Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Signing certificates for Argon & Krypton ISOs?

  1. #1
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Signing certificates for Argon & Krypton ISOs?

    Hi.

    A few months ago i downloaded the then-current Krypton ISO, & today i've downloaded the Argon ISO, both from http://download.opensuse.org/reposit...as/images/iso/ . For each ISO i also downloaded the corresponding sha256 file. I'm having trouble validating the files, & hope someone can help pls.

    Via Kleopatra:

    Krypton:
    Code:
    Signature created on Monday, 10 July 2017 21:02:25 AEST
    With certificate:
    4E8E 6DE2 961F 3083 EAC5 0086 27C0 7017 6F88 BB2F
    The signature is invalid: Signing certificate is expired

    Argon:
    Code:
    Signature created on Friday, 13 October 2017 09:30:54 AEDT
    With certificate:
    4E8E 6DE2 961F 3083 EAC5 0086 27C0 7017 6F88 BB2F
    
    The signature is invalid: Signing certificate is expired

    For both ISOs:



    So far none of my online searching has uncovered how to obtain the current signing certificate, but i expect i'm looking in the wrong places. Any clues pls? Do i need to write an email to "KDE OBS Project:, or [hopefully] is there a known-good webpage somewhere holding the missing information?

  2. #2
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Ha. Somewhat ironic footnote re Argon ISO... won't run in VM, has kernel panic [conversely Krypton is fine]:


  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Your Kleopatra outputs can't be right...
    It's nearly impossible for 2 different files (your Argon and Kryption ISO files) to have exactly the same checksum.

    Recommend you use the following command to generate the checksum values for you ISO files
    Code:
    sha256sum --help
    As for your Argon inability to boot...
    I've seen that error from time to time in Tumbleweed, verify the ISO integrity correctly and if necessary download a new image.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,339
    Blog Entries
    15

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Hi
    You need to ping the Repo maintainers to update the project signing key... (bug report... we know that won't happen...).

    Email the maintainers https://build.opensuse.org/project/users/KDE:Medias

    Click on the GPG key / SSL Certificate
    https://build.opensuse.org/project/show/KDE:Medias#
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  5. #5
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Quote Originally Posted by tsu2 View Post
    Your Kleopatra outputs can't be right...
    It's nearly impossible for 2 different files (your Argon and Kryption ISO files) to have exactly the same checksum.
    I entirely agree with you, which is why previously i never said anything about the checksums. As i showed with my pics, the query concerns the signing certificate applicable to both ISOs, which seems to have expired.


    "openSUSE_Argon.x86_64-5.10.90-Build2.75.iso" sha256 checksum as calculated by Dolphin:
    Code:
    febf2536e79c0b3f2c509c842badd12d98b0fb3566eb0e34688e0f1ee8945557

    "openSUSE_Argon.x86_64-5.10.90-Build2.75.iso.sha256" sha256 checksum as viewed with Kate:
    Code:
    febf2536e79c0b3f2c509c842badd12d98b0fb3566eb0e34688e0f1ee8945557



    "openSUSE_Krypton_stable.x86_64-5.10.90-Build15.1.iso" sha256 checksum as calculated by Dolphin:
    Code:
    439d424088297e0fbc41f805859131d971c32869fca4a77dd8172abb111846a5

    "openSUSE_Krypton_stable.x86_64-5.10.90-Build15.1.iso.sha256" sha256 checksum as viewed with Kate:
    Code:
    439d424088297e0fbc41f805859131d971c32869fca4a77dd8172abb111846a5



    As you can see, each ISO is verified by its associated sha256 text file, & the two ISOs do have different checksums to each other [i never said otherwise]. The checksums were never the issue. As the pics in my OP showed, the problem is that currently the integrity of the sha256 text files i downloaded [which are my only means to check the ISOs] is unknown, because they are signed with an expired certificate. IMO, if the checksum files' integrity is uncertain, then ipso facto the ISOs to which they relate, are also uncertain.
    Signature created on Sunday, 8 October 2017 04:01:49 AEDT
    With certificate:
    4E8E 6DE2 961F 3083 EAC5 0086 27C0 7017 6F88 BB2F
    The signature is invalid: Signing certificate is expired

    Quote Originally Posted by tsu2 View Post
    As for your Argon inability to boot...
    I've seen that error from time to time in Tumbleweed, verify the ISO integrity correctly and if necessary download a new image.


    TSU
    I have "verify the ISO integrity correctly", the issue is the expired signing certificate... but the checksum match does imply that the ISO should at least boot [if that build was not bad]. When i wrote my OP, the Argon ISO i'd downloaded, which has the kernel panic boot failure, was "openSUSE_Argon.x86_64-5.10.90-Build2.87.iso". Today i have now downloaded a slightly older version, "openSUSE_Argon.x86_64-5.10.90-Build2.75.iso". Sadly it also fails to boot, but this time with a different fault:




    This is not confidence-inspiring; faulty Argon ISOs, expired signing certificates...

  6. #6
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    You need to ping the Repo maintainers to update the project signing key... (bug report... we know that won't happen...).
    Haha. Sorry to disappoint you with your admirably consistent teasing of my desire for privacy, but possibly you won't be able to do so after today... i have changed my email address & SUSE/Novell UserID to match my screen-name here, & so am now more than happy to raise bug reports Could you pls guide me though as to which of these categories i should use? It's not clear to me that any of these four choices is particularly relevant to my topic:



    Quote Originally Posted by malcolmlewis View Post
    Excellent, will do, thanks.


    Quote Originally Posted by malcolmlewis View Post
    Click on the GPG key / SSL Certificate
    https://build.opensuse.org/project/show/KDE:Medias#
    Um:

    Oh, maybe it's ok; a temporary error due to the current oS power outage? I'll try it again on Monday.

  7. #7
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,339
    Blog Entries
    15

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Quote Originally Posted by GooeyGirl View Post
    Haha. Sorry to disappoint you with your admirably consistent teasing of my desire for privacy, but possibly you won't be able to do so after today... i have changed my email address & SUSE/Novell UserID to match my screen-name here, & so am now more than happy to raise bug reports Could you pls guide me though as to which of these categories i should use? It's not clear to me that any of these four choices is particularly relevant to my topic:




    Excellent, will do, thanks.



    Um:

    Oh, maybe it's ok; a temporary error due to the current oS power outage? I'll try it again on Monday.
    Hi
    Yes, no power.... take the weekend off, nothing will get done until next week anyway... send an email to the maintainers. Also you might find one of them on IRC Freenode #opensuse-factory or #opensuse-buildservice
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Signing certificates for Argon & Krypton ISOs?

    A signing certificate only provides a degree of authenticity, confidence that the provided checksum is valid and not a forgery.
    If the file is freshly downloaded from a trustworthy site, then the extra confidence provided by the signing authority is probably not needed.

    This is just one of those things that you'd wonder why the expiration was set for such a short TTL, but is not really that important.

    So, just focus on the provided checksums for comparison.

    IMO,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    Yes, no power.... take the weekend off, nothing will get done until next week anyway... send an email to the maintainers. Also you might find one of them on IRC Freenode #opensuse-factory or #opensuse-buildservice
    I don't know anything about IRC, what it is, what to do with it.

    Re emailing... When i'm here, https://build.opensuse.org/project/users/KDE:Medias , or on either of the associated pages https://build.opensuse.org/user/show/favogt and https://build.opensuse.org/user/show/luca_b , i cannot see any email link or email info for those people. Maybe such links become visible once i log into these pages? However, despite me being logged into the Forum successfully [which i can confirm by logging out, in, out, in at will], on none of these three pages am i logged in. Furthermore, all attempts to login there fail:

    The username/password combination you entered is invalid. Please try again, or recover it from here.
    Do these pages need a different login / account to my credentials which work fine in all Forum-associated pages? Or is this problem instead likely only a temporary glitch legacy of the recent power outage server shutdown?

    Finally, re me creating a bug report [which i indicated earlier i am now happy to do], i still don't know which of those 4 categories / "product" i need to use.

  10. #10
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,339
    Blog Entries
    15

    Default Re: Signing certificates for Argon & Krypton ISOs?

    Quote Originally Posted by GooeyGirl View Post
    I don't know anything about IRC, what it is, what to do with it.

    Re emailing... When i'm here, https://build.opensuse.org/project/users/KDE:Medias , or on either of the associated pages https://build.opensuse.org/user/show/favogt and https://build.opensuse.org/user/show/luca_b , i cannot see any email link or email info for those people. Maybe such links become visible once i log into these pages? However, despite me being logged into the Forum successfully [which i can confirm by logging out, in, out, in at will], on none of these three pages am i logged in. Furthermore, all attempts to login there fail:



    Do these pages need a different login / account to my credentials which work fine in all Forum-associated pages? Or is this problem instead likely only a temporary glitch legacy of the recent power outage server shutdown?

    Finally, re me creating a bug report [which i indicated earlier i am now happy to do], i still don't know which of those 4 categories / "product" i need to use.
    Hi
    Create an OBS account, it's separate.... click the Sign Up button.
    https://build.opensuse.org/

    For bugs follow the guided process;
    openSUSE:Submitting bug reports - openSUSE
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •