Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: GPG verification of the Leap 15.2 SHA256 file fails

  1. #11
    Join Date
    Oct 2014
    Location
    Italy
    Posts
    2,007

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by nrickert View Post
    I get:
    Code:
    % gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    gpg: Signature made Tue 30 Jun 2020 10:52:45 AM CDT
    gpg:                using RSA key 70AF9E8139DB7C82
    gpg: Good signature from "SuSE Package Signing Key <build@suse.de>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: FEAB 5025 39D8 46DB 2C09  61CA 70AF 9E81 39DB 7C82
    I think you need:
    Code:
    gpg --recv-key 70AF9E8139DB7C82
    Neil, I think that is what Lubos referred to in posts #4 and #6.
    Now there is an amended .sha256 file (signed 2nd July) with a different signature consistent with what the Wiki page reads, see my post #8.
    So if you download and check NOW you find something consistent with the download and wiki pages.
    Leap 15.1 Gnome on i7 4720HQ + Geforce GTX960M
    testing Leap 15.2

  2. #12
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,423
    Blog Entries
    3

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by OrsoBruno View Post
    Nice idea.

    When I look at the download site, I see that the signature file has today's date. But when I download with "wget", I receive a file with a Jun 30 date. I guess the mirrors have not yet resynchronized on that file.

    This won't work as intended until the mirrors are synced. My "wget" output shows that I am downloading from "mirror.us.leaseweb.net".
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  3. #13

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by hcvv View Post
    1. Explain why there is 15.1 in your first post, you confused Guillaume_G with it.
    That was the contents of the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" file as I downloaded it from multiple servers. Now that you are pointing out there was "15.1" in the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" file, I'm a bit surprised I had not noticed that.

  4. #14

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by nrickert View Post
    Nice idea.

    When I look at the download site, I see that the signature file has today's date. But when I download with "wget", I receive a file with a Jun 30 date. I guess the mirrors have not yet resynchronized on that file.
    On my original download of "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256", I got the Jun 30 date too.

  5. #15
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,423
    Blog Entries
    3

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    I just tried a fresh download. And this time, I got the new version of the file. It has the same sha256 checksum, but it is signed by the opensuse project key instead of the build system key.
    Code:
    % gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    gpg: Signature made Thu 02 Jul 2020 10:17:06 AM CDT
    gpg:                using RSA key B88B2FD43DBDC284
    gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [full]
    You might still see a message that the signing key is not trusted, depending on your gpg trust settings.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  6. #16

    Cool [SOLVED] Re: GPG verification of the Leap 15.2 SHA256 file fails

    I checked all the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" files on all the servers listed at:
    https://download.opensuse.org/distri...iso?mirrorlist
    and as of writing this message, they all have the correct file now, which is 628 bytes in length.

    If you have the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" file that is 630 bytes in length, you have the bad file and should download it again to get the correct file.

    Thanks to everyone who helped in this thread. I wish to extend special gratitude to the openSUSE team that promptly replied to the first message I posted in this thread, and had the fix in place shortly thereafter. That fabulous level of support compels me to continue being an openSUSE user.
    ---
    Thank You,
    Max

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •