In order to compile a new kernel on my Debian jessie, I am trying to verify the GPG key , following the instruction on the official website.
I have download the the linux-3.18.35.tar.sign
and linux-3.18.35.tar.xz
version and unzip it using unzx
.
To verify the .tar
archive using the command :
gpg --verify linux-3.18.35.tar.sign
I get:
gpg: assuming signed data in `linux-3.18.35.tar'
gpg: Signature made Wed 08 Jun 2016 01:19:29 AM CET using RSA key ID 6092693E
gpg: Can't check signature: public key not found
To get the public key from the PGP keyserver :
#gpg --keyserver hkp://keys.gnupg.net --recv-keys 6092693E
gpg: requesting key 6092693E from hkp server keys.gnupg.net
?: keys.gnupg.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
I get a similar problem with the 4.4.13
version too.
I have tried the following answer,
# gpg --keyserver subkeys.pgp.net --recv-keys 6092693E && gpg --export --armor 6092693E | sudo apt-key add -
gpg: requesting key 6092693E from hkp server subkeys.pgp.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
And:
# gpg --keyserver subkeys.pgp.net:80 --recv-keys 6092693E
gpg: requesting key 6092693E from subkeys.pgp.net:80
gpgkeys: no keyserver host provided
gpg: keyserver internal error
gpg: keyserver receive failed: keyserver error
How to verify the kernel signature correctly?
Best Answer
You only need to have the public key in your keyring:
(use the long identifier!). If it times out, try again — there are multiple servers, and some of them seem to be having issues currently.
apt-key
etc. aren't involved in this at all.Once you have the key in your keyring,
should work.
You can also configure a key server pool instead (this is a good idea anyway):
gnupg-curl
(apt-get install gnupg-curl
on Debian);download the SKS CA
verify it;
add the following line to your
~/.gnupg/gpg.conf
, or change it if it's already present:and set up the certificate by either adding
to
~/.gnupg/gpg.conf
(for GnuPG 1) orto
~/.gnupg/dirmngr.conf
(for GnuPG 2), replacing the...
in the path with the appropriate value for your home directory in both cases.Once you've done that,
should retrieve the key reliably.
If all that fails, you can download and import the key manually: