Adam Barton wrote:
People,
Perhaps you could give me a hand with an issue I am having with the apt-check-sigs script. Also would you mind CCing me on your responses as I am off list right now.
I have been updating with 'apt-get update && apt-get dist-upgrade' which has been working fine but I now want to use the apt-check-sigs script to ensure I am using authentic Debian packages.
However, when I run apt-check-sigs I get many gpg: error reading key: public key not found errors and I am not sure to interpret the results.
How should I go about troubleshooting this?
I have already downloaded http://ftp-master.debian.org/ziyi_key_2003.asc and installed it using 'gpg --no-default-keyring --keyring trustedkeys.gpg --import ziyi_key_2003.asc' as root.
I have also changed by sources to use ftp.us.debian.org (not that I really think this is so important, but I did notice a release file that didn't have an associated .gpg file on mirror.ac.uk)
Below is the real info.
Kind regards,
Adam Barton.
[SNIPPED]
Also, it would be wonderful if someone could detail how to manually verify release file using gpgv manually.
Kind regards,
Adam Barton.
Ok... perhaps I should stop posting now ;)
If I manually verify ftp://ftp.debian.org/debian/dists/stable/Release & Release.gpg I get the following:
blueboy:~# gpg --verify ./Release.gpg ./Release
gpg: Signature made Thu Nov 20 19:57:33 2003 CET using DSA key ID 38C6029A
gpg: Good signature from "Debian Archive Automatic Signing Key (2003) <[EMAIL PROTECTED]>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
gpg: Fingerprint: EB2F A2AF 170D 2359 26A7 7BF3 B629 A24C 38C6 029A
gpg: Signature made Wed Dec 31 17:26:06 2003 CET using DSA key ID 30B34DD5
gpg: Can't check signature: public key not found
blueboy:~#
blueboy:~#
Reimporting the 'latest' (????) key I notice that the key IDs are different
blueboy:~# gpg --import ./ziyi_key_2003.asc gpg: key 38C6029A: public key imported gpg: Total number processed: 1 gpg: imported: 1 blueboy:~#
So I guess I don't have an up to date ziyi public key.
Can anyone confirm this for me... and if I am correct, when can I find the key with ID 30B34DD5?
I am going to bed now :D
Kind regards,
Adam Barton.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
