| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200806015423.GA13702@Gentoo>
Date: Thu, 6 Aug 2020 07:24:23 +0530
From: Bhaskar Chowdhury <unixbhaskar@...il.com>
To: David Niklas <Hgntkwis@...mail.net>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Randy Dunlap <rdunlap@...radead.org>
Subject: Re:Use the script already there.. Is anyone else getting a bad
signature from kernel.org's 5.8 sources+Greg's sign?
On 20:59 Wed 05 Aug 2020, David Niklas wrote:
>Hello,
>I downloaded the kernel sources from kernel.org using curl, then
>opera, and finally lynx (to rule out an html parsing bug). I did the same
>with the sign and I keep getting:
>
>% gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
>gpg: Signature made Mon Aug 3 00:19:13 2020 EDT
>gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
>gpg: BAD signature from "Greg Kroah-Hartman
><gregkh@...uxfoundation.org>" [unknown]
>
>I did refresh all the keys just in case.
>I believe this is important so I'm addressing this to the signer and only
>CC'ing the list.
>
>If I'm made some simple mistake, feel free to send SIG666 to my terminal.
>I did re-read the man page just in case.
>
>Thanks,
>David
You should be using this script to download and verify kernel from
kernel.org ...it there for a reason , please use it...which take away
all the manual labor ..
Here is pointer to get the script :
https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball
Thanks,
Bhaskar
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists