LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices


Reply
  Search this Thread
Old 03-02-2020, 07:10 AM   #1
_blue
LQ Newbie
 
Registered: Mar 2020
Posts: 3

Rep: Reputation: Disabled
question about gpg --verify


hello,

root@deviant:~-# ll
total 105M
-rw-r--r-- 1 root root 834 mars 2 13:07 linux-5.4.1.tar.sign
-rw-r--r-- 1 root root 105M nov. 29 10:17 linux-5.4.1.tar.xz
-rw-r--r-- 1 root root 40K févr. 28 17:36 sha256sums.asc
drwxr-xr-x 2 root root 4,0K mars 2 12:33 tmp
root@deviant:~-# sha256sum linux-5.4.1.tar.xz
a7d48bb324d53e421ffbe4da40087b3c0c5112707e5f3d827c30118542c74fd9 linux-5.4.1.tar.xz
root@deviant:~-# grep `sha256sum linux-5.4.1.tar.xz |awk '{print $1}'` sha256sums.asc
a7d48bb324d53e421ffbe4da40087b3c0c5112707e5f3d827c30118542c74fd9 linux-5.4.1.tar.xz
root@deviant:~-#
root@deviant:~-#

shasum is OK ...

root@deviant:~-#
root@deviant:~-# gpg --list-keys
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
/root/.gnupg/pubring.kbx
------------------------
pub rsa2048/0x79BE3E4300411886 2011-09-20 [SC]
Key fingerprint = ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
uid [ unknown] Linus Torvalds <torvalds@kernel.org>
uid [ unknown] Linus Torvalds <torvalds@linux-foundation.org>
sub rsa2048/0x88BCE80F012F54CA 2011-09-20 [E]

pub rsa4096/0x38DBBDC86092693E 2011-09-23 [SC]
Key fingerprint = 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
uid [ unknown] Greg Kroah-Hartman <gregkh@linuxfoundation.org>
uid [ unknown] Greg Kroah-Hartman <gregkh@kernel.org>
uid [ unknown] Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
sub rsa4096/0xF38153E276D54749 2011-09-23 [E]

root@deviant:~-#
root@deviant:~-# gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: Signature made ven. 29 nov. 2019 10:11:32 CET
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
root@deviant:~-#
root@deviant:~-#

Obviously there is something i don't understand with verification ...
Please help ...


root@deviant:~-# uname -a
Linux deviant 5.4.1 #1 SMP Mon Mar 2 11:39:11 CET 2020 x86_64 GNU/Linux
root@deviant:~-# cat /etc/*lease
PRETTY_NAME="Devuan GNU/Linux ascii"
NAME="Devuan GNU/Linux"
ID=devuan
ID_LIKE=debian
HOME_URL="https://www.devuan.org/"
SUPPORT_URL="https://devuan.org/os/community"
BUG_REPORT_URL="https://bugs.devuan.org/"
root@deviant:~-#


Thanks for your time.
 
Old 03-03-2020, 05:30 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,894
Blog Entries: 13

Rep: Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945
I don't know the solution, but observation shows this fault, assuming you've noticed it also. I'd follow up on that:
Code:
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
 
Old 03-03-2020, 09:04 AM   #3
_blue
LQ Newbie
 
Registered: Mar 2020
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hi,
Thanks for reply,

i fixed this issue, unfortunately it does not change anything ...

root@deviant:~-# gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
gpg: Signature made Fri Nov 29 10:11:32 2019 CET
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
root@deviant:~-#


On another system, another distro, another gpg version there is same issue :

blue@saturn:~/tmp-$ gpg --list-keys |grep -EB1 'kernel|linux'
Key fingerprint = ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
uid Linus Torvalds <torvalds@kernel.org>
uid Linus Torvalds <torvalds@linux-foundation.org>
--
Key fingerprint = 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
uid Greg Kroah-Hartman <gregkh@linuxfoundation.org>
uid Greg Kroah-Hartman <gregkh@kernel.org>
uid Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
blue@saturn:~/tmp-$ gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
gpg: Signature made Fri Nov 29 10:11:32 2019 CET
gpg: using RSA key 0x38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
blue@saturn:~/tmp-$
blue@saturn:~/tmp-$
blue@saturn:~/tmp-$
blue@saturn:~/tmp-$ cat /etc/os-release
NAME=Fedora
VERSION="28 (Workstation Edition)"
ID=fedora
VERSION_ID=28
VERSION_CODENAME=""
PLATFORM_ID="platform:f28"
PRETTY_NAME="Fedora 28 (Workstation Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:28"
HOME_URL="https://fedoraproject.org/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=28
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=28
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation
blue@saturn:~/tmp-$ uname -a
Linux saturn 5.0.16-100.fc28.x86_64 #1 SMP Tue May 14 18:22:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
blue@saturn:~/tmp-$
 
Old 03-07-2020, 10:44 AM   #4
gouttegd
Member
 
Registered: Nov 2019
Location: London, UK
Distribution: Slackware
Posts: 95

Rep: Reputation: 163Reputation: 163
Hi,

Quote:
Originally Posted by _blue View Post
root@deviant:~-# gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
Kernel source signatures are computed on uncompressed archives, as explained on the signatures page on kernel.org:

Quote:
You will notice that the signature is made against the uncompressed version of the archive. This is done so there is only one signature required for .gz and .xz compressed versions of the release.
Uncompress the archive first, then check the signature:

Code:
$ xz -d linux-5.4.1.tar.xz
$ gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar
 
Old 03-08-2020, 09:41 AM   #5
_blue
LQ Newbie
 
Registered: Mar 2020
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hi,
so many time without even think about it ...
oops ...
Thank you gouttegd !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
gpg / gpg-agent -- Can't connect to /root/.gnupg/S.gpg-agent jrtayloriv Linux - Security 9 06-03-2019 10:06 AM
GPG: Bad session key gpg between gpg on linux and gpg gui on windows XP konqi Linux - Software 1 07-21-2009 09:37 AM
openssl ssl error code 14090086 verify the CA cert is ok / certificate verify failed acummings Slackware 14 02-27-2009 01:51 AM
How do you GPG verify all of your rsync slackware directory Old_Fogie Slackware 31 10-24-2006 06:27 AM
Can't verify package gpg signatures on Mandrake 10 ayn Mandriva 0 06-09-2004 07:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel

All times are GMT -5. The time now is 02:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration