Thomas Sanders writes: > Thanks for the reply, here is the actual script. I must have copy/pasted the > wrong info previously. > ### > wget -q http://cygwin.com/setup-x86.exe -O > ${DESTINATION}/setup-x86.exe > wget -q http://cygwin.com/setup-x86.exe.sig -O > ${DESTINATION}/setup-x86.exe.sig > wget -q http://cygwin.com/setup-x86_64.exe -O > ${DESTINATION}/setup-x86_64.exe > wget -q http://cygwin.com/setup-x86_64.exe.sig -O > ${DESTINATION}/setup-x86_64.exe.sig > wget -q http://cygwin.com/key/pubring.asc -O ${DESTINATION}/pubring.asc
For checking the signatures to be of any real use, you'd need to use https at least. Also, you'd need to establish the provenance of the key independently. > testing /tftpboot/PXE/mirrors/cygwin//setup-x86.exe > gpg: Signature made Fri 09 Sep 2016 02:20:02 AM PDT using DSA key ID 676041BA > gpg: BAD signature from "Cygwin <cygwin@cygwin.com>" BLODA, most likely. Particularly some stupid heuristic scanner that thinks that UPX compressed binaries are dangerous just because they use compression. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Terratec KOMPLEXER: http://Synth.Stromeko.net/Downloads.html#KomplexerWaves -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple