Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Impossible to verify GPG signature on Debian Release file
271 views
Skip to first unread message
john doe
Nov 23, 2021, 2:40:07 AM11/23/21
to
Debians,
I'm trying to verify the Debian's Release file but to no avail:
$gpg --keyserver keyring.debian.org --keyserve
r-options auto-key-retrieve --verify Release.gpg Release
gpg: Signature made 10/9/2021 11:35:49 AM Romance Daylight Time
gpg: using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpg: requesting key 0x648ACFD622F3D138 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
gpg: Signature made 10/9/2021 11:35:49 AM Romance Daylight Time
gpg: using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpg: requesting key 0x0E98404D386FA1D9 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
gpg: Signature made 10/9/2021 11:49:02 AM Romance Daylight Time
gpg: using RSA key A4285295FC7B1A81600062A9605C66F00D6C9793
gpg: issuer "debian-...@lists.debian.org"
gpg: requesting key 0x605C66F00D6C9793 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
$ gpg --locate-keys debian-...@lists.debian
.org
gpg: error retrieving 'debian-...@lists.debian.org' via WKD:
Certificate exp
ired
gpg: error reading key: Certificate expired
The Release file and signature file are downloaded from (1) and (2).
What am I missing?
1) http://ftp.debian.org/debian/dists/stable/Release
2) http://ftp.debian.org/debian/dists/stable/Release.gpg
--
John Doe
I'm trying to verify the Debian's Release file but to no avail:
$gpg --keyserver keyring.debian.org --keyserve
r-options auto-key-retrieve --verify Release.gpg Release
gpg: Signature made 10/9/2021 11:35:49 AM Romance Daylight Time
gpg: using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpg: requesting key 0x648ACFD622F3D138 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
gpg: Signature made 10/9/2021 11:35:49 AM Romance Daylight Time
gpg: using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpg: requesting key 0x0E98404D386FA1D9 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
gpg: Signature made 10/9/2021 11:49:02 AM Romance Daylight Time
gpg: using RSA key A4285295FC7B1A81600062A9605C66F00D6C9793
gpg: issuer "debian-...@lists.debian.org"
gpg: requesting key 0x605C66F00D6C9793 from hkp://keyring.debian.org
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
$ gpg --locate-keys debian-...@lists.debian
.org
gpg: error retrieving 'debian-...@lists.debian.org' via WKD:
Certificate exp
ired
gpg: error reading key: Certificate expired
The Release file and signature file are downloaded from (1) and (2).
What am I missing?
1) http://ftp.debian.org/debian/dists/stable/Release
2) http://ftp.debian.org/debian/dists/stable/Release.gpg
--
John Doe
deloptes
Nov 23, 2021, 8:00:05 AM11/23/21
to
john doe wrote:
> What am I missing?
this specific key seems not to be available on the debian keyserver
try keyserver.ubuntu.com, you can find the key there
--
FCD6 3719 0FFB F1BF 38EA 4727 5348 5F1F DCFE BCB0
> What am I missing?
this specific key seems not to be available on the debian keyserver
try keyserver.ubuntu.com, you can find the key there
--
FCD6 3719 0FFB F1BF 38EA 4727 5348 5F1F DCFE BCB0
john doe
Nov 23, 2021, 10:20:05 AM11/23/21
to
On 11/23/2021 1:49 PM, deloptes wrote:
> john doe wrote:
>
>> What am I missing?
>
> this specific key seems not to be available on the debian keyserver
> try keyserver.ubuntu.com, you can find the key there
>
Thank you.
> john doe wrote:
>
>> What am I missing?
>
> this specific key seems not to be available on the debian keyserver
> try keyserver.ubuntu.com, you can find the key there
>
--
John Doe
john doe
Nov 26, 2021, 1:40:04 AM11/26/21
to
Thanks to 'Clément Hermann <nod...@debian.org>' for the below answer:
"The keyserver at keyring.debian.org holds keys for Debian Project
members and Debian Maintainers, so it's expected that you wouldn't find
the keys there (though it might be a good idea ?). You'll find more
details at https://keyring.debian.org.
The Debian Archive Keyring where you'll find the ftp-master keys used to
sign the Release files is in the debian-archive-keyring package, and
also available on https://ftp-master.debian.org/keys.html
Note that starting from Debian 10 (Buster), you might want to check the
InRelease file instead of Release + Release.gpg."
--
John Doe
0 new messages