I've just written up longer instructions on my own web page at FLOSSlinux <https://flosslinuxblog.blogspot.com/> which should explain the steps I've just followed for myself. Check those and see what you think. I'll have a go at importing from /etc/apt/trusted.gpg and see what that looks like. That, of course, is the keyring that apt and aptitude use for master verification of Debian packages as part of the verification process before package installation - so the master keys for the whole of the trust for package installation on a Debian system.
On Fri, Jul 24, 2020 at 4:20 PM Stefan Monnier <monn...@iro.umontreal.ca> wrote: > > when I run the command > > gpg --verify SHAxSUM.sign SHAxSUM > > I get a message saying that > > > > Can't check signature: No public key > > You should have the needed key(s) in /etc/apt/trusted.gpg, but to be > honest I don't know how to best pass those to GPG. > > > Stefan > >
