Re: Verifying authenticity of Debian CDs
On Fri, 24 Jul 2020 Stefan Monnier wrote:
[On 24 Jul 2020 Semih Ozlem wrote:]
when I run the command
gpg --verify SHAxSUM.sign SHAxSUM
I get a message saying that
Can't check signature: No public key
Somone recently asked a similar question.
In case you already have access to a debian system that you trust, you
might find my reply to them helpful
24 June 2020, davidson wrote to debian-user
lists.debian.org/msgid-search/alpine.DEB.2.21.2006240945240.28857@azone.org
along with an edit for clarity:
lists.debian.org/msgid-search/alpine.DEB.2.21.2006241221420.28857@azone.org
You should have the needed key(s) in /etc/apt/trusted.gpg, but to be
honest I don't know how to best pass those to GPG.
I do not have that file on any system at hand. Instead, I have many
debian-archive-*.gpg keyrings in the directory
/etc/apt/trusted.gpg.d
and I notice that none of them contain Debian CD signing keys.
The the package debian-keyring installs
/usr/share/keyrings/debian-role-keys.gpg
which most likely contains the optical media signing key needed here.
--
Ce qui est important est rarement urgent
et ce qui est urgent est rarement important
-- Dwight David Eisenhower
Reply to: