Linux - Kernel This forum is for all discussion relating to the Linux kernel. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-02-2020, 07:10 AM
|
#1
|
LQ Newbie
Registered: Mar 2020
Posts: 3
Rep:
|
question about gpg --verify
hello,
root@deviant:~-# ll
total 105M
-rw-r--r-- 1 root root 834 mars 2 13:07 linux-5.4.1.tar.sign
-rw-r--r-- 1 root root 105M nov. 29 10:17 linux-5.4.1.tar.xz
-rw-r--r-- 1 root root 40K févr. 28 17:36 sha256sums.asc
drwxr-xr-x 2 root root 4,0K mars 2 12:33 tmp
root@deviant:~-# sha256sum linux-5.4.1.tar.xz
a7d48bb324d53e421ffbe4da40087b3c0c5112707e5f3d827c30118542c74fd9 linux-5.4.1.tar.xz
root@deviant:~-# grep `sha256sum linux-5.4.1.tar.xz |awk '{print $1}'` sha256sums.asc
a7d48bb324d53e421ffbe4da40087b3c0c5112707e5f3d827c30118542c74fd9 linux-5.4.1.tar.xz
root@deviant:~-#
root@deviant:~-#
shasum is OK ...
root@deviant:~-#
root@deviant:~-# gpg --list-keys
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
/root/.gnupg/pubring.kbx
------------------------
pub rsa2048/0x79BE3E4300411886 2011-09-20 [SC]
Key fingerprint = ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
uid [ unknown] Linus Torvalds <torvalds@kernel.org>
uid [ unknown] Linus Torvalds <torvalds@linux-foundation.org>
sub rsa2048/0x88BCE80F012F54CA 2011-09-20 [E]
pub rsa4096/0x38DBBDC86092693E 2011-09-23 [SC]
Key fingerprint = 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
uid [ unknown] Greg Kroah-Hartman <gregkh@linuxfoundation.org>
uid [ unknown] Greg Kroah-Hartman <gregkh@kernel.org>
uid [ unknown] Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
sub rsa4096/0xF38153E276D54749 2011-09-23 [E]
root@deviant:~-#
root@deviant:~-# gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: Signature made ven. 29 nov. 2019 10:11:32 CET
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
root@deviant:~-#
root@deviant:~-#
Obviously there is something i don't understand with verification ...
Please help ...
root@deviant:~-# uname -a
Linux deviant 5.4.1 #1 SMP Mon Mar 2 11:39:11 CET 2020 x86_64 GNU/Linux
root@deviant:~-# cat /etc/*lease
PRETTY_NAME="Devuan GNU/Linux ascii"
NAME="Devuan GNU/Linux"
ID=devuan
ID_LIKE=debian
HOME_URL="https://www.devuan.org/"
SUPPORT_URL="https://devuan.org/os/community"
BUG_REPORT_URL="https://bugs.devuan.org/"
root@deviant:~-#
Thanks for your time.
|
|
|
03-03-2020, 05:30 AM
|
#2
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,894
|
I don't know the solution, but observation shows this fault, assuming you've noticed it also. I'd follow up on that:
Code:
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
|
|
|
03-03-2020, 09:04 AM
|
#3
|
LQ Newbie
Registered: Mar 2020
Posts: 3
Original Poster
Rep:
|
Hi,
Thanks for reply,
i fixed this issue, unfortunately it does not change anything ...
root@deviant:~-# gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
gpg: Signature made Fri Nov 29 10:11:32 2019 CET
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
root@deviant:~-#
On another system, another distro, another gpg version there is same issue :
blue@saturn:~/tmp-$ gpg --list-keys |grep -EB1 'kernel|linux'
Key fingerprint = ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
uid Linus Torvalds <torvalds@kernel.org>
uid Linus Torvalds <torvalds@linux-foundation.org>
--
Key fingerprint = 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
uid Greg Kroah-Hartman <gregkh@linuxfoundation.org>
uid Greg Kroah-Hartman <gregkh@kernel.org>
uid Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>
blue@saturn:~/tmp-$ gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
gpg: Signature made Fri Nov 29 10:11:32 2019 CET
gpg: using RSA key 0x38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
blue@saturn:~/tmp-$
blue@saturn:~/tmp-$
blue@saturn:~/tmp-$
blue@saturn:~/tmp-$ cat /etc/os-release
NAME=Fedora
VERSION="28 (Workstation Edition)"
ID=fedora
VERSION_ID=28
VERSION_CODENAME=""
PLATFORM_ID="platform:f28"
PRETTY_NAME="Fedora 28 (Workstation Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:28"
HOME_URL="https://fedoraproject.org/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=28
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=28
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation
blue@saturn:~/tmp-$ uname -a
Linux saturn 5.0.16-100.fc28.x86_64 #1 SMP Tue May 14 18:22:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
blue@saturn:~/tmp-$
|
|
|
03-07-2020, 10:44 AM
|
#4
|
Member
Registered: Nov 2019
Location: London, UK
Distribution: Slackware
Posts: 95
Rep:
|
Hi,
Quote:
Originally Posted by _blue
root@deviant:~-# gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar.xz
|
Kernel source signatures are computed on uncompressed archives, as explained on the signatures page on kernel.org:
Quote:
You will notice that the signature is made against the uncompressed version of the archive. This is done so there is only one signature required for .gz and .xz compressed versions of the release.
|
Uncompress the archive first, then check the signature:
Code:
$ xz -d linux-5.4.1.tar.xz
$ gpg --verify linux-5.4.1.tar.sign linux-5.4.1.tar
|
|
|
03-08-2020, 09:41 AM
|
#5
|
LQ Newbie
Registered: Mar 2020
Posts: 3
Original Poster
Rep:
|
Hi,
so many time without even think about it ...
oops ...
Thank you gouttegd !
|
|
|
All times are GMT -5. The time now is 02:30 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|