In order to compile a new kernel on my Debian jessie, I am trying to verify the GPG key , following the instruction on the official website.
I have download the the linux-3.18.35.tar.sign and linux-3.18.35.tar.xz version and unzip it using unzx.
To verify the .tar archive using the command :
gpg --verify linux-3.18.35.tar.sign
I get:
gpg: assuming signed data in `linux-3.18.35.tar' gpg: Signature made Wed 08 Jun 2016 01:19:29 AM CET using RSA key ID 6092693E gpg: Can't check signature: public key not found
To get the public key from the PGP keyserver :
#gpg --keyserver hkp://keys.gnupg.net --recv-keys 6092693E gpg: requesting key 6092693E from hkp server keys.gnupg.net ?: keys.gnupg.net: Host not found gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused gpg: no valid OpenPGP data found. gpg: Total number processed: 0
I get a similar problem with the 4.4.13 version too.
I have tried the following answer,
# gpg --keyserver subkeys.pgp.net --recv-keys 6092693E && gpg --export --armor 6092693E | sudo apt-key add - gpg: requesting key 6092693E from hkp server subkeys.pgp.net gpg: keyserver timed out gpg: keyserver receive failed: keyserver error
And:
# gpg --keyserver subkeys.pgp.net:80 --recv-keys 6092693E gpg: requesting key 6092693E from subkeys.pgp.net:80 gpgkeys: no keyserver host provided gpg: keyserver internal error gpg: keyserver receive failed: keyserver error
How to verify the kernel signature correctly?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You only need to have the public key in your keyring:
gpg --keyserver subkeys.pgp.net --recv-keys 0x38DBBDC86092693E
(use the long identifier!). If it times out, try again — there are multiple servers, and some of them seem to be having issues currently. apt-key etc. aren’t involved in this at all.
Once you have the key in your keyring,
gpg --verify linux-3.18.35.tar.sign
should work.
You can also configure a key server pool instead (this is a good idea anyway):
- install
gnupg-curl(apt-get install gnupg-curlon Debian); -
download the SKS CA
cd ~/.gnupg; wget https://sks-keyservers.net/sks-keyservers.netCA.pem
- verify it;
-
add the following line to your
~/.gnupg/gpg.conf, or change it if it’s already present:keyserver hkps://hkps.pool.sks-keyservers.net
and set up the certificate by either adding
keyserver-options ca-cert-file=/home/.../.gnupg/sks-keyservers.netCA.pem
to
~/.gnupg/gpg.conf(for GnuPG 1) orkeyserver hkps://hkps.pool.sks-keyservers.net hkp-cacert /home/.../.gnupg/sks-keyservers.netCA.pem
to
~/.gnupg/dirmngr.conf(for GnuPG 2), replacing the...in the path with the appropriate value for your home directory in both cases.
Once you’ve done that,
gpg --recv-keys 0x38DBBDC86092693E
should retrieve the key reliably.
If all that fails, you can download and import the key manually:
curl 'http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0x38DBBDC86092693E' > gregkh.key gpg --import gregkh.key
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0