Re: Verifying authenticity of Debian CDs

To: Stefan Monnier <monnier@iro.umontreal.ca>
Cc: Debian User ML <debian-user@lists.debian.org>
Subject: Re: Verifying authenticity of Debian CDs
From: Andrew Cater <amacater@gmail.com>
Date: Fri, 24 Jul 2020 16:29:37 +0000
Message-id: <[🔎] CALtr+3nLU1WS5zBpnkotyFcoKX67=G9yud1hMeexKEj_W8tDQw@mail.gmail.com>
In-reply-to: <[🔎] jwveep0sx62.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] CAFi06wcen4BspjTo9nU4vUere9w09z-4OtOgttJL3wGD80Toqg@mail.gmail.com> <[🔎] jwveep0sx62.fsf-monnier+gmane.linux.debian.user@gnu.org>

I've just written up longer instructions on my own web page at FLOSSlinux which should explain the steps I've just followed for myself. Check those and see what you think. I'll have a go at importing from /etc/apt/trusted.gpg and see what that looks like. That, of course, is the keyring that apt and aptitude use for master verification of Debian packages as part of the verification process before package installation - so the master keys for the whole of the trust for package installation on a Debian system.

On Fri, Jul 24, 2020 at 4:20 PM Stefan Monnier <monnier@iro.umontreal.ca> wrote:

> when I run the command
> gpg --verify SHAxSUM.sign SHAxSUM
> I get a message saying that
>
> Can't check signature: No public key

You should have the needed key(s) in /etc/apt/trusted.gpg, but to be
honest I don't know how to best pass those to GPG.

Stefan

Reply to:

Follow-Ups:
- Re: Verifying authenticity of Debian CDs
  - From: Andrew Cater <amacater@gmail.com>

References:
- Verifying authenticity of Debian CDs
  - From: Semih Ozlem <semihozlemlinuxuser@gmail.com>
- Re: Verifying authenticity of Debian CDs
  - From: Stefan Monnier <monnier@iro.umontreal.ca>

Prev by Date: Re: Verifying authenticity of Debian CDs
Next by Date: Re: Verifying authenticity of Debian CDs
Previous by thread: Re: Verifying authenticity of Debian CDs
Next by thread: Re: Verifying authenticity of Debian CDs
Index(es):
- Date
- Thread