That 'liveslak.der' file is meant for Secure Boot from what I read in the blog. It is not meant for checking all these other downloadable files.
I see .md5 as well as .asc files in every directory BTW. The .md5 files are checksum files - you can use them to verify whether your download was corrupted or not. But I would not use them to validate that the files are un-tampered with . The .asc files are meant for the latter. They enable you to validate that the file was actually created by the Alien.
I downloaded a couple and ran:
Code:
$ gpg --verify 0060-nvidia-470.63.01_5.15.1-current-x86_64.sxz.asc
gpg: assuming signed data in `0060-nvidia-470.63.01_5.15.1-current-x86_64.sxz'
gpg: Signature made Sun 07 Nov 2021 05:58:15 PM CET using RSA key ID 769EE011
gpg: Can't check signature: public key not found
This tells you to download the public GPG key "
769EE011" into your GPG keyring:
Code:
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 769EE011
gpg: requesting key 769EE011 from hkp server keyserver.ubuntu.com
gpg: key 769EE011: public key "Eric Hameleers (Alien BOB) <alien@slackware.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Then the check works better:
Code:
$ gpg --verify 0060-nvidia-470.63.01_5.15.1-current-x86_64.sxz.asc
gpg: assuming signed data in `0060-nvidia-470.63.01_5.15.1-current-x86_64.sxz'
gpg: Signature made Sun 07 Nov 2021 05:58:15 PM CET using RSA key ID 769EE011
gpg: Good signature from "Eric Hameleers (Alien BOB) <alien@slackware.com>"
gpg: aka "Eric Hameleers (Alien Base) <eric.hameleers@alienbase.nl>"
gpg: aka "Eric Hameleers <eric.hameleers@gmail.com>"
gpg: aka "Eric Hameleers (Thuis) <e.hameleers@chello.nl>"
gpg: aka "Eric Hameleers (SBo) <alien@slackbuilds.org>"
gpg: aka "[jpeg image of size 4594]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2AD1 07EA F451 32C8 A991 F4F9 883E C63B 769E E011