gpgを使用してLinuxカーネル署名を確認するには?

gpgを使用してLinuxカーネル署名を確認するには?

kernel.orgの注意事項に従ってください。場所が、カーネルの署名を確認できないようです。私はそれを処理するために与えられたスクリプトを使用しようとしましたが、それも失敗しました。

user@localhost ~ $ sh ./get-verified-tarball  4.14.68
Using TMPDIR=/home/user/Downloads/linux-tarball-verify.gPukN5Mdg.untrusted
GNUPGHOME directory /home/user/.gnupg does not exist
Create it? [Y/n]y
Making sure we have all the necessary keys
gpg: invalid auto-key-locate list
Something went wrong fetching keys

手動試行失敗:

user@localhost ~ $ rm -rf .gnupg/
user@localhost ~ $ gpg2 --locate-keys [email protected] [email protected]
gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
user@localhost ~ $ cd kernel
user@localhost ~/kernel $ ls
linux-4.14.68.tar  linux-4.14.68.tar.sign
user@localhost ~/kernel $ gpg2 --verify linux-4.14.68.tar.sign
gpg: Signature made Wed 05 Sep 2018 03:27:46 AM EDT using RSA key ID 6092693E
gpg: Can't check signature: No public key

私の設定:

user@localhost ~/kernel $ cat /etc/system-release
CentOS Linux release 7.2.1511 (Core)

user@localhost ~/kernel $ uname -a
Linux localhost.localdomain 3.10.0-327.36.1.el7.x86_64 #1 SMP Sun Sep 18 13:04:29 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

user@localhost ~/kernel $ gpg2 --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Linux kernel releases PGP signatures
Kernel.org web of trust. PGP keys used by members of kernel.org are cross-signed by other members of the Linux kernel development community (and, frequently, by many other people).
www.kernel.org

この問題を解決して署名を確認するにはどうすればよいですか?

ベストアンサー1

おすすめ記事