Quote:
Originally Posted by intruptz
gpg won't open the PGP sig for the samba source file.
[root@bowser al]# gpg --verify samba-2.2.8a.tar.asc
gpg: no signed data
gpg: can't hash datafile: file open error
If i rename the the file to samba-2.2.8a.sig i get-
[root@bowser al]# mv Samba_CA.crt.asc Samba_CA.sig
[root@bowser al]# gpg Samba_CA.sig
Detached signature.
Please enter name of data file: samba-latest.tar
gpg: Signature made Tue 06 May 2003 16:55:54 BST using DSA key ID 2F87AF6F
gpg: BAD signature from "Samba Distribution Verification Key <samba-bugs@samba.org>"
Am I doing something wrong here? I've tried 3 diff downloads.cheers,
interuptz
|
Ok it's a bit late answer to a so old post LOL but i encounter the same BAD signature output too today (i go for intuition without read around) so...
probably the next guy in trouble have to find directly the answer here
the whole 3 step procedure is described in samba's
FAQ under
How do I verify a tarball with the GnuPG signature? section
After downloaded and imported samba's
public GPG Key (trough a key manager like seahorse or from CLI)
Code:
gpg --import samba-pubkey.asc
i got that BAD signature output :
Code:
$ gpg --verify samba-4.3.0.tar.asc samba-4.3.0.tar.gz
gpg: Signature made Tue 08 Sep 2015 04:54:18 PM EEST using DSA key ID 6568B7EA
gpg: BAD signature from "Samba Distribution Verification Key <samba-bugs@samba.org>"
The reason was i haven't decompress first the tar (the source *.tar.gz file not the signature *.tar.asc
) as is reported in samba's FAQ
Please notice, the signature is checked against the uncompressed tarball.
So decompress the tar trough
Code:
$ gunzip samba-4.3.0.tar.gz
now you have the source tarball uncompressed (*.tar) --in place of the original *.tar.gz file-- and can proceed the verify trough
Code:
$ gpg --verify samba-4.3.0.tar.asc samba-4.3.0.tar
gpg: Signature made Tue 08 Sep 2015 04:54:18 PM EEST using DSA key ID 6568B7EA
gpg: Good signature from "Samba Distribution Verification Key <samba-bugs@samba.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA
Don't bother about the last 3 lines (Warning: etc) it's not so grave goes away after you sign the samba's public key(after importing it) with your key
Cheers
HArry G.t. KAr