Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
root@darkstar:/big/store1/soft/mplayer/mplayerhq# gpgv MPlayer.tar.gz.asc
gpgv: keyblock resource `/root/.gnupg/trustedkeys.gpg': general error
gpgv: Signature made Mon 17 Mar 2008 02:21:35 PM ART using DSA key ID 9C7BA3B6
gpgv: Can't check signature: public key not found
You see what I did. But it is evident I'm doing something wrong (I'd say, all wrong). What do I do with the .asc? Thanks in advance.
EDIT: in another post I saw somebody using gpg. I tried but it failed too.
You don't really have to do anything with it if you don't want to.
If you trust the source of the package, you can just use it, otherwise
you have to find and download the public key of the source of the software to verify that
the software is from who you think it is and hasn't been tampered with.
Hi alan99 and forgive my delay. I now understand. I thought the PGP signature was about checking the received file was an exact copy of the sent file. Kind of a checksum. I now see I was wrong. But then why does slackbuilds not send a checksum in addition to the .asc file? Well, thanks for your kind reply.
I was looking on the Slackware-build repository and I guess the reason there is no MD5 checksum is that you have to get the source code from the Mplayer site. I think the package they have there is just for a theme for it, unless I am mistaken. I don't know whether that is were you got it, or from some third party.
ps, I tried downloading those two files (don't know if they were the same version as yours), and the signature did check out (not using comand line) I have gpa and seahorse installed and after importing the public key all I have to do is double click on the signature in nautilus and a box pops up telling me the signature is valid.
In slackbuilds.org, using the Search feature, you can search for 'mplayer' and slack version '12.0'. You'll be presented with a link for mplayer for 12.0. Clicking, you'll find three files: the sources packages with MD5 checksum displayed beside the link, the package containing the slackbuilds script (MPlayer.tar.gz) and a PGP signature file for that package (MPlayer.tar.gz.asc). But no MD5 checksum for MPlayer.tar.gz.
However, I learn in wikipedia PGP can also do integrity checking of plain text, besides determining whether the sender is the claimed sender.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.