Dev1 Galaxy Forum / [SOLVED] How to report "gpg: BAD signature"

Re: [SOLVED] How to report "gpg: BAD signature"

dummy@example.com (hellomello) — Sat, 04 Oct 2025 01:10:29 +0000

Yes, WSL2. That could be doing it. Thank you for checking that.

Re: [SOLVED] How to report "gpg: BAD signature"

dummy@example.com (ralph.ronnquist) — Sat, 04 Oct 2025 00:48:57 +0000

Perhaps you have it on a windows filesystem that have added ^M characters to the lines?

Re: [SOLVED] How to report "gpg: BAD signature"

dummy@example.com (hellomello) — Sat, 04 Oct 2025 00:03:46 +0000

Thank you for the advice. I have now followed both steps.

The key refresh for key 680B5A1F661ECDBC showed 'not changed'.
The sha256sum of the ISOs match the checksum (722af7905595d9a1417f48f783d43dd40fe7da7a2e1d7998a8ea47df2d26941b).

Since the file is definitely correct, the 'BAD signature' error (from key 680B5A1F661ECDBC belonging to Ralph Ronnquist) indicates a problem with the signature file itself.

I am happy, because I have my ISO, so I can mark this solved unless you'd rather leave it open or if you want more info.

Re: [SOLVED] How to report "gpg: BAD signature"

dummy@example.com (ralph.ronnquist) — Fri, 03 Oct 2025 23:40:23 +0000

Was that "bad signature" for SHA256SUMS.txt.gpg?

Perhaps you need to refresh your pgp store?

gpg --keyserver keyserver.ubuntu.com --refresh-keys rrq@rrq.au

The sha256sum should be 722af7905595d9a1417f48f783d43dd40fe7da7a2e1d7998a8ea47df2d26941b
otherwise the download had errors.

EDIT: yes, fsmithred beat me to it

EDIT 2: concerns with the installers can be reported to the virtual project "devuan-installer"

Re: [SOLVED] How to report "gpg: BAD signature"

dummy@example.com (fsmithred) — Fri, 03 Oct 2025 23:38:15 +0000

See if this fixes it:

 gpg --keyserver keyserver.ubuntu.com --refresh-keys

[SOLVED] How to report "gpg: BAD signature"

dummy@example.com (hellomello) — Fri, 03 Oct 2025 21:48:36 +0000

I downloaded the daedalus file devuan_daedalus_5.0.1_amd64_netinstall.iso from two different servers (https servers) and got a Bad signature both times on the file, but I don't know how to put it into the bug reporting system since there is no package name. I think the bug report system might just kick it out if I report it without a package name. Is that correct? If not what package should I use, or how do I report it? Thanks.