŠฉๆˆ‘ๅฏฆ็พใ€‚ On top of that, there are several third-party services supporting ASF development, especially GitHub, JetBrains and Crowdin. You also can't forget about all the awesome libraries and tools that made ASF happen, such as Rider that we use as IDE (we love ReSharper additions) and especially SteamKit2 without which ASF would not exist in the first place. ASF also wouldn't be where it is today without my sponsors, patrons and various donators, supporting me in everything that I'm doing here.

ๆ„Ÿ่ฌๅคงๅฎถๅ”ๅŠฉASF้–‹็™ผ๏ผ You're awesome.


ๅ‰ต้€ ASF็š„ๅˆๅฟƒ๏ผŸ

ASF was created with primary purpose of being fully automated Steam farming tool for Linux, without a need of any external dependencies (such as Steam client). ๆ™‚่‡ณไปŠๆ—ฅ๏ผŒ้€™ไป็„ถๆ˜ฏASF็š„ไธป่ฆ็›ฎ็š„ๅ’Œ้‡้ปž๏ผŒๅ› ็‚บๆˆ‘็š„ASF็†ๅฟตๅพžๆœชๆ”น่ฎŠ๏ผŒๆˆ‘ไฝฟ็”จๅฎƒ็š„ๆ–นๅผไป็„ถๅ’Œ2015ๅนดๅฎŒๅ…จไธ€ๆจฃใ€‚ ็•ถ็„ถ๏ผŒ่‡ช้‚ฃๆ™‚ไปฅไพ†๏ผŒ็ขบๅฏฆ็™ผ็”Ÿไบ†ๅพˆๅคš ็š„่ฎŠๅŒ–๏ผŒ ๆˆ‘ๅพˆ้ซ˜่ˆˆๅœฐ็œ‹ๅˆฐASFๅทฒ็ถ“ๅ–ๅพ—ไบ†ๅทจๅคง็š„้€ฒๅฑ•๏ผŒ้€™่ฆๆ„Ÿ่ฌๅฎƒ็š„็”จๆˆถๅ€‘๏ผŒๅ› ็‚บๅฆ‚ๆžœๅฎƒๅƒ…็”ฑๆˆ‘ไฝฟ็”จ๏ผŒๆˆ‘ๅฏ่ƒฝ็”š่‡ณไธๆœƒๅฏซๅ‡บ็•ถๅ‰ไธ€ๅŠ็š„ๅŠŸ่ƒฝใ€‚

It's nice to note that ASF was never made to compete with other, similar programs, especially Idle Master, because ASF was never designed to be a desktop/user app, and it still isn't today. ๅฆ‚ๆžœๆ‚จๅˆ†ๆžไธŠ่ฟฐASF็š„ไธป่ฆ็”จ้€”๏ผŒๆ‚จๆœƒ็™ผ็พIdle Master่ˆ‡ๆญคๆˆช็„ถ็›ธๅใ€‚ While you can most definitely find similar to ASF programs today, nothing was good enough for me back then (and still isn't today), so I created my own software, the way I wanted it. Over time users have migrated to ASF mainly due to robustness, stability and security, but also all the features that I've developed across all those years. Today, ASF is better than ever before.


ๅฅฝๅง๏ผŒๅ•ๆˆ‘ๆœ‰ไฝ•่จดๆฑ‚๏ผŸ What do you gain from sharing ASF?

There is no catch, I created ASF for myself and shared it with the rest of the community in hope that it'll come useful. ้€™ๆจฃ็š„ไบ‹ๆƒ…ๅฑคๅ‡บไธ็ชฎ๏ผŒๅ›žๆบฏ่‡ณ1991ๅนด๏ผŒLinus Torvaldsๅ‘ๅ…จไธ–็•Œ**ๅˆ†ไบซไบ†ไป–็š„็ฌฌไธ€ๅ€‹Linux kernel**ใ€‚ There is no hidden malware, data mining, crypto mining or any other activity that would generate any monetary benefit for me. ASF project is supported entirely by non-obligatory donations sent by happy users such as you. You can use ASF in exactly the same way how I'm using it, and if you like it, you can always buy me a coffee, showing your gratitude for what I'm doing.

I'm also using ASF as a perfect example of a modern C# project that always strikes for perfection and best practices, be it with technology, project management or the code itself. It's my definition of "things done right", so if by any chance you manage to learn something useful from my project, then that will make me only more happy.


How do I verify that the downloaded files are genuine?

As part of our releases on GitHub, we utilize a very similar verification process as the one used by Debian. In every official release starting with ASF V5.1.3.3, in addition to zip files you can find SHA512SUMS and SHA512SUMS.sign files. Download them for verification purposes together with the zip files of your choice.

Firstly, you should use SHA512SUMS file in order to verify that SHA-512 checksum of the selected zip files matches the one we calculated ourselves. On Linux, you can use sha512sum utility for that purpose.

$ sha512sum -c --ignore-missing SHA512SUMS
ASF-linux-x64.zip: OK

On Windows, we can do that from powershell, although you have to manually verify with SHA512SUMS:

PS > Get-Content SHA512SUMS | Select-String -Pattern ASF-linux-x64.zip

f605e573cc5e044dd6fadbc44f6643829d11360a2c6e4915b0c0b8f5227bc2a257568a014d3a2c0612fa73907641d0cea455138d2e5a97186a0b417abad45ed9  ASF-linux-x64.zip


PS > Get-FileHash -Algorithm SHA512 -Path ASF-linux-x64.zip

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
SHA512          F605E573CC5E044DD6FADBC44F6643829D11360A2C6E4915B0C0B8F5227BC2A2575... ASF-linux-x64.zip

This way we ensured that whatever was written to SHA512SUMS matches the resulting files and they weren't tampered with. However, it doesn't prove yet that SHA512SUMS file you checked against really comes from us. For that, we'll use SHA512SUMS.sign file, which holds digital PGP signature proving the authenticity of SHA512SUMS. We can use gpg utility for that purpose, both on Linux and Windows (change gpg command into gpg.exe on Windows).

$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Mon 02 Aug 2021 00:34:18 CEST
gpg:                using EDDSA key 224DA6DB47A3935BDCC3BE17A3D181DF2D554CCF
gpg: Can't check signature: No public key

As you can see, the file indeed holds a valid signature, but of unknown origin. You'll need to import ArchiBot's public key that we sign the SHA-512 sums with for full validation.

$ curl https://raw.githubusercontent.com/JustArchi-ArchiBot/JustArchi-ArchiBot/main/ArchiBot_public.asc -o ArchiBot_public.asc
$ gpg --import ArchiBot_public.asc
gpg: /home/archi/.gnupg/trustdb.gpg: trustdb created
gpg: key A3D181DF2D554CCF: public key "ArchiBot <ArchiBot@JustArchi.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Finally, you can verify the SHA512SUMS file again:

$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Mon 02 Aug 2021 00:34:18 CEST
gpg:                using EDDSA key 224DA6DB47A3935BDCC3BE17A3D181DF2D554CCF
gpg: Good signature from "ArchiBot <ArchiBot@JustArchi.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 224D A6DB 47A3 935B DCC3  BE17 A3D1 81DF 2D55 4CCF

This has verified that the SHA512SUMS.sign holds a valid signature of our 224DA6DB47A3935BDCC3BE17A3D181DF2D554CCF key for SHA512SUMS file that you've verified against.

You could be wondering where the last warning comes from. You've successfully imported our key, but didn't decide to trust it just yet. While this is not mandatory, we can cover it as well. Normally this includes verifying through different channel (e.g. phone call, SMS) that the key is valid, then signing the key with your own to trust it. For this example, you can consider this wiki entry as such (very weak) different channel, since the original key comes from ArchiBot's profile. In any case we'll assume that you have enough of confidence as it is.

Firstly, generate private key for yourself, if you don't have one just yet. We'll use --quick-gen-key as a quick example.

$ gpg --batch --passphrase '' --quick-gen-key "$(whoami)"
gpg: /home/archi/.gnupg/trustdb.gpg: trustdb created
gpg: key E4E763905FAD148B marked as ultimately trusted
gpg: directory '/home/archi/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/archi/.gnupg/openpgp-revocs.d/8E5D685F423A584569686675E4E763905FAD148B.rev'

Now you can sign our key with yours in order to trust it:

$ gpg --sign-key 224DA6DB47A3935BDCC3BE17A3D181DF2D554CCF

pub  ed25519/A3D181DF2D554CCF
     created: 2021-05-22  expires: never       usage: SC
     trust: unknown       validity: unknown
sub  cv25519/E527A892E05B2F38
     created: 2021-05-22  expires: never       usage: E
[ unknown] (1). ArchiBot <ArchiBot@JustArchi.net>


pub  ed25519/A3D181DF2D554CCF
     created: 2021-05-22  expires: never       usage: SC
     trust: unknown       validity: unknown
 Primary key fingerprint: 224D A6DB 47A3 935B DCC3  BE17 A3D1 81DF 2D55 4CCF

     ArchiBot <ArchiBot@JustArchi.net>

Are you sure that you want to sign this key with your
key "archi" (E4E763905FAD148B)

Really sign? (y/N) y

And done, after trusting our key, gpg should no longer display the warning when verifying:

$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Mon 02 Aug 2021 00:34:18 CEST
gpg:                using EDDSA key 224DA6DB47A3935BDCC3BE17A3D181DF2D554CCF
gpg: Good signature from "ArchiBot <ArchiBot@JustArchi.net>" [full]

Notice the [unknown] trust indicator changing into [full] once you signed our key with yours.

Congratulations, you've verified that nobody has tampered with the release you've downloaded! ๐Ÿ‘


It's April the 1st and the ASF language changed into something strange, what is going on?

CONGRATULASHUNS ON DISCOVERIN R APRIL FOOLS EASTR EGG! If you didn't set custom CurrentCulture option, then ASF on April the 1st will actually use LOLcat language instead of your system language. If by any chance you'd like to disable that behaviour, you can simply set CurrentCulture to the locale that you'd like to use instead. It's also nice to note that you can enable our easter egg unconditionally, by setting your CurrentCulture to qps-Ploc value.

Clone this wiki locally