How to handle .sig #769

zen0bit · 2023-09-17T17:40:24Z

For example:

Guix GNU Linux #768 comes with qcow2 files which are signed.

.sig files are provided, but not any shsums.

How to check qcow2/ISO files against .sig

zen0bit · 2023-09-22T06:08:21Z

wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - | gpg --import -
gpg: key 090B11993D9AEBB5: 127 signatures not checked due to missing keys
gpg: /home/zen/.gnupg/trustdb.gpg: trustdb created
gpg: key 090B11993D9AEBB5: public key "Ludovic Courtès [email protected]" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found

gpg --verify guix-system-vm-image-1.4.0.x86_64-linux.qcow2.sig
gpg: assuming signed data in 'guix-system-vm-image-1.4.0.x86_64-linux.qcow2'
gpg: Signature made Sun 18 Dec 2022 10:09:33 PM CET
gpg: using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
gpg: Good signature from "Ludovic Courtès [email protected]" [unknown]
gpg: aka "Ludovic Courtès [email protected]" [unknown]
gpg: aka "Ludovic Courtès (Inria) [email protected]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5

flexiondotorg added the enhancement New feature or request label Oct 19, 2023

quickemu-project locked and limited conversation to collaborators Nov 10, 2023

flexiondotorg converted this issue into discussion #838 Nov 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

This issue was moved to a discussion.

How to handle .sig #769

How to handle .sig #769

zen0bit commented Sep 17, 2023

zen0bit commented Sep 22, 2023

This issue was moved to a discussion.

This issue was moved to a discussion.

How to handle .sig #769

How to handle .sig #769

Comments

zen0bit commented Sep 17, 2023

zen0bit commented Sep 22, 2023

This issue was moved to a discussion.