On Tue, Dec 28, 2010 at 1:37 PM, Thomas Schulz <sch...@adi.com> wrote: >> >> At Tue, 28 Dec 2010 15:50:23 -0500 (EST), Thomas Schulz wrote: >> > >> > It looks like I am a little dim today. Given gpg and the key, what steps >> > do I do to verify a source package? >> >> General case: >> >> $ gpg --verify sigfile tarball >> >> Eg: >> >> $ gpg --verify bind-9.7.2-P3.tar.gz.sha256.asc bind-9.7.2-P3.tar.gz >> >> We probably should add this to the aforementioned web page. > > It looks like I have to somehow make the public key available. When I > issue the above command I get: > > gpg: Can't check signature: public key not found >
Before checking the signature, you need to import ISC's public key into your key ring. Something like this will work: curl https://www.isc.org/files/pgpkey2009.txt | gpg --import Then you can run gpg --verify. Casey _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
