https://bugzilla.redhat.com/show_bug.cgi?id=1834731
--- Comment #98 from Suvayu <[email protected]> --- (In reply to Simone Caronni from comment #96) > (In reply to Suvayu from comment #92) > > You can then verify with only this key. > > ...and it would require editing the asc file to remove all other signatures > or gpgv will complain anyway. I think the expectation is to filter for the key you are using to verify. So just grepping for the verified signature should be okay. $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys \ $(grep --color=never laanwj keys.txt | cut -d' ' -f1) $ gpg --verify SHA256SUMS.asc |& grep -C 2 'Good signature' gpg: Signature made Friday 10 September 2021 07:33:30 PM CEST gpg: using RSA key 9DEAE0DC7063249FB05474681E4AED62986CD25D gpg: Good signature from "Wladimir J. van der Laan <[email protected]>" [unknown] gpg: aka "Wladimir J. van der Laan <[email protected]>" [unknown] gpg: aka "Wladimir J. van der Laan <[email protected]>" [unknown] Ideally failures should go to stderr, and success to stdout, but it seems both go to stderr. I wish gpg had an option to separate the failures (maybe there is, my quick look in the man page didn't turn up anything). Maybe this helps -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=1834731 _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
