Bug 32464 - Wrong "gpg --verify" parameters in www.mageia.org/xy/downloads
Summary: Wrong "gpg --verify" parameters in www.mageia.org/xy/downloads
Status: NEW
Alias: None
Product: Websites
Classification: Unclassified
Component: www.mageia.org (show other bugs)
Version: trunk
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Atelier Team
QA Contact:
URL: https://www.mageia.org/en/downloads/g...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-28 19:57 CEST by Christian C
Modified: 2023-10-28 19:57 CEST (History)
0 users

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Christian C 2023-10-28 19:57:57 CEST 
Description of problem:
The Download page gives the followinf command line to verify the signature of the sha512 sum associated to Mageia-9-x86_64.iso :
"gpg --verify Mageia-9-x86_64.iso.sha512.gpg Mageia-9-x86_64.iso.sha512"

But when run, the command failed to verify the signature :
$ gpg --verify Mageia-9-x86_64.iso.sha512.gpg Mageia-9-x86_64.iso.sha512
gpg: not a detached signature

It seems that the right command is :
$ gpg --verify Mageia-9-x86_64.iso.sha512.gpg
gpg: Signature made Thu Aug 24 23:26:08 2023 CEST
gpg:                using RSA key B21076A0CBE4D93D66A9D08D835E41F4EDCA7A90
gpg: Good signature from "Mageia Release <release@mageia.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B210 76A0 CBE4 D93D 66A9  D08D 835E 41F4 EDCA 7A90

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Note You need to log in before you can comment on or make changes to this bug.