On 20:59 Wed 05 Aug 2020, David Niklas wrote:
Hello, I downloaded the kernel sources from kernel.org using curl, then opera, and finally lynx (to rule out an html parsing bug). I did the same with the sign and I keep getting:% gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz gpg: Signature made Mon Aug 3 00:19:13 2020 EDT gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E gpg: BAD signature from "Greg Kroah-Hartman <gre...@linuxfoundation.org>" [unknown] I did refresh all the keys just in case. I believe this is important so I'm addressing this to the signer and only CC'ing the list. If I'm made some simple mistake, feel free to send SIG666 to my terminal. I did re-read the man page just in case. Thanks, David
You should be using this script to download and verify kernel from kernel.org ...it there for a reason , please use it...which take away all the manual labor .. Here is pointer to get the script : https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball Thanks, Bhaskar
signature.asc
Description: PGP signature
