I'm following the steps to verify kernel signatures using GNUpg. I'm following the directions from https://www.kernel.org/category/signatures.html.
Where I am getting stumped is verifying the tar against the signature. linux-4.17 linux-4.17.tar linux-4.17.tar.sign root@Ultraman:/usr/src# gpg2 --verify linux-4.17.tar.sign gpg: assuming signed data in 'linux-4.17.tar' gpg: Signature made Sun 03 Jun 2018 02:35:54 PM PDT gpg: using RSA key 79BE3E4300411886 gpg: Can't check signature: No public key I tried several times trying to import keys belonging to Linus Torvalds and Greg Kroah-Hartman. Using this command: $ gpg2 --locate-keys torva...@kernel.org gre...@kernel.org I'm stumped. Am I missing something? Thanks for any advice. HP Garcia
