我刚刚从https://releases.ubuntu.com/jammy/以及 SHA256SUMS 和 SHA256SUMS.gpg。执行时,如https://ubuntu.com/tutorials/how-to-verify-ubuntu#1-overview,
gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS
我明白了
gpg: Signature made Thu Aug 11 13:07:33 2022 CEST
gpg: using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012)
<[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
第二个有效签名缺失。这意味着什么?
信息:命令
gpg --list-keys --with-fingerprint 0xFBB75451 0xEFE21092
给出
pub rsa4096 2012-05-11 [SC]
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012)
<[email protected]>
pub dsa1024 2004-12-30 [SC]
C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
uid [ unknown] Ubuntu CD Image Automatic Signing Key <[email protected]>
答案1
表演时
echo "c396e956a9f52c418397867d1ea5c0cf1a99a49dcf648b086d2fb762330cc88d *ubuntu-22.04.1-desktop-amd64.iso" | shasum -a 256 --check
我明白了(大约 1 分钟后)
ubuntu-22.04.1-desktop-amd64.iso: OK
所以一切都可能是正确的。注意。在我看来,本教程https://ubuntu.com/tutorials/how-to-verify-ubuntu#1-overview有点误导。