https://bugzilla.redhat.com/show_bug.cgi?id=1834731 --- Comment #98 from Suvayu <fatkasuvayu@xxxxxxxxx> --- (In reply to Simone Caronni from comment #96) > (In reply to Suvayu from comment #92) > > You can then verify with only this key. > > ...and it would require editing the asc file to remove all other signatures > or gpgv will complain anyway. I think the expectation is to filter for the key you are using to verify. So just grepping for the verified signature should be okay. $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys \ $(grep --color=never laanwj keys.txt | cut -d' ' -f1) $ gpg --verify SHA256SUMS.asc |& grep -C 2 'Good signature' gpg: Signature made Friday 10 September 2021 07:33:30 PM CEST gpg: using RSA key 9DEAE0DC7063249FB05474681E4AED62986CD25D gpg: Good signature from "Wladimir J. van der Laan <laanwj@xxxxxxxxxxxx>" [unknown] gpg: aka "Wladimir J. van der Laan <laanwj@xxxxxxxxx>" [unknown] gpg: aka "Wladimir J. van der Laan <laanwj@xxxxxxxxxxxxxx>" [unknown] Ideally failures should go to stderr, and success to stdout, but it seems both go to stderr. I wish gpg had an option to separate the failures (maybe there is, my quick look in the man page didn't turn up anything). Maybe this helps -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=1834731 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
