The officially official Devuan Forum!

You are not logged in.

#1 2020-08-07 12:16:30

uther
Member
Registered: 2019-05-16
Posts: 37  

[SOLVED] Devuan keyserver not available / bad signature

I wanted to update keys for iso verification and got:

gpg --keyserver=pgp.mit.edu --recv-keys 094c5620
gpg: keyserver recieve failed: No keyserver available

When I try to verify Beowulf SHA256SUMS with the existing key i get bad signature from @fsmithred.

I tried on two machines with VPN+proxy on and off. Can someone check if this is only on my side? Thanks in advance.

Last edited by uther (2020-08-07 12:50:41)

Offline

#2 2020-08-07 12:28:45

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,619  

Re: [SOLVED] Devuan keyserver not available / bad signature

That's my current key and it has a good signature here. MIT's pgp is frequently down. I just tried to get my key in a web browser, and it failed to find it. Never mind that I uploaded it to pgp.mit.edu when I created it.

Try subkeys.pgp.net and try refreshing your keys. Last year I updated the expiration date on the key but it didn't get updated on the keyserver until later. (mit was down at the time)

Using --refresh-keys will update your local copy.

Offline

#3 2020-08-07 12:41:55

uther
Member
Registered: 2019-05-16
Posts: 37  

Re: [SOLVED] Devuan keyserver not available / bad signature

I already refreshed keys before verifying file and all are up to date (not changed). subkeys.pgp.net is timing out on me right now, will check later.

I've downloaded iso and signature directly from Devuan page: https://files.devuan.org/devuan_beowulf/desktop-live/

gpg --verify SHA256SUMS.txt.asc SHA256SUMS.txt
gpg: Signature made Sun 31 May 2020 11:34:07 PM CEST
gpg:                using RSA key 67F5013216271E85C251E480A73823D3094C5620
gpg: BAD signature from "fsmithred (aka fsr) <fsmithred@gmail.com>" [unknown]

EDIT: Nevermind. I redownloaded all files and now everything is fine. Thanks.

Last edited by uther (2020-08-07 12:50:20)

Offline

Board footer