Hallo Gerd, Please set something like LC_ALL=C, not everybody understands German. :)
Gerd Mühlenbruch <gerd.muehlenbr...@posteo.de> (2022-10-03): > Today I downloaded the present debian-live-11.5.0-amd64-gnome.iso via my > prepared script > ********* > Optionen="-c -nv --show-progress --limit-rate=800k -a Ziele.log" > Pfad="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid"; > wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.iso > wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.log > wget $Optionen $Pfad/debian-live-11.5.0-amd64-gnome.packages > rm SHA512SUMS > rm SHA512SUMS.sign > wget $Optionen $Pfad/SHA512SUMS > wget $Optionen $Pfad/SHA512SUMS.sign > ********* > > The final check > sha512sum --ignore-missing -c SHA512SUMS > resulted into > debian-live-11.5.0-amd64-gnome.iso: FEHLSCHLAG > debian-live-11.5.0-amd64-gnome.log: OK > debian-live-11.5.0-amd64-gnome.packages: OK > sha512sum: WARNUNG: 1 berechnete Prüfsumme passte NICHT > It was my first failed check. I downloaded the same ISO, and SHA{256,512}SUMS with Firefox, and both validate. For the record, that's what I'm seeing: 3efed2698da7fab0218a505eb504410d4cd9c7bc09478483bdbb3c593013b371 debian-live-11.5.0-amd64-gnome.iso 450d09f1f1556effce4bc072ad395e45652aa40ed035b8ab35616c54fbef0c6edf803acb483ac25737b12bbae858277c1aa261eee36c4edf505a85c915d73c67 debian-live-11.5.0-amd64-gnome.iso > Already since some years, the check > gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS > reports that the key doesn't have a trusted signature > gpg: Signatur vom So 11 Sep 2022 01:00:38 CEST > gpg: mittels RSA-Schlüssel > DF9B9C49EAA9298432589D76DA87E80D6294BE9B > gpg: Korrekte Signatur von "Debian CD signing key > <debian-cd@lists.debian.org>" [unbekannt] > gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! > gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem > vorgeblichen Besitzer gehört. > Haupt-Fingerabdruck = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 > BE9B > This may be my own problem, because I haven't got a book to learn gpg. The English version: $ gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS gpg: Signature made Sun 11 Sep 2022 01:00:38 CEST gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B The important part is that the signature is correct. The warning is about your not having set a level of trust for the signing key. That's not a problem. Cheers, -- Cyril Brulebois (k...@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature
