On Wed, Jun 01, 2022 at 01:40:14AM -0500, Albretch Mueller wrote:
I think I am following the steps as I should. This is what I got before and after I thought I have verified the webkit2gtk source packages: $ gpg --verify webkit2gtk_2.34.6.orig.tar.xz.asc webkit2gtk_2.34.6-1~deb11u1.debian.tar.xz gpg: Signature made Thu 17 Feb 2022 07:12:45 AM CST gpg: using DSA key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B gpg: Can't check signature: No public key $ # apt-get install debian-keyring debian-archive-keyring
The key to verify those files is probably in the first of those two packages, but, by default those keyrings will not be checked by gpg(1) on the command line. You will want to use the "--keyring" option e.g.
something like $ gpg --keyring /usr/share/keyrings/debian-keyring.gpg --verify webkit2gtk_2.34.6.orig.tar.xz.asc