Hi I decided to do an ascii re-install of Devuan Chimera and was not able to verify the download completely. The shasum was good but the verification failed due to an expired key. This is a log of my terminal activity after downloading the iso and keys files through firefox:
~/Downloads/Devuan $ sha256 -C SHASUMS.txt devuan_chimaera_4.0.0_amd64_minimal-live.iso (SHA256) devuan_chimaera_4.0.0_amd64_minimal-live.iso: OK ~/Downloads/Devuan $ gpg --import devuan-devs.gpg gpg: key 27B9FAA4EBAA93A1: 3 signatures not checked due to missing keys gpg: key 27B9FAA4EBAA93A1: public key "Daniel Reurich (Centurion_Dan) <dan...@centurion.net.nz>" imported gpg: key D95DDF2BF71AAAEB: 2 signatures not checked due to missing keys gpg: key D95DDF2BF71AAAEB: public key "fsmithred (aka fsr) <fsmith...@gmail.com>" imported gpg: key 73B35DA54ACB7D10: 15 signatures not checked due to missing keys gpg: key 73B35DA54ACB7D10: public key "Denis Roio (Jaromil) <jaro...@dyne.org>" imported gpg: key 5F20B3AE0B5F062F: 17 signatures not checked due to missing keys gpg: key 5F20B3AE0B5F062F: public key "Vincenzo (KatolaZ) Nicosia <kato...@freaknet.org>" imported gpg: key DFEDF580D6132D50: 29 signatures not checked due to missing keys gpg: key DFEDF580D6132D50: public key "Franco Lanza (nextime) <fra...@nexlab.it>" imported gpg: key B876CB44FA1B0274: public key "parazyd <para...@dyne.org>" imported gpg: key A73823D3094C5620: 1 signature not checked due to a missing key gpg: key A73823D3094C5620: public key "fsmithred (aka fsr) <fsmith...@gmail.com>" imported gpg: key 70285BA5CF280BA4: public key "Ralph Ronnquist (rrq) <ralph.ronnqu...@gmail.com>" imported gpg: Total number processed: 8 gpg: imported: 8 gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u ~/Downloads/Devuan $ gpg --verify SHASUMS.txt.asc gpg: assuming signed data in 'SHASUMS.txt' gpg: Signature made Fri Oct 15 01:26:06 2021 BST gpg: using RSA key 67F5013216271E85C251E480A73823D3094C5620 gpg: Good signature from "fsmithred (aka fsr) <fsmith...@gmail.com>" [expired] gpg: Note: This key has expired! Primary key fingerprint: 67F5 0132 1627 1E85 C251 E480 A738 23D3 094C 5620 Many Thanks PS this was done on an OpenBSD system so the sha256 command is a little different. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
