Arno,
On 8/26/22 08:50, Arno Hautala wrote:
I’m trying to verify the PGP signatures for the 9.0.65 release, but the public
key is missing from the KEYS.txt file and it isn’t available on any keyservers
that I’ve checked.
Can someone point me in the right direction or update the KEYS.txt?
Thanks for your help,
–Arno
$ sha512sum -c apache-tomcat-9.0.65.tar.gz.sha512.txt
apache-tomcat-9.0.65.tar.gz: OK
$ gpg --verify apache-tomcat-9.0.65.tar.gz{.asc.txt,}
gpg: Signature made Thu Jul 14 08:36:27 2022 EDT
gpg: using RSA key 48F8E69F6390C9F25CFEDCD268248959359E722B
gpg: requesting key 68248959359E722B from hkp server pgp.mit.edu
gpg: Can't check signature: No public key
You aren't using the KEYS file in the above command. gpg works with
keyrings, and you have to import then use it:
# Import
$ gpg --import --no-default-keyring --primary-keyring apache-9.0-keys < KEYS
# Verify against the custom key ring
$ gpg --keyring apache-9-keys --no-default-keyring --verify
apache-tomcat-9.0.65.tar.gz.asc
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
