> On Apr 12, 2019, at 04:10, Larry Evans via cfe-users
> <cfe-users@lists.llvm.org> wrote:
>
> I've just downloaded:
>
> http://releases.llvm.org/8.0.0/clang+llvm-8.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz
> http://releases.llvm.org/8.0.0/clang+llvm-8.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz.sig
>
> but when I tried to verify the download with:
>
> gpg2 --verify clang+llvm-8.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz.sig
> clang+llvm-8.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz
>
> I got:
>
> gpg: enabled debug flags: memstat
> gpg: Signature made Thu 21 Mar 2019 03:34:38 AM CDT
> gpg: using RSA key B6C8F98282B944E3B0D5C2530FC3042E345AD05D
> gpg: Can't check signature: No public key
>
> How can I verify the download without a public key?
GPG needs to learn the public key of the signer first. You can retrieve this
using the ID given on the downloads page:
gpg2 --recv-keys 345AD05D
_______________________________________________
cfe-users mailing list
cfe-users@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-users
