如何使用 gpg 验证 linux 内核签名?

tag-icon tag-icon linux-kernel gpg signature verification
如何使用 gpg 验证 linux 内核签名?

遵循 kernel.org 上的注释地点,但我似乎无法验证内核的签名。我尝试使用给定的脚本来为我处理它,但这也失败了。

user@localhost ~ $ sh ./get-verified-tarball  4.14.68
Using TMPDIR=/home/user/Downloads/linux-tarball-verify.gPukN5Mdg.untrusted
GNUPGHOME directory /home/user/.gnupg does not exist
Create it? [Y/n]y
Making sure we have all the necessary keys
gpg: invalid auto-key-locate list
Something went wrong fetching keys

手动尝试失败:

user@localhost ~ $ rm -rf .gnupg/
user@localhost ~ $ gpg2 --locate-keys [email protected] [email protected]
gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
user@localhost ~ $ cd kernel
user@localhost ~/kernel $ ls
linux-4.14.68.tar  linux-4.14.68.tar.sign
user@localhost ~/kernel $ gpg2 --verify linux-4.14.68.tar.sign
gpg: Signature made Wed 05 Sep 2018 03:27:46 AM EDT using RSA key ID 6092693E
gpg: Can't check signature: No public key

我的配置:

user@localhost ~/kernel $ cat /etc/system-release
CentOS Linux release 7.2.1511 (Core)

user@localhost ~/kernel $ uname -a
Linux localhost.localdomain 3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18 13:04:29 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

user@localhost ~/kernel $ gpg2 --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Linux kernel releases PGP signatures
Kernel.org web of trust. PGP keys used by members of kernel.org are cross-signed by other members of the Linux kernel development community (and, frequently, by many other people).
www.kernel.org

我需要做什么来解决这个问题并能够验证签名?

相关内容