Hi all,
I tried to verify the SHA256 sums at
http://ftp.openbsd.org/pub/OpenBSD/snapshots/armv7/SHA256 with the
related .sig file, but it didn't work:
$ gpg --verify SHA256.sig SHA256
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
Looking at
http://ftp.openbsd.org/pub/OpenBSD/snapshots/armv7/SHA256.sig, I see:
untrusted comment: signature from openbsd 5.5 base secret key
RWRGy8gxk9N935xWg20Ru3XLMEb6TGuUyCXIo9Pe0dP9nVMZMMMvscjhHEbrFZZGLvkEeQqYiVsAf1fyj6eSeQ1Y/aUOiiDPYAQ=
SHA256 (INSTALL.armv7) =
81bf9b2a3ade9e61bbd9ac2ccf559a38d328ba4857ceaf68b6f983c8b8d22b5f
[...]
It seems like it was generated incorrectly.
- Joe
