Trisquel public key
Hello. Where I can find public key for Jenkins repos?
I want to update from Trisquel 7.0 to 8.0.
Warning: Updating to a half-baked version presents extreme risk of injury.
Hell bent on risking life and limb, but not wanting to do so recklessly...I think I found the answer here:
https://trisquel.info/en/forum/how-do-i-import-trisquel-public-asc-verify-iso
How's this look?
# After downloading
# Verify Downloads
# listing necessary files to ease copy paste :)
gsmyli_tr8@trisquelTower:~/DownloadedPrograms/Trisquel8_4_4_17$ ls
trisquel_8.0_amd64.iso trisquel_8.0_amd64.iso.manifest
trisquel_8.0_amd64.iso.asc trisquel_8.0_amd64.iso.md5
# Finding Public Key
gsmyli_tr8@trisquelTower:~/DownloadedPrograms/Trisquel8_4_4_17$ gpg --list-packets trisquel_8.0_amd64.iso.asc
:signature packet: algo 17, keyid B4EFB9F38D8AEBF1
version 4, created 1484015752, md5len 0, sigclass 0x00
digest algo 2, begin of digest d9 d5
hashed subpkt 2 len 4 (sig created 2017-01-10)
subpkt 16 len 8 (issuer key ID B4EFB9F38D8AEBF1)
data: [160 bits]
data: [158 bits]
gsmyli_tr8@trisquelTower:~/DownloadedPrograms/Trisquel8_4_4_17$ gpg --keyserver keys.gnupg.net --recv-keys B4EFB9F38D8AEBF1
gpg: requesting key 8D8AEBF1 from hkp server keys.gnupg.net
gpg: key 8D8AEBF1: public key "Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
# With Public Key Imported
gsmyli_tr8@trisquelTower:~/DownloadedPrograms/Trisquel8_4_4_17$ gpg --verify trisquel_8.0_amd64.iso.asc trisquel_8.0_amd64.iso
gpg: Signature made Mon 09 Jan 2017 06:35:52 PM PST using DSA key ID 8D8AEBF1
gpg: Good signature from "Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E6C2 7099 CA21 965B 734A EA31 B4EF B9F3 8D8A EBF1
# Calculate md5sum and verify is the same
gsmyli_tr8@trisquelTower:~/DownloadedPrograms/Trisquel8_4_4_17$ md5sum trisquel_8.0_amd64.iso
da5a814d0b325e83e162bbafba652d22 trisquel_8.0_amd64.iso
gsmyli_tr8@trisquelTower:~/DownloadedPrograms/Trisquel8_4_4_17$ cat trisquel_8.0_amd64.iso.md5
da5a814d0b325e83e162bbafba652d22 trisquel_8.0_amd64.iso
Magic,
Can you please give me steps on how to use that link? I actually thought I was done, but I am guessing not.
I did save the signkey.
From a terminal opened in the directory where the key was downloaded (otherwise 'cd' to this directory):
$ gpg --import trisquel-archive-signkey.gpg
Or you can use the "+" button to import the GPG key from "Passwords and Keys" in the "System Settings".
OK, thanks, I guess I had it already but command line complains about something else:
tr8@trisquelTower:~/Desktop$ sudo gpg --import ../Downloads/trisquel-archive-signkey.gpg
gpg: WARNING: unsafe ownership on configuration file `/home/gsmyli_tr8/.gnupg/gpg.conf'
gpg: key 8D8AEBF1: "Trisquel GNU/Linux (Trisquel GNU/Linux signing key) <name at domain>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
What does it want re safe ownership? root?
ls -als /home/gsmyli_tr8/.gnupg/gpg.conf
12 -rw------- 1 gsmyli_tr8 gsmyli_tr8 9398 Feb 13 09:30 /home/gsmyli_tr8/.gnupg/gpg.conf
This is in Flidas and I don't think I changed the ownership since installing so would be the way it was set up by default.
It's because you are using gpg with sudo. That's why you get the warning. I assume you are the owner of the file (gpg.conf).
OK, ha, ha ran the same without sudo and found you to be right, not that I doubted for a minute. So I guess all is well in trisquelTower.