Thanks for the reply, here is the actual script. I must have copy/pasted the wrong info previously. ### wget -q http://cygwin.com/setup-x86.exe -O ${DESTINATION}/setup-x86.exe wget -q http://cygwin.com/setup-x86.exe.sig -O ${DESTINATION}/setup-x86.exe.sig wget -q http://cygwin.com/setup-x86_64.exe -O ${DESTINATION}/setup-x86_64.exe wget -q http://cygwin.com/setup-x86_64.exe.sig -O ${DESTINATION}/setup-x86_64.exe.sig wget -q http://cygwin.com/key/pubring.asc -O ${DESTINATION}/pubring.asc if [ $(gpg --list-keys | grep -c 'cygwin@cygwin.com') != 1 ] then gpg --import ${DESTINATION}/pubring.asc fi
echo "testing ${DESTINATION}/setup-x86.exe" gpg --verify ${DESTINATION}/setup-x86.exe.sig ${DESTINATION}/setup-x86.exe if [ ${?} -gt 0 ] then mv ${DESTINATION}/setup-x86.exe ${DESTINATION}/setup-x86.exe.DONT_USE-BAD_SIGNATURE fi echo "testing ${DESTINATION}/setup-x86_64.exe" gpg --verify ${DESTINATION}/setup-x86_64.exe.sig ${DESTINATION}/setup-x86_64.exe if [ ${?} -gt 0 ] then mv ${DESTINATION}/setup-x86_64.exe ${DESTINATION}/setup-x86_64.exe.DONT_USE-BAD_SIGNATURE fi ### Here is the output: testing /tftpboot/PXE/mirrors/cygwin//setup-x86.exe gpg: Signature made Fri 09 Sep 2016 02:20:02 AM PDT using DSA key ID 676041BA gpg: BAD signature from "Cygwin <cygwin@cygwin.com>" testing /tftpboot/PXE/mirrors/cygwin//setup-x86_64.exe gpg: Signature made Fri 09 Sep 2016 02:20:05 AM PDT using DSA key ID 676041BA gpg: Good signature from "Cygwin <cygwin@cygwin.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 1169 DF9F 2273 4F74 3AA5 9232 A9A2 62FF 6760 41BA -- Thomas Sanders | Sr. Network Systems Administrator TrellisWare Technologies, Inc. Office/FAX: 858-753-1654 | Mobile: 619-512-3311 -----Original Message----- From: Andrey Repin [mailto:anrdae...@yandex.ru] Sent: Wednesday, September 28, 2016 2:14 PM To: Thomas Sanders; cygwin@cygwin.com Subject: Re: URGENT: BAD signature from "Cygwin <cygwin@cygwin.com>" Greetings, Thomas Sanders! > FYI, I don't know if this is working as designed (please see the > application error below) wget https://cygwin.com/setup-x86.exe wget > https://cygwin.com/setup-x86.exe.sig > gpg --verify setup-x86.exe.sig setup-x86.exe > gpg: Signature made Fri 09 Sep 2016 02:20:02 AM PDT using DSA key ID > 676041BA > gpg: Good signature from "Cygwin <cygwin@cygwin.com>" -------^^^^^^^^^^^^^^ > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 1169 DF9F 2273 4F74 3AA5 9232 A9A2 62FF 6760 > 41BA > When running the app the following error occurs (Windows 7) > This version of C:\Users\tsanders\cygwin_setup-x86.exe is not > compatible with th e version of Windows you're running. Check your > computer's system information to see whether you need a x86 (32-bit) > or x64 (64-bit) version of the program, and then contact the software > publisher. Likely cause is your AV software blocking the file. Try saving it with -O innocent_name.exe > ---- > wget https://cygwin.com/setup-x86_64.exe.sig > wget https://cygwin.com/setup-x86_64.exe > gpg --verify setup-x86_64.exe.sig setup-x86_64.exe > gpg: Signature made Fri 09 Sep 2016 02:20:05 AM PDT using DSA key ID > 676041BA > gpg: Good signature from "Cygwin <cygwin@cygwin.com>" -------^^^^^^^^^^^^^^ > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 1169 DF9F 2273 4F74 3AA5 9232 A9A2 62FF 6760 > 41BA Did you copy-pasted wrong console output or what? -- With best regards, Andrey Repin Thursday, September 29, 2016 00:12:02 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple