Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: GPG verification of the Leap 15.2 SHA256 file fails

  1. #11
    Join Date
    Oct 2014
    Location
    Italy
    Posts
    2,215

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by nrickert View Post
    I get:
    Code:
    % gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    gpg: Signature made Tue 30 Jun 2020 10:52:45 AM CDT
    gpg:                using RSA key 70AF9E8139DB7C82
    gpg: Good signature from "SuSE Package Signing Key <build@suse.de>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: FEAB 5025 39D8 46DB 2C09  61CA 70AF 9E81 39DB 7C82
    I think you need:
    Code:
    gpg --recv-key 70AF9E8139DB7C82
    Neil, I think that is what Lubos referred to in posts #4 and #6.
    Now there is an amended .sha256 file (signed 2nd July) with a different signature consistent with what the Wiki page reads, see my post #8.
    So if you download and check NOW you find something consistent with the download and wiki pages.
    Tumbleweed Gnome on i7 4720HQ + Geforce GTX960M
    testing Leap 15.3

  2. #12
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,408
    Blog Entries
    3

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by OrsoBruno View Post
    Nice idea.

    When I look at the download site, I see that the signature file has today's date. But when I download with "wget", I receive a file with a Jun 30 date. I guess the mirrors have not yet resynchronized on that file.

    This won't work as intended until the mirrors are synced. My "wget" output shows that I am downloading from "mirror.us.leaseweb.net".
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #13

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by hcvv View Post
    1. Explain why there is 15.1 in your first post, you confused Guillaume_G with it.
    That was the contents of the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" file as I downloaded it from multiple servers. Now that you are pointing out there was "15.1" in the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" file, I'm a bit surprised I had not noticed that.

  4. #14

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by nrickert View Post
    Nice idea.

    When I look at the download site, I see that the signature file has today's date. But when I download with "wget", I receive a file with a Jun 30 date. I guess the mirrors have not yet resynchronized on that file.
    On my original download of "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256", I got the Jun 30 date too.

  5. #15
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,408
    Blog Entries
    3

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    I just tried a fresh download. And this time, I got the new version of the file. It has the same sha256 checksum, but it is signed by the opensuse project key instead of the build system key.
    Code:
    % gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    gpg: Signature made Thu 02 Jul 2020 10:17:06 AM CDT
    gpg:                using RSA key B88B2FD43DBDC284
    gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [full]
    You might still see a message that the signing key is not trusted, depending on your gpg trust settings.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  6. #16

    Cool [SOLVED] Re: GPG verification of the Leap 15.2 SHA256 file fails

    I checked all the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" files on all the servers listed at:
    https://download.opensuse.org/distri...iso?mirrorlist
    and as of writing this message, they all have the correct file now, which is 628 bytes in length.

    If you have the "openSUSE-Leap-15.2-DVD-x86_64.iso.sha256" file that is 630 bytes in length, you have the bad file and should download it again to get the correct file.

    Thanks to everyone who helped in this thread. I wish to extend special gratitude to the openSUSE team that promptly replied to the first message I posted in this thread, and had the fix in place shortly thereafter. That fabulous level of support compels me to continue being an openSUSE user.
    ---
    Thank You,
    Max

  7. #17
    Join Date
    Aug 2010
    Location
    California
    Posts
    192

    Question Re: GPG verification of the Leap 15.2 SHA256 file fails

    I downloaded .iso. .sha256, and .asc files yesterday and would like to upgrade from 15.1 to 15.3, but I'm having a little trouble with 15.2:

    Code:
    randolph@linux-8wry:~/ISO> sha256sum -c openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    openSUSE-Leap-15.2-DVD-x86_64.iso: OK
    sha256sum: WARNING: 14 lines are improperly formatted
    randolph@linux-8wry:~/ISO> gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284       gpg: keyserver receive failed: No name
    randolph@linux-8wry:~/ISO> gpg --fingerprint "openSUSE Project Signing Key <opensuse@opensuse.org>"
    gpg: error reading key: No public key
    randolph@linux-8wry:~/ISO> gpg --recv-key 70AF9E8139DB7C82                                  gpg: keyserver receive failed: No name
    randolph@linux-8wry:~/ISO> gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256            gpg: Signature made Thu 02 Jul 2020 08:17:06 AM PDT
    gpg:                using RSA key B88B2FD43DBDC284
    gpg: Can't check signature: No public key
    randolph@linux-8wry:~/ISO> cat openSUSE-Leap-15.2-DVD-x86_64.iso.sha256-----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    0fd2d4e630b6579b933b5cb4930a8100acca6b4e29cd2738c4b7a9b2f76d80e4  openSUSE-Leap-15.2-DVD-x86_64.iso
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)
    
    iQEVAwUBXv36criLL9Q9vcKEAQLo7AgAheoPUyw1dN3VlqN4m2icdonUUTiHvZ5b
    4vDv1hcZxYNzh76HJudvRVODyx5SAytLRXsUfAnffLUqWTIg2p50nkIR0FZoY5y/
    0BaVKe2SY+W35iLxZkBO5sszFz+mhtWwir8Vsi4Tq/u3/IO98BBO319c877SIKCt
    JrJ//sajA2XXQrKgu9hxiVgWOl5Y2EOWllq9fBaGr3Rd4EdLbHhfDQ7IaWN7PW0U
    hAqv9WDkTxRVSksUP/y/C9c8kZ4VXF4YXGMdZX9+5hKoz/iBWaRVMwsez13h8Eif
    bNpN69bQCLBx2LMH1T3gknu1faD5xb808iWeZXi2jgs3vWXUWdRg3w==
    =DTcJ
    -----END PGP SIGNATURE-----
    randolph@linux-8wry:~/ISO>
    Assuming that everyone gets that "WARNING: 14 lines are improperly formatted" message, would it be OK to just install 15.2, then go to 15.3?

  8. #18
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,408
    Blog Entries
    3

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by HealingMindNOS View Post
    Assuming that everyone gets that "WARNING: 14 lines are improperly formatted" message, would it be OK to just install 15.2, then go to 15.3?
    Yes, you can safely ignore that warning. It is just telling you that the GPG signature is not a sha256 checksum.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  9. #19
    Join Date
    Aug 2010
    Location
    California
    Posts
    192

    Thumbs up Re: GPG verification of the Leap 15.2 SHA256 file fails

    THANKS!!!!

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •