lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Aug 2020 07:24:23 +0530
From:   Bhaskar Chowdhury <unixbhaskar@...il.com>
To:     David Niklas <Hgntkwis@...mail.net>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Randy Dunlap <rdunlap@...radead.org>
Subject: Re:Use the script already there.. Is anyone else getting a bad
 signature from kernel.org's 5.8 sources+Greg's sign?

On 20:59 Wed 05 Aug 2020, David Niklas wrote:
>Hello,
>I downloaded the kernel sources from kernel.org using curl, then
>opera, and finally lynx (to rule out an html parsing bug). I did the same
>with the sign and I keep getting:
>
>%  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
>gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
>gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
>gpg: BAD signature from "Greg Kroah-Hartman
><gregkh@...uxfoundation.org>" [unknown]
>
>I did refresh all the keys just in case.
>I believe this is important so I'm addressing this to the signer and only
>CC'ing the list.
>
>If I'm made some simple mistake, feel free to send SIG666 to my terminal.
>I did re-read the man page just in case.
>
>Thanks,
>David

You should be using this script to download and verify kernel from
kernel.org ...it there for a reason , please use it...which take away
all the manual labor ..

Here is pointer to get the script :

https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball

Thanks,
Bhaskar

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists