Verifying and checksumming new release is somewhat cumbersom
john doe
johndoe65534 at mail.com
Thu Nov 26 19:12:27 CET 2020
Hello all,
I see that at (1) and (2) the public keys block and the sha1sums
respectively are listed on their corresponding page.
Is there a URL to download those sha1sums and those public keyss as files?
That is for checksumming I could simply do:
$ wget <URL-OF-CHECKSUM-FILE>
$ sha1sum -c <CHECKSUM-FILE> --ignore-missing
and for the public key I could do something like:
$ wget <URL-OF-PUBLIC-KEYS>
$ gpg --import <PUBLIC-KEYS-FILES>
$ gpg --verify *.sig
I understand that for this last step I could also do:
$ gpg --keyserver-options auto-key-retrieve veirfy *.sig
Any feedback is appreciated.
P.S.
If I can I'll be more than happy to help tweaking the release process in
that regard.
1) https://gnupg.org/download/integrity_check.html
2) https://gnupg.org/signature_key.html
--
John Doe
More information about the Gnupg-users
mailing list