On Fri, 18 Mar 2022 18:00:57 +0100, Ralf Mardorf wrote: >On Fri, 18 Mar 2022 10:45:35 +0100, Daniel Wagner wrote: >>$ gpg pgpkeys/keys/587C5ECA5D0A306C.asc >that's the wrong key: > > >[rocketmouse@archlinux linux-rt]$ gzip -cd >patch-4.19.233-rt105.patch.gz | gpg2 --verify >patch-4.19.233-rt105.patch.sign - gpg: Signature made Fri 11 Mar 2022 >09:10:11 CET gpg: using EDDSA key >1B45744BE36280CA7D6BD460E072D068B1F5703E > ^^^^^^^^^^^^^^^^ > 587C5ECA5D0A306C.asc > > >Importing your key from a keyserver (e.g. from >hkp://keyserver.ubuntu.com) isn't an issue at all. > >The rt-patch was either signed with another key (E072D068B1F5703E >instead of 587C5ECA5D0A306C) or the uploaded patch is malicious. > >The patch was downloaded from >https://www.kernel.org/pub/linux/kernel/projects/rt/ : > > >[rocketmouse@archlinux ~]$ head -24 /usr/src/linux-rt-rm/PKGBUILD >[snip] >_pkgver=4.19.233 >_rtpatchver=105 >pkgver="${_pkgver}_rt${_rtpatchver}" >[snip] >source=( > "https://www.kernel.org/pub/linux/kernel/v${_pkgver%%.*}.x/linux-${_pkgver}.tar.gz"; > "https://www.kernel.org/pub/linux/kernel/v${_pkgver%%.*}.x/linux-${_pkgver}.tar.sign"; > "https://www.kernel.org/pub/linux/kernel/projects/rt/${_pkgver%.*}/older/patch-${_pkgver}-rt${_rtpatchver}.patch.gz"; > "https://www.kernel.org/pub/linux/kernel/projects/rt/${_pkgver%.*}/older/patch-${_pkgver}-rt${_rtpatchver}.patch.sign"; PS: [de]/[en] [de] Ich habe das Patch weder über git bekommen, noch habe ich die xz Dateien heruntergeladen. Ich habe die gz Dateien heruntergeladen. Die gz Patch-Datei wurde mit einem anderen Schlüssel signiert. Dieser Schlüssel scheint nicht verfügbar zu sein. [en] I didn't get the patch from git, neither did I download the xz related files. I downloaded the gz related files. The gz patch file is signed with another key. This key seems to be unavailable.
