I followed fedora source file verification and there was nothing about SHA checksum verification. Also it is 2048 bits long so I doubt it is SHA256 checksum file.
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification
On Nov 10, 2019 10:05, Vascom <vascom2@xxxxxxxxx> wrote:
May be you need use sha256sum instead gpg?вс, 10 нояб. 2019 г., 9:17 Baxi <faezebax@riseup.net>:Hi. I am trying to package a program. The upstream provided sha256sum.asc file. Verifying tarball with that signature says, Can't check signature: No public key. I found his public key in key directory by searching his email and added that key. Now gpg says Bad signature from that person. Also upstream didn't provide gpg keyring in his project. What should I do?_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx