On Sat, Dec 9, 2017 at 2:52 PM, Unman <[email protected]> wrote:
> On Sat, Dec 09, 2017 at 02:37:49PM -0300, Franz wrote: > > On Sat, Dec 9, 2017 at 1:35 PM, Chris Laprise <[email protected]> wrote: > > > > > On 12/09/2017 09:56 AM, Franz wrote: > > > > > >> I bought a larger SSD and want to reinstall 3.2, but gpg verification > no > > >> more works. > > >> > > >> I have a gpg VM where all this verificaion stuff is already installed > and > > >> worked for 3.1 and 3.2 in the past, so assumed it should work again > for the > > >> same task, but no. > > >> > > >> For the signature file of the iso, I pasted it into a file called > > >> Qubes-R3.2-x86_64.iso.asc > > >> > > >> But I get: > > >> > > >> gpg -v --verify Qubes-R3.2-x86_64.iso.asc Qubes-R3.2-x86_64.iso > > >> gpg: no valid OpenPGP data found. > > >> gpg: the signature could not be verified. > > >> > > >> So I suspected it is because developer key lapse after one year and > did: > > >> |gpg --recv-keys 0xC52261BE0A823221D94CA1D1CB11CA1D03FA5082 | > > >> |as instructed here https://www.qubes-os.org/secur > > >> ity/verifying-signatures/ It actually imported one key, but > verification > > >> gives the same failed result. | > > >> |Also tried to import the key associated to iso download [user@gpg > > >> iso2]$ gpg --import qubes-release-3-signing-key\(1\).asc gpg: key > > >> 03FA5082: "Qubes OS Release 3 Signing Key" not changed gpg: Total > number > > >> processed: 1 gpg: unchanged: 1 | > > >> |Finally downloaded the iso again, but same result | > > >> > > > > > > Maybe you pasted the key into the .asc file, instead of pasting the > > > signature? > > > > > > > > this one: > > > > Version: GnuPG v2 > > > > iQIcBAABCAAGBQJX4XLxAAoJEMsRyh0D+lCC738P/R35gthUmjr35NqF3foatmF/ > > UIZ0ggKBXUqlMNaTdl4TosJsExuZw6/YDErgukupHAhPaV22WcBtz+6+ZL6VdmSz > > /UpBOVxQ2SBFzj7DfVelpWOCp+wp09xf42fxqXvhpZQyj8plbgjJ1glbkd5uM6Dp > > vDZJWYwxtTujqLxyX2WBSvBWgtpCrhCMYFZHbAHhICQ3iWxr6sPgQhXEh49FuRZU > > Ksk9OZJmgrQ3ds5hO3HGuSQYUQKEuNlWbTN7dJJQHbPpvS6areaWCIKuIy6M2HwL > > zP6TbTF+B3F1Se+AwhiSb4rKQgVecgd+lxXc+KqmfNQfIJf/2lK2KxqmWY5O9Idz > > mtp1w0o8hnJlS6Axn3JAmmipNuCPUVg+a99KV4TL01xbAc35eUkCQi12IwDCiO8Q > > m0CaFy0xbBImCb2qFt8MNk+qbcIxFI0kML0IwJ4axSdDIrMiLl96Rvso8vEcyuAg > > CS3SjRxorbltjtb/5CmyMRdSpXzCJ4fY2U8vmqMijtKQCmCs6xJKsexsC/gNaXVO > > ZoIsMwBwu1a/SThx1zUT4Iq0gyN1P0IxwKIrd2GT+ewBlwo3DfEMaPItYduVqGE2 > > OGjcxx2J/F7Zn6DH2QSx6o1W25hUNjtRSsWv8udtOK602wjX9AjotRUl5LWriq/P > > 8sabLZSQ2AWu4Gr1qXAy > > =qkEl > > > > > > > > > If you think the .iso downloaded incorrectly, first thing to check is > the > > > exact number of bytes with 'ls -l' in case the download stopped > prematurely. > > > > > > > I downloaded it two times... > > > > [user@gpg iso2]$ ls -l > > total 4147212 > > -rw-r--r-- 1 user user 4246732800 Dec 9 00:07 Qubes-R3.2-x86_64.iso > > -rw-rw-r-- 1 user user 761 Dec 9 10:26 Qubes-R3.2-x86_64.iso.asc > > -rw-r--r-- 1 user user 2364 Dec 9 10:41 > > 'qubes-release-3-signing-key(1).asc' > > > > That's the right signature - try downloading rather than > copying/pasting. > Downloading? You do not know how many times I tried to find a link to download a file... It is two days trying that. But if Unman tells to download it there should be a way. So tried "save link as" and it actually download the file and it worked and verified the iso correctly. Well but how it is that if I click on PGP key it actually downloades a file, while if click on Signature it opens it? This make things unnecessarily complex. Clicking on Signature should download a file as well. Don'you you think so? > Have you included the BEGIN/END lines? > no, probably that was my error Anyway many thank Unman and Chris for being always willing to help Best Fran -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qBxgqP4o6jRhrJgaCqvuLgwggKy8_73%3DJvcTPJ%2B7fTWtg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
