I am crying to start using .asc file to the integrity of packages, I know I should have been doing it already, but the true I am not sure how.
I did look a bit in google and slack docs.
I find a way to do it with the "KEY" by:
download the key and saving it as gpg-key
gpg --import gpg-key
gave a message I have imported the key
gpg --verify file.asc
and it give
gpg: Signature made Wed 13 Mar 2013 03:39:36 PM GMT using DSA key ID 98C3739D
gpg: Good signature from "Vincent Lefevre <email@example.com>"
gpg: aka "Vincent Lefèvre <firstname.lastname@example.org>"
gpg: aka "Vincent Lefevre <email@example.com>"
gpg: aka "Vincent Lefèvre <firstname.lastname@example.org>"
gpg: aka "Vincent Lefevre <Vincent.Lefevre@inria.fr>"
gpg: aka "Vincent Lefèvre <Vincent.Lefevre@inria.fr>"
gpg: aka "Vincent Lefevre <Vincent.Lefevre@ens-lyon.fr>"
gpg: aka "Vincent Lefèvre <Vincent.Lefevre@ens-lyon.fr>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 07F3 DBBE CC1A 3960 5078 094D 980C 1976 98C3 739D
I've got this from here
, which mprf package.
But I still dont know how to do it with the slackbuilds as if I do:
(I have used avrdude as an example here)
bash-4.2# gpg --verify avrdude.tar.gz.asc
gpg: Signature made Tue 02 Oct 2012 05:28:51 PM BST using DSA key ID 9C7BA3B6
gpg: Can't check signature: public key not found
But in slackbuilds there is not key, right?
How do you do with the slackbuilds I guest it have to with the number net to the package in the source, right?
I also tried from thatpage in mprf like:
gpg --recv-keys 98C3739D
as it said there but it give:
gpg: no keyserver known (use option --keyserver)
gpg: keyserver receive failed: bad URI
Also I have to compare the fingerprint by comparison from the website its it possible automatically?
I also try "-- Import file.asc" as I found in a post:
bash-4.2# gpg --import avrdude.tar.gz.asc
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0