Re: [DNG] OpenPGP key for Devuan Release ISOs?
The problem is who signs, who is not someone whose signature is expected. wget https://files.devuan.org/devuan_chimaera/Release_notes.txt -q -O - | grep -A 4 'are signed' wget https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS.asc gpg --verify SHA256SUMS.asc gpg --keyserver pgp.mit.edu --search-keys E93D7167A4F5FA9E9FED497770285BA5CF280BA4 Ralph Ronnquist (rrq) It would be expected that some...@devuan.org or similar, as on wget https://files.devuan.org/devuan-archive-keyring.gpg -q -O - | gpg PS: keys.gnupg.net closed down years ago (talked about here in the list when it happened), but the others (pgp.mit.edu, keys.openpgp.org,...) continue. Best regards. En viernes, 25 de febrero de 2022 19:06:27 CET, Lars Noodén via Dng escribió: I see that the ISO images are signed. I've tried to fetch the signing key[1] again, $ gpg --keyserver keys.gnupg.net \ --recv-key E032601B7CA10BC3EA53FA81BB23C00C61FC752C $ gpg --keyserver keys.gnupg.net \ --recv-key BB23C00C61FC752C $ gpg --keyserver keys.gnupg.net \ --search-keys BB23C00C61FC752C but get an error instead with each of the above methods: gpg: keyserver receive failed: Server indicated a failure What is the current / correct location to find the public key to check the releases with? /Lars [1] https://www.devuan.org/os/keyring ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OpenPGP key for Devuan Release ISOs?
The problem is who signs, who is not someone whose signature is expected. wget https://files.devuan.org/devuan_chimaera/Release_notes.txt -q -O - | grep -A 4 'are signed' wget https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS https://files.devuan.org/devuan_chimaera/installer-iso/SHA256SUMS.asc gpg --verify SHA256SUMS.asc gpg --keyserver pgp.mit.edu --search-keys E93D7167A4F5FA9E9FED497770285BA5CF280BA4 Ralph Ronnquist (rrq) It would be expected that some...@devuan.org or similar, as on wget https://files.devuan.org/devuan-archive-keyring.gpg -q -O - | gpg PS: keys.gnupg.net closed down years ago (talked about here in the list when it happened), but the others (pgp.mit.edu, keys.openpgp.org,...) continue. Best regards, En viernes, 25 de febrero de 2022 19:06:27 CET, Lars Noodén via Dng escribió: I see that the ISO images are signed. I've tried to fetch the signing key[1] again, $ gpg --keyserver keys.gnupg.net \ --recv-key E032601B7CA10BC3EA53FA81BB23C00C61FC752C $ gpg --keyserver keys.gnupg.net \ --recv-key BB23C00C61FC752C $ gpg --keyserver keys.gnupg.net \ --search-keys BB23C00C61FC752C but get an error instead with each of the above methods: gpg: keyserver receive failed: Server indicated a failure What is the current / correct location to find the public key to check the releases with? /Lars [1] https://www.devuan.org/os/keyring ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] OpenPGP key for Devuan Release ISOs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, There is no 'correct' location, you need a proper chain of trust in order to really verify the signature... You can try keyserver.ubuntu.com; looks like keys.gnupg.net is overloaded/offline... With best regards, b. On Fri, 2022-02-25 at 20:06 +0200, Lars Noodén via Dng wrote: > I see that the ISO images are signed. I've tried to fetch the signing > key[1] again, > > $ gpg --keyserver keys.gnupg.net \ > --recv-key E032601B7CA10BC3EA53FA81BB23C00C61FC752C > > $ gpg --keyserver keys.gnupg.net \ > --recv-key BB23C00C61FC752C > > $ gpg --keyserver keys.gnupg.net \ > --search-keys BB23C00C61FC752C > > but get an error instead with each of the above methods: > > gpg: keyserver receive failed: Server indicated a failure > > What is the current / correct location to find the public key to check > the releases with? > > /Lars > > [1] https://www.devuan.org/os/keyring > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmIZio4ACgkQE2VyCRPS 8i3efQ/7B3w1zC3R2V9O/v8Tg0Wv7QgmCdSR5wb3anlyXnNO9t2gbg35SiwUZv/G yyUEKkKQOByBfzn+zHL1qg2/turA8F6Ugajt19z1EFAYBymaZ+0tVhPlKOnXhD5J prqBzArjeyJuyxIgK5gH5g9xqe6WPCRAdJfb8CAOwFNPE5zfrZw1xDD6KWaoZcPr Kbt00+Dw7mxuIEomq416p+VVnnVlx5Bhg8QRk6FdrvcZK11+Ij1X4cErKLAtUKWG YyRfZDU0hTsugaEBQbshAOtkK7e9aVxVtkQrvTf5m9eziKyRB5Ob9qyIK2Us91Md V8jvR8AgWc7Ma8ipouykWe4wasjij37Jwj1IAHNGLuRFStrIArdcjzALIBy0iNSV 3mi+j8HXc+l5vnEr35bfgmU3oAlrkCOzwYRZWKeegqYUDdtr/7zWOChrdcHSkUuj ML8Gig+lGb0DyhfyXEnelhGXrYORq/tqNRk/g+Ioo2CXdzF83H6VPFVmQtHMEBZd KEt6KdaXYQRjWCIk2VQX5mjCDlTyD3JqyCLVn3rtEE9XymQDQ4NRSEcbIzA3K58c o74ji0s8BAd/VfCh8q3JLr96wqbZpoqPudhyQephyME731YAAuW8r2CUAZrAozOe iTBORDyDkJMJ+ppnpSxa+5/kK7tHf7lJsW5EzLlryi0PyAraXs0= =wgFA -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] OpenPGP key for Devuan Release ISOs?
I see that the ISO images are signed. I've tried to fetch the signing key[1] again, $ gpg --keyserver keys.gnupg.net \ --recv-key E032601B7CA10BC3EA53FA81BB23C00C61FC752C $ gpg --keyserver keys.gnupg.net \ --recv-key BB23C00C61FC752C $ gpg --keyserver keys.gnupg.net \ --search-keys BB23C00C61FC752C but get an error instead with each of the above methods: gpg: keyserver receive failed: Server indicated a failure What is the current / correct location to find the public key to check the releases with? /Lars [1] https://www.devuan.org/os/keyring ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng