Hi list. I'm unable to validate the gpg signature located at http://releases.ubuntu.com/vivid/SHA1SUMS.gpg correctly, though I can validate SHA256SUMS and MD5SUMS files.
user@box:~$ gpg --verify SHA1SUMS.gpg SHA1SUMS gpg: Signature made Mon 03 Aug 2015 05:52:38 PM BST using DSA key ID FBB75451 gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <[email protected]>" Other files verify correctly. user@box:~$ gpg --verify SHA256SUMS.gpg SHA256SUMS gpg: Signature made Mon 03 Aug 2015 05:52:04 PM BST using DSA key ID FBB75451 gpg: Good signature from "Ubuntu CD Image Automatic Signing Key <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451 user@box:~$ gpg --verify MD5SUMS.gpg MD5SUMS gpg: Signature made Mon 03 Aug 2015 05:52:04 PM BST using DSA key ID FBB75451 gpg: Good signature from "Ubuntu CD Image Automatic Signing Key <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451 The hashes themselves seem to be correct: user@box:~$ cat SHA1SUMS | sha1sum -c ubuntu-15.04-desktop-amd64.iso: OK [ other output omitted ] Am I doing something dumb here? I almost didn't send this email - I'm going to look so stupid if I've got a misconfiguration somewhere! I've tried this on different boxes, from different internet connections, and even gotten my internet friends to try it - Hashes of the files themselves: user@box:~$ sha256sum * 5e697c5f2f72c6262dfa6b9aa7d029026fd9b1163ab795ad84a01e17b19ee221 MD5SUMS 6e8496eaa18930b5123f3bdb92bc59c9a9dfcba54eec5c248649cbc443885d54 MD5SUMS.gpg 2eb2cb49df34c79975974172f6c4db8ff2df62108e751ba72fa7206403a37516 SHA1SUMS 1f6396906f928ee26a4a6f698c3cb6ee7791fabe541b0e79c54e638da3c79183 SHA1SUMS.gpg 14dd3d068a5e7db6d4bed18017d936655f7e0ea9f7c7862835cbd699e85feac4 SHA256SUMS ee3505e09b73bff08389846efedc86f3c06be860220a6569825c33e3544e8d57 SHA256SUMS.gpg Relevant file sizes: user@box:~$ ls -l SHA1SUMS SHA1SUMS.gpg -rw-rw-r-- 1 user user 612 Aug 3 17:52 SHA1SUMS -rw-rw-r-- 1 user user 198 Aug 3 17:52 SHA1SUMS.gpg The signature I'm unable to verify: user@box:~$ cat SHA1SUMS.gpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAlW/nFYACgkQRhgUM/u3VFE76gCfXUS9L+mJyRkhdGNNyQWi4A8J naEAnjS722DJQuhpNvVIFr1DifrRFkfU =AnSp -----END PGP SIGNATURE----- -- Ubuntu-release mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-release
