problem with https://fedoraproject.org/en/verify
Richard Zidlicky
rz at linux-m68k.org
Thu Dec 31 21:24:53 UTC 2009
Hi,
sorry to use this contact address, was not sure where else to direct this.
The procedure in this page has one significant stumbling point - the *-CHECKSUM
file is a gzipped file - at least when it is downloaded using wget.
( I have tested it with https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM )
Obviously it needs to unzipped - which is not quickly obvious for a bunch of reasons,
eg it has no ".gz" suffix and many editors/viewers will unzip it automatically so the
unsuspecting user is left scratching his head why it doesnt work when the file looks
perfectly ok when viewed with "less"
The result are rather cryptic error messages like
# gpg --verify *-CHECKSUM
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
Regards
Richard
More information about the Fedora-websites-list
mailing list