SOLVED - Need help to verify my iso.sig

[fredmyra]

I am not sure about how to do the verification. 

My searching only resulted in https://www.funtoo.org/GPG_Signatures

 

my downloaded files look like this:

[arthur@esprimo-II ~]$ cd /run/media/arthur/Storage/Linux_By_Distros/Funtoo/funtoo-220715

[arthur@esprimo-II funtoo-220715]$ ls 
funtoo-livecd-20220715-1607.iso      
funtoo-livecd-20220715-1607.iso.hash.txt
funtoo-livecd-20220715-1607.iso.gpg  
node.txt

 

Trying to follow the link above I tried:

[arthur@esprimo-II funtoo-220715]$ gpg --keyserver pgp.mit.edu --recv-key D3B948F82EE8B4020A0410789A658306E986E8EE
gpg: key 9A658306E986E8EE: public key "Daniel Robbins (BDFL) <drobbins@funtoo.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
[arthur@esprimo-II funtoo-220715]$ gpg --edit-key E986E8EE
gpg (GnuPG) 2.2.40; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  rsa4096/9A658306E986E8EE
     created: 2016-11-28  expires: never       usage: SC  
     trust: unknown       validity: unknown
sub  rsa4096/2E5B26155568E28D
     created: 2016-11-28  expires: never       usage: E   
sub  rsa4096/8C7CC4D18DAD2DBC
     created: 2016-11-28  expires: never       usage: S   
[ unknown] (1). Daniel Robbins (BDFL) <drobbins@funtoo.org>
[ unknown] (2)  [jpeg image of size 5472]

gpg> trust
pub  rsa4096/9A658306E986E8EE
     created: 2016-11-28  expires: never       usage: SC  
     trust: unknown       validity: unknown
sub  rsa4096/2E5B26155568E28D
     created: 2016-11-28  expires: never       usage: E   
sub  rsa4096/8C7CC4D18DAD2DBC
     created: 2016-11-28  expires: never       usage: S   
[ unknown] (1). Daniel Robbins (BDFL) <drobbins@funtoo.org>
[ unknown] (2)  [jpeg image of size 5472]

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 4

pub  rsa4096/9A658306E986E8EE
     created: 2016-11-28  expires: never       usage: SC  
     trust: full          validity: unknown
sub  rsa4096/2E5B26155568E28D
     created: 2016-11-28  expires: never       usage: E   
sub  rsa4096/8C7CC4D18DAD2DBC
     created: 2016-11-28  expires: never       usage: S   
[ unknown] (1). Daniel Robbins (BDFL) <drobbins@funtoo.org>
[ unknown] (2)  [jpeg image of size 5472]
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> quit
[arthur@esprimo-II funtoo-220715]$ gpg --import node.txt
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

 

my node.text looked like:

[arthur@esprimo-II funtoo-220715]$ ls node.txt
gpg: key 9A658306E986E8EE: public key "Daniel Robbins (BDFL) <drobbins@funtoo.org>" imported
pub  rsa4096/9A658306E986E8EE
sub  rsa4096/2E5B26155568E28D
sub  rsa4096/8C7CC4D18DAD2DBC

I  also tried:

[arthur@esprimo-II funtoo-220715]$ ls node.txt
D3B948F82EE8B4020A0410789A658306E986E8EE
rsa4096/9A658306E986E8EE
rsa4096/2E5B26155568E28D
rsa4096/8C7CC4D18DAD2DBC

and

[arthur@esprimo-II funtoo-220715]$ ls node.txt
D3B948F82EE8B4020A0410789A658306E986E8EE
pub rsa4096/9A658306E986E8EE
sub rsa4096/2E5B26155568E28D
sub rsa4096/8C7CC4D18DAD2DBC

all  with the same result.   What must I do ?

Edited December 3, 2022 by fredmyra
Unwillingly posted too early

[cardinal]

Problem is here:

[arthur@esprimo-II funtoo-220715]$ gpg --import node.txt
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Go here: https://www.funtoo.org/GPG_Signatures/Metro_Plaintext_Keys

The fingerprint of node.txt if done correctly:

$ sha256sum node.txt
3ce0c413d95282fcd3ccc9c8ecbdd67beb03066173ed17f26c8376e55b7a286d  node.txt

Proper output when importing node.txt:

$ gpg --import node.txt
gpg: key 9266C4FA11FD00FD: public key "Daniel Robbins (metro:node) <drobbins@funtoo.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u

 

 

 

 

Edited December 2, 2022 by cardinal

[fredmyra]

 Thanks cardinal !

 So I must edit the node.txt file in the right way.  But  this is still a problem  for me.

@ https://www.funtoo.org/GPG_Signatures  >:

Quote

Next, head to GPG Signatures/Metro Plaintext Keys and copy and paste the public key ..,

would that be :

D3B948F82EE8B4020A0410789A658306E986E8EE

?????

and

Quote

,,,,and associated signatures for the metro build server....

I think it was here i missed it totally, by using the signatures I got from the output of the command for receiving the key. I think I also missed something in that I was trying to verify the ISO for the LIVE USB, which I assumed I ought to do since there was a "funtoo-livecd-20220715-1607.iso.gpg"  file in the mirror I downloaded from.  Tomorrow I will try again with  this and what you pointed out in mind .  Thanks again.

[cardinal]

Copy all the text in the box below :

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFhMV4wBEADnqf2q2BAZuAWODX1XufDSnYS++m/bDyaLQ5ovgALA4Tq6rZQk
YtPVEENnZwSZa/IHkXwLhyg9wP1b6cNi+yNg/zgEaFvqs9XlHQlBsLwzmfha4mdD
qDstx10/jvhtReBWJMpGV8u0Tgf/UNA7IHgVv3539/bFcTQEoIY9LdQ4Kdz5TaoT
n6IloByevVOKcuyyED6lc1INfC38SuG59bvjDa1/13H7pA8OAq6GG/lHH0aVLYqN
b+yPG5i4meD2APNoZgXuPTFXDoqthdFsO2PRSNFYuw6pf4PWYVCRIo0zxvcWYoYx
YRVZHMpkjEDJS2xAb8gOKa0Sx7cJzrwcM7a66FXU/OCNd6eLVjyn130nboIwDbAz
LVu5wQsLG8q2YyhyomAk/BRKProxbfdWN3FYZhBSIIgsfJvBRvzuw/nGg+5+z8L7
Kl3M69RrL87AyM2WqekdKYD9gRCEZttjspIOzRwb2UfN3PfKD+7OhIPcLtNQgyOo
YBc3c+rRXMvswYs8ImPZ6pMV5K3a5KNyrRfdPiU733vRdy9mct2ZvIZz+x39G9Ym
iso7a7ScaJ8ivX0FdWG5NYux4Czowu8VxvSMP2DhDrZ82Th0uIbVweiN9UCVFFCJ
UjT28J6J0kMmIWPxxDioCDe98sBvLxhyNIGr9R6ITq4R9aKpVKRxKEY1EQARAQAB
tDFEYW5pZWwgUm9iYmlucyAobWV0cm86bm9kZSkgPGRyb2JiaW5zQGZ1bnRvby5v
cmc+iQI5BBMBCAAjBQJYTFeMAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AA
CgkQkmbE+hH9AP0Ovw/9Fti8RrZ/u4+nqsD/AdS1lOa/GJ7F5lWAGbxgN/Ep3hvZ
P8SGWNtNUmhEZirQwpF0qW5XyyoSQIjon4k5MebHTjXbgM31Nl5SUDwMVXH56kI0
4+O7ATXnhnGM2JgZkVqspxQ6BPXCU1hbpd9BlPtCbdFeNLJWaUinOnqTVJt4wFDw
0qjrujLSjn+eCdMGo6Yml5V3IE6KGWCZXoIUZ2urX9j851W8sYlD773a+oCTbZHB
RL2EaBYRcslG398Dm/jxHcHSfIypOXPIJ4pCkQJvdKWQYYp8SD6AmUCK1TndLXfW
KGMdL2K2iKJVcVNwbrw7hLP1s0krbMzU8CCS8grtEyJu7N033QAPQPButUdank5g
jtSKFd/mb9sd3BuxtzmRpi8ukDtjSdQDhI4RhzwyNwbQ9WSTlWAU4/gh4Am9u8rC
muOoEelG4gczqHR7Uobp+xbPxZneA97lUQh9ZDhq1M1UEOI3qBGrFozi/srhT9rg
ZYLzk77WEd1HV8A67JCrlbw0n2CfxWcAI1uBQFzK0aOdSptmYFd6sYxTztOXeO0o
lUngptINUOpFgfiRC3iMTUYuUWOzysjAx2I9v9v/fsf7VfeB7P9bbIBRX6p+yYPO
WP5lavQNVCyKzr9Us2kVgjfNAav2R0X+leWcj9q4XAXbF3hqEgo3g3HZE29hVIuJ
AjcEEwEIACECGwMCHgECF4AFAlhMWEUFCwkIBwMFFQoJCAsFFgIDAQAACgkQkmbE
+hH9AP1ScA//dVqZDbmeu25tw2BQiVia+brhR2nJuhr6xAY/LEts23Mq1NA1usJ1
o9IervwW76ekObRlsQfQAvkoz4xVUqzMPUjLRVjt2xGM8lEHs0fQnRs//3wKqnrn
1ryz3BJQq2aFUEW8PzDMnjkYZx5fLJXcu5pPoBFY20+ob1Jkj75qYtogOraCw81v
wBS5XZzKcgRrG6/a5Anzj5kJY9qhlNkNy8vY/Y7JwEqajlq+ktjRuXqMsv4gAgXw
09jKh4XxvuxPEP4LP0IkcFU4LrlmyKPveFws1+FWSbu3cBSb+otLxHcYc5vA/1y1
CHZtNq3UmsFYUC1E+6+ZkT2i2Vc1RZPTvHJVeLUXzZD41a4FI9/F9uvgztndB6Yv
eNP7NWkLKBgTUgvR/yGpLBm4l2XJ6dUNSm7Yly9esEIxOz/qET1/ttXkzVdSEAJj
UMoxVfdbGHjFp5dD7PvVcGi6ByFmE0pN7kv6BZ4gR3qlsJw8rHK5k75+wApy5AcJ
zWAsKCr8tHjUjhv667jNdMpng+a5OqKcl4ekFEmdIkjRzuuFOLMinR1LgCuQHvQA
dvWSVIlFKCp3UEFygP2deBZst4caehVnIWK9duvIgplEZDejN3ij3N9yV8vcs7ru
n68qevIbE0BTpdcZ1IqU8iOLJ4pi9ipWnunrT31cFaeBDPAiGNm7oVGJAhwEEAEI
AAYFAlhMWfMACgkQmmWDBumG6O61Ug//U65rHk6ieDx+/qsxBZWHzwLdxsSEJd2f
1hx/BYKfA4ox4k9GfmtcjuWTwJO6rKR6nWHAY6zUfiygYM8fucxIPpdBSKO3gRI/
pirFz3E7RgwWyuwvlxg/r9Pi5Zi1CX1iFvSjNWFiXXbOxhtdXpQPzfCwaT6RCjkX
sA2yHSDdWUwy+uaoLKSNJKupICAvt4cObYK1t/GbHCShG5vd17uTSbRPP07dlQyW
aH4Grb7f8L+WjvpjKDMqpL9FEVoyu22faZ1FELYOV9DLQjpgheN5d9dVX6FeX4zh
qF0m+LXL9hsamC2S550fD98ENgtcwCTPuoSn/aqbfrW/0XE8b0W6FpnnyORhJtuY
vLLTIUqd1qLxoMtM9TtjmFr+rQkUXqlbRc0lv8i6moDOY/rD66V1+U0IqTrFbnNM
Jj+/SOHzZCA/PS3J8mQ+2NiOez41e6o+/eXp+b84ZBKtDuJVZBTS3QbO42eUXmDr
Lf/YKi+OhdLCEqV+fEq0IYyLovWvMcdyMpj0IkWn7mvpWhTGMc9OOY4iyYNomFSg
Hqdn64AGzA4Hxt5uotRe6FJs5w0pna5aZDt0G6NTgsAXWL5uIzpzjB7OImpdi22c
SfK04Q9wNOtXK4gb2V5ZDYq8huTLDbkJhqagq4K7j24JNWdW67WrzEK+gtnMWMij
PNcikjba84u5Ag0EWExXjAEQAMfkzgduorcqcuNetU5xIbZM1tObZRdxnxk5zONI
YvmtacQcgj66TIWMjafU0HKjlCNdmzd3zZGSbsy8txyb+ilsiyWO81BalhK/HSzx
2NLtnPcwjOZLuo4J6en3KuauwyeINbKui4+AvJ/1KdKSJXniS02mkk/46PN0WqPD
lPKMs1bhjoZI4XpuYovH4RMUFEEpB0ccxf5C9vQeebmwYjy/BI+Ce5XZ9y+l4ABS
YwDtCOEuEYYWtx1slQgTupWmIsEETZ+vmEWlQNL80FQ9Anp61WF1FkIi0s7DIvNy
4Z5NUF7kvQe14FMUkpBWpVsnGwPVMvssDiA5gNladhquUxnidhJRuUIAqk4rbMre
3hNAMO/hxvhcaF42RNhgQFpbr5gbZMYd0lXBpYpowaJG7F2GNV9drb4mdPsDYTzZ
aujw/55iLAFUJZbcQTU4Qoi2fA+JQViYzSIxEqH7NHIbQ6jagBQWfk6cIgNxIVSv
QeYoJQMfAcs4G0JEpk8EbQnbzejRnWUZQadnRs/TpAVQjBkrPEjEIL/mWTDe/kDd
2DB1+wuBzXSFdq6MbrHLWLXLpKa+wrwLjx60zfkSWD0fmRKoUtQ9ALGByStdOlsA
GquS2Pkp1KT/w3KwsITjO24LfoviOScBc1pC6XEg8fXCPw2qV74BKXnDh1XObviZ
MbDfABEBAAGJAh8EGAEIAAkFAlhMV4wCGwwACgkQkmbE+hH9AP0jAxAAjW0VZ1AW
WoRjR0EMtMXaUBiVVeLdXPmNpZz34/+XIT9M5ZquXJJHLickR7o6GK0EjvWaFB38
vibFA4fbvkohxcavtIekz9rLdu3Kkolzabz2PPQ4i51Vns3PkmmZo/GhuA8ERChH
EQDvi2T/zkbutmUdcdxg+3cuPpAMdtCr+6eyqU3Sn8NuAWChGixcdIVR3YT4tG0O
uO9KlQtHlxW8jRujW0KNnTOItqKtw77biVsSstJREDbU716Cws2OvOJxqJUkv01K
OwIVBNcC3Kvl2DLWesBrB9TqpotjrdemURfToywsIDtou7BMDUy27i14QzoroUbU
Ir/byN0MYAJiZ7tbJUetNkHd3FeOHrrBCNthR4yY7hAvnGwAkkQKKZl2FA9VYGKs
3c7MIoTk6yp94ZCmDIT7Tg4nlM+Hj8wh2s17sPchtAWOzScGn2LBG6mUXeZkD8b3
N+3+73npcDP/pQ5SVdj1uX84yTTRLN1bW7EbY8diGyj9rQA5ZCFXE6tSjjsZLQST
LCgATQJ4ks2l7XWcqOd/Jqa8+80jbEOHF1TqufhqAUpkWNMxp3R4KrI5NfZsLFt/
iyLBrhSt0aV2/siwf3OqQRyyL6UC3ri+2kb2+A7Ck7wFQ7l3GXcRRltdHb4pDw8W
zf8Uvc+eXJcX0YujN/hApyGYMXLobHpNCOW5Ag0EWExmJQEQANXt6VURsCHwYLxw
2Q2LejJOd7LwU8pMfaf5si+ctWSOIrWhdKGamwx7JzS2WWE8wCNHBqCBCXlyNSaf
wDi9Z1cyDcVDeE81320N1CYboJ1al2DZwiCa3MmG0QkHbpnwTRrQFwLfC+yjr/DB
WNFy0UdwbJ7urelZW7knZVxqeF/srUx9gWRZqGxCvUyXSWCPRGtk5wkpmYKRKcuA
zEoT2iafjii0SO2uD9Thtf2Kvc/wBqkus6tWpVL13RKgBM2+xfK7mmRzEBaAbFOu
qOm7UJUnc5Ka+4kcPkQDWqtWVbAijKou5Vce7QFxl6qlS2K6LFVOqoA22FE7JwRu
tXyg6/lqMPUERLTdVZ2x+6lv8A4GHoPlPZ0uFLv7fq7gFLL4Eisapk4RPL+WnKrj
8pXHIGR35oy2EzsiBl+A7SgkQ5Gr9YvQ8qb5bQ8wXGx4wGbvviQjhctIO2lKQwQw
Kh59o7OtwxJo0Qh5YTo/NvxY8oTrrZRXNwsC45S0QAjFY98b2/qac0Usu/9MEUM2
o3WTzTo0c76pxef0FuNHvaPLnR6Zv5hfv+cCpmcMca3wNi14L3eItpgrDKzvEUEY
kjP72lU9lHgEUr+TwQTlAscIFnEfdIw1rchqbXLP9QsjGy6M1C9hFmOLjxd4TzMd
f41opO1npS/slok06YVKkHaMx3eHABEBAAGJBD4EGAEIAAkFAlhMZiUCGwICKQkQ
kmbE+hH9AP3BXSAEGQEIAAYFAlhMZiUACgkQV8sKEhuuyy7Kow//ZO93gcLmxkpX
S3JNhwBhsyLXSkBO1PRAURm7WoQBSudf9TDN0edaDx4SxRHY+oK4H5CaNkmUfqDm
iubcEfVpfZI6V8InoFaUYnhkbw6g8BUoSiRCizWO8ns87vtyL3i/6BcbGTqH3O4n
vwjqoIEqZboaaxWK1o1HOr/H7q2PSoh57Yyt6vkTMmHj7AFWZSRK5YDnon0OxcCz
2n54PaV63LHyny+hZEhuk7YBuy7g9Dk/wUAb5QxfpiaZuMt/UaMC//sd5INJsx4z
L1FmlNd3FLQ5RV5qXYKJVB7urYeO+wS+H9vMvgYcuje9eFqdX7T30OX+93/urman
hFSvCiSpZkDOQU/rDsRblT7xiNTIHfpPNgln94t2fX3+A0X7cVflUN3IZb4vhLxv
uPncIn+h7th5gi96RrP65fXwZV3KVq2cZeXAcdqxvruqf8VbGrEypO3rxbv0OC1o
SzRDWAry+rwG9aO9sUzB0BGJTY7V9ByQwPEK0p+8QWLHHS56fwFon/LBlnOjsfFt
SZXYXzgQJUExTOwvrqQju0X7zwcvJvz+2qn30m1/i0VXmrh0sy4u9uL5WMIYivj1
DqRiqt3stlH7UlUXNATRB8TWpdZghg88poM5t+tp5bbNKckIEDfe2oZbLalnlmEX
c1Gv0EqlgC9V92LZRMS2P/cXztEM+Ut4Iw//VImJAzrr8E9nRC0jlHm2op5GpyjD
1UOQ0fuknguE+V6co950UZyfUvS7qejNpsIxelIE+xfiNwrjS64AtQ9YynjW+DSk
oT4A6h6GrZpu7HqIJhbebn61jwTjSduq/HsCmuc3wyeB+xdPlbKuwSuBr08+e8j5
KVbDH0zAvBddlNDKxyDx0ovNb0gtnDOTeYPWYVc0RCaqJcRKRW3PWs+sPh/JRxGR
zXW/J8wwewct0d+z8Dx4E1uinvDf6u0m+HZJc6t5UDDv7+bYsHWq9AZ+lhRLr0kU
auUn59g0l0w3r0XlmqNrBGCRqTyJldO2aU2abWOCpq9s+9pZNSPMkU10VsHbTUfU
tEMTftXCQ6qw3LtC94Qo/RVakA49AJW4QkZmxDzu8gLcsfEW5OybeDxD9qNQGq7k
xZGdIZmiEt9XvYyuBIG8HxSCnSezj6z1MaHbVBA4hy+eo7hwU3ursmDeAAepeo8e
H9zyVtL/DNVI7t0UFBaxM2IetOC3jChEuISg7RHqtzKoNll7gIV7eCRSQ1yDygag
X/iYQYonQzk46yGL7z+1lyGlTzurBVtUK22yb/kJoJhFBYMHS1XuKYKlKXo8IMVn
bFd7ekQ9u6yR9krd1C36TzlyCUUpk2Ppa0O0ZpOATJEh+jS1eu5orBO/tK5qmheV
Smt7/K/SeplXzSY=
=Quyb
-----END PGP PUBLIC KEY BLOCK-----

Paste into a blank file named node.txt and save.

Import node.txt

$ gpg --import node.txt

Verify Daniel Robbins public key and metro:node signed by Daniel Robbins is imported:

$ gpg --list-keys
/home/rj/.gnupg/pubring.kbx
---------------------------
pub   rsa4096 2016-11-28 [SC]
      D3B948F82EE8B4020A0410789A658306E986E8EE
uid           [ultimate] Daniel Robbins (BDFL) <drobbins@funtoo.org>
uid           [ultimate] [jpeg image of size 5472]
sub   rsa4096 2016-11-28 [E]
sub   rsa4096 2016-11-28 [S]

pub   rsa4096 2016-12-10 [SC]
      70ACBB6BFEE7BC572A8941D19266C4FA11FD00FD
uid           [  full  ] Daniel Robbins (metro:node) <drobbins@funtoo.org>
sub   rsa4096 2016-12-10 [E]
sub   rsa4096 2016-12-10 [S]

 

node.txt

Edited December 2, 2022 by cardinal

[fredmyra]

Perfect !  this not only solved the problem, it also helped me understans what was wrong, namely that I never looked into https://www.funtoo.org/GPG_Signatures/Metro_Plaintext_Keys   probably because I wrongly and uncounsciously assumed that that link concerned just stage3 files.  Now I understand !

Thanks  cardinal !