Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: GPG verification of the Leap 15.2 SHA256 file fails

  1. #1

    Question GPG verification of the Leap 15.2 SHA256 file fails

    GPG verification of the Leap 15.2 SHA256 file fails with:
    Code:
    Tux@TuxBox:/home/openSUSE Leap 15.2/> gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    gpg: Signature made Tue 30 Jun 2020 09:52:45 AM MDT
    gpg:                using RSA key 70AF9E8139DB7C82
    gpg: Can't check signature: No public key
    I executed the following before checking the SHA256 file as shown above:
    Code:
    gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg --fingerprint "openSUSE Project Signing Key <opensuse@opensuse.org>"
    and it executed properly.

    Is there a problem with the SHA256 file? File contents:
    Code:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    c6d3ed19fe5cc25c4667bf0b46cc86aebcfbca3b0073aed0a288834600cb8b97  openSUSE-Leap-15.1-DVD-x86_64.iso
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)
    
    iQEVAwUBXNwZzbiLL9Q9vcKEAQiXAggAsmtTRD1HausbkO0M5vEVBfeoefCowntG
    jz8/kbmPFxDvHuRv/IUYx98NjCdOc/5svOs1PMXXaRtmBMc3/kQkr21BIn6rZye2
    B4RsRAqvAJmNjSxrlA78VyX+F+oN+CsYg63xx87sO7dORoNX2VCLappXVIFxz586
    8cQZNP9Rqpk5+eySpCyLJOgT5onxZbUjN3Q8uEPMyT+nzm8iqzx5EI75gJuKYWvh
    nGLmKDLlH9S4MXM6Z1cinmSxMW5HCvTScmTgsRTnYLtuOblVj1RZbK+sws+Fnf8T
    45WAYUYq23fv/kP4qfwvWwJma9SZWo7voLHtRiNlQFX4p6zi9C5apA==
    =Cng2
    -----END PGP SIGNATURE-----
    I checked this file against the same file on 4 separate servers across the planet, and it was found to be identical. So, Iam assuming the file is authentic.

  2. #2
    Join Date
    Oct 2014
    Location
    Italy
    Posts
    2,007

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    I can confirm what you witness, but when I run:
    Code:
    bruno@LT_B:~/Downloads> gpg openSUSE-Leap-15.2-DVD-x86_64.iso
    gpg: WARNING: no command supplied.  Trying to guess what you mean ...
    pub   rsa2048 2008-11-07 [SC] [expires: 2024-05-02]
          22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    uid           openSUSE Project Signing Key <opensuse@opensuse.org>
    bruno@LT_B:~/Downloads>
    I get indeed the right signature as advertised here: https://software.opensuse.org/distributions/leap
    and the check sum is correct, so the .iso image appears to be sound, the problem might be with the .sha256 file or the wiki page.
    Leap 15.1 Gnome on i7 4720HQ + Geforce GTX960M
    testing Leap 15.2

  3. #3
    Join Date
    Jul 2008
    Location
    Niort (France)
    Posts
    11

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Your are looking at the 15.1 file instead of the 15.2: openSUSE-Leap-15.1-DVD-x86_64.iso

    Guillaume

    Coordinateur de l'équipe de traduction française d'openSUSE

  4. #4

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Admin team is on it. It's one of keys owned by openSUSE autobuild team not the openSUSE one. Thank you for your understanding

  5. #5
    Join Date
    Oct 2014
    Location
    Italy
    Posts
    2,007

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by Guillaume_G View Post
    Your are looking at the 15.1 file instead of the 15.2: openSUSE-Leap-15.1-DVD-x86_64.iso

    The OP possibly did a copy/paste mistake, but I am seeing the same problem with the 15.2 file:
    Code:
    bruno@LT_B:~/Downloads> cat openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    0fd2d4e630b6579b933b5cb4930a8100acca6b4e29cd2738c4b7a9b2f76d80e4  openSUSE-Leap-15.2-DVD-x86_64.iso
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)
    
    iQEVAwUBXvtfzXCvnoE523yCAQhRUAgAwTP/oGIeK/gDIQlHwBAiNc7ZYGe8enoq
    IHFEaaxcJEQPzYOiIgze1bQC4q+VEcajzZ1dbT44OU+tvppg+Rmwyqs6LvTNZeL7
    G9dTrdDhKrpaOCayWN+5bpdR7l2jG00aW5HkQMMoeagJWTciLW4VIsikeGYdDSfV
    PI9GLjgIehd1F8R5VJ5QIFWBd252Acu5W7DkkUiSgFBMSOPJH/c9Uy2DTp87Ip4g
    wy0lBGBsWFTr9io7fMlt4D1F2yEuL5a8l88Gzp7TWOCQ/fJZjsihpJ/NJSQxBzoY
    q+aB6OJ5XBgxYHguhU17k+NTnZPzCko7N8F0kwLxgBwf5EaU4BTZ5w==
    =C1KJ
    -----END PGP SIGNATURE-----
    bruno@LT_B:~/Downloads>
    Leap 15.1 Gnome on i7 4720HQ + Geforce GTX960M
    testing Leap 15.2

  6. #6

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Should be fixed. Sorry for any inconvenience.

    Lubos

  7. #7

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    So, what do I need to do?

    Please pardon my ignorance.

  8. #8
    Join Date
    Oct 2014
    Location
    Italy
    Posts
    2,007

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by Max314 View Post
    So, what do I need to do?

    Please pardon my ignorance.
    Just download the fixed file from http://download.opensuse.org/distrib...leap/15.2/iso/
    and you shall get:
    Code:
    bruno@LT_B:~/Downloads> gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    gpg: Signature made gio 02 lug 2020 17:17:06 CEST
    gpg:                using RSA key B88B2FD43DBDC284
    gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE  22AA B88B 2FD4 3DBD C284
    bruno@LT_B:~/Downloads>
    Leap 15.1 Gnome on i7 4720HQ + Geforce GTX960M
    testing Leap 15.2

  9. #9
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    27,138

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by Max314 View Post
    So, what do I need to do?

    Please pardon my ignorance.
    1. Explain why there is 15.1 in your first post, you confused Guillaume_G with it.
    2. Wait for it being fixed, or believe that the download is OK and use it.
    Henk van Velden

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,417
    Blog Entries
    3

    Default Re: GPG verification of the Leap 15.2 SHA256 file fails

    Quote Originally Posted by Max314 View Post
    So, what do I need to do?

    Please pardon my ignorance.
    I get:
    Code:
    % gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
    gpg: Signature made Tue 30 Jun 2020 10:52:45 AM CDT
    gpg:                using RSA key 70AF9E8139DB7C82
    gpg: Good signature from "SuSE Package Signing Key <build@suse.de>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: FEAB 5025 39D8 46DB 2C09  61CA 70AF 9E81 39DB 7C82
    I think you need:
    Code:
    gpg --recv-key 70AF9E8139DB7C82
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •