Re: apt-check-sigs problem (plz cc adambarton@mac.com)
Adam Barton wrote:
Adam Barton wrote:
People,
Perhaps you could give me a hand with an issue I am having with the
apt-check-sigs script. Also would you mind CCing me on your responses
as I am off list right now.
I have been updating with 'apt-get update && apt-get dist-upgrade'
which has been working fine but I now want to use the apt-check-sigs
script to ensure I am using authentic Debian packages.
However, when I run apt-check-sigs I get many gpg: error reading key:
public key not found errors and I am not sure to interpret the results.
How should I go about troubleshooting this?
I have already downloaded
http://ftp-master.debian.org/ziyi_key_2003.asc and installed it using
'gpg --no-default-keyring --keyring trustedkeys.gpg --import
ziyi_key_2003.asc' as root.
I have also changed by sources to use ftp.us.debian.org (not that I
really think this is so important, but I did notice a release file
that didn't have an associated .gpg file on mirror.ac.uk)
Below is the real info.
Kind regards,
Adam Barton.
[SNIPPED]
Also, it would be wonderful if someone could detail how to manually
verify release file using gpgv manually.
Kind regards,
Adam Barton.
Ok... perhaps I should stop posting now ;)
If I manually verify ftp://ftp.debian.org/debian/dists/stable/Release &
Release.gpg I get the following:
blueboy:~# gpg --verify ./Release.gpg ./Release
gpg: Signature made Thu Nov 20 19:57:33 2003 CET using DSA key ID 38C6029A
gpg: Good signature from "Debian Archive Automatic Signing Key (2003)
<ftpmaster@debian.org>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: EB2F A2AF 170D 2359 26A7 7BF3 B629 A24C 38C6 029A
gpg: Signature made Wed Dec 31 17:26:06 2003 CET using DSA key ID 30B34DD5
gpg: Can't check signature: public key not found
blueboy:~#
blueboy:~#
Reimporting the 'latest' (????) key I notice that the key IDs are different
blueboy:~# gpg --import ./ziyi_key_2003.asc
gpg: key 38C6029A: public key imported
gpg: Total number processed: 1
gpg: imported: 1
blueboy:~#
So I guess I don't have an up to date ziyi public key.
Can anyone confirm this for me... and if I am correct, when can I find
the key with ID 30B34DD5?
I am going to bed now :D
Kind regards,
Adam Barton.
Reply to: