Re: BAD signature from "Debian CD signing key [RESOLVED]
On 2023-08-08 10:52 a.m., Matthieu Roquejoffre wrote: On 2023-08-08 at 03:37 p.m., Juan R.D. Silva wrote:> The problem is resolved. My fault. :-). Could you please explain to us what the cause of your issue was and how you solved it ? This could be useful for anyone facing a similar issue. The whole thing was caused by a silly typo in CLI. So, I do not think the actual detailed report would be useful to anyone. I thought that stating:"My fault" was enough as an explanation. Thanks.
Re: BAD signature from "Debian CD signing key [RESOLVED]
On Tue, Aug 8, 2023 at 11:18 AM Matthieu Roquejoffre wrote: > > On 2023-08-08 at 03:37 p.m., Juan R.D. Silva wrote:> The problem is > resolved. My fault. :-). > Could you please explain to us what the cause of your issue was and how > you solved it ? > This could be useful for anyone facing a similar issue. When I read that, I thought the same thing. Then I remembered he was using GnuPG, which is a raging dumpster fire. Any problems with gpg can be traced back to its awful usability. It was not OP's fault; rather it was gpg's fault. > Relevant xkcd: https://xkcd.com/979/ ++ Jeff
Re: BAD signature from "Debian CD signing key [RESOLVED]
On 2023-08-08 at 03:37 p.m., Juan R.D. Silva wrote:> The problem is resolved. My fault. :-). Could you please explain to us what the cause of your issue was and how you solved it ? This could be useful for anyone facing a similar issue. Relevant xkcd: https://xkcd.com/979/ -- Matthieu Roquejoffre Fingerprint: 0591 eccd 7f11 454b eb7f e81c b3dc 5a41 7fe4 5f42
Re: BAD signature from "Debian CD signing key [RESOLVED]
On 2023-08-06 9:28 p.m., Juan R.D. Silva wrote: I downloaded debian-12.1.0-amd64-DVD-1.iso, SHA512SUMS, and SHA512SUMS.sign files from https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/. $ sha512sum -c SHA512SUMS gives me OK. So the image is fine. However verifying the signatures fails. $ gpg --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Sat 10 Sep 2022 07:00:46 PM EDT gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Can't check signature: No public key I downloaded the required key: $ wget -c "https://www.debian.org/CD/key-DA87E80D6294BE9B.txt; and imported it: $ gpg --import key-DA87E80D6294BE9B.txt When repeated verification get this: gpg --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Sat 22 Jul 2023 01:04:11 PM EDT gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: BAD signature from "Debian CD signing key " [unknown] Can anybody explain it. I do not see what I'm doing wrong here. Thanks. The problem is resolved. My fault. :-).
Re: BAD signature from "Debian CD signing key [RESOLVED]
On 2023-08-06 9:28 p.m., Juan R.D. Silva wrote: I downloaded debian-12.1.0-amd64-DVD-1.iso, SHA512SUMS, and SHA512SUMS.sign files from https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/. $ sha512sum -c SHA512SUMS gives me OK. So the image is fine. However verifying the signatures fails. $ gpg --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Sat 10 Sep 2022 07:00:46 PM EDT gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Can't check signature: No public key I downloaded the required key: $ wget -c "https://www.debian.org/CD/key-DA87E80D6294BE9B.txt; and imported it: $ gpg --import key-DA87E80D6294BE9B.txt When repeated verification get this: gpg --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Sat 22 Jul 2023 01:04:11 PM EDT gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: BAD signature from "Debian CD signing key " [unknown] Can anybody explain it. I do not see what I'm doing wrong here. Thanks. The problem is resolved. My fault. :-).