Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign?

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign?
@ 2020-08-06  0:59 David Niklas
  2020-08-06  1:36 ` Randy Dunlap
  2020-08-06  1:54 ` Re:Use the script already there.. " Bhaskar Chowdhury
  0 siblings, 2 replies; 5+ messages in thread
From: David Niklas @ 2020-08-06  0:59 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: LKML

Hello,
I downloaded the kernel sources from kernel.org using curl, then
opera, and finally lynx (to rule out an html parsing bug). I did the same
with the sign and I keep getting:

%  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: BAD signature from "Greg Kroah-Hartman
<gregkh@linuxfoundation.org>" [unknown]

I did refresh all the keys just in case.
I believe this is important so I'm addressing this to the signer and only
CC'ing the list.

If I'm made some simple mistake, feel free to send SIG666 to my terminal.
I did re-read the man page just in case.

Thanks,
David

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign?
  2020-08-06  0:59 Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign? David Niklas
@ 2020-08-06  1:36 ` Randy Dunlap
  2020-08-06  3:20   ` David Niklas
  2020-08-06  1:54 ` Re:Use the script already there.. " Bhaskar Chowdhury
  1 sibling, 1 reply; 5+ messages in thread
From: Randy Dunlap @ 2020-08-06  1:36 UTC (permalink / raw)
  To: David Niklas, Greg Kroah-Hartman; +Cc: LKML

On 8/5/20 5:59 PM, David Niklas wrote:
> Hello,
> I downloaded the kernel sources from kernel.org using curl, then
> opera, and finally lynx (to rule out an html parsing bug). I did the same
> with the sign and I keep getting:
> 
> %  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
> gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
> gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
> gpg: BAD signature from "Greg Kroah-Hartman
> <gregkh@linuxfoundation.org>" [unknown]
> 
> I did refresh all the keys just in case.
> I believe this is important so I'm addressing this to the signer and only
> CC'ing the list.
> 
> If I'm made some simple mistake, feel free to send SIG666 to my terminal.
> I did re-read the man page just in case.

It works successfully for me.


from https://www.kernel.org/category/signatures.html::


If you get "BAD signature"

If at any time you see "BAD signature" output from "gpg2 --verify", please first check the following first:

    Make sure that you are verifying the signature against the .tar version of the archive, not the compressed (.tar.xz) version.
    Make sure the the downloaded file is correct and not truncated or otherwise corrupted.

If you repeatedly get the same "BAD signature" output, please email helpdesk@kernel.org, so we can investigate the problem.



-- 
~Randy


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re:Use the script already there.. Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign?
  2020-08-06  0:59 Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign? David Niklas
  2020-08-06  1:36 ` Randy Dunlap
@ 2020-08-06  1:54 ` Bhaskar Chowdhury
  1 sibling, 0 replies; 5+ messages in thread
From: Bhaskar Chowdhury @ 2020-08-06  1:54 UTC (permalink / raw)
  To: David Niklas; +Cc: Greg Kroah-Hartman, LKML, Randy Dunlap

[-- Attachment #1: Type: text/plain, Size: 1087 bytes --]

On 20:59 Wed 05 Aug 2020, David Niklas wrote:
>Hello,
>I downloaded the kernel sources from kernel.org using curl, then
>opera, and finally lynx (to rule out an html parsing bug). I did the same
>with the sign and I keep getting:
>
>%  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
>gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
>gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
>gpg: BAD signature from "Greg Kroah-Hartman
><gregkh@linuxfoundation.org>" [unknown]
>
>I did refresh all the keys just in case.
>I believe this is important so I'm addressing this to the signer and only
>CC'ing the list.
>
>If I'm made some simple mistake, feel free to send SIG666 to my terminal.
>I did re-read the man page just in case.
>
>Thanks,
>David

You should be using this script to download and verify kernel from
kernel.org ...it there for a reason , please use it...which take away
all the manual labor ..

Here is pointer to get the script :

https://git.kernel.org/pub/scm/linux/kernel/git/mricon/korg-helpers.git/tree/get-verified-tarball

Thanks,
Bhaskar

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign?
  2020-08-06  1:36 ` Randy Dunlap
@ 2020-08-06  3:20   ` David Niklas
  2020-08-06  5:40     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 5+ messages in thread
From: David Niklas @ 2020-08-06  3:20 UTC (permalink / raw)
  To: Randy Dunlap; +Cc: Greg Kroah-Hartman, LKML

On Wed, 5 Aug 2020 18:36:08 -0700
Randy Dunlap <rdunlap@infradead.org> wrote:

> On 8/5/20 5:59 PM, David Niklas wrote:
> > Hello,
> > I downloaded the kernel sources from kernel.org using curl, then
> > opera, and finally lynx (to rule out an html parsing bug). I did the
> > same with the sign and I keep getting:
> > 
> > %  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
> > gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
> > gpg:                using RSA key
> > 647F28654894E3BD457199BE38DBBDC86092693E gpg: BAD signature from
> > "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
> > 
> > I did refresh all the keys just in case.
> > I believe this is important so I'm addressing this to the signer and
> > only CC'ing the list.
> > 
> > If I'm made some simple mistake, feel free to send SIG666 to my
> > terminal. I did re-read the man page just in case.  
> 
> It works successfully for me.
> 
> 
> from https://www.kernel.org/category/signatures.html::
> 
> 
> If you get "BAD signature"
> 
> If at any time you see "BAD signature" output from "gpg2 --verify",
> please first check the following first:
> 
>     Make sure that you are verifying the signature against the .tar
> version of the archive, not the compressed (.tar.xz) version. Make sure
> the the downloaded file is correct and not truncated or otherwise
> corrupted.
> 
> If you repeatedly get the same "BAD signature" output, please email
> helpdesk@kernel.org, so we can investigate the problem.
> 
> 
> 

Many thanks. I've never seen a signature done that way before, but I
understand why you would do it that way.

David

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign?
  2020-08-06  3:20   ` David Niklas
@ 2020-08-06  5:40     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 5+ messages in thread
From: Greg Kroah-Hartman @ 2020-08-06  5:40 UTC (permalink / raw)
  To: David Niklas; +Cc: Randy Dunlap, LKML

On Wed, Aug 05, 2020 at 11:20:38PM -0400, David Niklas wrote:
> On Wed, 5 Aug 2020 18:36:08 -0700
> Randy Dunlap <rdunlap@infradead.org> wrote:
> 
> > On 8/5/20 5:59 PM, David Niklas wrote:
> > > Hello,
> > > I downloaded the kernel sources from kernel.org using curl, then
> > > opera, and finally lynx (to rule out an html parsing bug). I did the
> > > same with the sign and I keep getting:
> > > 
> > > %  gpg2 --verify linux-5.8.tar.sign linux-5.8.tar.xz
> > > gpg: Signature made Mon Aug  3 00:19:13 2020 EDT
> > > gpg:                using RSA key
> > > 647F28654894E3BD457199BE38DBBDC86092693E gpg: BAD signature from
> > > "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" [unknown]
> > > 
> > > I did refresh all the keys just in case.
> > > I believe this is important so I'm addressing this to the signer and
> > > only CC'ing the list.
> > > 
> > > If I'm made some simple mistake, feel free to send SIG666 to my
> > > terminal. I did re-read the man page just in case.  
> > 
> > It works successfully for me.
> > 
> > 
> > from https://www.kernel.org/category/signatures.html::
> > 
> > 
> > If you get "BAD signature"
> > 
> > If at any time you see "BAD signature" output from "gpg2 --verify",
> > please first check the following first:
> > 
> >     Make sure that you are verifying the signature against the .tar
> > version of the archive, not the compressed (.tar.xz) version. Make sure
> > the the downloaded file is correct and not truncated or otherwise
> > corrupted.
> > 
> > If you repeatedly get the same "BAD signature" output, please email
> > helpdesk@kernel.org, so we can investigate the problem.
> > 
> > 
> > 
> 
> Many thanks. I've never seen a signature done that way before, but I
> understand why you would do it that way.

That means other projects need to change as well :)

And you are not alone, this comes up every release, no problems.

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-08-07  6:26 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-06  0:59 Is anyone else getting a bad signature from kernel.org's 5.8 sources+Greg's sign? David Niklas
2020-08-06  1:36 ` Randy Dunlap
2020-08-06  3:20   ` David Niklas
2020-08-06  5:40     ` Greg Kroah-Hartman
2020-08-06  1:54 ` Re:Use the script already there.. " Bhaskar Chowdhury

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).