2. Checksums and signatures steps The KEYS file download address is from wget https://dist.apache.org/repos/dist/release/apisix/KEYS Change to wget https://dist.apache.org/repos/dist/dev/apisix/KEYS Reload the public key via `gpg --import KEYS`, and then verify it.
JinChao Shuai <shuaijinc...@apache.org> 于2021年8月27日周五 下午12:04写道: > KEYS has been updated, please download the KEYS file again, and import and > verify it through `gpg --import KEYS`. > > Zhiyuan Ju <juzhiy...@apache.org> 于2021年8月27日周五 上午11:17写道: > >> Hi, >> >> When I try to import KEYS and trust it, GPG tells me `No public key`, do I >> miss something? >> >> Best Regards! >> @ Zhiyuan Ju <https://github.com/juzhiyuan> >> >> >> Zexuan Luo <spacewan...@apache.org> 于2021年8月27日周五 上午11:13写道: >> >> > BTW, I have run "gpg --import KEYS" and confirmed that the key from >> > Jinchao Shuai doesn't change. >> > >> > Zexuan Luo <spacewan...@apache.org> 于2021年8月27日周五 上午11:02写道: >> > > >> > > I checked: >> > > - Download links are valid >> > > - Checksums is valid >> > > - LICENSE and NOTICE files >> > > - make setup successfully >> > > >> > > When I run "gpg --verify >> apisix-python-plugin-runner-0.1.0-src.tgz.asc", >> > I got: >> > > gpg: assuming signed data in >> 'apisix-python-plugin-runner-0.1.0-src.tgz' >> > > gpg: Signature made 2021年08月26日 星期四 20时00分35秒 CST >> > > gpg: using RSA key >> > 147CD2ABFA330EC56E4BABF927263EFDC64AACA1 >> > > gpg: Can't check signature: No public key >> > > >> > > Maybe I miss something? >> > >> > > > -- > Thanks, > Janko > -- Thanks, Janko
